Posted on

Digital Twins for Cyber Security: Strengthening Cyber Resilience

Mimecast_Building_a_human_firewall

Imagine having a virtual replica of your IT network, where you are able to pinpoint security vulnerabilities, develop attack simulations, and deter expensive breaches, all before your system is even implemented.

For some business leaders, this is no longer a fantasy, but a reality with digital twins.

 

Embracing Digital Twins

 

While the digital twin concept was initially applied in manufacturing, many industries have seen beneficial uses of having a digital replica of their assets, operations, and more recently, their cyber security systems.

It’s a known fact that the number of cyberattacks rose at an alarming rate during the outbreak, with many even naming it as a ‘cyber pandemic’. 

As more organizations move their digital assets to the cloud combined with the increased use of Internet of Things (IoT), the immense data proves attractive to cyber attackers looking to profit from unsecured endpoints, networks, and databases.

With cyber criminals becoming increasingly advanced, simply defending the systems and reacting to real-time attacks are no longer sufficient, and businesses have to take a more proactive and predictive approach.

Simulating, Monitoring, and Protecting Physical Assets

A digital twin refers to a virtual replica or representation of a physical device, system, or network. It is a concept borrowed from the Internet of Things (IoT) domain, where physical objects are connected and controlled through digital representations.

In the realm of cyber security, digital twins are used to simulate and monitor the behavior of real-world assets or systems in a controlled and secure environment. By creating a virtual replica of a physical entity, organizations can gain valuable insights into its vulnerabilities, potential attack vectors, and overall security posture.

Digital twins enable cyber security professionals to conduct various activities, including:

Risk Assessment: Digital twins allow for the identification and analysis of potential risks and vulnerabilities associated with a physical asset or system. By simulating attacks and interactions within the digital twin, cyber security experts can evaluate the effectiveness of security controls and make informed decisions to mitigate risks.

Threat Detection: By monitoring the digital twin’s behavior, anomalies and suspicious activities can be detected, which may indicate potential cyber threats or attacks on the corresponding physical entity. This allows for early detection and response to security incidents.

Security Testing and Validation: Digital twins provide a controlled environment for testing security measures and evaluating the effectiveness of security solutions. They allow for the simulation of various attack scenarios to assess the resilience and response capabilities of the corresponding physical assets.

Predictive Analysis: By analyzing data gathered from the digital twin, cyber security professionals can make predictions about potential security breaches or vulnerabilities in the physical system. This helps in proactively addressing security weaknesses and implementing preventive measures.

It’s important to note that while digital twins can assist in enhancing cyber security, they should also be protected themselves. The security of the digital twin environment, including access controls, encryption, and monitoring, is crucial to ensure its integrity and prevent unauthorized access or manipulation that could impact the corresponding physical asset or system.



Use Cases of Digital Twins for Cyber Security

 

While there are few industries that have implemented digital twins to safeguard their digital assets, some companies have taken the leap to bring their cyber security to the next level with faster speed and precision to prevent and combat potential threats.

 

IN AEROSPACE AND DEFENSE

 

The concept of digital twin has actually been around since the 1960s, when it was developed by NASA for the Apollo space programs, and then applied to avert disaster during the Apollo 13 mission in 1970.

While NASA has re-embraced the twinning approach for virtual equipment building and testing, the U.S. Air Force is using the technology to create “a digital replica of a GPS IIR satellite to detect any cyber security issues” as part of a congressional mandate to test its system.

 

“GPS systems are used for geo-location and timing for virtually every aspect of U.S. military operations [and the] potential for signals to be jammed, spoofed or interfered raises serious security concerns.”

Digital Twins Proliferate as Smart Way to Test Tech
Air Force Magazine

 

A digital model of the satellite was built while it was in orbit, and penetration testing and vulnerability scans were held across the entire GPS system to identify weaknesses and ascertain that all the components operate as intended if any issue arises.

 

AUTOMOTIVE

The automotive industry is smarter than ever before with rising trends in shared mobility, connected and electric vehicles, and autonomous driving. However, the much-awaited digitization and connectivity of modern car systems point to a plethora of information that is tempting targets for cybercriminals.

Cybellum, a computer and network security company, foresaw the need to protect automotive software from cyberthreats, and presented a novel approach to combat online risks through digital twinning.

Called Cybersecurity Digital Twin, Cybellum constructs a virtualized identical version of the in-vehicle components and simulates the electronic control units (ECU) firmware. The twin is then used as the basis for extensive cyber risk analyses and scans to continuously monitor both on-the-road and in-development vehicles for vulnerabilities and threat exposures.

With current car systems implementing over-the-air (OTA) software updates and the new United Nations Economic Commission for Europe (UNECE) cyber security regulations, the digital twin technology additionally helps to perform risk assessments and ensure secure updates.

 

“For an efficient software update management system, a digital twin of the vehicle is almost a must.”

