Data Protection and Backup Solutions

🚨Department of the Air Force Zero Trust Strategy: Blueprint for Excellence🚨 The Department of the Air Force (DAF) has unveiled its comprehensive Zero Trust Strategy, marking a significant shift towards a more secure and resilient cybersecurity posture. The DAF Zero Trust strategy emphasizes the transition from a network-centric to a data-centric security model, ensuring that data is treated as the new perimeter. Here are the seven strategic objectives that form the core of DAF's approach: 1️⃣Applications and Workloads: Application-Level Visibility and Control 🔹Continuous application discovery and onboarding 🔹Tightly controlling application visibility and access 2️⃣Data: Data As The New Perimeter 👈👈 🔹Continuous data discovery and tagging 🔹Implementing data loss prevention analytics 3️⃣Users: Right Access, To The Right Entity, For The Right Reason 🔹Enforcing enterprise access and policy management services 🔹Enabling universal multi-factor authentication 4️⃣Endpoint Devices: Reduce The Risk Created By Any Single Device 🔹Continuous hardware and software discovery 🔹Enforcing endpoint asset compliance 5️⃣Network and Environment: Access To Protected Resources Anytime, Anywhere 🔹Mature network discovery and monitoring 🔹Deploying Software Defined Perimeters (SDPs) close to protected resources 6️⃣Automation and Orchestration: Automated Security Responses Based on Security Policies 🔹Developing policy inventory and workflow enrichment 🔹Implementing automated defensive cyber maneuvers 7️⃣Visibility and Analytics: Improve Detection and Reaction Time 🔹Comprehensive log collection and analysis 🔹Establishing threat alerting mechanisms Key Quotes: "This strategy aims to strengthen the DAF’s cybersecurity posture and provide the warfighter assured and secure data access at the speed of war, while simultaneously denying adversary efforts to achieve information dominance." (pg iii) "Achieving application-level visibility, control, analytics, and governance across every endpoint reduces the overall risk from any single device, while cloaking and micro-segmentation simultaneously shrink the attack surface and impair an adversary’s lateral movement and privilege escalation." (pg 4) "The greatest risk to this strategy is institutional resistance to change. This massive cultural shift requires all DAF communities to adapt in uncomfortable ways and participate in its collective cybersecurity mission." (pg 15) #data #informationsecurity #technology #computersecurity #zerotrust

What a surprise for the EU 😱 😉 A recently published expert opinion commissioned by the German Federal Ministry of the Interior has sparked a pivotal discussion on data governance and sovereignty. According to the report, US authorities can exert far-reaching access rights to cloud data managed by US-based companies, even when that data is stored in European data centers and administered through local subsidiaries. This is because legal instruments such as the Stored Communications Act extended by the Cloud Act and Section 702 of FISA focus on the provider’s control, not the physical location of the servers. This finding is a firm reminder that simply hosting data on European soil does not guarantee protection from extraterritorial legal claims. It reveals structural risks in relying on dominant foreign cloud providers for sensitive data and critical digital infrastructure. For Europe to truly uphold its data protection principles and strategic autonomy, the conversation must go beyond compliance checklists and contractual assurances. We need stronger investment in #opensource digital infrastructure and indigenous technologies that reduce dependency on non-European platforms. Open source fosters transparency and auditability while enabling communities and businesses to build on systems that are not bound by foreign legal systems. If #digitalsovereignty is to mean more than a buzzword, we must accelerate our efforts towards resilient, interoperable, and locally governed alternatives. Only then Europe can ensure that its data is governed by the laws and values that its citizens and organisations expect. Source: https://lnkd.in/dtpXiwYN

“Mapping Cybersecurity Threats to Defenses: A Strategic Approach to Risk Mitigation” Most of the time we talk about reducing risk by implementing controls, but we don’t talk about if the implemented controls will reduce the Probability or Impact of the Risk. The below matrix helps organizations build a robust, prioritized, and strategic cybersecurity posture while ensuring risks are managed comprehensively by implementing controls that reduces the probability while minimising the impact. Key Takeaways from the Matrix 1. Multi-layered Security: Many controls address multiple attack types, emphasizing the importance of defense in depth. 2. Balance Between Probability and Impact: Controls like patch management and EDR reduce both the likelihood of attacks (probability) and the harm they can cause (impact). 3. Tailored Controls: Some attacks (e.g., DDoS) require specific solutions like DDoS protection, while broader threats (e.g., phishing) are countered by multiple layers like email security, IAM, and training. 4. Holistic Approach: Combining technical measures (e.g., WAF) with process controls (e.g., training, third-party risk management) creates a comprehensive security posture. This matrix can be a powerful tool for understanding how individual security controls align with specific threats, helping organizations prioritize investments and optimize their cybersecurity strategy. Cyber Security News ®The Cyber Security Hub™

