Cyber Security – Page 2 – Management Events

September 3, 2020

Endpoint Security and the Future of the Cyber Security Landscape

Establishing the Zero-Trust Cybersecurity Framework

In recent years, Cybersecurity has repeatedly been one of the leading anxieties for enterprises worldwide, and in 2020, that trend intensifies. Traditionally, it is easy to shirk the organization’s IT responsibilities and point fingers towards CIOs, CISOs, and the CTO. However, it would be imprudent not to acknowledge that most cybersecurity incidents have arisen due to employee negligence. As such, the culture of taking proactive security measures should be borne by the entire organization.

“Today, the only way to be sure your system is good enough from a security point of view is for the whole IT team to design everything with security in mind,” says Grossi. “It’s no longer okay to be only mobile first or cloud first; it’s got to be security first.”

– Piergiorgio Grossi (Former Chief Information (CIO) and Digital Transformation Officer at Italian motorcycle-maker Ducati)

A glance at today’s cybersecurity landscape

Cyber attacks alongside Deepfakes continue to increase year over year. According to the ISACA’s Global State of Cyber Security Survey—a survey of more than 2,000 information security professionals from more than 17 industries—looks at the threat landscape, the measures security professionals employ to keep their organizations safe, and key trends and themes in the practice of security.

The cybersecurity landscape presents a positive and negative outlook. On the positive side, at least 50% of fully or appropriately staffed teams are more confident in their abilities to respond to cyber threats. While on the negative side, 62% of survey participants agree that cybercrimes are severely under-reported, and 52% believe that it is very likely their enterprise will experience a cyber attack in the next 12 months. Nevertheless, Information security professionals still believe that real progress is being made against common threats.

The most common threat actors being Cyber Criminals (22%), Hackers (19%), Malicious Insiders (11%), Non-Malicious Insiders (10%), Nation-State Attackers (9%), and Hacktivists (8%). The most frequent attack methods being Social Engineering (15%), Advanced Persistent Threat (10%), Ransomware (9%), and Unpatched systems (9%). Other noteworthy methods are Distributed Denial of Service (DDoS) and Mobile Malware, especially via android.

Fortunately, Google is making more headway with its latest privacy-focused features and increased efforts toward security updates. Android 10 (Pie) introduced granular controls over app permissions, while the upcoming Android 11 (currently available as a developer preview) further conveys their commitment to improvements in security with the implementation of temporary one-time access, allowing an app to use, for example, your phone’s location or camera. Android 11 continues this security-focused expansion and uses biometrics (Face, Iris, and Fingerprint data) to authenticate apps and services. Android 11 will also support digital driver licenses and other identification documents.

The ISACA survey also shows that organizations that take longer to fill in their cybersecurity and related positions report an increase in cyber attacks. Enterprises that took less than 2 weeks experienced 26% more cyber-attacks this year. Those who took around three months experienced 35% more attacks this year. Those who took six months or more experienced 38% more attacks. While those who were or still finding it hard to fill the positions experienced 42% more cyber-attacks this year.

Why Endpoint Attacks Occur

There used to be a distinct difference between the inside and outside of an organization, with infrastructures possessing clearly defined roles and boundaries. Organizations would have offices with computers and servers running on-site, creating a physical firewall, and ensuring that data often never leaves the company.

However, with the rise in telecommuting, more employees were asked or forced to work from home where there is no apparent, easily guarded line that can keep all the data in and attackers out of the system.

Worse is that some organizations still have a legacy viewpoint of the boundaries. Combine that with the BYOD trend, and all these lead to an increasingly expanding frontline. Causing security personnel to deal with relatively easy to hack employee-owned devices. This is further compounded by the fact that most employees expect convenience—many opting to use free and popular services to bring their data outside the company and with them. The majority of these services are infamously insecure, as have been pointed out by several hacks lately.

One such cyber attack is the recent discovery of an additional six malicious Android apps (11 similarly malicious apps were discovered in July) that slipped through the Google Play Store’s safety net to plant malware on Android devices. Another phishing attack targeted government and security organizations, using a legitimate Box page with Microsoft 365 branding to trick the victims.

