cybersecurity Archives - Page 5 of 6 - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

cybersecurity

How hackers get caught

 960 640 Guest Post
By:
0
0

Cyber criminals are intelligent, elusive individuals, making it difficult for law enforcement to track them down. Not all hackers manage to escape retribution, however. Here, Joanne Newton, deputy head of the school of computing at Arden University, explores the traps they fall in to, and how they get caught…

Cyber criminals go to many lengths to hide their identity and cover their tracks. The use of proxy servers, VPNs and encryption can mean it is incredibly difficult to track down and bring a hacker to justice. Because of this, according to industry data only four to five percent of hackers are actually caught, but high-profile cases showcase how even the most skilled can make simple mistakes which lead to them being apprehended.

In 2016, for example the capture of Guccifer 2.0, a hacking persona who became famous for leaking data from the Democratic National Committee, was possible because the hacker failed to activate a VPN before logging on, allowing investigators to trace the IP address back directly.

There was also the high-profile case of Hector Monsegur, leader of the Lulzsec Group that hit organisations such as Playstation, Fox News and the FBI. He was caught after forgetting to use the Tor system to hide his location when accessing a chat room.

There are a number of human flaws and traits that can lead to arrest, from the need to show off and gain credit for crimes – which is more common than you might think – to the inherent ability of humans to make the most basic errors and mistakes.

In July 2019 Paige A. Thompson, a former Amazon employee, was arrested and accused of stealing personal data of millions of Capital One customers.

She was tracked down after she posted online about possessing knowledge of multiple companies and was found to have files and information on Capitol One and Amazon, as well as social security numbers and bank account details from more than 30 different organisations on multiple devices in her bedroom.

There are many types of hackers carrying a range of different risk levels, from hacktivists – who look to raise awareness of a specific issue – to full-scale cyber terrorists. Of those operating, script kiddies tend to be the least experienced, leaving them most likely to face capture. This type of hacker typically tends to rely on tools developed by other attackers to penetrate a network or system, using these tools to target easy-to-penetrate systems which are vulnerable to widely-known threats.

According to industry data, ransomware attacks almost doubled in 2021. The market for ransomware is becoming increasingly professional – with cybercriminal services-for-hire creating an environment in which ransomware is offered as a service.

There is also a diversification of approaches when it comes to extorting money – with threats to publicly release data, or inform their victims’ families about an incident, all of which adds to the danger levels and increases the risks of being caught.

Much can be learned from hackers’ previous mistakes, and organisations globally should consider how they can take real-world observations and apply them to their own business to reduce the threat level.

Knowledge bases of adversary tactics and techniques exist, which can help organisations to plan for all eventualities using real-world observations. The aim of these frameworks is to improve detection by identifying the actions the cyber-criminal may take allowing the organisation to identify gaps in defences.

Forward-thinking organisations should be using this kind of system to help develop a framework for defence developing, penetration testing and threat modelling, to ensure their businesses are as protected as they can be from these threats.

Joanne Newton is Deputy Head of the School of Computing at Arden University.

Five top tips for improving your cyber security visibility and control 

 960 640 Guest Post
By:
0
0

By Leyton Jefferies, Head of Security Services, CSI

With an increasing number of high-profile security breaches splashed across the media, companies are now looking to improve their cyber security. As the world has become more digitally connected and working from home continues to be part of the way we work, there has become more opportunity for attack.

What are the threats? 

Ransomware has become increasingly sophisticated, and the number of phishing emails has risen exponentially. This has left many businesses vulnerable. The Government’s Cyber Security Breaches Survey found that four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the year March 2020-21, and phishing remains the most common threat vector.

The cost of these attacks is serious too. Around 21% of businesses end up losing money, data or other assets. A third of companies’ report being negatively impacted; for example, they require new post-breach measures, have staff time diverted or suffer broader business disruption.

How have hybrid working models increased cyber risks? 

Working from home and other out of office venues is leaving corporate networks vulnerable as the protection you would normally have behind the perimeter in the office is not in place on home and external networks. To further complicate the situation, users work from several locations with multiple devices and apps.

