Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Computing. Show all posts
Software
AI Cloud Computing Cyber Attacks Digital threats Financial Sector Healthcare India RBI Software

Cyberattacks Skyrocket in India, Are We Ready for the Digital Danger Ahead?


 

India is experiencing a rise in cyberattacks, particularly targeting its key sectors such as finance, government, manufacturing, and healthcare. This increase has prompted the Reserve Bank of India (RBI) to urge banks and financial institutions to strengthen their cybersecurity measures.

As India continues to digitise its infrastructure, it has become more vulnerable to cyberattacks. Earlier this year, hackers stole and leaked 7.5 million records from boAt, a leading Indian company that makes wireless audio and wearable devices. This is just one example of how cybercriminals are targeting Indian businesses and institutions.

The RBI has expressed concern about the growing risks in the financial sector due to rapid digitization. In 2023 alone, India’s national cybersecurity team, CERT-In, handled about 16 million cyber incidents, a massive increase from just 53,000 incidents in 2017. Most banks and non-banking financial companies (NBFCs) now see cybersecurity as a major challenge as they move towards digital technology. The RBI’s report highlights that the speed at which information and rumours can spread digitally could threaten financial stability. Cybercriminals are increasingly focusing on financial institutions rather than individual customers.

The public sector, including government agencies, has also seen a dramatic rise in cyberattacks. Many organisations report that these attacks have increased by at least 50%. Earlier this year, a hacking group targeted government agencies and energy companies using a type of malware known as HackBrowserData. Additionally, countries like Pakistan and China have been intensifying their cyberattacks on Indian organisations, with operations like the recent Cosmic Leopard campaign.

According to a report by Cloudflare, 83% of organisations in India experienced at least one cybersecurity incident in the last year, placing India among the top countries in Asia facing such threats. Globally, India is the fifth most breached nation, bringing attention  to the bigger picture which screams for stronger cybersecurity measures.

Indian companies are most worried about threats related to cloud computing, connected devices, and software vulnerabilities. The adoption of new technologies like artificial intelligence (AI) and cloud computing, combined with the shift to remote work, has accelerated digital transformation, but it also increases the need for stronger security measures.

Manu Dwivedi, a cybersecurity expert from PwC India, points out that AI-powered phishing and sophisticated social engineering techniques have made ransomware a top concern for organisations. As more companies use cloud services and open-source software, the risk of cyberattacks grows. Dwivedi also stresses the importance of protecting against insider threats, which requires a mix of strategy, culture, training, and governance.

AI is playing a growing role in both defending against and enabling cyberattacks. While AI has the potential to improve security, it also introduces new risks. Cybercriminals are beginning to use AI to create more advanced malware that can avoid detection. Dwivedi warns that as AI continues to evolve, it may become harder to track how these tools are being misused by attackers.

Partha Gopalakrishnan, founder of PG Advisors, emphasises the need for India to update its cybersecurity laws. The current law, the Information Technology Act of 2000, is outdated and does not fully address today’s digital threats. Gopalakrishnan also stressed upon the growing demand for AI skills in India, suggesting that businesses should focus on training in both AI and cybersecurity to close the skills gap. He warns that as AI becomes more accessible, it could empower a wider range of people to carry out sophisticated cyberattacks.

India’s digital growth presents great opportunities, but it also comes with strenuous challenges. It’s crucial for Indian businesses and government agencies to develop comprehensive cybersecurity strategies and stay vigilant.


Read more »
Misconfiguration
API security cloud compliance Cloud Computing Cloud Migration Cloud Security Cyber Security Cybersecurity data security IAM Misconfiguration

Cloud Security Report Highlights Misconfiguration and IAM as Top Threats

Traditional cloud security issues once associated with service providers are declining in significance, as per the Cloud Security Alliance's 2024 Top Threats report,  However, new challenges persist.