The attackers were careful to appear quite convincing. Botnets facilitated spam and malicious emails with sender names and domains from a legitimate third-party vendor, asking readers to view a sensitive financial document. Viewers who clicked the link were led through a series of pages till they landed on a phishing page, built to resemble the Office 365 login portal, where they were asked to log in with their corporate credentials.

According to the cybersecurity awareness and data analysis firm, CybSafe and data from the UK Information Commissioner’s Office (ICO), 90% of the 2376 cyber breaches reported to the ICO in 2019 were attributed to end-users’ errors. This was a significant increase from the years prior, with 61% in 2017 and 87% in 2018. The cybersecurity company reported phishing accounted for 45% of all reported cases, making them the primary cause in 2019 in the UK.

There is a general lack of public understanding around basic secure behavior, such as spotting fraudulent links and phishing emails, sending the wrong document to the wrong person, leaving a computer unlocked, or plugging in unidentified USB sticks. However, there are two sides to this human error issue.

Passive Attacking: End-users and endpoints have become the primary targets for cyber attacks. This is because their behaviors and powerful devices are relatively easier to exploit, making them attractive targets. Security to most end-users is an untaught concept, and one they typically leave to the “experts.” Yet said experts are rarely the most communicative or most persuasive of tutors and thus, fail to communicate the pitfalls of not being security first effectively. Additionally, BYODs rarely include superior security, such as multifactor authentication (MFA), a system that can prevent the vast majority of data breaches by stopping unauthorized clients from accessing a corporate device. This all leads to the end-user becoming the weakest link, triggering a Supply Chain Attack.
Increased IT Infrastructure Complexity: This second aspect encompasses the increasing complexity and distinctiveness of security tools. From intrusion detection, network monitoring, and encryption to security information and event management tools (SIEMs). Typically, more robust options are welcome; the issue is that all of these disparate tools need to be integrated effectively and correctly aligned to provide adequate and effective security. This also means that security teams have to know each tool, their uses, thresholds, and experience to create appropriate baselines. Unfortunately, teams are not trained well enough in the real world and most likely implement the tools with their default configurations. Doing this allows for an easier rollout but a risky and unsecured move, nonetheless. Such settings were predetermined by the manufacturer and basically put usability before all else.

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behavior, and culture.”

– Oz Alashe – (CEO and Founder at CybSafe)

Undoubtedly, cybersecurity has dramatically changed, and cybersecurity teams’ capabilities are being stretched past their limits. Fundamentally brought on by a ballooning attack surface blended with ill-informed and inappropriate consequential end-user behavior floated by some organizations that refuse to take security seriously.

Endpoint cybersecurity threats

Endpoint security is a critical aspect of the cybersecurity landscape, and it’s becoming increasingly important as the nature of work evolves. With more devices connecting to networks than ever before, from laptops and smartphones to IoT devices, the number of potential entry points for endpoint cyber security threats has multiplied. This makes endpoint cyber security a vital component of any comprehensive security strategy.

Endpoint cyber security threats are diverse and constantly evolving. They include malware, ransomware, phishing attacks, and zero-day exploits, among others. These threats can compromise individual devices, and from there, gain access to the broader network, leading to data breaches or system disruptions.

Malware and Ransomware: Malware is a broad term that encompasses various types of malicious software, including viruses, worms, and Trojans. Ransomware, a type of malware, encrypts a victim’s files and demands a ransom to restore access. These threats can infiltrate endpoints through malicious email attachments, infected software downloads, or malicious websites.

Phishing Attacks: Phishing attacks often come in the form of deceptive emails that trick users into revealing sensitive information, such as passwords or credit card numbers. They can also involve convincing users to click on a link or download an attachment that installs malware on their device.

Zero-Day Exploits: These are attacks that take advantage of software vulnerabilities that are unknown to the software vendor. Because these vulnerabilities haven’t been patched, they provide an open door for hackers to infiltrate systems and networks.