Company devices that had never moved beyond the organisation’s walls and were kept safely behind firewalls, IDS, DMZs and set up with security solutions that kept cybercriminals from attacking them, are now outside those protected networks. These remote devices are vulnerable to cyber-attacks if existing on-site security solutions are no longer fully effective.

So, what are the key things that businesses should focus on to improve visibility and control? Here are my five top tips:

1.     Make your employees your first line of defence 

Keeping security front of mind while employees are out of the office is an essential step in protecting your organisation. Strong cybersecurity awareness training is critical to prepare an employee to be the first line of defence.

With the lines of home and workspace blurred in a hybrid working world, phishing attacks, unfortunately, are here to stay. Therefore, reducing user risk by helping to identify email scams and malware should become part of bolstering an employee’s security awareness. Organisations can ‘test’ levels of awareness by conducting a custom phishing campaign to see how easily employees can spot a phishing email and how they respond. This can then be measured over time.

Educating about password security and safe internet habits should also be a vital part of staff training.

2.     Protect the endpoint 

Where endpoints are concerned, it’s wise to take a proactive approach to limit what activities can be carried out on the device. Privileged access security is critical to protect access to data, applications and systems. This allows the organisation to keep control of its most valuable data. Each online identity can be set with special access, or specific capabilities and access can be reduced where necessary.

With the high number of endpoints connected to the network, these become easy targets for cybercriminals. Endpoint Detection and Response (EDR) solutions can be deployed that involve continuous real-time monitoring of malicious activity. The solution can disconnect endpoints and shadow IT to respond to threats by utilising rules-based automated response and analysis capabilities.

3.     Using best of breed detection and response services 

Managed Detection and Response (MDR) is a combination of both technology and human expertise to provide security monitoring across an organisation’s entire IT environment. These services can rapidly respond to and eliminate threats. Taking it a step further, Extended Detection and Response (XDR) provides threat detection and incident response by collecting data across multiple security layers. For example, across email, endpoints, cloud workloads, servers and networks to provide a holistic view that allows for faster detection of threats and response times.

4.     Secure your organisation in the cloud 

Business needs are driving more organisations to the cloud than ever before. Cloud technology improves productivity, efficiency and cost savings and offers greater flexibility. But there are particular security implications to watch out for. The public cloud can limit your access control and authentication, so it’s wise to implement Multi-Factor Authentication (MFA), manage user access and integrate compliance into daily procedures.

Next-Generation Antivirus (NGAV) takes traditional antivirus software to a new, advanced level of endpoint security protection. It’s a cloud-based response to detect and prevent malware, identify malicious activity by unknown sources, collect comprehensive data from all endpoint devices to understand better what is going on in the IT environment. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence which goes beyond known file-based malware signatures.

5.     Prevention is best 

Today’s attackers know precisely where to find gaps and weaknesses in an organisation’s security posture. Companies, therefore, need to take actions into their own hands to become better protected. And thankfully, there are many ways in which this can be achieved.

Reducing your organisation’s risk of a cyberattack is the best stance – both from a cost and reputation perspective. Re-evaluate your cyber security strategy, have the right tools and services in place and integrate with effective employee education and testing.

Leyton Jefferies, Head of Security Services, CSI

Leyton has been with CSI since 2014 and is responsible for the firm’s security proposition and go to market service strategy, vendor and partner management development and design of CSI’s security solutions portfolio.

IT security in 2022 – what you need to know

 960 640 Guest Post
By:
0
0

By Jack Rosier of QMS International, one of the UK’s leading ISO certification bodies

We’re living in the age of computers, with technology playing a more important role in our lives with each passing year. With the pandemic acting as a catalyst for increasing digitalisation, 2022 is likely to see more technology usage than ever before – so businesses need to make sure they’re prepared.

Embracing technology has been great for us as a global community in many ways. For example, it has enabled people and businesses to almost seamlessly shift to remote or hybrid working models, with a plethora of collaborative software to utilise.

However, this can be a double-edged sword. The more technology organisations interact with, the more opportunities for cyber criminals to launch cyber-attacks.

