Monday 5 December 2016

Impact of wearables on BYOD

software development companies

It’s a known fact that many IT departments struggled with the growth in BYOD policies adopted by software development companies all over the globe. In an effort of protecting critical business data and making sure that all devices worked properly as employees used their own devices for work, IT had to handle more complex challenges. But that complex problem has now moved on to the next level, as employees have started bringing wearable devices for work.

With the latest announcement of the Apple Watch, alongside other wearable gadgets like Samsung’s Galaxy Gear and Google Glass, the wearable device market is on the verge of exploding. (Burrus, 2014) estimated sale of 10 lakhs wearable devices in 2014, and the same number is predicted to increase to 3000 lakhs by 2018. IT workers need to get prepared now, because wearable devices are making their place in the office premises sooner rather than later.

Wearable devices have the benefit of creating unique opportunities for a software development company though these devices also bring along the threats in a globally connected world.
Assimilating wearable devices into the work environment can arise a situation where company information is even more suitably accessed and utilized. For example, software installation can be done using smart glasses by following step by step instructions in case the installation procedure is complex.

The advantages might tempt business leaders to use wearable devices, but the same technology also brings with it, some drawbacks, the most concerning being increased security risks. IT workers have spent lot of their efforts in testing and approving apps using MDM software. As wearable devices become more prevalent, new apps will be developed, forcing IT department to go through that whole process once again.

IT departments will also have to build security controls for these new devices. Most organizations have controls in place that include a remote lock or wipe feature, where devices that are misplaced or stolen can be locked or wiped to ensure the data which resides inside the device is protected from unauthorized visitors. These controls will have to be created for wearable technology too.

There are also concerns over how wearable devices might be used to steal information by employees within the company (like an employee secretly recording a confidential meeting using smart glasses). So as this new technology comes alive, the search to answer these questions begins.
Even if the security concern is properly addressed, other significant obstacles will keep the businesses away from using wearable devices widely in the immediate future. Currently, most of these devices are expensive with prices out of the range of the average customer. Strategic level employees such as CXOs may use them, but making them available for operational level employees will be difficult until prices decline.

The other concern is the cost of data that comes with using more mobile devices in the work environment. As more innovative gadgets make their way to the workplace, increasing the amount of consumption of data, which can reduce the bandwidth of a business’s network. Pair that with the security risks mentioned above, and prevalent adoption of wearable devices under a BYOD policy might take a year or more to happen.

It took years for software development companies to finally get a handle on BYOD when it came to mobile devices and tablets. That epoch of BYOD created a radical shift in the business world which increased efficiency but introduced new security risks.

Conclusion: 
Wearable devices will likely outgrowth the next revolution in the workplace. If businesses don’t want to be caught unprepared, now is the time to create the policies and procedures to deal with the influx of new technology. With the right strategies in place, every software development company adapting WYOD will be able to gain maximally from the benefits while minimizing the drawbacks.

Bibliography
Burrus, D. (2014). How Wearables will Transform Business. Burrus Research.

Thursday 3 November 2016

Data Mining

custom software development companies

Introduction:
      Data mining, the extraction of hidden predictive information from large databases, is a powerful new technology with great potential to help companies focus on the most important information in their data warehouses. Data mining tools predict future trends and behaviors, allowing businesses to make proactive, knowledge-driven decisions. The automated, prospective analyses offered by data mining move beyond the analyses of past events provided by retrospective tools typical of decision support systems. Data mining tools can answer business questions that traditionally were too much time consuming to resolve. They drill down databases for hidden patterns, finding predictive information that experts may miss because it lies outside their expectations. Data mining also helps for content management systems that manage the process of gathering data, transforming it into useful, actionable information, and delivering it to business users.

Benefits:
Marketing / Retail:

  • Data mining helps marketing companies build models based on historical data to predict who will respond to the new marketing campaigns such as direct mail, online marketing campaign etc. 
  • Through the results, marketers will have an appropriate approach to selling profitable products to targeted customers.

Finance / Banking:
  • Data mining gives financial institutions information about loan information and credit reporting. 
  • By building a model from historical customer’s data, the bank, and financial institution can determine good and bad loans. 
  • In addition, data mining helps banks detect fraudulent credit card transactions to protect credit card’s owner.

Manufacturing:
  • By applying data mining in operational engineering data, manufacturers can detect faulty equipment and determine optimal control parameters.
  • Data mining has been applying to determine the ranges of control parameters that lead to the production of the golden wafer. 
  • Then those optimal control parameters are used to manufacture wafers with desired quality.

Government:
  • Data mining helps government agency by digging and analyzing records of the financial transaction to build patterns that can detect money laundering or criminal activities.