Advanced Persistent Threats (APTs): APTs are complex, stealthy threats in which an unauthorized user gains access to a network and remains undetected for a prolonged period. These threats are often state-sponsored and aim to steal information or disrupt operations.

To combat these threats, organizations need to adopt a multi-layered approach to endpoint security. This includes the use of antivirus and anti-malware solutions, firewalls, intrusion prevention systems, and endpoint detection and response (EDR) technologies. Additionally, organizations should regularly patch and update software to fix known vulnerabilities, and educate employees about safe online practices to prevent phishing and other user-targeted attacks.

The Future of the Cyber Security Landscape

The evolution of large-scale breaches symbolizes a growing trend of security violations both in numbers and their gravity. Data breaches recurrently expose sensitive information that often leaves users at risk for identity theft, ruin businesses’ reputations, and leave businesses liable for compliance violations. Cyber Observer, holistic cybersecurity management, and awareness solutions predict that damages from cyber crimes are projected to reach $6 trillion annually by 2021.

In other words, as enterprises gradually emerge from the current pandemic, we expect to see a surge in new demands. Reacting to these will require CIOs to formulate strategies based on two structural principles; understanding what customers need in a transforming landscape and leveraging technology to respond to these challenges in ways that acknowledge scope, cost, and scale objectives.

It is virtually impossible to write about the cybersecurity landscape’s future without citing Artificial intelligence (AI) and its role in securing endpoints. AI has existed for quite some time, and its use in our daily lives has become so common that we hardly ever stop to really think about it. From “Weak” AI programs such as “AlphaGo” developed by Goggle DeepMind that combined advanced search tree with deep neural networks, to Strong AI and machine learning systems used in flying Drones, Google Nest, and Tesla’s Autopilot. CIOs will carry on utilizing AI in various fields within cybersecurity. If anything, but to combat the numbers of attackers misusing AI and machine learning.

Looking to the future, the potential for new threat classes remains; ubiquitous and non-discriminatory in nature and to which there are currently no known catch-all countermeasures. Intrinsically, meticulous observations on malware features, abnormal acts, attackers’ attributes, and machine learning-based AI algorithms empower the defenders to deal with cyber threats, and in some cases, actually, go on offense. Regrettably, such observations also provide the attackers’ chances to invent novel attack techniques. Particularly as the risk of inputting false data and many other unsolved errors are relatively high in AI, defenders must always stay alert.

10 Simple Steps to Protect Your Business

Today, homeowners go beyond the typical door locks and automatic lights to a fully integrated security system that can prevent attacks and detect and respond to an intrusion and even accidents like a fire. Similarly, a business should deploy a multilayered cybersecurity strategy, one that includes.

Prevention: Firewalls, Anti-virus, Anti-malware, Password Management, Cybersecurity Awareness Training

Detection: SIEM, IDS, Threat Intelligence, and Log Monitoring

Response: 24/7 SOC Monitoring Response, Automated Threat Remediation, and Forensic Investigation.

These are all great tools, but in reality, not all businesses can afford top of the line and often proprietary security suites. Fortunately, you or businesses do not need to invest endlessly in new security tools to improve and elevate your current Cybersecurity posture and awareness for the reason that 80% of data breaches can be prevented with the following basic actions.

Patching
Regular vulnerability assessments
Institute end-user security awareness
Ensuring third-party vendor compliance
Endpoint Detection and Response (EDR)
Limiting access to your most valuable data
Securing mobile devices and BYOD devices
Proper device and or software configurations
Conduct employee security awareness training
Develop cyber breach prevention, detection, and response plan

Final Thoughts

Improving endpoint cyber security needs to be a top priority in 2020 and the foreseeable future. The border-less and seemingly non-discriminatory nature of cyber-attacks means it is of imperative importance that the cybersecurity industry shares their insights and work together to protect themselves and the wider population.