At the beginning of 2021, QMS International carried out a cyber security survey among businesses and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

This stresses the importance of understanding what good IT security looks like and how you can protect your business, employees, clients and stakeholders from dangerous and costly cyber-attacks. If organisations and individuals are aware of best practises and show due diligence in cyber security protocol, there is minimal reason to worry.

In this article, the experts at QMS International take you through potential risks to IT security in 2022, upcoming changes that might affect businesses, and best practises to implement to ensure cyber operations are completely secure.

Ransomware

The Chief Executive of the UK’s National Cyber Security Centre, Lindy Cameron, has warned that ransomware is “the most immediate danger to UK businesses” and all organisations could be at risk of cyber-attacks through the use of ransomware.

According to an analysis of reports made to the UK’s Information Commissioner’s Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Ransomware is a type of malicious software which cyber criminals deploy on an unsuspecting person’s computer network in order to encrypt their files.

​​If a cyber-criminal is successful in doing this, it enables them to extort the victim into paying large fees to decrypt their files and make them accessible again.

Nowadays, most people tend to have their data backed up somewhere, whether it be on an external hard drive or on the Cloud. Most cyber criminals have clocked onto this and now threaten to release stolen files online. This same threat has also been used on those who have refused to pay the criminal.

Often, cyber criminals will target customer service and HR teams as they are easily reachable employees who hold information valuable to the cyber-criminal.

It’s absolutely crucial that organisations ensure they’re well equipped to prevent ransomware attacks in the coming year, and make sure all employees have a fundamental understanding of how to spot and avoid potential ransomware attacks.

Spear phishing

With the pandemic forcing people to adopt new technologies, cyber criminals have been using different methods to carry out their attacks. One method that seems to have gained popularity has been spear phishing.

Spear phishing is a type of digital communication scam that targets a specific individual or organisation. It’s designed to trick unsuspecting victims into clicking a link and willingly giving away their credentials. Unlike conventional phishing, which is a broader approach to the same goal, spear phishing is a lot more personal, and can be a lot more deceiving.

In order to prevent spear phishing attacks, organisations should create filters which flag incoming emails as either internal or external, which allows the recipient to see if somebody is trying to trick them.

Additionally, organisations should ensure employees are educated to understand what spear phishing is and how it can be prevented. This information can be simply delivered through eLearning on cyber security.

Remote or hybrid working

Over the past two years, the various lockdowns and a shift in attitudes has led to businesses adopting mass remote working or moving into hybrid working models. Now, in 2022, it’s clear to see that the movement towards remote and hybrid working is here to stay, with 85% of managers believing that having teams with remote workers will become the new norm.

However, remote working presents a number of challenges to an organisation’s cyber security. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic in March 2020 to more than 60% six weeks later when the nation was in lockdown.

Risks like unsafe networks, digital file sharing, and outdated software make up part of a long list of risks that should be addressed by all organisations with remote workers.

These risks should not put off organisations from allowing employees to work remotely, but instead should encourage all businesses to ensure their cyber security policies are up to date and cover remote working responsibilities.

Training employees, carrying out risk assessments, making sure workers are using secure connections, and introducing robust information management frameworks will all help protect your business during hybrid or remote working.

Create a culture of IT security in 2022

From larger businesses to SMEs and start-ups, creating a culture of security is one of the most effective ways to protect your business against all types of cyber-attack in 2022 – and you can do this through ISO 27001 and ISO 27002.

ISO 27001 is the internationally recognised Standard which provides the framework for a comprehensive Information Security Management System (ISMS). It implements 114 legal, physical and technical risk controls that allow an organisation to carry out robust information management.

It’s set to be updated in the coming months to reflect the current challenges to an organisation’s IT security – making 2022 a great time to put in place a futureproof framework to protect your business.

Another Standard receiving an update in 2022 is ISO 27002 – the code of practice for an ISMS, which provides details on the requirements and controls in ISO 27001. Again, this update will make sure ISO 27002 reflects and addresses the current challenges businesses face in relation to IT security.

Adopting the latest versions of these Standards is a great way to give your business all-round protection in 2022 and beyond – so you can reassure your stakeholders and clients, fulfil your legal obligations, and keep your information secure at all times.

