Digital ID is governments’ savior in COVID-19 and the lockdown era
As COVID-19 went so viral, millions of people followed the governmental advice to stay at home. the Covid-19 pandemic had unprecedented effects on everyone’s daily routine all over the world. Imposing social distancing and the increasing rates of remote working had dramatic effects on the daily activities from banking, payment, identification, issuing certification or even accessing entities. Everywhere, people of all demographics are adapting their daily routine in order to prioritize the health and well-being of society. As we collectively navigate this ‘new normal,’ our reliance on technology has increased tenfold. Countries with Digital identities had faced less obstacles in automating services through the pandemic. We think digital identity is the right choice to help life to continue through online channels. It is more important now than ever to use a secure and user-friendly solution to manage the personal and professional daily responsibilities, from access to banking, government resources and all the other critical services. As per 2016 statistics most developing countries had some form of digital ID scheme tied to specific functions and serving a subset of the population, but only a few have a multi-purpose scheme that covers the entire population. Eighteen percent of developing countries have a scheme that is used for identification purposes only; 55 percent have digital IDs that are used for specific functions and services like voting, cash transfers, or health; and only 3 percent have foundational ID schemes that can be used to access an array of online and offline services. Digital ID schemes rely on a backbone of connected systems, databases, and civil or population registries. These in turn have been established through a thorough enrollment process of the targeted population. Many programs now include the use of both biometric data and traditional biographical data, as well as programs to eliminate duplicate enrollments to help ensure that each individual has only one registered identity and one unique identifying number. How Digital identities will affect individuals and entities? Individuals can use identification to interact with businesses, governments, and other individuals in six roles: as consumers, workers, micro-enterprises, taxpayers and beneficiaries, civically engaged individuals, and asset owners. Correspondingly, institutions can use an individual’s identity in a variety of positions: as commercial providers of goods and services, interacting with consumers; as employers, interacting with workers; as public providers of goods and services, interacting with beneficiaries; as governments, interacting with civically minded individuals; and as asset registers, interacting with individual asset owners. The analysis presented that there will be nearly 100 ways of using digital ID, organized by the roles played by individuals and institutions. We believe the world will probably have the most dynamic year in terms of digital ID and biometrics.
Software and Information security biggest acquisition 2020!
Technology acquisition doesn’t only add significant economic values to firms, enhance their competitive position, but also adds to the industry. TrustSec would like to congratulate our technology partner Infineon for their recent acquisition of Cypress Semiconductor Corporation. They are now in an even stronger position to offer the industry an unparalleled range of hardware, software and security solutions. We believe this acquisition is a major step in the strategic evolution of Infineon that will bring valuable advantages to its customers. Trustsec has successfully cooperated previously with Infineon in integrating TrustSec operating system SLCOS with Infineon 500k chip. As a result, Infineon has initiated a new production line of TrustSec smart card OS (SLCOS) issued on the 500k chip with a dual interface module and VQFN 32. After Infineon acquisition of Cypress Semiconductor Corporation, we are looking forward to more mutual cooperation to provide valuable advantages to the information security industry. Read more about: Trustsec smart card operating system
Exploiting people’s fears in COVID-19 Phishing attacks.
Cybercriminals have exploited the repetitive usage of coronavirus/ COVUD -19 in search engines to create malware attacks. Email scams, phishing, fake apps and malware attacks tied to the pandemic all seem to be on the rise. Recent research from Bitdefender indicated that third-party Android app developers have begun taking advantage by using coronavirus-related keywords in their application names or descriptions. As per Android telemetry data analysis, Bitdefender identified 579 applications that contained corona-related keywords. Most of the applications weren’t related to the coronavirus news or updates, while others contained adware or were bundled with malware or information stealers under the guise of live tracker applications. Examples include apps imitating coronavirus information sites to spread banking trojans, and spyware disguised as coronavirus diagnosis applications. A wide range of threats has leveraged on the coronavirus in recent weeks as: Ginp banking Trojan uses information about people infected with coronavirus as bait to lure Android users into giving away credit card data There has been a rise in fake apps that purport to sell coronavirus cures or face masks, or urge users to make donations for fake charities A recently discovered hack targeted small-office routers to redirect users to malicious sites that pose as COVID-19 informational resources in an attempt to install Oski malware that steals passwords and cryptocurrency credentials Attackers have been found abusing the names of many organizations in extortion and phishing campaigns, including the World Health Organization (WHO) The findings by Bitdefender is the latest in a long list of threats piggybacking on the coronavirus pandemic. How to protect yourself Official marketplaces should be the main consideration in case of new apps installation. End-users should be extra more careful when they install new applications during this difficult time. Mobile application protection For the application providers, mobile application protection is crucial to protect the users’ information and protect the app from malware and other mobile threats.
