Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cyberdata. Show all posts

European Telecom Industry at the Forefront of Quantum Technology Adoption

 


Even though quantum technologies may sound like something that is decades into the future, a new report released today shows that quantum technology has already come into being - especially in the telecommunications industry - even though most people still imagine something that is decades in the future. While the quantum technology sector has been stagnating for years in research institutions, commercial momentum has begun to gather in recent years. Many other applications for quantum tech are applicable today — as well as those that have been developed for quantum computing and its future promises. The quantum computing domain has been the focus of most of the developments, but there are many other uses for quantum technologies as well. 

There is a growing number of companies and startups across the globe that are commercializing quantum communications, including networks and forms of encryption. Europe also plays an important role in the development of this technology. Currently, 32% of the 100 quantum startups, scale-ups, and small and medium enterprises providing services to the telecom and telecom infrastructure sectors in the country are based in continental Europe. 

This is according to a report released today by Infinity, a branch of Quantum Delta NL that specializes in startup and ecosystem support. In addition to Germany, the Netherlands, France, Switzerland, and Spain, the UK and Ireland also have strong ecosystems with 14% each. There are also Approximately 50% of companies that serve as consumers of quantum technology located in continental Europe and 11 percent in the United Kingdom and Ireland. 

There are already more than 25 quantum networks in Europe today as of today. There are two quantum communications networks in the EU, which are being developed by Deutsche Telekom and two consortia named Petrus and Nostradamus. In London, BT and Toshiba Europe have launched a commercial quantum network, and in France, there is a commercial quantum network being built by BT and Toshiba Europe. In the Netherlands Organization for Applied Scientific Research (TNO), Quantum Lead Teun van der Veen says that telecom companies are becoming an important force in the adoption of quantum technology in real-world applications. 

 For them, integrating quantum into existing infrastructures is all about addressing the needs of the end users, so they are at the forefront of integrating quantum into existing infrastructures. To connect systems and transmit data securely, quantum networks take advantage of unique properties of quantum mechanics, such as superposition and entanglement, as a means of connecting systems and transacting data. Quantum channels can be used to transmit information, but they can also be used to be implemented over optical fibres, free-space optics, or satellite links for this to happen. Many scientists believe quantum networks and quantum encryption are virtually impossible to hack, and thus they will be one of the most secure forms of communication available now. 

Infinity's report states that such quantum-secure links can be used by data centres, satellites and rockets, military and government agencies, railroads, control centres, healthcare centres, hospitals, and many other sites, such as data centres, hospitals, health care centres as well as military and government entities.  Furthermore, quantum networks can also act as the basis for the creation of a global quantum internet, allowing quantum computers to be connected from different locations around the world. The cloud can also offer the possibility of "blind" quantum computing, which can maintain quantum operations' secrecy to those other than the user, allowing them to be used with ease.  

There is an increasing number of companies and governments exploring ways to secure their IT infrastructure and data in the age of global geopolitical tensions and looming cybersecurity threats. It is perhaps unsurprising then that Infinity's report concludes that Quantum Key Distribution (QKD) is the most widely used quantum technology in the telecommunications industry as a result of its popularity. By utilizing quantum mechanics, quantum key distribution (QKD) is an encryption and decryption method which is used by parties to generate a private key which can be used only by them. 

A recent report highlights the advances of European telecom companies in adopting quantum technology, with one notable example being the Delft-based communications security startup, Q*Bird. The company recently secured €2.5 million to advance the development of its Quantum Key Distribution (QKD) product, Falqon, which is currently being trialled at the Port of Rotterdam, the largest port in Europe. Ingrid Romijn, co-founder and CEO of Q*Bird, emphasized the growing interest in quantum communications solutions within the European Union's digital infrastructure. "Together with partners like Cisco, Eurofiber, Intermax, Single Quantum, Portbase, and InnovationQuarter, Q*Bird is already testing quantum-secure communications in the Port of Rotterdam using our novel quantum cryptography (QKD) technology," Romijn stated.

She further remarked that moving forward, more industries and companies could implement scalable solutions to protect data communications by leveraging next-generation QKD technology. Another technology drawing attention is post-quantum cryptography (PQC). While the anticipated "Q-day" – the day when a quantum computer potentially compromises current internet security – is still some time away, many classical cryptography methods will soon be vulnerable to hacking by sufficiently powerful quantum computers. 

PQC algorithms are designed to withstand both classical and quantum attacks. Other quantum technologies with potential applications in the telecom industry include quantum sensors, clocks, simulations, random number generation, and quantum computing. Despite increasing market interest, the report identifies that Europe's quantum technology startups require more support and investment to achieve significant technical and market breakthroughs. Presently, only 42% of quantum tech startups for telecom worldwide have external funding, collectively raising a total of €1.9 billion. Although the European Union has demonstrated a forward-thinking approach, exemplified by the Deutsche Telekom network project, the United States remains ahead in private sector activity and investment. Challenges include raising awareness among business leaders, expanding the skilled workforce, overcoming technical limitations, and building a stronger business narrative. 