In today’s connected world, a breach of one organization can compromise an entire supply chain. Spelling disaster for businesses, eroding public trust and opinions, whilst leaving them in financial collapse, particularly with the General Data Protection Regulation (GDPR) in the EU. It is up to the legitimate security community to learn from each other, sharing what works and what does not. Most importantly, we all need to identify where to improve and ensure we leave no one behind.

September 2, 2020

Aki Levänen: Is A SIEM Necessary?

From time to time, you hear comments in security discussions that “Security Information & Event Management (SIEM) is dead” or that it does not provide sufficient benefit in terms of input to detect and handle security incidents. The advocate may have his own agenda behind his opening: replacing SIEM with another product or experience in his own operating environment where there has been no need for SIEM or has been perceived as useless.

However, without taking an immediate opinion on the necessity or unnecessariness of SIEM, the matter can be considered from a few angles. After reflection, based on these thoughts, the reader can think for themselves whether SIEM is necessary and what it might offer me. What does SIEM actually offer and for what purpose? Where is SIEM good and for what purpose and need may better tools be offered? Whose need is being talked about in any context: the organization itself, the Security Operation Center (SOC), or someone else?

Investing in collecting logs

This blog post focuses more on observation, for example, the National Institute of Standards and Technology, the NIST cybersecurity framework Detect section, and what SIEM as a tool in that context can provide. It is true that from the point of view of collecting logs for the SIEM implementation, you have to invest in it and the workload can be big. The starting point for planning is to know the requirements for the operation and to think about the log policy, which creates the basis for technical supervision. Based on this, one can make an architecture as well as think about what is collected, from where and how. After all, it is not necessary to gather everything in one place, but you can even utilize the analytics in the cloud and pass the events to the person handling them, e.g. SOC, instead of building them yourself in SIEM. In reality, some sort of SIEM or data lake in the cloud is in the background.

User accounts and workstations are most often invaded in organizations

The most common way is to email the user with an attachment or link to access the workstation or email account, often O365. From the point of view of implementing the observation, I would take advantage of the security features of Microsoft’s O365 e-mail service, for example, instead of collecting data in my own SIEM and building alerts. At the workstations, this is partly the same, but can we investigate what has happened in more detail if necessary? Many security systems do not provide sufficiently detailed information about events and these could be supplemented, for example, by using the Windows system monitor (Sysmon) to collect more detailed information. This data can and should be collected in SIEM to support the analysis. Of course, newer Endpoint Detection and Response (EDR) tools collect information and logs from the vendor’s cloud services that can be alerted.

For whom is snapshot information most useful?

The word snapshot comes across in every security conversation with organizations. What it is and what it contains varies almost every time. It is often discussed that one should have access to SIEM and get different views and snapshots of technical events. Now, the essential question is, to whom is this level of information relevant? For SOC, yes, definitely support analysis and for the organization’s technical staff to understand events and even provide information for proactive action. The security manager can look at the situation, but often the discussion is in the direction of management, for which SIEM does not provide direct support. At the management level, that information is already much less useful, as the discussion often revolves around risks and events. Yes, these can be formed on the basis of SIEM data by analyzing and making security deviations and describing what should be able to be developed from the point of view of detection capability. This view is more understandable to management and can be discussed, remembering that observation is only one aspect of the whole.

Security event management is a necessary extension to observation and a requirement in all frameworks

SIEM elevates the events that are collected in the event management system. These are analyzed and security breaches are created, often in a separate ticketing system. These are used to communicate with the various parties involved and to record the measures taken, in which case the activities must also be documented at the same time. The ticketing system usually has built-in integration between actors or portal views. Naturally, various means of communication between the people handling the event are used as support. SIEM does not offer such, although some kind of event flow has been modeled for them as well.

The latest in this entity is the SOAR (Security Orchestration, Analysis and Response) system. SOAR acts as a collection system, collecting alerts, ticketing, portals, and also automating SOC operations through use cases. SIEM is not directly replaced by SOAR, but analysis and data collection must take place somewhere in the background of SOAR. Automation sounds appealing to many, but already requires moderately good maturity in handling and responding to security incidents.

