Atlantic Business Technologies, Inc.

Category: Cloud Security

  • Are You Sure You’re Prepared for AI Cyber Attacks?

    It’s no secret that big data and the Internet of Things have led to massive connections in our lives and work. We have smart thermostats. Many people use FitBits. Google’s Alexa continues to move into plenty of homes. Our world depends on machines talking to each other. Their language is data. The amount of data is growing beyond the ability of human management. As this continues, we’ll rely more on artificial intelligence to coordinate how the IoT works. In this context, the risk of AI cyber attacks becomes a significant concern, necessitating robust security measures to protect the vast amounts of data being processed and shared.

    Time for an uncomfortable question: With compromised AI, what do we do? I’m not talking about some science-fiction 2001: A Space Odyssey scenario. This is about the kind of large-scale cyberattacks that have become commonplace. Think about what we already know about technology:

    • Any technology can do good or bad things for and by its user.
    • If someone stands to profit from it, the chance of technological use for ill skyrockets
    • We have serious cyber security problems at both the consumer and enterprise levels.

    What will be the impact of our increased reliance on AI?

    Could a Malicious AI Trick a Human?

    Human users need to be ready to resist AI cyberattacks.

    One of the hardest cyber threats to protect against is the use of “social engineering”. This can gain entry into a targeted system. In other words, a hacker can trick a user into giving code access to a protected network. It’s easy to do. A hacker pretends to be an IT support engineer online, asking users to share their passwords.

    As AI gets better at social interactions, it will help hackers to automate their attacks. Imagine an AI handling customer support calls and other interactions with humans. That means that its programming can trick humans into damaging their own data. Users would download malicious code or share security credentials. They would be unaware that an AI had misled them.

    These AI cyber attacks would raise the number of attack attempts significantly.  The result is greater automation of the hacking process. 

    “…As artificial intelligence (AI) systems become more capable, we will begin to see more automated…social engineering attacks. The rise of AI-enabled cyberattacks is expected to cause an explosion of network penetrations, personal data thefts, and an epidemic-level spread of intelligent computer viruses.”

    Note the words “explosion” and “epidemic” (emphasis mine). If you think the current hacking situation is bad, just wait. It’s going to get worse. Also, consider our reliance on AI to help manage the IoT. Suddenly, the threat of AI cyber attacks seems even more worrisome. The hardest part of cybersecurity becomes harder. What do we do?

    Fight AI Cyber Attacks with AI

    Malicious AI can be programmed to attack your systems, but you can also use AI to counter these intrusions.

    Good news! AI can combat AI-facilitated attacks. For example, phishing attacks are often used to gain access to corporate secrets. HR managers have to daily accept files from outsiders and are often targeted the most. A skilled IT Security professional can exploit this. An AI system inside the network can learn to identify the HR manager’s access habits. It will look for anything the manager does that seems out of the ordinary. Then the AI can use that information to its advantage to prevent a potential AI cyber attack. 

    If an HR account is accessing data is never has before, that’s a bad sign. It usually means that the network has been a victim of a hacking. The phishing attack was successful. But there is a twist! Once the AI learns these patterns, the same attacking program can now foresee threats.

    The AI Cyber Attack Threat Is Serious

    To be clear, technology can attack but it can also defend. You have to make sure you’re taking the arms race seriously. This also means training and educating your workforce to prepare for social engineering attacks. Take a close look at any weaknesses in your IoT infrastructure. You must secure these spaces from AI cyber attacks.

    Interested in reading more about the latest tools and strategies for cybersecurity? Take a look at our Cybersecurity resource hub. If you have more specific questions about securing your systems against AI cyber attacks, contact us.

  • Miva Takes on Magento: 3 Reasons Why This is Silly

    Miva Merchant often takes the time to attack their eCommerce competitors directly.  Maybe you’ve seen the following ad:

    Miva Ad

    This ad, sent via email campaign, continues to say,

    “Updating crucial security patches is infamously slow on Magento, commonly breaking the functionality of mods and plugins. The tortured development history of Magento means that every back-end integration requires an expensive custom build and painstaking IT maintenance…”

    All “fresh” software releases hold inherent bugs and glitches that need to be worked out. So Miva’s attacks aren’t invalid, but it’s hard not to wonder why they’re attacking at all. Miva’s smear campaign doesn’t stop there. In the company’s own article, they claim that running a Magento Enterprise site is roughly twice the cost of a Miva platform, and not worth it. In another email they claim:

    “Upgrading Magento software is expensive and dangerous. The transition from Magento 1.92 to 2.0 was a nightmare for store owners, with even the simple transfer of customer data requiring expensive 3rd-party tools. Magento updates are famous for breaking stores, with custom mods and plug-ins requiring expensive deployment to adapt.”