Digital Twin for Maximum Cyber Security
NTT DATA

 

PRODUCTION AND MANUFACTURING

 

Ian Elsby, the Head of Chemical Industry GB&I at Siemens, wrote about the use of digital twins to deter cyber breaches in the chemical industry.

As production plants and manufacturing factories integrate Industrial Internet of Things (IIoT) into their systems, it brings forth the challenges of cyber attacks and hacking through digital networks. This is where the twinning technology can be utilized to ensure cyber security.

“Just as processes are simulated and data gathered to detect non-performance of assets, a simulated cyber attack can also be detected by the digital twin,” explained Elsby.

He proposed using the virtual database to capture information and testing activities, which will then allow the digital twin to form cyber security protection algorithms to defend the production plant’s data against malicious viruses.

Elsby further emphasized that digital twins are able to make the process of conducting security gap analysis and pinpointing the plant’s security requirements easier and more achievable.



The Security Value of Digital Twins

 

Organizations that have faced cyberattacks know that such breaches are costly, from repairing network vulnerabilities and regaining data control to recovering reputational damages and financial impacts. In fact, the average cost of a breach to a publicly traded company is estimated to be $116 million.

The digital twin technology aids in preventing expensive attacks through its capability to make faster and more efficient decisions as more penetration data and tests are fed to the twin simulation of a system.

 

“[By] executing enough tests and brainstorming all possible scenarios of how a hacker might try to breach into a valuable online resource, the digital twin interface will be capable of reacting with extreme speed and precision by making calculated decisions by itself.”

Incorporating Digital Twin into Internet Cyber Security – Creating a Safer Future
Challenge Advisory

 

Developing a virtual replica also means the company safeguards its systems and assets from third-party and outsourced vendors, which are often hired to test breaches and build defenses, but which are also susceptible to attacks.

Instead, in-house developers can create different viruses and attack scenarios in the simulation’s interface, thereby improving anti-virus software, pre-programming reactive and counter strikes against cyber attacks, and updating their safeguards in real time.

 

What the Future Holds for Digital Twins

 

In a recent interview with Michael Grieves, who popularized the digital twin concept in 2002, he believes that the world is still in the “conceptual stage of digital twins.” 

“We have this information that we can bring together to create this virtual version of real-world environments based on models and behavioral aspects and modeling and simulation,” Grieves shared. “The next step is to have all this information be pulled together automatically and intelligently.”

With data analytics, artificial intelligence, and digital capabilities increasing as the years pass, digital twins will no doubt play a key part in creating the ideal enterprise security. As seen in available use cases, some organizations are already a few steps ahead of their counterparts in developing tighter and stronger cyber protection.

As online attacks become more refined and sophisticated, so too must the approach that the business world takes to improve the digital safety of their assets, processes, and people.

Posted on

Trend Micro: Securing The Pandemic-Disrupted Workplace

cyber security

The coronavirus is notably the singular cause behind many changes that have affected companies and sectors worldwide. And one area in particular that organizations are facing challenges in is cyber security.

Cyber crimes increased substantially amid the pandemic, with cyber criminals taking advantage of the crisis to attack businesses with malware, ransomware, and phishing emails. Due to the threats, business leaders are racing to patch recently uncovered vulnerabilities.

Trend Micro, a multinational cyber security software company, shares with Management Events how businesses can secure their systems in the current precarious landscape.

 

A Snippet of Trend Micro

Trend Micro was founded in 1988 developing antivirus software, but has evolved into a market leader in hybrid cloud security, network defense, endpoint security, and more.

Trusted by 45 of the top 50 global corporations and with over 500,000 businesses using their software, the Trend Micro Smart Protection Network is one of the most advanced threat intelligence networks in the world.

 

PRESSING SECURITY CONCERNS FOR ORGANIZATIONS

 

In the Trend Micro Security Predictions report for 2020, we tried to predict the changes that would shape the cyber security industry as we entered a new decade.

What we could not have anticipated was how the “new normal” — which would arise due to the COVID-19 pandemic — would affect the way we interact with the world.

For many people, working from home became not just an option, but a necessity as the pandemic forced organizations around the world to reconsider how and where they work. Unfortunately, the speed and urgency of the changes caught many businesses unprepared, leading to security gaps in both the home and the physical workplace.

Malicious actors took advantage of the situation by launching a slew of COVID-19-themed attacks using a diverse array of lures across a wide range of platforms, including emails, social media, malicious websites, and fake mobile apps. 

Video conferencing apps became a favorite target for cyber criminals as the need for effective communication led to increased usage. These attacks ranged from pranks such as Zoombombing to full-fledged campaigns involving malware bundled with app installers.

Threat actor groups relentlessly continued their campaigns. Some groups chose to expand their operations to new platforms and operating systems, while others built campaigns around seemingly outdated techniques or made use of malware types often thought to be harmless

Ransomware continued to be highly targeted in nature, with one high-profile group deciding to drop its public operations to concentrate on private campaigns. Some ransomware operators have also threatened to expose the data they stole from their victims to the public.