Misconfigurations, weak identity and access management (IAM), and insecure application programming interfaces (APIs) continue to pose the most significant risks to cloud environments. These issues have held top rankings for several years, indicating their persistent nature and the industry's ongoing focus on addressing them.

Other critical concerns include inadequate cloud security strategies, vulnerabilities in third-party resources and software development, accidental data leaks, and system weaknesses. While threats like denial of service and shared technology vulnerabilities have diminished in impact, the report highlights the growing sophistication of attacks, including the use of artificial intelligence.

The cloud security landscape is also influenced by increasing supply chain risks, evolving regulations, and the rise of ransomware-as-a-service (RaaS). Organizations must adapt their security practices to address these challenges and protect their cloud environments.

The report's findings are based on a comprehensive survey of cybersecurity professionals, emphasizing the importance of these issues within the industry.
 
Key Takeaways:
* Misconfigurations, IAM, and API security remain top cloud security concerns.
* Attacks are becoming more sophisticated, requiring proactive security measures.
* Supply chain risks, regulatory changes, and ransomware pose additional threats.
* Organizations must prioritize cloud security to mitigate financial and reputational risks. 

Read more »
Technology
Cloud Computing IDF Intelligence Israel Technology

3 Billion Attacks and Counting: The IDF’s Cyber Resilience

3 Billion Attacks and Counting: The IDF’s Cyber Resilience

The Battlefield: Cloud Computing

Cloud computing has become an integral part of modern military operations. The IDF relies heavily on cloud-based systems from troop management to logistics, communication, and intelligence gathering. These systems allow for flexibility, scalability, and efficient resource allocation. 

However, they also make attractive targets for cyber adversaries seeking to disrupt operations, steal sensitive information, or compromise critical infrastructure.

The Israel Defense Forces' cloud computing network has been subjected to almost three billion cyber attacks since the conflict between Israel and Hamas began on October 7, according to the officer in charge of the military's computer section. However, all of the attacks were detected and did not do any damage.

Col. Racheli Dembinsky, chief of the IDF's Center of Computing and Information Systems (Mamram), made the discovery on Wednesday during the "IT for IDF" conference in Rishon Lezion.

According to Dembinsky, the attacks targeted operational cloud computing, which is used by numerous systems that serve troops on the ground during conflict to communicate information and forces' whereabouts.

The Scale of the Threat

Three billion attacks may sound staggering, and indeed it is. These attacks targeted operational cloud computing resources used by troops on the ground during combat. Imagine the strain on the network as thousands of soldiers accessed critical data simultaneously while under fire. Despite this immense pressure, Mamram’s cybersecurity experts managed to fend off every attempt.

Dembinsky did not specify the types of assaults or the level of danger they posed, but she did state that they were all blocked and that no systems were penetrated at any time.

Mamram, the IDF's central computing system unit, is responsible for the infrastructure and defense of the military's remote servers.

Hamas terrorists stormed Israel on October 7, killing over 1,200 people, the majority of them were civilians, and capturing 251. It has also been stated that cyberattacks were launched against Israel on October 7. Dembinsky corroborated this.

The Human Element

While technology played a crucial role, the expertise and dedication of Mamram’s personnel truly made a difference. These cyber warriors worked tirelessly, analyzing attack vectors, identifying vulnerabilities, and devising countermeasures. Their commitment to safeguarding Israel’s digital infrastructure was unwavering.

Since the start of the war, certain cyberattacks have been effective against Israeli civilian computer systems. Iranian-backed hackers targeted the Israel State Archives in November, and it was only recently restored to service. Hackers also successfully targeted the computer systems of the city of Modiin Illit.

The Defense Strategy

Last month, Israel's cyber defense chief, Gaby Portnoy, stated that Iran's cyber attacks have become more active since the commencement of the war, not only against Israel but also against its allies.