These obstacles can be partially addressed through regulatory standardization, increased industry collaboration, and more early-stage support and investment for startups. Key market opportunities for the quantum communications sector lie in government bodies, including military and security services, financial institutions, critical infrastructure departments, and companies in the energy, defence, space, and technology sectors. Pavel Kalinin, Operations and Platforms Lead at Infinity, commented on the growing collaboration between enterprises and startups in telecom. "This signals the industry’s commitment to integrating quantum solutions into commercial applications. Successful implementation of such technologies will depend on coordinated efforts to prepare the workforce, facilitate collaborations, and set industry benchmarks and standards," Kalinin stated.

Security Lapse at First American Exposes Data of 44,000 Clients

 


It has been reported that First American Financial Corporation, one of the largest title insurance companies in the United States, was compromised in December when the company's computer systems were taken down due to a cyberattack that compromised the information of almost 44,000 individuals. Since its founding in 1889, this organization has been providing financial and settlement services to real estate professionals, buyers, and sellers involved in the purchasing and selling of residential and commercial properties. According to the company's report, it generated $6 billion in revenue last year, resulting in over 21,000 employees. 

First American Financial Services announced on December 21 that it had taken some of its systems offline today to contain the impact of a cyberattack, as the financial services company provided little information as to the nature of the attack in a statement provided in the statement. After identifying unauthorized activity on its network, the financial services firm initially revealed that certain systems were taken offline to contain the incident, when it was notified by the firm on December 21 that the incident had occurred. 

First American announced the following day that they had taken their email systems offline as well and that First American Title and FirstAm.com subsidiaries had also been affected by the same. Almost a week later, on January 8, 2024, the financial services firm announced that it was starting to restore some of its systems, but the full restoration of the company's systems wasn't announced until a week later. In December, First American informed the Securities and Exchange Commission (SEC) that the company had suffered a data breach resulting from a computer incident, as well as that certain non-production systems had been encrypted as a result of the data breach. 

As of May 28, an updated form filed by the company indicates that their investigation into the incident has been completed. A company update reads: "After reviewing our investigation and findings, we have determined that as a result of the incident, we may have been able to access the personally identifiable information of nearly 44,000 individuals without their permission," the statement reads. According to the title insurance provider, “the Company will provide appropriate notification to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no charge to them.” 

Five months later, on May 28, the company announced it would not be providing credit monitoring and identity protection services to potentially affected individuals at no cost to them. The US Securities and Exchange Commission (SEC) has confirmed that the attackers gained access to some of its systems and were able to access sensitive information collected by the organization after an investigation into the incident was conducted.

A full report of the incident has been prepared. In the meantime, the investigation has been completed and the incident has been resolved by the company. First American has concluded that as a result of our investigation and findings, personal information regarding about 44,000 individuals may have been accessed without authorization," the company stated. 

There will be no costs for affected individuals to use credit monitoring and identity protection services if proper notification is provided to them. The company will provide appropriate notifications to potentially affected individuals. First American Insurance Company, which is considered the second-largest title insurance company in the nation, collects personal and financial information of hundreds of thousands of individuals each year through title-related documents and then stores it in its EaglePro application, which was developed in-house, according to DFS of New York. 

There was a security vulnerability that was discovered by First American senior management in May 2019 that allowed anyone who had access to EaglePro's link to access the application without requiring any authentication to access not just their documents, but those of individuals involved in unrelated transactions as well." Similarly, Fidelity National Financial, a title insurance provider in the United States, was also the target of a "cybersecurity issue" in November of last year. 

Various levels of disruption to the company's business operations meant that some of its systems were also taken offline to contain the attack, as a result of which some operations were disrupted. An SEC filing made in January confirmed that the attackers had stolen the data of approximately 1.3 million customers using malware that did not self-propagate and that did not spread through network resources.

Shadow IT Surge Poses Growing Threat to Corporate Data Security

 


It was recently found that 93% of cybersecurity leaders have deployed generative artificial intelligence in their organizations, yet 34% of those implementing the technology have not taken steps to minimize security risks, according to a recent survey conducted by cybersecurity firm Splunk, which was previously reported by CFO Dive. 

In the coming years, digital transformation and cloud migration will become increasingly commonplace in every sector of the economy, raising the amount of data businesses must store, process and manage, as well as the amount of data they must manage. Even though external threats such as hacking, phishing, and ransomware are given a great deal of attention, it is equally critical for companies to manage their data internally to ensure data security is maintained. 