Log collection and monitoring requirements are included in every information security framework

From a compliance point of view, the EU-GDPR has been the most recently highlighted, where the processing of personal data must be traceable from a control point of view. Log collection and monitoring requirements are included in every information security framework. In this way, these control requirements must be able to be solved in IT environments and also in production environments (OT / ICS). Especially in multi-vendor environments, IT vendors do take care of management compliance, but does it meet all the requirements for the organization itself? Most likely, these do not monitor the use of the organization’s own services or do not react to anomalies in the use of the service, but a separate security service, the SOC service, must be purchased. In this context, it may be quite justified to build SIEM itself and to establish controls for both management and operation of all relevant information systems.

SIEM is not dead

In practice, control solutions as current implementations are a kind of Hybrid implementations instead of a fully centralized SIEM. SIEM is not dead, and it is a very key component in information security control. How control solutions start to evolve is largely dependent on the current state of the organization, operational requirements and development investments. As with navigation, you must first know where it is so that you can move on to the next tick or, in organizational terms, to develop information security. Systems are needed to support analysis to produce information. Based on this information, it is possible to react automatically or by people according to pre-agreed or applied measures and to ensure the continuity of the organization’s activities in information security events.

June 22, 2020

Business Continuity: How Industries Are Adapting To A Post-COVID-19 World

As countries ease restrictions and lockdowns, organizations are taking strategic steps to recover their business and revenue streams.

From the high adoption of virtual reality by the property industry to the increase of AR in retail, companies are accelerating change in many aspects of their business as part of their business continuity plan.

But first, what is a business continuity plan?

The Basics of Business Continuity

Every organization has a framework called business continuity management, or BCM, which identifies potential external and internal threats that can threaten the company.

Consisting of disaster recovery, crisis management, contingency planning and business continuity planning, BCM enables the company to effectively respond to an event and ensure the operation of critical business functions.

Business continuity planning (BCP) outlines protocols and procedures that ensure the continued functionality of the business during and after a crisis.

BCP often gets mixed up with disaster recovery, but the two are quite different. Disaster recovery involves the “recovery or continuation of technology infrastructure, systems and applications” while BCP covers all aspects of the business, including human resources, infrastructure, technology, contracts, and communication.

Designing a business continuity plan requires extensive steps, from business impact analysis and recovery strategies to plan development and testing. For examples of building a BCP, view this template by Sitel or Lumiform’s business continuity plan template for IT.

Recovery Steps After The Outbreak

Many businesses are still reeling from the effects of the lockdowns. But most are tackling the challenges by implementing innovative changes, which may become permanent fixtures of their processes.

Digital Transformation In The Property Industry

The real estate and property industry faced a big blow due to the coronavirus. Not only were there bans on open houses and limited viewings, there were also less people buying properties due to the economic situation.

“Market activity will be lower in the next couple of months. I won’t be surprised if sales activity could be down 30% or even 40% in the next few months.”

– Lawrence Yun, Chief Economist of the National Association of Realtors (NARS)

in Yahoo Money

Still, the sector is taking things in stride, shifting to online real estate transactions and digital closings.

For instance, New York real estate companies set up remote closing processes, including electronic notarization, e-signing, live video conferences, and money transfers for their transactions.

In Hong Kong and Singapore, virtual tours and viewings have become “a megatrend” that is accepted among buyers and agents alike. In fact, Hong Kong’s largest property agency, Centaline Property Agency, stated that virtual reality property videos helped to generate HK$100 million in April.

Additionally, online marketing is seeing more emphasis in the industry with the rising utilization of digital marketing automation, chatbots social media, and email marketing.

The New Manufacturing Normal

According to Statista, manufacturing shares the spot for the topmost coronavirus-impacted sector with the travel industry, seeing a severe impact on personnel, operations, supply chain and revenue.

On the upside, COVID-19 is the impetus that’s pushing traditional manufacturing ecosystems to be more agile, flexible and digitally enabled. As mentioned in a Forbes article, the sector is expected to experience five years of innovation in the next 18 months with high adoption of technologies.