Supply chain attacks of 2022 on the rise

 960 640 Eleanor Barlow
By:
0
0

According to Microsoft, the goal of a supply chain attack is to ‘source codes, build processes, or update mechanisms by infecting legitimate apps to distribute malware.’ Supply chain attacks ‘begin with an advanced persistent threat that determines a member of the supply network with the weakest cyber security in order to affect the target organization.’ (CERT-UK report ‘Cyber-security risks in the supply chain’).

Advanced persistent threats (APT’S) are ‘a multiphase, and long-term network attack in which unauthorized users gain access to, and harvest, valuable enterprise data.’ (IBM)

Most often, smaller businesses are the initial targets of these attacks. But these smaller business often provide products and/or services to larger corporations, which then become infected. So, while a small technology company with less than 30 employees may be the initial gateway, anything up to a Fortune 500 business can be impacted.

Take aviation giant, British Airways, for instance. In August 2018, malicious code on the BA website and app was placed to extract customer credit card details and other personal data of over 400,000 customers. While BA was the target, it is likely that third-party suppliers were the original issue here, as ‘third parties may supply code to run payment authorisation, present ads or allow users to log into external services.’ reported the BBC shortly after the attack. The company was fined £20m by the Information Commissioner’s Office (ICO), and new measures with regards to authentication and third-party protocols were put in place.

This incident is one of many. ‘In terms of scale and sophistication, the attack against SolarWinds, in which the highest levels of government were compromised, was unlike an attack seen before. The far-reaching impacts are still being identified today. It is the unpredictability of the attack that was/is the greatest cause for concern, and how attacks like this will influence business and infrastructure in the future. That is why it is important to prepare and safeguard systems as much as possible now, before the damage is done.’- Eleanor Barlow, SecurityHQ

How to Mitigate a Supply Chain Attack

To reduce the chance of becoming a victim of a supply chain attack, implement the right services to detect and respond rapidly, now.

For full visibility of threats targeting you, ensure that you have Managed Extended Detection & Response (XDR) in place.

If you are concerned about the impact of a breach, contact a security expert for advice.

Or, if you think you have been breached, report an incident here.

Identify and investigate Business Email Compromise (BEC) scams

 960 640 Guest Post
By:
0
0

Business Email Compromise is an email-based phishing attack that specifically targets businesses and organizations to steal money, sensitive information, or account credentials. These attacks can be difficult to prevent as criminals may utilize social engineering techniques such as impersonation and intimidation to manipulate users.

Threat actors will often prepare for BEC attacks by first performing reconnaissance on their targets and uncovering publicly available data such as employee contact information to build a profile on the victim organization. Moreover, BEC attacks often focus on employees or executives who have access to more sensitive information or the authority to make payments on the organization’s behalf.

According to the FBI, there are five major types of BEC scams:

  • CEO Fraud: In this scenario, the attacker will pose as the company’s CEO or any executive and send emails to employees, directing them to send money or expose private company information.
  • Account Compromise: An employee’s email account has been compromised and is used to send BEC scams to other organizations and contacts from the compromised account.
  • Attorney/Tax Impersonation: The cyber-criminal will impersonate an attorney or other representatives from organizations like the IRS to scam employees. These attacks will attempt to pressure employees into acting quickly to avoid “official repercussions”.
  • Data Theft: Scammers may target employees in HR or those with access to employee information to obtain sensitive or private data regarding other employees and executives that can be used for future attacks.
  • False Invoice Scheme: The attacker will spoof an email from an organization or vendor that the victim works with. This email may contain an invoice requesting payment to a specific account that the attackers control.

What is the cost of Business Email Compromise (BEC) and how do you identify it? Carry on reading this blog post to learn more by clicking here or visit the Varonis website here.

Ransomware Year in Review 2021

 960 640 Guest Post
By:
0
0

By Varonis

In 2021, attacks became highly effective and impactful. At the same time, high-volume indiscriminate ransomware threats remained omnipresent throughout the year.

In this post, the Varonis Threat Labs team shares what they observed in the wild while working on ransomware investigations.