TrustSec statement on Coronavirus (COVID-19)
As a multinational company, Trustsec understands that the coronavirus (COVID-19) is impacting everyone around the world. In the interest of our staff, their families and communities, our customers and partners and from our responsibility in combating the spread of COVID-19, we have taken several steps to do our part in limiting the outbreak by permitting working from home. At the same time, Trustsec is striving to operate in a manner that ensures business continuity. Our technical support will continue to be provided in accordance with the service level agreements (SLA) and upcoming software releases will be delivered as planned. We also have a Disaster Recovery Plan in place that takes into account any system breakdown and other serious network security events. All source code is backed up securely and most servers are set up using automatic configuration management, which means that they can be restored in an identical manner in a very short time. Furthermore, we maintained a proactive dialogue with all our critical external service providers and ensured continuity of service. Trustsec allowed its staff to work from their homes, and a very limited amount of employees will still work from our offices. Our workforce is capable of working remotely, and many do so as part of the regular day-to-day routine, already. Security routines such as secure access to all IT resources within the business, as well as to the internet itself, are already in place and well incorporated. Trustsec’s emergency plans are activated in this context. We do not foresee any changes to our operational activities. This means that we do not expect any significant effect in regards to our partners and customers. Travel is restricted, and Trustsec suggests rescheduling face-to-face meetings to video, telephone or web conferences as an alternative. In case you have any questions or concerns, please get in touch with us.
FIDO2 – Fast Identity Online
FIDO2 Technology FIDO2 is the latest specification of FIDO Alliance (Fast Identity Online), which was created to provide open and license-free standards for secure, Web Authentication. First came FIDO U2F, then FIDO UAF and lately followed by the FIDO2. At its core, FIDO2 consists of the Client to Authenticator Protocol (CTAP) and the W3C standard WebAuthn, which together enable authentication, where users identify themselves with cryptographic authenticators (such as biometrics or PINs) or external authenticators (such as FIDO keys, wearable or mobile devices) to a, trusted WebAuthn remote peer (also known as a FIDO2 server) that typically belongs to a website or web app. The difference between FIDO and FIDO2 compliant keys FIDO2 is an improvement over the U2F standard, mainly with the ability to now perform password-less logins. This had to do with a shortcoming in the U2F protocol and/or devices such that they didn’t need to have much storage on these devices. Other FIDO2 authenticators can have extra functionality: User Verification (eg fingerprint, or PIN); and/or storing the {server id, user id, key pair, key handle} on the authenticator (called a “resident key”). To address this, the new FIDO2 devices are now required to persist your username(s) for a particular site. The new CTAP2 protocol has also been extended to accommodate a more sophisticated authenticator. How does FIDO2 work? FIDO Alliance’s main goal was to eliminate passwords on the web. In order to achieve this, a secure communication path between the browser and the respective web services must be accomplished and this process is explained below: The user registers with an online service and generates a new key pair on the device used – consisting of a private key and a public FIDO2 key. The private key is stored on the device and is only known on the client-side, the public key is registered in the web service’s key database. Authentication is now only allowed through the verified private key, which must always be unlocked by the user. There are more options of FIDO2 authenticators that could authenticate with more factors such as entering a PIN, pressing a button, fingerprint, or inserting separate two-factor hardware (FIDO2 token). What differentiates Fido2 tokens? The users will not face fragile password problems and can experience a password-less The user can simply authenticate his identity by pressing a button on a USB device or tapping over NFC. Fido2 tokens can support any number of services. Fido2 tokens enhance security levels by not sharing secrets between service providers and the fido2 token holder. Read more about TrustSEC solutions Fido2 Tokens Biometric Fido u2f security key Biometric PKI Token OTP (one time password) Secure Network Access Secure Data Exchange
COVID-19: Is implementing a remote working policy secure?
Nowadays enterprises took many steps towards the digital transformation. Remote work is on the rise and many organizations are asking their employees to work from home. As the COVID-19 pandemic continues to sweep the globe, governments and organizations are trying to save their employees’ lives by isolating them and not exposing them to the daily interactions. Information security was the biggest challenge that faced organizations towards applying this decision. Saving the organization information and securing their sensitive data against cyberattacks was a necessity. However, advancements in technology made the working from home decision easier. Organizations can allow their employees to work from anywhere with a guarantee that they can securely access networks and systems with the MFA multi-factor authentication solutions or the OTP (one-time-password). Unsecured networks, phishing scams and securing users’ credentials aren’t as risky as before. MFA authentication made it difficult for attackers to steal the accounts. Although the evolution of cyberattacks and phishing attacks are taking place, information security companies are more prepared to support IT departments in these challenges. Employees now can access systems remotely without introducing new risks and vulnerabilities by enabling multi-factor authentication. (MFA) should be one of the top requirements for a work from home policy. Trustsec offers biometric fido u2f security key and biometric PKI token as multifactor authentication solutions. Why should you choose Trustsec MFA solutions? MFA solutions are the most secure authentication solutions as, they require each individual unique fingerprint to permit access to a network, device or system. Trustsec MFA tokens are easy-to-use, and multi-function solutions also Trustsec PKI tokens are unique as so many applets can be added to the token. Read more about Trustsec solutions Biometric Fido u2f security key Biometric PKI Token OTP (one time password) Secure Network Access Secure Data Exchange