Challenges:
There are so many challenges faced by software development companies regarding data mining as follow:

Privacy Issues:
  • The concerns about the personal privacy have been increasing enormously recently especially when the internet is booming with social networks, e-commerce, forums, blogs etc.
  • Because of privacy issues, people are afraid of their personal information is collected and used in an unethical way that potentially causing them a lot of troubles. 
  • Businesses collect information about their customers in many ways for understanding their purchasing behaviors trends. 
  • However, businesses don’t last forever, some days they may be acquired by other or gone.
  • At this time, the personal information they own probably is sold to other or leak.

Security Issues:
  • Security is a big issue. Businesses own information about their employees and customers including social security number, birthday, payroll and etc. 
  • However how properly this information is taken care is still in questions. 
  • There have been a lot of cases that hackers accessed and stole big data of customers from the big corporation such as Ford Motor Credit Company, Sony etc. with so much personal and financial information available, the credit card stolen and identity theft become a big problem.

Misuse of information:
  • Information is collected through data mining intended for the ethical purposes can be misused.
  • This information may be exploited by unethical people or businesses to take benefits of vulnerable people or discriminate against a group of people.


Conclusion:
Data mining is an important part of knowledge discovery process that we can analyze an enormous set of data and get hidden and useful knowledge.  This concept is very useful to all software development companies in India.

Tuesday 4 October 2016

Analysis in Risk Assessment

Software development company in india

Most important step in measuring level of risk is to determine the adverse impact subsequent from a successful threat exercise of a vulnerability. Before initiating the impact analysis, it is compulsory to obtain the following necessary information.
  • System mission (e.g., the procedures performed by the IT system)
  • System and data criticality (e.g., the system’s value or significance to an organization)
  • System and data sensitivity.

This information can be attained from existing organizational documentation, for example the mission impact analysis report or asset criticality assessment report. A mission impact analysis(also recognized as business impact analysis [BIA] for some software companies in India) prioritizes the impactlevels related with the compromise of an organization’s information assets based on aqualitative or quantitative valuation of the sensitivity and criticality of those assets. An assetcriticality assessment recognizes and prioritizes the sensitive and crucial organization information assets (e.g., hardware, software, systems, services, and related technology assets) that pillar the organization’s critical missions.

Few tangible impacts can be measured quantitatively in lost revenue, the price of repairing thesystem, or the level of effort needed to correct problems caused by a fruitful threat action.Additional impacts (e.g., loss of public confidence, loss of credibility, damage to an organization’sinterest) cannot be calculated in specific units but can be qualified or labelled in terms of high,medium, and low impacts. Because of the generic nature of this discussion, this guide entitlesand describes only the qualitative classifications—high, medium, and low impact

Magnitude of Impact : Impact Definition

High Exercise of the vulnerability
  1. may result in the exceedingly costly loss ofmajor tangible assets or resources; 
  2. may significantly disturb, harm, orimpede an organization’s mission, reputation, or interest;
  3. may resultin human death or severe injury.

Medium Exercise of the vulnerability 
  1. may result in the pricy loss of tangibleassets or resources; 
  2. may violate, harm, or obstruct an organization’smission, reputation, or interest; or 
  3. may result in human harm.

Low Exercise of the vulnerability 
  1. may result in the loss of some tangible assets or resources or 
  2. may strikingly affect an organization’s mission, reputation, or interest.


Quantitative versus Qualitative Assessment


In steering the impact analysis, consideration should be given to the benefits and shortcomings of quantitative versus qualitative assessments. The foremost advantage of the qualitative impact analysis is that it priorities the risks and classifies areas for instant improvement in addressing the vulnerabilities. The shortcoming of the qualitative analysis is that it does not deliver specific quantifiable measurements of the magnitude of the impacts,consequently making a cost-benefit analysis of any commended controls difficult.The major advantage of a quantitative impact analysis is that it delivers a dimension of the impacts’ magnitude, which can be used in the cost-benefit analysis of recommended controls.The shortcoming is that, depending on the numerical ranges used to express the measurement,the connotation of the quantitative impact analysis may be unclear, wanting the result to be interpreted in a qualitative manner. Supplementary factors often must be considered to determine the magnitude of impact. These may include, but are not limited to—
  • An approximation of the occurrence of the threat-source’s exercise of the vulnerability over a quantified time period (e.g., 1 year)
  • An approximate cost for each incidence of the threat-source’s exercise of the vulnerability
  • A numerical factor based on a subjective analysis of the comparative impact of a specificthreat’s exercising a specific vulnerability.

Business impact analysis (BIA) is a methodical process to determine and evaluate the prospective effects of an interruption to critical business operations as a result of a catastrophe, accident or emergency. A BIA is an indispensable component of business continuance plan of almost any software company in India; it comprises an exploratory component to disclose any vulnerabilities and a planning component to cultivate strategies for minimising risk.