Read more »
Technology
AI technology Cloud Computing Cloud technology Technology

The Decline of Serverless Computing: Lessons For Enterprises To Learn

In the rapidly changing world of cloud technology, serverless computing, once hailed as a groundbreaking innovation, is now losing its relevance. When it first emerged over a decade ago, serverless computing promised to free developers from managing detailed compute and storage configurations by handling everything automatically at the time of execution. It seemed like a natural evolution from Platform-as-a-Service (PaaS) systems, which were already simplifying aspects of computing. 

Many industry experts and enthusiasts jumped on the serverless bandwagon, predicting it would revolutionize cloud computing. However, some seasoned professionals, wary of the hype, recognized that serverless would play a strategic role rather than be a game-changer. Today, serverless technology is increasingly overshadowed by newer trends and innovations in the cloud marketplace. 

Why Did Serverless Lose Its Shine? 

Initially praised for simplifying infrastructure management and scalability, serverless computing has been pushed to the periphery by the rise of other cloud paradigms, such as edge computing and microclouds. These new paradigms offer more tailored solutions that cater to specific business needs, moving away from the one-size-fits-all approach of serverless computing. One significant factor in the decline of serverless is the explosion of generative AI. 

Cloud providers are heavily investing in AI-driven solutions, which require specialized computing resources and substantial data management capabilities. Traditional serverless models often fall short in meeting these demands, leading companies to opt for more static and predictable solutions. The concept of ubiquitous computing, which involves embedding computation into everyday objects, further exemplifies this shift. This requires continuous, low-latency processing that traditional serverless frameworks might struggle to deliver consistently. As a result, serverless models are increasingly marginalized in favour of more integrated and pervasive computing environments. 

What Can Enterprises Learn? 

For enterprises, the fading prominence of serverless cloud technology signals a need to reassess their technology strategies. Organizations must embrace emerging paradigms like edge computing, microclouds, and AI-driven solutions to stay competitive. 

The rise of AI and ubiquitous computing necessitates specialized computing resources and innovative application designs. Businesses should focus on selecting the right technology stack to meet their specific needs rather than chasing the latest cloud hype. While serverless has played a role in cloud evolution, its impact is limited compared to the newer, more nuanced solutions now available.
Read more »
Technology News
BaseCamp Cloud Computing Cloud Computing Firm Infrastructure Software development Technology Technology News

37signals Boosts Profits by Over $1 Million by Exiting Cloud Computing

 


This year, software company 37signals has made headlines with its decision to leave cloud computing, resulting in a significant profit boost of over $1 million (£790,000). This move highlights a growing trend among businesses reassessing the value of cloud services versus traditional in-house infrastructure. 37signals, known for its project management tool Basecamp and email service decided to transition away from cloud providers to manage its own servers. 

This shift has not only reduced their operating expenses but also provided greater control over their infrastructure. By avoiding the recurring costs associated with cloud services, 37signals has been able to retain more revenue, contributing directly to its increased profitability. The decision to leave the cloud stems from various factors. While cloud computing offers scalability and flexibility, it often comes with high costs that can accumulate over time, especially for companies with predictable workloads. 

By managing their own servers, companies like 37signals can optimize performance and cut costs associated with data transfer and storage. Furthermore, this move has implications for data security and privacy. Controlling their own infrastructure allows companies to implement stricter security measures tailored to their needs, reducing reliance on third-party vendors. This can be particularly important for firms handling sensitive information, as it minimizes potential vulnerabilities associated with shared cloud environments. 37signals’ successful transition away from cloud computing is part of a broader industry trend. Other companies are also evaluating the cost-benefit balance of cloud services. 

For some, the flexibility and ease of scaling offered by cloud solutions remain invaluable, while others, like 37signals, find that in-house infrastructure provides a more cost-effective and secure alternative. As more companies share their experiences and outcomes, it will be interesting to see how the landscape of cloud computing evolves. Businesses must carefully consider their unique needs, workloads, and security requirements when deciding whether to invest in cloud services or return to more traditional infrastructure solutions. 

