The financial services segment is the most important target for cyber criminals, making it one of the many sectors that need to take a substantial stand for the security of their web applications.

The cyber criminals have numerous opportunities at hand to violate and breach your website and thus, your customers. Despite the fact, a good number of financial firms put themselves at risk by not investing in the security of their web applications and its top practices.

 As per the  Security Spending Benchmarks Project Report, web application security accounts for less than 10% of the total security expenditure in nearly 36% firms. On the other hand, 33% aren’t even aware of what portion of their security expenditure is allocated to web applications.

Stated below are some of the best practices that the financial sector must follow for ultimate web security:

Improve Risk Assessment

Financial firms must analyse their web transactions, and determine the extent of risk based on types of transaction conducted. They must jointly develop risk alleviation strategies.  Make certain to evaluate detailed attributes such as:

·         Type of customers,

·         Capacity and capability of transactions,

·         Sensitivity of information and current level of security,

·         User-friendliness and customer experience, and

·         How mobile devices are connecting with the environment. 

Beyond considering the monetary losses, also think of liabilities, risks and reputation. Make it a practice and perform this assessment every year to determine probable impact and required levels of security.

Establish Rigorous Authentication Standards

The threats are increasing and growing stronger. Hence, the need for stronger authentication is greater than ever. Growing above usernames and passwords for wire transfers, financial firms took over alternate solutions such as OTP (One Time Passcodes) tokens. However, even these methods aren’t effective anymore, particularly against man-in-the-browser hits.

There are a range of advanced techniques that offer desired level of protection in two ways:

·         Using an individual communication channel under a user or

·         By depending upon the superior behaviour-based deception discovery engines that can instantly sense the anomalies in transactions or website navigation.

Undertaking a Layered Approach

It is astounding to learn that there is no solitary corroboration or conventional fraud discovery solution to bring progressive malicious attacks on banks and other financial institutions to a standstill. What financial firms need is an additional layering of diverse, corresponding safety measures and technologies. Some examples include:

·         Well-built authentication,

·         Observable fraud discovery,

·         Out-of-band substantiation of transactions, 

·         Mobile verification and extensive confirmation digital SSL certificates — these offer the most reliable means of defending customer information and dealings in a financial surrounding.  

At Lean Security, we offer comprehensive protection of applications within the financial sector against unauthorized access and introduction of malicious codes.

Our services include, but are not limited to, application security testing, web security scanning, manual web penetration testing and more.

For more information, email us at info@leansecurity.com.au or call +61 (0) 2 8231 6635 for further information. 

2016 started with a BANG for the worldwide hospital and healthcare industry. Several security-related incidents took place, from a ransom-ware attack on a LA hospital to an attack on a hospital in Melbourne, and so on. Three other incidents took place in the span of just 2 months into the new year!

While concerning for the security industry, it’s actually not a surprise. The healthcare industry was so far excluded in security breach concerns of the past, but with the Internet of Things on the rise, this industry has become as vulnerable as every other.

Modern Medical Devices More At Risk of Being Hacked

The medical devices and equipment used today in healthcare makes use of fully-functional computers that have complex operating systems and applications installed. Since most of these devices also make use of the Internet, external networks and various types of cloud based servers, cyber-criminals and hackers don’t need to put in too much effort to steal important data or make entire systems corrupt.

Web Application and Cloud Security Not a Concern for Health Departments

This has become a huge concern. Why? Unsecured authorization, program design vulnerabilities, unencrypted communication channels and critical buys and anomalies in software can and do lead to attacks. Security experts at Lean Security reckon there’re 3 main reasons why hackers and cyber-criminals are able to gain access to hospital systems so easily:

Ø  Usage of Internet with no or weak authorization

Ø  External devices not being protected (from being accessed) by local networks

Ø  Vulnerabilities in software design and architecture

Lean Security’s Recommendations to Improve Security Infrastructure in the Healthcare System

Following these recommendations will not only improve security of your systems but will also educate employees on what should be done in case of an attack or breach.

Ø  Implement IT security policies and make sure they’re being adhered to.

Ø  Develop timely patch management and vulnerability assessment policies as well.