Monday 26 September 2016

Password Hacking Techniques

Web development companies

There are number of methods used by hackers to hack your account or get your personal information like password. Password hacking is very common nowadays. So Web development companies should implement countermeasures of password hacking. The most common password hacking tricks and their countermeasures are as follow:

Brute force attack: 
  • Brute-force attack is used to crack any password. 
  • Brute-force attacks try every possible combination of digits, alphabets and special characters until the correct password is match.
  • Brute-force attacks can take very long time depending upon the complexity of the password. 
  • Countermeasures:
    •  Use long and complex passwords.
    •  Try to use combination of upper and lowercase letters along with numbers.

Social Engineering:
  • It is process of manipulating someone to trust you and get information from him/her. 
  • Let’s take an example. If the hacker was trying to get the password of his co-workers’ computer, he might call them pretending to be from the IT department and simply ask for their login details. 
  • It can be used to hack password, bank credentials or any personal information.
  • Countermeasures:
    • Never ever give your credit card details on phone.
    • If someone tries to get your personal or bank details ask them few questions.

Rats and Key loggers:
  • Key logger is sent to the victim’s computer to crack a password.
  • Now hacker keeps monitoring everything victim does on his computer including password by key loggers.
  • So it is major concern for software development companies.
  • Countermeasures:
    • Never login to your personal user account from someone else or cyber cafe computer.
    • Use latest anti-virus software and keep them updated.

Phishing:
  • This attack is used by hackers to get someone account details like username and password.
  • In this attack, hacker sends fake page of real website like Facebook, Gmail to victim. When someone login through that fake page, his details is sent to the hacker. 
  • Countermeasures:
    • Always make sure that websites URL is correct.
    • For example, you should check whether it is gmail.com or phishing page gmmail.com.

Rainbow Table:
  • Rainbow table is a big pre-computed list of hashes for every possible combination of characters.
  • A password hash is a list of passwords that have gone through a mathematical algorithm and are transformed into something which is not recognizable. 
  • A hash is a nothing but an encryption so when a password is hashed it cannot get back to the original string from the hashed string.
  • Countermeasures:
    • Make sure the password chosen is long and complex. 
    • Creating tables for long and complex password takes a very long time and a lot of resources.

Guessing:
  • This can easily help attacker to get someone’s password within seconds.
  • If hacker knows you, he can use your personal information he knows about you to guess your password. 
  • Countermeasures:
    • Don't use your first name, nickname, mobile number or birthdate as your password. 
    • Create complex and long password with combination of letters and numbers.

Dictionary Attack:
  • A file of words is run against user accounts, and if the password is a simple word, it can be found pretty quickly.
  • Countermeasures:
    • Use long and complex passwords. 
    • Try to use combination of upper and lowercase letters along with numbers.

Conclusion:
This article is for everyone including web development companies in India to protect their personal information like username, password. Countermeasures suggested above should be implemented.

Monday 12 September 2016

Frauds in Online Payment Systems

custom application development companies

Nowadays, everything is online. Online shopping, online money transfers and online banking help in saving a lot of time and making our lives easier. These facilities are provided by software development companies in  India by developing online payment system software. However, these same technologies also make life easier for cyber criminals by offering them short and quick ways to steal users’ money. 

Using stolen payment data is an effective and popular way of making a quick profit. Hacking a bank is more time-consuming and expensive and the risk of being caught is higher. By contrast, many individuals use computers with different vulnerabilities, which can be compromised easily. By stealing a comparatively lesser amount from each hacked online banking account, a cyber criminal has a good chance of going undetected. 

Frauds are classified as follows:

  • Online frauds
  • Offline frauds
Online frauds occur when fraudster owns legitimate company to get sensitive personal information and illegally conduct transactions in the existing accounts. Phishing and spoofing are types of online frauds. Online frauds occur when fraudster steals sensitive information of customers such as bank account number, credit card number or other identification and uses it to open new account or performs transaction in the customer/company's name. There are many types of e-frauds in online payment systems and they can occur in following ways:

Account Hacking:

  1. Hacking includes gaining illegal entry into a person computer system during online payment. Fraudster use compromised customer credentials to hack the origination system and misuse it in the legal account holder's name.

Identity Theft:

  1. Identity theft refers to crime in which fraudster illegally gets and uses another individual's personal information in such a way that involves fraud to gain something of value during online transaction.

Phishing:

  1. Phishing is a well-known technique for obtaining confidential sensitive personal information from any customer by posing as a trusted authoring. It is an attack by fraudster to "fish‟ for your baking details through emails having attachment files or hyperlinks to different websites. This e-mail creates a fake image to be sent from legitimate organization to cheat people in order to disclose sensitive information.
  2. On clicking any attachment or the hyperlink residing in e-mail ,the computer system get infected with malware. Now when next online transaction takes place, the malware will activate and steal private and personal financial information which includes credit card numbers, PIN number which is used by fraudster to steal money from the account.