The decision by 37signals to leave the cloud and the subsequent financial benefits they’ve reaped could encourage other companies to reevaluate their own strategies. By weighing the pros and cons, businesses can make informed decisions that align with their financial and operational goals.
Read more »
Privacy
Business Cloud Computing Cloud Services data security Healthcare IT Industry Privacy

Rethinking the Cloud: Why Companies Are Returning to Private Solutions


In the past ten years, public cloud computing has dramatically changed the IT industry, promising businesses limitless scalability and flexibility. By reducing the need for internal infrastructure and specialised personnel, many companies have eagerly embraced public cloud services. However, as their cloud strategies evolve, some organisations are finding that the expected financial benefits and operational flexibility are not always achieved. This has led to a new trend: cloud repatriation, where businesses move some of their workloads back from public cloud services to private cloud environments.

Choosing to repatriate workloads requires careful consideration and strategic thinking. Organisations must thoroughly understand their specific needs and the nature of their workloads. Key factors include how data is accessed, what needs to be protected, and cost implications. A successful repatriation strategy is nuanced, ensuring that critical workloads are placed in the most suitable environments.

One major factor driving cloud repatriation is the rise of edge computing. Research from Virtana indicates that most organisations now use hybrid cloud strategies, with over 80% operating in multiple clouds and around 75% utilising private clouds. This trend is especially noticeable in industries like retail, industrial sectors, transit, and healthcare, where control over computing resources is crucial. The growth of Internet of Things (IoT) devices has played a defining role, as these devices collect vast amounts of data at the network edge.

Initially, sending IoT data to the public cloud for processing made sense. But as the number of connected devices has grown, the benefits of analysing data at the edge have become clear. Edge computing offers near real-time responses, improved reliability for critical systems, and reduced downtime—essential for maintaining competitiveness and profitability. Consequently, many organisations are moving workloads back from the public cloud to take advantage of localised edge computing.

Concerns over data sovereignty and privacy are also driving cloud repatriation. In sectors like healthcare and financial services, businesses handle large amounts of sensitive data. Maintaining control over this information is vital to protect assets and prevent unauthorised access or breaches. Increased scrutiny from CIOs, CTOs, and boards has heightened the focus on data sovereignty and privacy, leading to more careful evaluations of third-party cloud solutions.

Public clouds may be suitable for workloads not bound by strict data sovereignty laws. However, many organisations find that private cloud solutions are necessary to meet compliance requirements. Factors to consider include the level of control, oversight, portability, and customization needed for specific workloads. Keeping data within trusted environments offers operational and strategic benefits, such as greater control over data access, usage, and sharing.

The trend towards cloud repatriation shows a growing realisation that the public cloud is only sometimes the best choice for every workload. Organisations are increasingly making strategic decisions to align their IT infrastructure with their specific needs and priorities. 



Read more »
Technology
AI Privacy AI technology Apple Apple security features Cloud Computing Cloud technology LLM Technology

Apple's Private Cloud Compute: Enhancing AI with Unparalleled Privacy and Security

 

At Apple's WWDC 2024, much attention was given to its "Apple Intelligence" features, but the company also emphasized its commitment to user privacy. To support Apple Intelligence, Apple introduced Private Cloud Compute (PCC), a cloud-based AI processing system designed to extend Apple's rigorous security and privacy standards to the cloud. Private Cloud Compute ensures that personal user data sent to the cloud remains inaccessible to anyone other than the user, including Apple itself. 

Apple described it as the most advanced security architecture ever deployed for cloud AI compute at scale. Built with custom Apple silicon and a hardened operating system designed specifically for privacy, PCC aims to protect user data robustly. Apple's statement highlighted that PCC's security foundation lies in its compute node, a custom-built server hardware that incorporates the security features of Apple silicon, such as Secure Enclave and Secure Boot. This hardware is paired with a new operating system, a hardened subset of iOS and macOS, tailored for Large Language Model (LLM) inference workloads with a narrow attack surface. 