Ø  Take steps to protect your systems from malware and hacker attacks.

Ø  Keep a close eye on your own local network.

Ø  Test all your web and mobile applications for anomalies and performance bugs.

Having a sound security infrastructure is quite possible with the right help. In addition to implementing IT policies and making sure employees know what to do in case of a security breach, you’ll need the help of expert security testing services. Get in touch with us to learn more.  

Businesses have finally learnt about load testing? In 2013, companies like Calvin Klein, Coke, Axe and several others suffered a massive crash (after putting in millions to air adverts) during the Super Bowl. Yes, why should we worry about the Super Bowl? It isn’t about the sport but how companies picked themselves up and did something about their site’s awful load times.

The fact that only one site crashed last year during the game communicates a lot about how seriously companies are treating the issue, especially with something as big as a live event at stake.

Live Video Streaming Becoming an Important Part of Consumerism

Before the emergence of live video streaming, the world may have thought: what are the chances of thousands of viewers watching the same thing at the same time? It’s hard to imagine even now, when watching videos has never been easier, how video streaming live has become an important part of consumerism.

Website load testing has become an essential element, as online viewing changes from binge watching on Hulu or Netflix into watching live video events. Companies that have shifted their marketing to the online video spectrum or stream video on demand know more than ever the issues their site can (and does) face under pressure of a live event.

Live Video Events Not the Same as Online Streaming

It’s a one-shot deal when it comes to video live events. The very nature of this mode of online video viewing means interested individuals will likely tune at the same time as everyone else - which is a lot of online traffic for the host site.

The Trouble with Video Live Streaming

Take a note of this next time you stream a live rugby match between two very popular teams: is the video loading fast enough? Is the streaming clear and unhanging? For a live video stream to be successful, the hosting site doesn’t only need fast load times for the video, but the site itself should be able to stay up despite a giant wave of online traffic.

Does your website experience any video streaming issues? One way to find out is by employing live video load testers that’ll test load times of your website under stress. You can also contact Lean Security and ask about our website application testing services. 

Everyone wants and expects their website to perform in a certain level. E-commerce businesses depend on more sales, bloggers are looking for better traffic, and non-profits want more participation from viewers.

All of this is only possible with good website performance. Therefore, when the site comes crashing down, everything else follows.

Creating a Better Web Browsing Experience for Consumers - An Essential Marketing Strategy?

A business’s marketing and operation strategies will only work today if websites, web and mobile applications perform at their peak effectiveness. You’d have to re-think improvement if website and applications aren’t getting the optimal level of performance needed.

While a usability test can be an effective tool to improve your website and applications, you can also do the following to improve web browsing experience for customers.   

Improve Your Search Function

Content is king for any website. This poses an issue as linking every video, blog or white paper from your website’s homepage becomes difficult (the site can get cluttered). For this to work, i.e. web browsing experience, users must find it easy to find content in the first place.

There are numerous ways to improve the search function of your website - the easiest and simplest being making the search box highly visible.   

Check out the Competition i.e. What Are They Doing?

You’ll have competitors, whether just entering a particular industry or been in the playing field for some years. Take advantage of this by evaluating their websites and applications. Ask yourself these questions:

Ø  Are they doing anything different than you? What is it?

Ø  Is their site more professional looking? How does it compare to yours?

Ø  Are they using any keywords that you aren’t?

Ø  How fast is the loading time of their website?

Think Multi-Platform – Mobile Applications and Its Design

While businesses are expanding their viewership and e-commerce prospective by introducing mobile applications, this won’t do any good if design and usability isn’t up to par as in its web counterpart.

While placing the website main subject categories – i.e. contact, home – at the top does work when viewed on a desktop, the same design shouldn’t be used in the mobile application.

Implementing a responsive web design on mobile applications is the best way to go about this.  

Since mobile is the future of e-commerce, think about developing a seamless mobile application as opposed to focusing on other marketing strategies. Lean Security can help test the new mobile application.   

Viruses, once the bane of every IT administrator’s existence have taken a back-seat in light of the cyber and data security threats faced by businesses today. This increasing awareness of security threats in system infrastructures as well as determined and highly sophisticated cyber criminals is causing a shift in IT security systems and how they are being managed.