    Miva Merchant shouldn’t be criticizing Magento. The cloud-based platform has great customer service and is easy to update, but isn’t actually in Magento’s league. Atlantic BT is currently preparing to launch a new client site supported by Magento 2. We’ve seen first hand the quality of services it provides for us and our partners and would recommend it to any client looking to rebuild their site. 

    The SaaS-based software shows that Miva shares more with Shopify than Magento. It limits your ability to do custom features and setup. Like Shopify, it’s a solid platform. However, it’s not likely to attract larger businesses that would use Magento. The businesses that Miva is targeting in their email campaign are likely wanting a custom set up with a unique look and feel. Unfortunately, you’re not going to find these options with Miva.

    Additionally, think about the last time you heard about Miva. Probably never, right? Miva has been around for 18 years. It was actually one of the first eCommerce platforms to be created. You know people that use Shopify, WooCommerce, and even WordPress eCommerce solutions, but, despite their seniority, Miva? Hear those crickets? . From their size to the language they use, here are 3 reasons Miva shouldn’t even try to compare itself to Magento.

    1. Few Businesses Actually Use it

    Go ahead and look up “Top eCommerce Platforms.” Which names do you find? Magento, WooCommerce, Shopify, and even SquareSpace. These results all come before Miva. When you look at the numbers, Miva doesn’t even make the top 10.

    On their website, it says “Miva customers have processed over $100 billion in online sales since 1997.” Assuming this number is true, it certainly didn’t happen recently. Since the beginning of this year, Miva Merchant added 10 websites and lost 18. By comparison. Magento gained 2,071 websites.. More specifically, it is used by over 150,000 online stores and powers 15% of the Alexa Top 1 Million. Out of the 415 eCommerce platforms in that category, Magento ranks #2.

    Even when you put Miva head-to-head against WooCommerce and Shopify, it falls short. Only 0.2% of eCommerce sites have been using it. Want the exact numbers? That’s just 2,332 businesses. There are “approximately 110,000 eCommerce websites generating revenue of meaningful scale on the internet.” That’s not just eCommerce sites this year. That’s all eCommerce sites which are actually doing well. Assuming all of these Miva sites are generating enough revenue, they only constitute 2.2% of eCommerce sites.

    Despite their numerous years as an eCommerce platform, Miva doesn’t make the cut for most customers. It seems attacking another platform is the only way to get visibility.

    2. More Aesthetics, Less Structure

    Miva focuses more on the look of an eCommerce website than the structure behind it. They use a HTML/CSS-based content management system to allow business owners to create and manage their eCommerce websites. That comes with the capability to upload and edit product descriptions and images, track and manage incoming and outgoing inventory, and securely process customer orders.

    While Magento has similar customization features, there is more emphasis on structure. Using a MySQLdatabase management system, PHP, and elements of the Zend Framework, Magento applies the conventions of object-oriented programming and model–view–controller architecture.

    So what’s the difference?

    Magento is a better program for people who have systems in place and want a platform to help organize those systems. This means sites that use Magento will also have people in place to manage that infrastructure and handle a more database- and function-heavy platform. Miva is half the cost because it’s better for people starting from scratch. If you’re looking for a strong backbone your team can use to run a larger eCommerce business, forget about using Miva. 

    3. Scale Matters

    Miva Merchant is half the cost because it’s intended for businesses half the size (or less) of the ones using Magento. Although Miva claims it’s a better solution for enterprise than Magento, its strength lies in small business. It is entirely cloud-based, which is ideal for smaller businesses who lack the infrastructure and software needed to power a successful eCommerce enterprise. In addition, it excludes some areas of business—Miva doesn’t host for retailers with soft goods (meaning services or downloadable products).

    Magento is designed with larger businesses in mind. Yes, managing the code base, all the updates and patches, and troubleshooting for security can be complicated. It takes more to run an enterprise-level business. For a large business processing thousands of payments every day and managing hundreds of products, you need more than HTML and CSS—you need a platform built for growth. From managing the databases to keeping it secure, you need a team to keep it going. Only Magento’s high power and functionality has the capacity for enterprise.