Spoofing:

  1. This attack is about creating a fake or duplicate website for criminal use. The fraudsters  are having fake companies name, logos, graphics and even code. This often takes form of  trade sites where in people would innocently providing personal information to criminals or purchase of a fake product that actually does not exist.

Check frauds:

  1. Check frauds are a major threat to financial security. Electronic check frauds can be easily taken place; the fraudster uses printer, desktop phishing software and scanner. The most common forms of check fraud include altering check, forging endorsement, counterfeiting checks and creating remote checks.

Nigerian advance free fraud:

  1. This e-fraud is the most popular and lucrative fraud. Fraudsters often arrive with bulk mailing or family member email of asking the recipients to enter into business and getting money transferred with huge commission in return. 
  2. Once the contact is established the fraudsters request money in advance which need opening of an account in the bank or paying some fee which leads to troubles and expenses.

Lottery frauds:

  1. One will receive scam emails informing of winning a substantial amount of money in a lottery draw. When the receiver reply's, the sender then asks for bank account details and other personal information so they can transfer the money. These emails are fake and may ask to pay a handling fee that will lead to loss of money and your personal information which may be used in other fraud.

Conclusion:

E-frauds are taking place in online payment systems. So it is becoming a danger for software development companies in India as online payment systems are developed by these companies. There should be encryption algorithms implemented to reduce these e-frauds.

Wednesday 24 August 2016

Security Issues in E-commerce

ecommerce solution providers in India

E-commerce is nothing but buying and selling products or services over electronic systems such as Internet. Nowadays, wide variety of commerce is conducted via e-Commerce. E-commerce systems are based upon internet use developed by ecommerce solution providers in India and across globe, which provides open and easy communications on a global basis. Consumers browse through catalogues, searching for best offers, order goods and pay them electronically.

Doing some electronic business on the Internet is already an easy task. As is cheating and snooping. The use of the internet means that your internal IT and e-commerce systems are potentially accessible by anyone, irrespective of their location. So threats to e-Commerce systems are increasing day by day.

Some of the more common threats  to e-commerce systems include:
  • Carrying out denial-of-service (DoS) attacks that stop access to authorised users of a website, so that the site reduces level of its service.
  • Gaining access to sensitive data such as price listing, service catalogues and valuable intellectual property and altering, destroying or copying it
  • Altering your website and so harming your reputation or directing your customers to another site
  • Gaining access to financial information about your business or your customers, with a view to committing a fraud
  • Using viruses to corrupt your business data

Security of E-commerce is protecting e-commerce assets from unauthorized access, use, alteration, or destruction. Some major security features are as follows:
  • Authentication:
    Verifies who you say you are.
    It enforces that you are the only one who can login to your Internet banking account.
  • Authorization:
    Allows only you to manipulate your resources.
    This can help you prevent increasing the balance of your account or deleting a bill.
  • Encryption:
    Deals with information hiding.
    It ensures cardholder data is hidden during Internet banking transactions.
  • Auditing:
    Keeps a record of operations. 
    Sellers use auditing to confirm that you bought specific merchandise.
  • Integrity:
    Prevention against unauthorized data alteration.
  • Non-repudiation:
    Prevention against any one party from disagreeing on an agreement after the fact.
  • Availability:
    Prevention against data delays or removal.
There are majorly three types of security threats for e-Commerce:
  1. Denial of service
  2. Unauthorized access
  3. Theft and fraud
Denial of service attack:

Two primary types of DOS attacks: spamming and viruses

Spamming:
  • Sending unsolicited emails to everyone.
  • A hacker responsible for E-mail bombing targeting one computer or network, and sending many number of email messages to it.
  • Surfing involves hackers placing software agents onto a third-party system and setting it off to send requests to a specific target.
  • DDOS (distributed denial of service attacks) involves hackers placing software agents onto a number of third-party systems and setting them off to simultaneously send requests to an intended target.
Viruses:

  • Compromised computer programs designed to perform unwanted events.
Unauthorized access:
  • Illegal access to systems, applications or data
  • Listening to communications channel for finding secrets.

Theft and fraud:
  • Cardholder data theft during online shopping using e-Commerce.
  • Fraud occurs when the stolen data is modified or misused.
  • Steal software via illegal copying from company‘s servers.
  • Steal hardware, specifically laptops.

Conclusion:

There are so many security issues going on in e-Commerce. This is very major concern for ecommerce solution providers in India and across globe. So there should be some security mechanisms to overcome these security issues.