Home » cybersecurity

https://nationaltoday.com/national-computer-security-day/

Every November 30th, the United States observes National Computer Security Day. This year, we’d like to share some details on the history of this security awareness, how ZorroSign’s data security platform built on blockchain contributes to computer security, and how you can observe National Computer Security Day to improve your hardware and data security.

HISTORY OF NATIONAL COMPUTER SECURITY DAY

“It seems like every day we hear about breaches in cyber security. Keeping people and companies safe online is a top priority all over the world. It’s something that stays uppermost in our minds on National Computer Security Day. The story of National Computer Security Day is an interesting one.

“On November 2, 1988, Cornell University researchers uncovered an unknown virus lurking in their computer systems. Within four hours of discovery, the Morris worm virus invaded several other university systems as well as the ARPANET, an early version of today’s internet.

“Six days later,  two computer experts with the U.S. Defense Advanced Research Projects Agency (DARPA) recommended assembling  a National Computer Infection Action Team (NCAT) to respond 24/7, 365 to these kinds of attacks. On November 14, the Software Engineering Institute (SEI), a research center connected with Carnegie Mellon University, set up the Computer Emergency Response Team (CERT). 

“In 1988, the National Computer Security Day sprang out of the Washington, D.C., chapter of the Association for Computing Machinery’s (ACM) Special Interest Group on Security, Audit, and Control as a way to raise awareness about cybercrimes and viruses.  According to a 2004 Networld article, ‘November 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.’ By 2003, CERT and the U.S. Department of Homeland Security joined forces to create the National Cyber Awareness System. 

“Whether we’re talking about National Computer Security Day or  National Cybersecurity Awareness Month also in October, the goals are essentially the same. Each person must be proactive to protect their online security. Use this month to find out all you can about common-sense ways to stay safe in cyberspace.”

HOW ZORROSIGN’S PLATFORM SUPPORTS COMPUTER SECURITY

ZorroSign is the first company that offers a multi-blockchain data security platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and now expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.  Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes.  By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set. This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Plus ZorroSign supports computer security with passwordless authentication capabilities, leveraging the biometric security of Apple and Android mobile devices to login to the device (and ZorroSign app) with hardware biometric capture features such as face, fingerprint, and iris scans.  Such biometric login facilitates user authentication at the device-level without passwords (which can be hacked or stolen) for elevated security of digital signatures and your digital documents.

HOW TO OBSERVE NATIONAL COMPUTER SECURITY DAY

  • “Create a strong password
    In computer security, length matters. Passwords that are six characters are easier to hack, especially if they’re only made up of lowercase letters. To beef up your password, weave a nine-character combination of uppercase letters, symbols and numbers. Lastly, avoid using the same password for every account.
  • “Update spyware and malware protection software
    First, check to see if your operating system is up-to-date. If that’s set, update your protection software. Run a scan and don’t forget to invite your other devices to the party. Phones and tablets are also major security risks, so be diligent.
  • “Encrypt and backup your data
    Encrypt your data to create the brainiest of all brainteasers. But keep this in mind: even the best brain teaser can be cracked. That’s why it’s still important to back up your info on either the cloud or an external hard drive. (Just make sure that everything stays encrypted.)”
  • Use ZorroSign’s data security platform built on blockchain
    Tap the cybersecurity of blockchain with ZorroSign’s platform uniting digital signatures (Z-Sign), automated compliance (Z-Flow), intelligent forms (Z-Fill), document storage (Z-Vault), patented fraud prevention (Z-Forensics), user authentication and document verification (Z-Verify), identity-as-a-service (IDaaS), and so much more. Plus elevate computer security with our passwordless login capabilities, and patented Z-Forensics token for fraud detection.  When the risk is personal and everything is on the line, Block It Down!

Contact us to learn more or put us to the test:  Start your free trial of ZorroSign’s data security platform built on blockchain today!

(Originally published in Tech Channel News)

Our CEO and co-founder, Shamsh Hadi, was recently interviewed by two technology news outlets—Tech Channel News and TahawulTech.com.

Tech Channel News helps C-level executives in India and Gulf identify technologies and strategies to empower and streamline business processes. Their portal at techchannel.news informs leaders of what’s new in tech and why it matters.

TahawulTech.com, published by CPI Media Group, is the definitive platform in the Middle East for IT content. Covering stories across enterprise technology, cybersecurity and the region’s IT channel industry, TahawulTech.com brings business leaders and technology decision makers together to share their stories of transformation.