Overall, the team identified these five ransomware trends that shaped 2021:

  1. Ransomware-as-a-Service became the go-to model for attackers. 2021 saw a shift toward the Ransomware-as-a-Service (RaaS) business model, where groups recruit affiliates or partners to conduct specific parts of their operation.
  2. Attackers crafted bespoke ransomware. In 2021, threat actors bullied targeted organizations with victim-specific ransomware designed to avoid detection and ensure the efficacy of the attack within the victim’s environment.
  3. Attackers went “big game hunting.” Sophisticated ‘big game hunter’ ransomware groups, both old and new, honed their ability to access victims’ networks worldwide. Cybercriminal groups adopted the now widespread ‘double extortion’ tactic to steal—and threaten to leak—sensitive data.
  4. Ransomware sent shockwaves through the software supply chain. Numerous high-profile incidents targeting high-worth organizations via software supply chains during 2021 demonstrate the impact that ransomware can have on an organization—and, in some cases, led to ‘real-world’ outcomes sending shockwaves across the broader economy.
  5. Attackers bought and sold off-the-shelf commodity malware. Commodity malware continued to be widely adopted by threat actors of varying sophistication—from organized cybercriminal gangs delivering payloads to gain initial access to high-value targets to script kiddies using simple off-the-shelf threats to steal credentials for resale on the dark web.

Click here to read the full blog post to delve into each of the five ransomware trends or you can visit the Varonis website here.

The rise of Ransomware-as-a-Service and how organisations can protect themselves 

 960 640 Guest Post
By:
0
0

By Keith Glancey, Head of Solutions Architect at Infoblox

Over the years, ransomware has become an increasingly popular attack method for hackers looking to make a large return on investment. The COVID-19 pandemic only accelerated this problem further, opening up new opportunities for cybercriminals to cause disruption and find vulnerabilities.

As businesses continue to struggle with securing the new remote and hybrid working landscape, cybercriminals will continue to use it to their advantage. In fact, today it is estimated that there is at least one ransomware attack on a business every 11 seconds. These attacks are not just frequent. They are also damaging, with recent research discovering that the average ransomware recovery costs for businesses have more than doubled in the past year, rising from $761,106 in 2020 to $1.85 million in 2021. And that’s without the long-term reputational damage.

Whilst tried and tested ransomware distribution tactics – such as malicious websites, email campaigns and even USB memory sticks – are still very much in use, over the last year or so other, newer methods have also increased in popularity. One such method – which is quickly becoming the number one headache for security teams and business leaders – is Ransomware-as-a-Service (RaaS).

A new era in ransomware

RaaS is changing the game. A subscription-based model that enables users to use pre-developed ransomware tools to execute attacks, RaaS gives everyone the power to become a hacker. There’s no technical knowledge required; all individuals need to do is sign up for the service.

RaaS platforms are closely modelled after legitimate SaaS products. They include support, community forums, documentation, updates, and more. Some even offer supporting marketing literature and user testimonials. Users can choose to sign up for a one-time fee or for a monthly subscription. There are also special features which you can pay for, such as a status update of active ransom infections, the number of files encrypted, and payment information.

Although deploying this new type of ransomware requires no specific skills, it still enables threat actors to develop highly targeted attacks on large organisations, where they can ask for large ransoms. In these highly targeted cases, threat actors use carefully researched social-engineering tactics, such as well-crafted emails to entice targets to click dangerous URLs or open malicious attachments. In other cases, threat actors may target a vulnerability that is particular to or commonly used by their target victim group.

It’s no surprise that RaaS is becoming so popular. In fact, research discovered that almost two-thirds of ransomware attacks in 2020 used RaaS tools. It has also been behind some of the most notorious attacks this year, including those on the Colonial Pipeline and JBS. The size and sophistication of these attacks should concern all cybersecurity professionals, and their successes highlight how the RaaS market is only likely to grow moving forward.

Future proofing with DNS

When it comes to ransomware, failing to prepare really is preparing to fail. More often than not, attacks are successful when victims do not have an effective strategy in place. Therefore, businesses need to expect attempted ransomware attacks and prepare accordingly.