HSBC's report on 'Asset Tokenisation in the Quantum Age: Future-proofing gold tokens with post-quantum security' 1. HSBC Leads with World-First Quantum-Secured Gold Tokenisation - HSBC became the first global bank to offer tokenised physical gold to both institutional and retail investors via its Orion digital asset platform. - In collaboration with Quantinuum, they’ve successfully trialled the world’s first quantum-secure tokenisation of gold, marking a pioneering move in post-quantum finance. 2. $16 Trillion Opportunity Meets Quantum Threat - Asset tokenisation is on track to become a $16 trillion market by 2030 (Boston Consulting Group (BCG), revolutionising how people invest in gold, real estate, bonds, and art. - But here's the catch: quantum computing threatens the cryptographic backbone of this entire ecosystem—forcing institutions to act now to secure digital assets for the future. 3. Post-Quantum Cryptography Without the Pain - HSBC deployed Post-Quantum Cryptography (PQC) via a PQC-secured VPN- offering a cost-effective, low-latency way to secure DLT networks without redesigning the entire system. - Their proof-of-concept showed no performance loss with transaction speeds hitting 40 TPS, and latency staying below 3.1 seconds. 4. Quantum Keys > Random Keys - Enter Quantum Random Number Generators (QRNGs): a next-gen security layer where randomness isn’t guessed—it’s quantum-proven. - HSBC’s solution boosts key strength and data unpredictability by integrating QRNGs that inject entropy directly into the Linux kernel, making encryption truly future-proof. 5. Interoperable, Cross-DLT, Retail-Ready - HSBC’s gold tokens can now move securely across blockchains, including conversion into ERC-20 tokens, enabling wider distribution across wallets and platforms. - Their system supports fractional gold ownership, opening doors for retail investors while maintaining institutional-grade security. So What? - Tokenisation is the future of finance—but quantum is a material risk - HSBC’s work sheds light on a possible - This potentially sets a new standard for digital asset infrastructure and serves as a blueprint for every financial institution looking to future-proof their tokenisation strategy. Great work Prashant Malik, Philip Intallura Ph.D, Duncan Jones, Kimberley Fewell, Mark Williamson, Del Rajan, Ben Merriman

Last week #NIST released three post-#quantum #encryption standards. Why is this significant? Put simply, from a practical standpoint: risk management and compliance. First, on risk management: experts now say that quantum computing is less than a decade away. Quantum computers are expected to have the power to search large keyspaces very quickly, which means they will be able to decrypt current encryption. Moreover, it is entirely plausible that encrypted information recorded today is being stored for decryption when quantum computing becomes available. If you speculatively apply quantum-resistant encryption to your data now, you will reduce the risk of an adversary being able to successfully exploit your data when they have access to quantum computing. Second, on compliance: NIST is the governing body for standards in the USA, and many other nations take their encryption standards from NIST, as they do not have resources at the same scale as NIST. You can be certain that NIST-approved post-quantum algorithms will start being mentioned in various compliance checklists, as is the case currently with algorithms such as AES-256 and SHA-256. Note well that these algorithms have #FIPS numbers associated with them - meaning "Federal Information Processing Standard". Briefly, the approved algorithms are: 🔒 ML-KEM, for encrypted key exchange, as FIPS 203 🔒 ML-DSA, for digital signatures, as FIPS 204 🔒 SLH-DSA, for stateless hash-based digital signatures, as FIPS 205 There is a fourth algorithm, FN-DSA, also used for digital signatures, that is expected to be released in the next year.

Most data exposure happens in everyday tools: chat, email, file shares, personal devices, and unsanctioned apps, including AI. Keep data where it belongs and reduce the chances it can leak in the first place. This is a business risk, not just an IT issue. Leaders need to care enough to identify the gaps and work with IT to close them properly, with zero trust principles. ☞ Start here: • Map the flow of sensitive data across your apps and work paths. • Establish DLP & Zero Trust to keep files in approved locations and block risky data leakage. • Coach people inside the tools they already use so your cyber strategy supports productivity. If you find that you need to centralize detection and close the gaps across SaaS, email, and endpoints, consider Nightfall AI: https://lnkd.in/ghDW_Rgf #Cybersecurity #DataProtection #SMB #Leadership #DLP #RiskManagement #JasonMakevich

Last week, Ethereum announced it is forming a post-quantum working group because they can read the room: cryptography isn’t a “future upgrade,” it’s a ticking dependency and a grown-up admission that digital trust has a shelf life. In 𝑵𝒐𝒘 𝑾𝒉𝒂𝒕? I called this the Big Crunch: the moment quantum collapses the economics of breaking today’s public-key cryptography. Unlike Y2K, this isn’t a bug you patch. It’s a global migration you either start early or you finish in panic. And timelines are already wobbling, Google research from 2025 suggested breaking RSA could need 20x fewer qubits than previously thought of. Unfortunately, most leaders treat quantum like a storm on the horizon: “interesting, but not today.” That’s a mistake. Attackers can already copy encrypted traffic and files now, store it, and unlock it later when quantum tools get good enough. That’s not theory. It’s a rational investment strategy from an adversary's perspective. And if a major system ever gets quietly cracked, you won’t hear about it when it happens. You’ll hear about it after someone has made money from it. After all, the incentives reward silence; think Enigma, but automated, monetized and at scale. The smart path is boring, but effective: start upgrading before the break, and form working groups like Ethereum to start today. It also means running hybrid encryption, today’s algorithms paired with post-quantum ones, across the places where trust lives: web connections (TLS), logins and identity, enterprise software, key management and HSMs, cloud services, and blockchain signatures. Do it early and you turn a cliff-edge event into a controlled rollout. Wait too long and it’s not just your future data at risk, old encrypted backups, archived emails, contracts, customer records, IP can become readable years later. In other words: you don’t just lose security going forward. You lose your history.