In order to mitigate risks, businesses are turning to professional managed security services because why not?

Protecting Businesses against Security Breaches, an Insurmountable Task

Companies are trying to keep themselves floating in the turbulent sea of security breaches and global onslaught of cyber attacks but are badly failing. Its obvious staying ahead of the curve requires more than just a sound IT infrastructure and what with 61% of Australian companies expecting a security breach, the question here is: what needs to be done?

Outsourcing your IT functions and department to a professional managed security service seems to be one answer. How would it help?

Your Company Can Make the Most of Their Security Budget

You’ll have to face huge costs by implementing your own security measures. Additionally maintenance of a rigid security posture isn’t possible with a large organization, using various devices and networks to conduct their work. While many cyber challenges do get addressed by rising security budgets, more often than not the need for extra security funding and staff retention is realized late.

Don’t forget, recruitment of new security personnel requires time and training which is why outsourcing this task to a MSSP (managed security service provider) can help decrease the large, upfront costs.

Admit It; You Simply Can’t Take Care of Everything

Even if you can take care of the company’s web application security, there’s a stark difference between doing a very good job and doing an okay one. Yes, outsourcing wasn’t considered a good word before but it is now proving to be a viable and highly effective solution to business growth and to utilize specific skill sets.  

Outsourcing your security needs to a trusted managed service provider will ensure you can concentrate on developing and expanding your business.

Increasing Threat of Evolving Security Anomalies

What you see now in the security landscape may be very different tomorrow. Since the threat environment is forever evolving and adapting to new security measures and technologies, the need to have a professional team of security experts back your business is an advantage.

 An established managed security service like Lean Security can help address every security concern, monitor and respond to the gravest of threats so that you can run your business with ease and no concern at all.

The healthcare industry is increasingly becoming a promising domain for applications that can help provide better services to patients, while making the job considerably easier for healthcare providers.

A large number of applications utilize Wireless Medical Sensor Networks (WMSNs) for effective communication, efficient practices and patient mobility.

While the integration of WMSNs keeps growing every day in the healthcare sector, applications still face some security issues.

Here we discuss the 4 most prominent WMSN application security issues in the healthcare industry:

#1-Monitoring Patient Vital Signs

The most common application security threats that arise in the healthcare industry have a lot to do with patient confidentiality. If there are no appropriate security protocols in place, an adversary can snoop on patient vital signs through free communication channels. Similarly, if the individuals have a powerful antenna, they can easily pick up on the messages from the network.

#2-Routing Threats

In a multi-hop environment, data packets are forwarded to the base station through multi-hop routing procedures. This comes with its own set of security threats. A malicious code may refuse to forward certain information and it may simply be lost in transit. If the attacker is overtly included in the routing path, this threat could be stronger.

#3-Location Threats

Patient mobility is supported by medical sensor networks so that the location of patients can be identified to reach them on time. Typically, location features are based around radio frequency, received signal strength indicator or ultrasound. If adversaries constantly receive radio signals and are able to identify codes, they could gain direct information that may compromise a patient’s privacy. Of course, someone who is probing information to identify patient location could have even worse intents.

#4-Activity Tracking Threats

Those with malicious intent can also break into patient records when the patient is busy exercising in a health-club. Based on the wireless medical sensor data a hacker could precisely identify the present activity on the patient. Even worse, the hacker could even send over the wrong exercise tips or advise medication that could result in injuries and bodily harm.

As medical sensors are placed on a patient’s body to send over health data like location, heart rate and health feedback to a base station, it might very well be possible for a hacker to alter information which may raise erroneous concerns about the patient’s health.

A well-planned security mechanism with appropriate security testing services in place can help keep the risks of these threats to a minimum. Drop us an email at info@leansecurity.com.au to learn more about our services.

With more and more companies allowing employees to bring their own devices, the Bring Your Own Device (BYOD) trend is gaining traction. By allowing workforce mobility and flexibility, BYOD has had a significant impact on the traditional IT model.