In an organization, shadow data is information that is not approved by the organization or overseen by it. An employee's use of applications, services, or devices that their employer has not approved can be considered a feature (or a bug?) of the modern workplace. Whether it is a cloud storage account, an unofficial collaboration tool, or an unsanctioned SaaS application, shadow data can be generated from a variety of sources. 

In general, shadow data is not accounted for in the security and compliance frameworks of organizations, which leaves a glaring blind spot in data protection strategies, which is why it poses the biggest challenge. A report by Splunk says, “Such thoughtful policies can help minimize data leakage and new vulnerabilities, but they cannot necessarily prevent a complete breach.” However, they can help minimize these risks. 

According to the study by Cyberhaven, AI adoption has been so rapid that knowledge workers are now putting more corporate data into AI tools on a Saturday and Sunday than they were putting into the AI tools during the middle of last year's workweek on average. This could mean that workers are using AI tools early on in the adoption cycle, even before the IT department is formally instructed to purchase them. 

The result would be the so-called 'shadow AI,' or the use of AI tools by employees through their accounts that are not sanctioned by the company, and maybe no one is even aware of it. Using AI in the workplace is gaining traction. The amount of corporate data workers are putting into AI tools has jumped by 485% from March 2023 to March 2024, and the trend is accelerating. There are 23.6% of tech workers in March 2024 who use AI tools for their work (the highest rate of any industry). 

It is estimated that only 4.7% of employees in the financial sector, 2.8% in the pharmaceuticals industry, and 0.6% in manufacturing industries use AI tools. The use of risky "shadow AI" accounts is growing as end users outpace corporate IT. There are 73.8% of ChatGPT users who use the application through non-corporate accounts. 

However, unlike enterprise versions of ChatGPT, the enterprise versions incorporate whatever information you share in public models as well. According to the data, the percentage of non-corporate accounts is even higher for Gemini (94.4%) and Bard (95.9%). AI products from the big three: OpenAI, Google, and Microsoft accounted for 96.0% of AI use at work. Research and development materials created by artificial intelligence-generated tools have been used in potentially risky ways currently. 

In March 2024, 3.4% of the materials were created by artificial intelligence-generated tools, which could potentially create a risk if patented materials were included. As a result, 3.2% of the insertions of source code are being generated by AI outside of traditional coding tools (which are equipped with enterprise-approved copilots for coding), which can potentially place the development of vulnerabilities at risk. 

In terms of graphics and design, 3.0% of the content is generated using AI. The problem here is that AI can be used to produce trademarked material which can pose a problem. IT administrators, security teams, and the protocols that are designed to ensure security are unable to see shadow data due to its invisibility. The fact that shadow data exists outside of the networks and systems that have been approved for data protection means that it can be bypassed easily by any protection measures put in place. 

The risk of a breach or leak when data is left unmonitored increases and does not only complicate compliance with regulations such as GDPR or HIPAA but also makes compliance with data protection laws harder. As such, an organization is not able to effectively manage all of its data assets due to an absence of visibility, resulting in a loss of efficiency and a risk of data redundancy. Shadow data poses various security risks, which include unauthorized access to sensitive data, breaches in data security, and the potential for sensitive information to be exfiltrated. 

Shadow data can be a threat from a compliance standpoint because it only requires a minimal amount of protection from inadequacies in data security. Furthermore, there is an additional risk of data loss when data is stored in unofficial locations, since such personal data may not be backed up or protected against deletion if it is accidentally deleted. The surge in Shadow IT poses significant risks to organizations, with potential repercussions that include financial penalties, reputational damage, and operational disruptions. 

It is crucial to understand the distinctions between Shadow IT and Shadow Data to effectively address these threats. Shadow IT refers to the unauthorized use of tools and technologies within an organization. These tools, often implemented without the knowledge or approval of the IT department, can create substantial security and compliance challenges. Conversely, shadow data pertains to the information assets that these unauthorized tools generate and manage.

This data, regardless of its source or storage location, introduces its own set of risks and requires separate strategies for protection. Addressing Shadow IT necessitates robust control and monitoring mechanisms to manage the use of unauthorized technologies. This involves implementing policies and systems to detect and regulate non-sanctioned IT tools, ensuring that all technological resources align with the organization's security and compliance standards. 

On the other hand, managing shadow data requires a focus on identifying and safeguarding the data itself. This involves comprehensive data governance practices that protect sensitive information, ensuring it is secure, regardless of how it is created or stored. Effective management of shadow data demands a thorough understanding of where this data resides, how it is accessed, and the potential vulnerabilities it may introduce. Recognizing the nuanced differences between Shadow IT and Shadow Data is essential for developing effective governance and security strategies. 

By clearly delineating between the tools and the data they produce, organizations can better tailor their approaches to mitigate the risks associated with each. This distinction allows for more targeted and efficient protection measures, ultimately enhancing the organization's overall security posture and compliance efforts.