Here are short summaries of those interviews and links to read the original pieces!

ZorroSign Making Waves in Digital Signature Space Using Blockchain Technology

In April 2022, Tech Channel News’ Naushad K. Cherrayil interviewed Mr. Hadi on how ZorroSign safeguards the privacy and security of digital documents, and provides an immutable chain of custody for digital transactions, for governments and organizations in the Gulf Co-operation Council (GCC) countries.

The article notes that there are “huge players in the digital signature space, but none of them have figured out how to cost-effectively map their legacy software in technologies and evolve it into Web 3.0 and blockchain solutions today.”

“We have solved all these problems,” said Hadi. “Successfully bringing blockchain to digital signatures—unlike other competitors, big and small, who simply tried to add blockchain onto their legacy software.”

The article explores ZorroSign’s roots in Dubai with development in Sri Lanka, moving the company’s global headquarters to Phoenix, and standing out from the crowd in a competitive eSignature space.

“Our platform was invented to move documentation, digital transactions from a relationship built on trust to a relationship built on truth, providing customers the ability to positively impact the environment with sustainable practices and securely transform their paper-based workloads to digital in a bid to remove errors and increase productivity,” Hadi added.

Tech Channel News uncovers how ZorroSign leverages blockchain’s zero-trust environment to support governments in the Gulf who are looking specifically for blockchain solutions, noting “two countries that are pushing forward are the UAE and Saudi Arabia.”

You can read Mr. Cherrayil’s full piece in Tech Channel News at https://www.techchannel.news/18/04/2022/zorrosign-making-waves-in-digital-signature-space-using-blockchain-technology/

Tackling Identity Theft

In May 2022, TahawulTech.com’s Anita Joseph interviewed Mr. Hadi on how ZorroSign not only provides digital signatures built on a blockchain architecture, but also integrates identity-as-a-service (IDaaS), biometrics, KBAs, and patented Z-Forensics token to prevent fraud and address identity theft risks.

Ms. Joseph also starts with ZorroSign’s founding in Dubai and how HH Sheikh Mohammed bin Rashid Al Maktoum’s Digital City Vision for Smart Dubai has been a guiding principle for ZorroSign—including his goal of a paperless life in the UAE by 2030.

The article then talks of identity theft and how ZorroSign technologies confront the issue: “Not only does our web3 platform leverage the cryptographic security capabilities of blockchain,” said Hadi. “But it also integrates Identity-as-a-Service technologies into our solution set to combat fraud, identity theft, and cyber-attacks.”

Security trends, cybercrime, and various cyber-attacks are discussed, as well as how distributed ledger technologies such as blockchain can help defend and/or recover from such attack vectors.  The article ends with ZorroSign’s plans for 2022 and early verticals benefitting from blockchain-based digital signatures.

You can read Ms. Joseph’s full piece in TahawulTech.com at https://www.tahawultech.com/industry/technology/interview-tackling-identity-theft/amp/

Learn more about how ZorroSign helps governments, companies, and individuals around the world with digital signatures and maintaining privacy and security with their digital transactions:  Contact us today or start your Free Trial.

ZorroSign team members, Cassidy Alexander, Kristen Harder, and Michael Jones were pleased to attend the ninth annual Cybersecurity Summit in Scottsdale on May 12, 2022, hosted by the Arizona Technology Council, Arizona Commerce Authority, and Arizona Cyber Threat Response Alliance (ACTRA).

The educational event provided an opportunity for government and business leaders to learn about the threats, vulnerabilities and consequences related to data security and privacy matters via panel discussions, keynote speakers—Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona, and John Davis (Major General, US Army, Retired), VP Public Sector at Palo Alto Networks—sponsors and other cybersecurity presentations.

Tim Roemer, Director Arizona Homeland Security/CISO State of Arizona

Key Themes of the Summit

CISO Panelists

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, while preventing fraud and ensuring regulatory compliance.

https://www.zorrosign.com/media-press-room/zorrosign-announces-strategic-partnership-with-provenance-blockchain/

How does this blockchain architecture contribute to cybersecurity?

Blockchains provide structural layers of protection from cybercrime—like ransomware, malware, or phishing attacks—first, by decentralizing the data set itself (preventing any one breach to access the entire data set), and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to any organization’s security stack, and brings the cybersecurity capabilities of blockchain to digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token. This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification)
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent)
  • Prove the authenticity of the printed or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity)

Unlike any other digital signature solution, ZorroSign seals all our clients’ documents with the Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

To learn more about how ZorroSign helps companies and IT departments elevate data privacy and security, please contact us or start a Free Trial today!