    The Bottom Line

    All of that aside, Miva Merchant does have some advantages which Magento needs to learn from. Miva excels in providing helpful support and customer service no matter what package their clients select. For Magento, this simply isn’t true. Despite the strength of the platform, Magento Community customers are pretty much on their own. Even Enterprise users have a hard time getting the help they need. That said, Miva has a bad record in terms of hidden charges and surges in cost. Magento may be expensive, but at least you know what the price is going to be.

    If you’re established and have the staff you need on Magento, stay there. It may be complicated, but moving to a completely different language in the cloud isn’t going to solve your problems. Whether you use Enterprise or Community, you don’t have to feel alone. Are you having issues getting the support you need? Don’t switch over to Miva. At Atlantic BT we can provide the same level of support and beyond. As a Certified Magento Partner, we have the expertise you need to keep your platform running safely. Check out our eCommerce page to learn more.

  • Why It’s Empowering to be a Proud AWS Public Partner

    At Atlantic BT, we are dedicated to delighting our clients. It’s one of my favorite things about working here. This is more than just playing with a turnkey tool or service. We want every website, application, and hosting solution to make our clients’ lives easier. ABT is proud to be an Amazon Web Services (AWS) Public Sector Partner. This distinction fits perfectly into our philosophy of delight for our government clients.

    AWS GovCloud and Public Partnership

    AWS provides cloud-based hosting and infrastructure for all kinds of organizations. GovCloud is their AWS region designed specifically for US government agencies on the local, state, and federal level. Because these government agencies have unique compliance and security requirements, GovCloud makes it easier to tailor cloud environments to meet these rules. In addition, AWS GovCloud was the first FedRAMP cloud. This means that Amazon has been leading in this space as long as the space has existed. There is no cloud provider safer and better than Amazon Web Services.

    As cities and states prepare to become “smart” and already smart cities/states become smarter, consuming services in cloud environments like AWS is inevitable. AWS Public Sector Partners are Amazon’s certified vendors to set up and customize their cloud environments for government agencies and organizations. Earning this certification takes AWS experience and expertise. ABT is proud to be a part of this group of vendors. This recognition shows our commitment to helping all government entities make safe, sound decisions.

    GovCloud adds flexibility for government agencies to engage with AWS terms of service. This is extremely important. While private companies are not allowed to deviate from any AWS terms, GovCloud permits public agencies to adjust pricing to best fit their budgets. It also has essential compliance and security rules built into its system. This ensures that public agencies keep sensitive information safe.

    Enter Atlantic BT, AWS Public Partner

    Being an AWS Public Partner gives ABT that same flexibility. We can work with the pricing and architecture needs of any public agency. Then we can deliver the best possible cloud environment for their needs. We also have five AWS-certified experts who architect cloud environments for private organizations, like Mutual Drug. This allows us to share private sector experience with our public sector clients. We can fine-tune their cloud environments with better functionality and performance. We’re already doing this work in our ongoing projects with NC government and look forward to more opportunities going forward.

    How did we get here? It’s tempting to chalk up this success to simply choosing the right technology and capabilities to master, then applying these solutions to every opportunity that comes along. But the truth is, we got here because of the effectiveness and empathy of our team. How they creatively approach problems while collaborating with clients matters. To really delight clients, you need more than intelligence and expertise. You need a spirit of cooperation that listens closely to a client’s unique situation. That is the inspiration to design an inclusive process to craft, test, and optimize technology. The result makes everyone take joy in their new solution.

    When it comes to technology and our capabilities, we’re essentially unlimited. I don’t say that to brag, but rather emphasize that any competitive cloud provider could learn to use AWS well. Cloud capabilities will continue to change as new tech comes out. It’s the processes and people here at ABT that make me really proud—and excited— about what we have to offer for public sector agencies. We’re happy to introduce them to the cloud.

  • Non-Secure Websites, Beware! Google is After You

    In July of this year, Google will take another step forward in their crusade to secure the internet. They will introduce a new feature on the 68th version of their Chrome browser. Its purpose? To warn users whenever they visit an HTTP website. A large “not secure” icon within the browser’s navigation bar will display. Google hopes to steer their users away from websites that don’t use a proper Transport Layer Security (TLS). This could create many challenges for web owners and designers.  Traffic and revenue losses, as well as drops in organic search rankings, could all be consequences. 