Automation is set to be a top technology investment as manufacturers look to move their productions on-shore or near-shore. While off-shoring provides low labor and productivity costs, IndustryWeek believes that the advancement of robotics and automation “have drastically increased productivity across a number of manufacturing processes [which] can be easily reshored and deployed domestically].”

Aside from manufacturing processes, automation is also being utilized for task and order processing. For instance, IBM used an automated order management system to help a global manufacturer of contact lenses to maintain its supply chain continuity during the outbreak.

Internet of Things (IoT) is another manufacturing technology that is predicted to gain traction with a projected growth of up to USD 136.83 billion by 2026. The rise in IoT will in turn bring higher demand for a faster, more stable network, such as Vodafone’s Mobile Private Network (MPN) solution.

Digitized Retail Sector

The retail landscape, on the other hand, saw a boost in e-commerce and digital marketing as movement restrictions drove more retailers online.

Retail giant, Majid Al Futtaim, accelerated their online strategy by launching the e-commerce channel, carrefouruae.com. With more than 250,000 products, the online marketplace saw a ten-times increase in sales over a period of 10 weeks with average daily orders of 1,300.

China alone recorded online retail sales of $360 billion in the first four months of 2020, an 8.6% increase compared to the same period in the previous year. It’s evident that the upsurge of sales is not just limited to online grocery sellers, but expands to non-food e-tailers too.

“[T]here will be a further acceleration in the digital transformation of the retail sector, with the pandemic encouraging more people [to] experience online shopping.”

– Hou Yi, Freshippo CEO & Alibaba Group Vice President,

in FoodNavigator-Asia

Another expected post-COVID-19 retail trend is the use of augmented reality (AR) and artificial intelligence (AI), with the latter predicted to record $8 billion investment within the retail sector by 2024.

Shopify is a prime example of successful AR implementation, which saw a 250% increase in conversion rates after allowing its sellers to add 3D models. As for AI, My Beauty Matches uses algorithms to simplify consumers’ shopping experience by suggesting items from 400,000 products based on their past searches and purchases.

Other retailers, including ASOS, are also maximizing the benefits of these two technologies to thrive in the post-coronavirus world.

Online Security Concerns

As companies extend remote working to ensure business continuity, security risks have shifted from the fortified corporate landscape to the more vulnerable off-site areas. And cybercriminals are using that to their advantage.

According to a survey by Barracuda and Censuswide, among global businesses that are working remotely:

46% have encountered at least one cyber security scare
51% witnessed a rise in email phishing attacks
49% expect a data breach or other threats in the coming month

However, contrary to expectations, cyber security spending is forecast to drop for the rest of 2020. Gartner, which predicted an 8.7% growth in cyber security for 2020, revised the value down to 2.4% while Barracuda revealed that 40% of surveyed businesses have cut their cyber security budgets to save costs.

Chief Technology Officer of Barracuda, Fleming Shi, calls the cost-cutting measure a bad move, seeing as more than half of the workforce is not properly trained to handle cyber attacks.

On another note, Gartner foresees an increase in cloud security, which is in agreement with Barracuda’s finding that 53% of businesses are moving their data to cloud-based models. Unfortunately, almost 85% of IT professionals expressed concerns about the vulnerabilities of remote cloud environments.

In an interview with Digital Journal, Chris DeRamus, the Vice President of Technology, Cloud Security Practice at DivvyCloud by Rapid7, mentioned that “Nearly 50 percent of developers and engineers bypass cloud security and compliance policies,” citing Zoom’s bypassing of common security features as an example.

To strengthen cloud security, he believes that engineers should “tackle cloud security flaws earlier in the build pipeline”, and further states that cloud identity and access management (IAM) will see a greater emphasis in the near future.

The above are just a few examples that show the beginnings of major shifts in various industries as organizations strive to recover from the outbreak effects and ensure business continuity.

As the year moves into the second half, there will undoubtedly be more innovation investments ahead, and more companies will be looking for better and more sustainable solutions.