🛡️ The Quantum Clock is Ticking quietly: Is Your Financial Infrastructure Ready? The financial industry is built on a foundation of digital trust, currently secured by #cryptographic standards like RSA and ECC. However, the rise of Cryptographically Relevant Quantum Computers (CRQC) poses an existential threat to this foundation. As we navigate this transition, here are 3 key pillars from the latest Mastercard R&D white paper that every financial leader must prioritize: 1. Addressing the 'Harvest Now, Decrypt Later' (HNDL) Threat 📥 Malicious actors are already intercepting and storing sensitive #encrypted data today, intending to decrypt it once powerful quantum computers are available. Financial Use Case: Protecting long-term assets such as credit histories, investment records, and loan documents. Unlike transient transaction data (which uses dynamic cryptograms), this "shelf-life" data requires immediate risk analysis and the adoption of quantum-safe encryption for back-end systems. 2. Quantum Resource Estimation & The 10-Year Horizon ⏳ While a CRQC capable of breaking RSA-2048 in hours might be 10 to 20 years away, the migration process itself will take years. Financial Use Case: Developing Agile Cryptography Plans. Financial institutions should set "action alarms" for instance, once a quantum computer reaches 10,000 qubits, a pre-prepared 10-year migration plan must be triggered to ensure infrastructure is updated before the "meteor strike" occurs. 3. Hybrid Implementations: The Bridge to Security 🌉 The transition won't happen overnight. The paper highlights the importance of Hybrid Key Encapsulation Mechanisms (KEM), which combine classical security with PQC. Financial Use Case: Enhancing TLS 1.3 and OpenSSL 3.5 protocols. By implementing hybrid models now, banks can protect against current quantum threats (like HNDL) while maintaining compatibility with existing classical systems, ensuring a smooth and safe transition. The Bottom Line: A reactive approach is no longer an option. Early adopters who evaluate their data's "time value" and begin the migration today will be the ones to maintain resilience and protect global financial assets tomorrow. #QuantumComputing #PostQuantumCryptography #FinTech #CyberSecurity #DigitalTrust #MastercardResearch

How Ransomware Almost Stole My Spotlight A few years ago, while on a routine business trip to Kuala Lumpur, I was giving a company presentation when I realised that my greatest risk was not forgetting my words but rather my digital security. Seated at a cramped desk in my hotel room, I rehearsed my presentation with my laptop connected to the hotel's public Wi-Fi, navigating each slide as though I had delivered it a thousand times. All my meticulous work resided solely on the notebook's hard drive. I was ignorant of the hidden dangers of that unsecured network. While setting up at the regional conference, a fellow speaker's laptop fell victim to a ransomware attack. Within minutes, their slides were sealed behind an encrypted vault. I watched the organisers frantically attempt to salvage the session, my heart pounding as I imagined the same disaster befalling me. Determined never to experience such anxiety again, I developed a speaker-specific cybersecurity routine based on simple daily habits. Pre-trip organisation Before every journey, I tidy and organise my laptop by backing up crucial data to a secure cloud vault and external storage, retaining only essential files, and removing any unused applications that have not been used for more than three months. Secure connections Whenever I use airport or hotel Wi-Fi, I first connect to a VPN so that every keystroke, file transfer and message remains encrypted. Strict wireless management I disable Bluetooth when I'm not using it and disable Wi-Fi auto-connect to prevent unauthorised networks or headsets from connecting. Multiple backups I keep copies of my slides in protected cloud storage as well as on a trusted thumb drive so that I never rely on a single source. Post-trip sanitisation After each trip, I forget all saved Wi-Fi networks, clear cached credentials, and either archive or delete files I no longer need while backing up the rest to both the cloud and an external hard drive. I know this sounds like a lot of work, but each habit is now as natural as my morning cup of tea. It may add minutes to my prep, but it saves me hours of panic and ensures no malware or ransomware ever steals the spotlight from my presentations. Over to you Which cyber-hygiene habit do you rely on most when presenting or travelling? Share your tip below and help us create a collective checklist so that every speaker can step into the spotlight with confidence. #alvinsratwork ✦ #ExecutiveDirector ✦ #cybersecurity ✦ #cyberhygiene ✦ #Cyberawareness ✦ #BusinessTechnologist ✦ #Cyberculture