Tag Archive for: content

Client-side content scanning as an unworkable, insecure disaster for democracy • The Register

/in


Fourteen of the world’s leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks.

Client-side scanning (CSS, not to be confused with Cascading Style Sheets) involves analyzing data on a mobile device or personal computer prior to the application of encryption for secure network transit or remote storage. CSS in theory provides a way to look for unlawful content while also allowing data to be protected off-device.

Apple in August proposed a CSS system by which it would analyze photos destined for iCloud backup on customers’ devices to look for child sexual abuse material (CSAM), only to backtrack in the face of objections from the security community and many advocacy organizations.

The paper [PDF], “Bugs in our Pockets: The Risks of Client-Side Scanning,” elaborates on the concerns raised immediately following Apple’s CSAM scanning announcement with an extensive analysis of the technology.

Penned by some of the most prominent computer science and cryptography professionals – Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague, and Carmela Troncoso – the paper contends that CSS represents bulk surveillance that threatens free speech, democracy, security, and privacy.

“In this report, we argue that CSS neither guarantees efficacious crime prevention nor prevents surveillance,” the paper says.

“Indeed, the effect is the opposite. CSS by its nature creates serious security and privacy risks for all society while the assistance it can provide for law enforcement is at best problematic. There are multiple ways in which client-side scanning can fail, can be evaded, and can be…

Source…

Box adds ransomware content security; Box Sign goes GA

/in


Box Inc. has announced new integrations with Microsoft Office, Slack and Zoom in an effort to increase collaboration among users.

The Slack integration, planned for later this year, will enable Slack users to upload files to Box within the Slack interface as well as maintain Box content security protocols and user-set compliance rules. A Box app for Zoom, launched last month in the Zoom App Marketplace, cuts down on clicks for presenting Box files in Zoom meetings. It also enables users to browse, preview and share Box files directly from Zoom, whether the meeting is active or not.

For Box users whose organizations meet and collaborate with Teams and use Microsoft Office apps such as Excel, Word and PowerPoint, the latest integrations enable multi-person collaboration in Word online and desktop apps in Box files. For companies that use both Teams and Box — which Box claims is in the hundreds of thousands — the Box-Teams integration enables Box to be the default storage destination for content.

For users of the Box Shield content security add-on, Box released more content security features that include ransomware detection that quarantines files before they can shut down a Box user’s network. The Box Shield approach to content security is “ingenious,” said Deep Analysis founder Alan Pelz-Sharpe, because while a Box customer may have millions of documents spread among petabytes in its Box instance, Box Shield focuses on only the ones that are active at any given moment. Box’s security features and security certifications such FedRAMP High keep them ahead of many competitors, he said.

“Truthfully, that’s been their big differentiator,” Pelz-Sharpe said. “[Companies] that are in product selection mode who ask me about file-sharing systems, it’s just become rote to say, ‘Well, if you’re really, really concerned about compliance and security, you definitely should be looking at Box.'”

Box for Microsoft integration
Among the features unveiled at BoxWorks Digital 2021 is an integration with Microsoft Word that enables multi-party live editing of files in Box.

Box adds mobile document scanner

Vendors are turning smartphones into document scanners that perform optical character recognition. Adobe released…

Source…

Shut the door on ransomware – Partner Content

/in


Shut the door on ransomware

It’s time to prioritise IT hygiene.

Warnings about ransomware will likely continue in 2021. Yet a critical component of cyber security is still often overlooked in commentary about the topic.

This often-ignored component is the visibility of IT networks and endpoints – a pillar of IT hygiene.

Slow visibility of endpoints can result in lingering uncertainty about what data was compromised. A delay in determining the damage from an attack can leave people uncertain and exposed, destroying trust in an organisation.

In a time when digital transformation has leapt ahead and working from home has increased, it is no longer acceptable to rely on outdated endpoint management tools, policies and cultures. IT hygiene needs to step into the spotlight.

Ransomware makes a compelling use case for focusing on IT hygiene.

Ransomware often targets organisations with endpoints that expose Remote Desktop Protocol (RDP) to the internet. Automated brute-force attacks using common administrator usernames can provide access to these systems. Once successful, the RDP hosts can be used as a foothold to target the rest of the environment. Even if a victim manages to detect or prevent subsequent stages of the attack, failure to identify and resolve these vulnerable entry-points will leave the network susceptible to re-compromise.

This scenario highlights that most security issues are caused by a basic hygiene failure that could have easily been identified and corrected with the proper network visibility and tools, and simple user education.

Five steps you can take now to improve your IT hygiene

Are your security hygiene practises as strong as they can be? Is your organisation ready to withstand the next attack?

Here are five steps your organisation can take now to improve your IT hygiene:

  1. Assess your organisational obstacles. Are your security and IT ops teams working in tandem? If not, where are the areas of friction and how can these be addressed?
  2. Know your environment. If your CIO…

Source…

How to recover from ransomware when prevention fails – CRN Channel Academy – CRN Australia – People/HR – Promoted Content – Security

/in


How to recover from ransomware when prevention fails

A disaster recovery plan should evolve as your business does.
Photo by Michael Geiger on Unsplash

Ransomware attacks don’t just target a business’s single endpoint. They can infect its entire network in seconds if they can penetrate remote management software. On top of the increasing ransomware threat, businesses are producing more data than ever. In fact, according to a StorageCraft Global Research study, 86% of experts believe data volume will increase 10 times or more in the next 5 years.

With increasingly targeted ransomware attacks and an explosion in data creation, it’s clear why businesses must take a more sophisticated approach to data protection. The only thing between your business and data loss or a ransom is a disaster recovery (DR) plan. Ransomware is everywhere, and sooner or later your business will be attacked. When that happens, how will you recover? Recovery starts with a clearly defined plan.

Ransomware Planning: It’s Working (Mostly)

The good news is that although more businesses are succumbing to ransomware, at the same time more businesses are recovering safely. According to our recent webinar, StorageCraft has seen an 8X growth in ransomware restorations since 2017. Businesses that can recover have a plan, execute it, and ultimately prevent data loss.

But remember, a plan should account for protecting data as well as reducing downtime. Although data may be safe with basic data protection measures, many businesses take days—or even weeks—to recover if there’s a significant failure event. According to data from StorageCraft’s recent global study, only 15% of businesses can recover from severe data loss within an hour. When downtime can cost as much as $5,600 every minute, even an hour can be expensive.

Rather than watch dollars slip down the drain, let’s look at how to build a solid plan that prevents data loss and costly downtime.

Three steps for building a rock-solid DR plan for ransomware

A disaster recovery plan should…

Source…