    Google’s Quest For Security

    Previously, Google only had non-secure warnings on pages that featured password input elements and credit card fields. This standard has now been dramatically modified with Google’s new warning system. By July, Google will require ALL websites to have their entire domain set up as HTTPS.

    This comes after several years of successful browser updates. Google was able to vastly increase the percentage of secure websites. In the last year alone, the number of protected websites on Chrome’s browser grew from 67% to 75%. Even more, 71 of the top 100 sites on the internet now use HTTPS by default. This is an increase from 37% one year ago. Google has surpassed all other browsers as the most used browsing platform. This means that Google’s policy update will have major implications on your site’s web performance.

     

    HTTPS sites guarantee a secure platform 

     

    What makes HTTPS different?

    Before stressing over the potential impact of this update, it’s important to recognize the countless benefits of establishing a secure connection via TLS. If your website is HTTP, as opposed to HTTPS, it means there is no active TLS. A TLS Certificate is a data file that binds a cryptographic key to all of a website’s details. In other words, this certificate creates an encrypted connection between a web server and your browser. This means that the connection between both points is unsusceptible of being hijacked or intercepted.

    When you load an HTTP website, someone else on the network can look at or modify the site before it gets to you. This can create a world of problems for both website owners and users alike. In a recent post on Google’s developer blog, Kayce Basques explains the potential damage that can occur on an unprotected website:

    “Intruders exploit unprotected communications to trick your users into giving up sensitive information or installing malware, or to insert their own advertisements into your resources. For example, some third parties inject advertisements into websites that potentially break user experiences and create security vulnerabilities.”

    In addition, if you submit sensitive information via a form or credit card field on an unprotected site, it can be intercepted before reaching the web server. This creates a number of threats, including identity theft, fraud, and invasion of privacy.

    What are the implications of Google’s update?

    Google is increasingly using security as an algorithmic ranking factor within their Search Engine Results Page (SERP). In 2014, Google publicly announced that websites would receive a boost in rankings if they switch from HTTP to HTTPS. And in-line with that policy, sites that remained HTTP would be at risk of losing rankings. This is a serious threat to the acquisition of organic traffic on HTTP websites.

    There is also an added risk of dropping conversion rates and losing customers. Studies show that  85% of web users would choose not to make purchases from a website if it was labeled as “non-secure”.

    If you’re concerned about the potential impact of this upcoming Chrome update, or the security of your site, contact the experts at Atlantic BT.

     

  • What Does SSL Mean and Why Should You Care?

    Most of us have spent enough time online to notice some websites have “http” at the beginning of their URLs, while others use “http”. However, many people don’t understand the difference between the two. To make things simple, the S in HTTPS stands for Secure, and what we call SSL is a “Secure Sockets Layer.” The term SSL is still widely used to describe a critical aspect of web security, though you should note SSL has become insecure and has been superseded by the more secure Transport Layer Security, or TLS. This kind of cryptographic protocol is not only essential to the security of your website, but also has a major impact on your organic visibility, SEO, and website performance.

    Why Does an SSL or TLS Matter?

    SSL/TLS is the foundation for secure browsing; it protects users from sharing their sensitive personal information. A TLS Certificate is a small data file that digitally binds a cryptographic key to a website’s details. In layman’s terms, this certificate creates a secure, encrypted connection between your browser and a web server. This secure connection means the encrypted information can ONLY be opened and seen by the user and the website—preventing the connection from being hijacked or intercepted.

    So why is this secure connection so important? Say, for example, a user visits an eCommerce website and they’re asked to submit personal information like their email address, mailing address, credit card information, or bank account number. What many people don’t realize is the information the user provides is passed from computer to computer before reaching its final destination. Without a TLS certificate, that sensitive information could potentially be acquired by any of the computers that it passes through. The TLS safeguards that personal information so it can only be seen at the final web server that the user sends information to.

    This process makes TLS vitally important to the security of your websites and users. Not only does TLS protect user information by encrypting the connection, it also verifies you are actually connected to the right server (rather than a server that intercepted your traffic). In case the security of your entire website wasn’t enough, SSL/TLS also has a significant effect on your SEO ranking.

    How Does an SSL or TLS Affect SEO Rankings?