Getting detection and prevention right can help businesses to gain the upper hand. This is where Domain Name System (DNS) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. What’s more, some 90% of malware, including ransomware, touches DNS when entering and exiting the networking, making it a powerful tool in the cyberdefense toolkit. When applied to security, DNS can help protect against ransomware attacks by detecting and blocking communication with known C&C servers that distribute malware, helping to stop an attack before it even starts.

To take DNS-based security to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, and paired with DNS security, can identify compromised machines and correlate disparate events related to the same device.

With RaaS becoming so established, organisations battling against ransomware need to level up. As with most complex issues, there’s no silver bullet for cybersecurity. However, by focusing on detection and prevention and using core infrastructure like DDI, security teams can get the upper hand.

International Fraud Awareness Week – Hear from the experts

 960 640 Stuart O'Brien
By:
0
0

Fraud is not a new concept – far from it. Since the dawn of time, fraudsters have looked to take advantage of circumstance and innocent people have fallen victim as a result. But, in our digital age, fraud is more prevalent than ever before. That’s why this International Fraud Awareness Week, we spoke to three experts in the field; to find out more about how organisations can protect themselves and their customers. Here’s what they had to say:

Ben Fraser, Global Head of Business Development, Insurance at Endava  

“As we enter International Fraud Awareness Week this year, it’s a startling realisation that fraud continues to plague consumers despite leaps and bounds in cybersecurity. Last year alone, scam attempts rose by 33%, resulting in £2.3bn in losses for consumers. As fraud continues to rise, the question needs to refocus not just on how we can prevent fraud, but also how consumers can take matters into their own hands.

“Part of the answer the answer may lie within embedded insurance, which allows insurers to reach consumers where they live and work: through offering solutions when they’re needed most, whether that’s while consumers are shopping online, checking their bank details, comparing cars for purchase, or looking for vets. 

“The concept of embedded insurance exists in a limited form today. There is, however, plenty of opportunity for insurers to better integrate solutions to eliminate the effort in consumers having to seek out support themselves, making it easier than ever to protect themselves from bad actors across their digital footprints. 

“As we head into International Fraud Awareness Week, hopefully we will see more of just that: better awareness of how technology can accelerate and combat the multiple threats we’ve see escalate as we all move toward a digital-first lifestyle. Making sure consumers have easy access to insurance is one – but one critical – element of that, and will go a long way in making sure consumers feel safe when heading online, flashing some cash, or hitting the road.”

Raj Samani, Chief Scientist and McAfee Enterprise fellow:

“International Fraud Awareness Week comes as a timely reminder that enterprises and individuals should all take time to shore up their cyber defences. The threat landscape is constantly evolving, and cybercriminals are expanding their tactics and target groups. As well as posing a threat to individuals across the country, fraud and scams intensify the threat for businesses. Today, many employees are accessing work files and information across both corporate and personal devices, meaning that while criminals could be targeting an individual, the end goal could be accessing sensitive enterprise information. Unfortunately, this threat has continued to increase due to the pandemic, with our research finding that 57% of UK organisations experienced increased cyber threats during COVID-19.

“To tackle rising fraud threats, businesses need to educate their workforce on best practices, such as reporting any suspicious activity, questioning whether a link is dodgy, or thinking before accepting an unknown phone call. Employees must be aware of and vigilant against threats to avoid making it too easy for criminals to cash in on both personal and company data.   

“It is also crucial that organisations deploy the necessary security protections across their enterprise. For example, they should adopt a Zero Trust mindset that can help them maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary. By taking these measures, organisations can rest easy knowing that they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications

“Fraud Awareness Week acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new research from Nuance has found that on average victims of fraud lost over £3,300 each in the last 12 months – three times higher than in 2019.”  

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. 

“Biometric technologies authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.” 

Experts reflect on how you can be cyber smart for Cybersecurity Awareness Month 2021

 960 640 Stuart O'Brien
By:
0
0

The overarching theme of this year’s Cybersecurity Awareness Month is “Do your part. #BeCyberSmart.” The pandemic has made the line between our online and offline lives indistinguishable. Everything we do is fuelled by technology. Our homes, our economy, the entire country. Everything is impacted by, but also at risk of, the internet.