It is no secret that cybercrime has skyrocketed within the last few years, in fact, cybercrime in the U.S. jumped by 55%. This increased risk drives a greater need for privacy and security, especially within IT companies and departments responsible for digital data and cybersecurity.

ZorroSign can help your IT company or department combat the elevated security risks with our digital transaction platform, built on blockchain architecture, and calibrate your company and customers for success!

Blockchain Architecture For Elevated Security

ZorroSign is the only company that offers a multi-blockchain platform to secure, track, and manage your digital signatures, transactions, and documentation.

By using distributed ledger technologies—originally built on Hyperledger Fabric and recently expanded to include the Provenance Blockchain—ZorroSign provides superior privacy and security, offering peace of mind for your company’s and customers’ digital transactions, while preventing fraud and ensuring regulatory compliance.

How does this blockchain architecture contribute to ZorroSign being the best platform for IT companies?


Blockchain provides structural layers of protection from cybercrime, like ransomware, malware, or phishing attacks: First, by decentralizing the data set itself (preventing any one breach to access the entire data set); and second, by giving endpoints (or nodes) a quick path to recovery, even if they are themselves breached or their access ransomed.

Unlike centralized databases—which can be breached at unsecure endpoints (users and devices) or even at managed service providers (MSPs) hosting them—giving attackers complete control once they gain central access, blockchain technology distributes data physically across separate nodes. By decentralizing data storage, blockchain effectively prevents any one endpoint (even if compromised) from gaining control of the full data set.

This distributed nature so defeats any attack seeking to breach a system and holistically encrypts the data files stored inside: A single endpoint node might be breached, and its files held for ransom, but the larger data set cannot be controlled by any one endpoint (or central authority) and so attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

ZorroSign is a strong addition to your security stack, and brings the cybersecurity capabilities of blockchain to your company’s and customers’ digital signatures and transactional documentation.

Z-Forensics Token

ZorroSign has further elevated our security through our patented fraud detection technology we call the Z-Forensics token.

This unique digital solution that can:

  • Prove that the individual who is performing the action to sign the document is who they claim to be (verification); 
  • Apply a digital equivalent of a wet-ink signature to the document (legal intent); and, 
  • Prove the authenticity of the printed copy or digital version of an electronically signed document, its content, attachments, and the signatures on it (authenticity).

Unlike any other digital signature solution, ZorroSign seals all your documents with our Z-Forensics token—capturing the complete audit trail and accompanying attachments and signature workflow. The token is encrypted and contains all the details about the transaction: Time stamps, user authentication, documents and attachments.

Your IT company or department gains peace of mind when you Z-Sign!

Cloud Configuration

On top of providing the security that your company and customers need, ZorroSign’s software-as-a-service (SaaS) model can be deployed in various cloud configurations, making it seamless to integrate into your existing platform.

Our multi-chain blockchain platform can be deployed in a public, private, hybrid, or on-premise cloud:

  • Our standard deployment is on Amazon Web Services (AWS) public cloud computing network
  • In our private cloud configuration, all your data and the ZorroSign application run in a private and secure cloud network dedicated to your organization
  • In a hybrid cloud configuration, your data can be stored on either ZorroSign data centers or in the private cloud, while the ZorroSign platform and applications run on their standard public cloud configurations
  • On-premise deployments require your department to manage and maintain your own data centers, but gain the benefits of unlimited API calls and total control over identity access management (IAM), data privacy and security, and data integrity processes

Your IT company or department can scale and deliver data privacy and security aligned to your existing deployment architecture—as public, private, or hybrid as it may be!

To learn more about how ZorroSign helps IT companies and departments elevate your data privacy and security, please contact us or start your 14-day Free Trial today!

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), more than 90% of all cyber attacks begin with phishing.

“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”

Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.

Phishing Attacks

In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”

“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”

This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.

“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”

“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” adds Crowdstrike.

Blockchain Cybersecurity Against Phishing

“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.

Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.

  • In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.

    Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates.  With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
  • In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.

    Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.

To learn more about blockchain as cybersecurity and how ZorroSign employs private, permissioned Hyperledger Fabric blockchain, visit https://www.zorrosign.com/z-forensics/secure-blockchain-technology/