    Google and the other major search engines have coined a term called “trust factors” or “trust seals” that signify a website’s identity is authentic, the site is legitimate, and the site is not susceptible to data breaches. These “trust factors” can include badges from the Better Business Bureau, detailed privacy policies, and most importantly, SSL/TLS certificates. Sites that utilize these trust factors are more likely to receive higher quality scores and hence, better SEO rankings.

    During the summer of 2014, Google explicitly stated websites would receive a ranking boost if they featured a TLS certificate. In addition, they provided the following “best practices” for getting started with TLS:

    • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate.
    • Use 2048-bit key certificates.
    • Use relative URLs for resources that reside on the same secure domain.
    • Use protocol relative URLs for all other domains.
    • Check out Google’s Site move article for more guidelines on how to change your website’s address.
    • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

    While the amount of ranking boost provided by implementing TLS is still unclear, we do know that Google can severely penalize unencrypted sites.  And in January of 2017, Google announced any Chrome browser users would be warned before entering unencrypted websites. Since Chrome is the primary browser for over 55% of web traffic, this is something that should not be taken lightly.

    If you fail to include SSL/TLS on your site, not only can your site be demoted in search engine rankings, your users are less likely to make purchases or interact with your webpages. According to SSL.com, implementing SSL/TLS securely can lead to dramatic improvement in a website’s conversion rate. And in contrast, lacking SSL/TLS protection can have negative effects on conversion rate.

    Integrate TLS on Your Sites Immediately

    In conclusion, SSL/TLS certificates are vital to any website, but especially important to the performance of online stores or eCommerce sites. Without encrypting your website, you are leaving yourself susceptible to malicious attackers, data breaches, and lost customers. Unencrypted websites are much less likely to rank well in search engines, and even less likely convert users into customers.

    If you’re concerned about the security or performance of your website, contact ABT’s cybersecurity department, or continue reading the ten critical elements of a successful retail e-commerce website.

  • WPA2 Protocol Has Been Compromised. Time to Encrypt.

    As of this week, the main protocol used by wireless routers, WPA2, has been compromised. The scary thing about this new hack is it affects a protocol not specific to a system or hardware. This means that no matter what wireless device you use, whether it be Android, iOS, OS X or Windows, your system can be affected. While device and software manufacturers scramble to patch their systems, the seriousness of this hack underscores the importance of enforcing encrypted traffic via http or VPN (on all avenues regardless of a service’s importance.)

    What Does WPA2 Security Mean For You?

    Your internet connection relies on wireless and wired networking, which are divided into distinct transport layers called the OSI Model in IT Parlance (If you work with any network engineers, feel free to pick their mind on this.). The protocol used to encrypt wireless transmissions is included in layers 1 and 2 of the 7 layer OSI model.

    You can think of the OSI model like the logistics of Amazon shipping. The item that you order goes into a brown box, which then goes into a delivery truck. The delivery truck takes the package to an airport, the package gets on a plane, and the plane flies to another airport. Finally, the package is unloaded onto another truck, and eventually delivered to your door. To fit my above allegorical example, with the WPA2 crack, it’s like the bad guys (hackers) have hijacked the delivery truck on the way to your house.

    How Can You Protect Your Data?

    There is a way to protect your packages, however, and it doesn’t involve exotic security systems or advanced technologies. The solution lies in encryption, something which the majority of websites should already be doing. Notice that the website this article is hosted on uses the HTTPS green lock icon in the URL bar above. This lock icon signals that the server where the site is hosted and the browser you’re using to read this article have entered into a “trust relationship.” In a trust relationship, the browser is able to accept and decrypt data from the server with certainty that the information has not been tampered with or read.

    To illustrate how encryption would work in the context of bad guys hijacking the Amazon delivery truck, think of your encrypted package as a small transportable safe being shipped. The bad guys can see it, but they can’t open it up and have no idea what’s inside. If they do somehow manage to open it (unlikely), you’ll know because your package will be opened upon delivery.

    The HTTPS protocol is not the only way you can protect your data in flight. A “VPN”, or virtual private network, also provides transport-level encryption to protect your intercepted data from being read or tampered with. Setting up a VPN is trivially simple for a single user and there are tons of companies that offer affordable VPN plans.

    The goal of this is post is to illustrate that even though the wireless protocol itself was compromised, you can still protect yourself AND your data by following relatively simple security procedures. If you happen to be facing a difficult cybersecurity challenge, or just need general advice, contact Atlantic BT. Our security experts have decades of combined experience and are here to solve any problem you encounter.