Although details about the new OS for PCC are limited, Apple plans to make software images of every production build of PCC publicly available for security research. This includes every application and relevant executable, and the OS itself, published within 90 days of inclusion in the log or after relevant software updates are available. Apple's approach to PCC demonstrates its commitment to maintaining high privacy and security standards while expanding its AI capabilities. By leveraging custom hardware and a specially designed operating system, Apple aims to provide a secure environment for cloud-based AI processing, ensuring that user data remains protected. 

Apple's initiative is particularly significant in the current digital landscape, where concerns about data privacy and security are paramount. Users increasingly demand transparency and control over their data, and companies are under pressure to provide robust protections against cyber threats. By implementing PCC, Apple not only addresses these concerns but also sets a new benchmark for cloud-based AI processing security. The introduction of PCC is a strategic move that underscores Apple's broader vision of integrating advanced AI capabilities with uncompromised user privacy. 

As AI technologies become more integrated into everyday applications, the need for secure processing environments becomes critical. PCC's architecture, built on the strong security foundations of Apple silicon, aims to meet this need by ensuring that sensitive data remains private and secure. Furthermore, Apple's decision to make PCC's software images available for security research reflects its commitment to transparency and collaboration within the cybersecurity community. This move allows security experts to scrutinize the system, identify potential vulnerabilities, and contribute to enhancing its security. Such openness is essential for building trust and ensuring the robustness of security measures in an increasingly interconnected world. 

In conclusion, Apple's Private Cloud Compute represents a significant advancement in cloud-based AI processing, combining the power of Apple silicon with a specially designed operating system to create a secure and private environment for user data. By prioritizing security and transparency, Apple sets a high standard for the industry, demonstrating that advanced AI capabilities can be achieved without compromising user privacy. As PCC is rolled out, it will be interesting to see how this initiative shapes the future of cloud-based AI and influences best practices in data security and privacy.
Read more »
Networks
Active Directory Cloud Computing Credential Theft cyber attack Cyber Attacks Networks

Why Active Directory Is A Big Deal?

 


In a cutting-edge study by XM Cyber and the Cyentia Institute, a comprehensive analysis has unveiled a startling reality: a staggering 80% of cybersecurity vulnerabilities within organisations stem from issues related to Active Directory. This might sound like tech jargon, but basically, it's a crucial part of how computers in a company talk to each other.

Active Directory functions as the central nervous system of an organisation's digital environment. Its vulnerabilities, often stemming from misconfigurations and attempts to compromise user credentials, pose significant risks. Tools like Mimikatz further exacerbate these vulnerabilities, enabling malicious actors to exploit weaknesses and gain unauthorised access.

Cloud Computing: New Risks, Same Problems

Even though we talk a lot about keeping things safe in the cloud, it turns out that's not always the case. More than half of the problems affecting important assets in companies come from cloud services. This means attackers can jump between regular computer networks and the cloud, making it harder to keep things safe.

Different Industries, Different Worries

When it comes to who's facing the most trouble, it depends on the industry. Some, like energy and manufacturing, have more issues with things being exposed on the internet. Others, like healthcare, deal with way more problems overall, which makes sense since they have a lot of sensitive data. Tailored strategies are essential, emphasising the importance of proactive measures to mitigate risks effectively.

What We Need to Do

Zur Ulianitzky, Vice President of Security Research at XM Cyber, emphasises the need for a holistic approach to exposure management. With a mere 2% of vulnerabilities residing in critical 'choke points,' organisations must broaden their focus beyond traditional vulnerability patching. Prioritising identity management, Active Directory security, and cloud hygiene is vital in making sure our cloud services are safe.

We need to be smarter about how we protect our computer systems. We can't just focus on fixing things after they've gone wrong. We need to be proactive and think about all the ways someone could try to break in. By doing this, we can make sure our businesses stay safe from cyber threats. Only through concerted efforts and strategic investments in cybersecurity can organisations stay ahead of the curve and protect against the ever-present spectre of cyber threats.



Read more »
Subscribe to: Posts (Atom)