By now, everyone and every business has a basic understanding of the threats the online world presents. Most if not all organisations will also have some level of cybersecurity in place. But most of the time it’s not good enough. Stronger security practices and more education about the risks we are all vulnerable to is absolutely vital if we are to be resilient enough to withstand a technology-driven future.

So, we spoke to some of the industry’s experts to learn how businesses and individuals can play their part in keeping our cyberspace secure.

Knowing and how and where to spend your budget

There are three key areas that the experts we chatted with believe need to be revaluated. The first comes as no surprise: technology. That’s because “opportunistic cybercriminals continue to take advantage of the evolving digital environments that individuals, governments, and organisations have embraced,” according to Chris Huggett, SVP EMEA, Sungard Availability Services.

Raymond Pompon, Director, F5 Labs, added that “web application exploits are the biggest cybersecurity risk facing organisations today. In fact, recent research has shown 56% of the biggest cybersecurity incidents over the past five years were related to web application security issues, constituting 42% of all financial losses recorded for these extreme events. The pandemic has also thrown significant challenges at our defences and now, as employees shift to hybrid working models, another layer of complexity is added to the mix.”

In light of this landscape, Huggett believes “[Cybersecurity Awareness Month] should act as a timely reminder to organisations, both big and small, to review their security processes. In their hunt for ‘big game’ enterprises, threat actors are holding third-party vendors hostage to reach their ultimate targets. Organisations need a holistic view of their entire infrastructure to make sure that every touch point is secure.”

This can, of course, be challenging at a time when businesses are doing their best to make a comeback from the pandemic, but Rob Treacey, Head of Security, Professional Services, EMEA at Rackspace Technology, says “organisations should be looking to spend between 15-20% of their budget on cybersecurity.” That’s compared to the “7-15% of their IT budgets [that is currently being spent] on cyber security.” Treacey advises that “the best way to decide what you spend is to figure out what percentage of your budget is proportionate to the information assets you are protecting. If a breach within your organisation would result in irreparable reputational damage, significant customer loss or regulatory non-compliance, then you probably require a healthy security budget to prevent any of those consequences from becoming a reality.”

One of the biggest priorities to review when deciding where to spend cybersecurity budget, according to David Higgins, EMEA Technical Director, CyberArk, are “innovations like machine learning, [which] are making organisations more cyber smart because they eliminate excess login requests.” He warned that “cyber criminals know [our] dirty little password secrets and target weak passwords as an easy way to steal information and even get rich quickly, often via common methods like phishing and impersonation. That’s why 80% of hacking-related breaches can be linked to stolen or brute-forced credentials.”

Gareth Jehu, CTO, Com Laude believes that cyber security practices around domain names are another thing that can often be overlooked. He advises, “one of the first places to start is implementing an up-to-date TLS encryption protocol. This protects the confidentiality and integrity of data in transit and authenticates the parties that are exchanging information. Adopting a robust domain lock solution such as Registry or Super Lock can also provide protection by implementing a domain specific approval handshake for any modification to domain name settings such as name servers. An organisation should also manage its domain assets carefully, ensuring it has appropriate and active SSL certificate coverage. Mismanagement of these certificates can lead to erroneous expiration, opening the door to disruption of critical services”

Addressing one of the biggest problems in cyber: human error

The second element to reviewing a business’ cyber practises comes down to its people. Mark Belgrove, Head of Cyber Consultancy, Exponential-e, told us that “most businesses, despite having access to advanced protections and the best threat intelligence on offer, remain vulnerable to one key factor: human error. It is a constant vulnerability that can never be fully eradicated. The remote working whirlwind brought on by the pandemic, and the use of corporate devices on less secure home networks, often for personal use, means human error has left organisations vulnerable to even more threats in the last 18 months too.”