Although BYOD has greatly improved workforce productivity, it has brought about various challenges to business data and IT security. This is especially true of small and medium enterprises that typically lack knowledge and resources to mitigate BYOD risks and make the most of the opportunities it brings.

Let’s take a look at some of the key challenges that you might be facing when implementing BYOD policy in your organization.

Software Issues

Mobile phones and tablets are the weakest links when it comes to data security. A study identifies that 97 percent of employee’s devices have privacy issues, while 75 percent of them lack appropriate encryption to keep business data secure. This, coupled with the fact that most of the devices lack anti-virus protection or contain outdated firewall protection, means that the company’s digital environment has become more prone to attacks, thus opening the floodgates of data leakage.

Gartner predicts that one in two companies will stop providing devices to their employees by 2017. Therefore, organizations are responsible to implement robust device management policies to keep devices secure so as to control the riskiness of the business environment.

A centralized system like Mobile Device Management (MDM) can be a good way to keep track of the operating systems within the environment to ensure that the entire system is upgraded and secure.

Malicious Attacks

One of the most serious concerns for BYOD-driven organizations is dealing with the challenges of storing personal and corporate data on the same device. When the employees use a single device for both personal and professional purposes, there is always a risk of data theft. Theft may result from malware or malicious programs that users may install unknowingly. With these malicious programs, hackers may acquire login credentials to have access to the business network. An effective way to overcome the challenge is to implement a multi-layered verification system to make sure that only authorized users are granted the access to the business network.

Untrustworthy Employees

BYOD can make it easier for people to steal company’s confidential data. While it’s not possible to obliterate the risk completely, businesses need to have a strong endpoint security to prevent data leakage. Besides, establish a stricter policy regarding data privacy and confidentiality to prevent people from exploiting corporate data.

Secure your IT environment by running a vulnerability scan with us. Along with vulnerability scanning service, we offer penetration testing, web service security testing, and mobile app security testing to make sure that your business environment remains safe and protected. Get a trial or contact us at +61 (0) 2 8231 6635 to learn more about our services.

A flaw in any system can eat the company from the inside without you even knowing and by the time signs appear, it’s too late. However, an authenticated vulnerability scan can help in the timely detection of flaws in the system, protecting businesses and organizations from internal and external threats. While the benefits are self evident, many company’s still fail to adopt this methodology; or those that do, don’t utilize its full potential.

Ignoring the former for now, we focus on certain steps security teams and practicing companies can take to get the most from authentic vulnerability scans.

Knowing your needs

You must know what systems you want to scan with authentication. These may include systems running on a particular operating system or a reserved set of computers. Furthermore, make sure you consider network hosts, databases, relevant web applications and more that require or allow authentication via different protocols like FTP, SSH, Telnet etc. Authenticated scanning is widely used by hackers and malicious users. Therefore, it is a must for you to use it as well.

Determining what levels are to be scanned

You can determine the different user level roles for scanning like basic, managerial, administrative level and more. While you can choose any, it is highly recommended that at a minimum you at least scan at the administrative and root level. Doing so, will help you identify most of the flaws. Of course, the more users you scan the more flaws are likely to appear. We suggest that you continue to a point where results no longer vary by permissions. But then again, it depends on your preferences and needs.

Test on a few systems before opting for enterprise wide scanning

Although authenticity scans of network hosts hardly pose any problems, the same cannot be said about production environments, especially in the case of web application scanning. Nonetheless, it is advised not to take risks no matter what you are scanning, and test out the scanning process on a few systems first. The reason being; at times you may experience certain side effects like user accounts may get locked out, databases may get filled up, CPU and disk consumption might increase and more. Testing before can help you evaluate the side effects that are likely to branch out to all systems once you start scanning all.

Setting up user accounts for scanning beforehand

This may not seem very important but it can save you a lot of time and unwanted hassle. If you do this beforehand, the scanner will easily log in without being prompted to change the password. On the other hand, if you don’t, the scanner will not be able to change the password on its own. As a result, the authentication will not work, and eventually, you’ll have to run the scan again.

If you are looking for vulnerability scanning services or have any general question and queries, feel free to contact us anytime.