The problem stems down to the fact that, “while most organisations want to increase security awareness among their employees, the stark reality is that many don’t know where to begin,” explained Erez Yalon, Head of Security Research at Checkmarx. He added that “fundamentally, implementing a shared cybersecurity responsibility boils down to two tactics; increasing awareness, and providing training. Without awareness, change can’t happen. It’s the first step in helping notice a problem exists, hasn’t been addressed, and that action is needed. Staff must be made aware of their security responsibilities and there needs to be concrete alignment across departments to create a comprehensive and cohesive security program. To further this, ongoing training programs must be implemented as a priority. Often, such training sessions can be tedious, and so organisations should conduct bitesize, interactive lessons, not extensive monotonous ones.”

Jonathan Smee, Information Security Consultant & Technical coach at Grayce, echoes this message, highlighting that “there is a widening skills gap in IT security, with research from Department for Digital, Culture, Media & Sport (DCMS) stating that two-thirds (64%) of cyber firms have faced problems with technical cyber security skills gaps, either among existing staff or among job applicants.” Smee believes “organisations should therefore look to provide continuous learning opportunities and adequate training to keep their employees up to date with the latest cyber threat trends.”

Getting the foundations of your digital business right

The final element we must consider, according to Rick McElroy, principal cybersecurity strategist, VMware and Bill Mason, Senior Project Manager, Distributed, is the foundation on which most of our businesses are now built – software – and the people that build it.

Mason explains that “with the mass transition to remote and hybrid working comes a growing reliance on software to keep us connected and productive, no matter where we’re working from. But as organisations continue to integrate new tools to future proof themselves, they need to consider the security implications. Businesses should be thinking about track and trace – but not as we know it. What this means in the context of distributed workforces is tracking any potential vulnerabilities that are incorporated into third party and open-source libraries when developing software, as well as scanning code and fixing all security issues that are identified to a requisite level.” He adds, “cybersecurity is complex, and one of the best pieces of advice I have received is to ensure that your developers are following appropriate standards. They exist for a reason. They make developers’ lives easier because they give them a framework for reference.”

In McElroy’s opinion, “a lack of common goals between security, IT and developers has long been an issue, one being exacerbated by the potential complexity of today’s multi-cloud, modern app world. Teams are working in silos, and this is having a detrimental impact on a business’ security and its ability to meet objectives.” He believes, one of the biggest problems is that “security is being considered a barrier to developers and IT. We need to move from this towards a scenario where security as a technology is thought of differently. It is there to support the brand, build trust, and optimise app delivery for developers. It’s there to eliminate the false choice between innovation vs. control. This culture shift will enable stronger collaboration between security, developer and IT teams.”

Are you cyber smart?

Cybersecurity is a constantly evolving entity. Hackers are always on the move and it’s common knowledge that they’ll always be on the front foot in one way or another – the best we can do is try and keep up. Taking on board the insights from these industry experts might just ensure you can.

Cutting through the noise

 960 640 Guest Post
By:
0
0

By Rapid7

Imagine this, your connected devices at home and office go rogue. The car drives you somewhere else instead of home, the office devices leak intellectual property and employee data, the home appliances reveal information about those at home. The thought of this happening would probably send shivers down your spine. Though it’s only an imaginary scenario, the probability of it happening is not impossible as threat actors become increasingly sophisticated.

In other words, with digital transformation, the attack surface has increased exponentially. Take the past year for instance. According to a report by Check Point Research, cyberattacks on the education sector have increased by more than 30% globally, with Australia being one of the top five countries to face the attacks. What led to this spike? Remote learning and virtual classes.

With today’s threat landscape, it’s imperative for security teams to have early, contextualised threat detection across their internal and external environment. Contextualised threat is the investigation and analysis of security alerts as they are generated.

Collecting vast amounts of remote data and making sense of it to identify true threats to your businesses is complex and time-consuming. You need more context about threats—across your internal or external attack surface—and the ability to drive proactive and automated threat mitigation.

Our IntSights solution combines external threat intelligence with community-infused threat intelligence to improve the signal-to-noise ratio and free up time to focus for security teams already stretched too thinly. With more intelligence on the internal and external threat landscape, we can offer more context and treat more threats with Emergent Threat Response. We can add and enhance capabilities across your portfolio to help you solve the security concerns challenging your organisation, as well as take a proactive approach to defend against the security concerns of tomorrow.

Find out more about how our Rapid7 Insight Platform can bring the internal and external threat landscape under your control.