Microsoft ended its support for Windows 7 early in the year, while at the same time devoted more resources to fixing vulnerabilities. The company patched a record number of bugs in the first half of 2020, which also included a number of significant vulnerabilities such as CurveBall.

Several industrial internet of things (IIoT) vulnerabilities that exist in decades-old third party software components proved that there is a lack of standardization and safe coding guidelines when it comes to IIoT systems. Due to the large number and interconnectedness of the potentially impacted devices, it will be difficult to determine the impact of these bugs for the foreseeable future.

2020 has proven in many ways that the cyber security industry does not exist in a static bubble, but shifts and changes in accordance with and in response to the events of the world around it. In a year that has dramatically impacted most of our lives, we take a look at the most significant stories and trends to determine what has changed and what we can expect from the new normal.

Read the full report to get deeper insights into cyber threats and issues for the first half of 2020.

Posted on

Endpoint Security and the Future of the Cyber Security Landscape

Establishing the Zero-Trust Cybersecurity Framework

In recent years, Cybersecurity has repeatedly been one of the leading anxieties for enterprises worldwide, and in 2020, that trend intensifies. Traditionally, it is easy to shirk the organization’s IT responsibilities and point fingers towards CIOs, CISOs, and the CTO. However, it would be imprudent not to acknowledge that most cybersecurity incidents have arisen due to employee negligence. As such, the culture of taking proactive security measures should be borne by the entire organization.

 

“Today, the only way to be sure your system is good enough from a security point of view is for the whole IT team to design everything with security in mind,” says Grossi. “It’s no longer okay to be only mobile first or cloud first; it’s got to be security first.”

Piergiorgio Grossi (Former Chief Information (CIO) and Digital Transformation Officer at Italian motorcycle-maker Ducati)

 

A glance at today’s cybersecurity landscape

Cyber attacks alongside Deepfakes continue to increase year over year. According to the ISACA’s Global State of Cyber Security Survey—a survey of more than 2,000 information security professionals from more than 17 industries—looks at the threat landscape, the measures security professionals employ to keep their organizations safe, and key trends and themes in the practice of security.

The cybersecurity landscape presents a positive and negative outlook. On the positive side, at least 50% of fully or appropriately staffed teams are more confident in their abilities to respond to cyber threats. While on the negative side, 62% of survey participants agree that cybercrimes are severely under-reported, and 52% believe that it is very likely their enterprise will experience a cyber attack in the next 12 months. Nevertheless, Information security professionals still believe that real progress is being made against common threats.

The most common threat actors being Cyber Criminals (22%), Hackers (19%), Malicious Insiders (11%), Non-Malicious Insiders (10%), Nation-State Attackers (9%), and Hacktivists (8%). The most frequent attack methods being Social Engineering (15%), Advanced Persistent Threat (10%), Ransomware (9%), and Unpatched systems (9%). Other noteworthy methods are Distributed Denial of Service (DDoS) and Mobile Malware, especially via android.

Fortunately, Google is making more headway with its latest privacy-focused features and increased efforts toward security updates. Android 10 (Pie) introduced granular controls over app permissions, while the upcoming Android 11 (currently available as a developer preview) further conveys their commitment to improvements in security with the implementation of temporary one-time access, allowing an app to use, for example, your phone’s location or camera. Android 11 continues this security-focused expansion and uses biometrics (Face, Iris, and Fingerprint data) to authenticate apps and services. Android 11 will also support digital driver licenses and other identification documents.

The ISACA survey also shows that organizations that take longer to fill in their cybersecurity and related positions report an increase in cyber attacks. Enterprises that took less than 2 weeks experienced 26% more cyber-attacks this year. Those who took around three months experienced 35% more attacks this year. Those who took six months or more experienced 38% more attacks. While those who were or still finding it hard to fill the positions experienced 42% more cyber-attacks this year.

 

Why Endpoint Attacks Occur

There used to be a distinct difference between the inside and outside of an organization, with infrastructures possessing clearly defined roles and boundaries. Organizations would have offices with computers and servers running on-site, creating a physical firewall, and ensuring that data often never leaves the company.

However, with the rise in telecommuting, more employees were asked or forced to work from home where there is no apparent, easily guarded line that can keep all the data in and attackers out of the system.

Worse is that some organizations still have a legacy viewpoint of the boundaries. Combine that with the BYOD trend, and all these lead to an increasingly expanding frontline. Causing security personnel to deal with relatively easy to hack employee-owned devices. This is further compounded by the fact that most employees expect convenience—many opting to use free and popular services to bring their data outside the company and with them. The majority of these services are infamously insecure, as have been pointed out by several hacks lately.

One such cyber attack is the recent discovery of an additional six malicious Android apps (11 similarly malicious apps were discovered in July) that slipped through the Google Play Store’s safety net to plant malware on Android devices. Another phishing attack targeted government and security organizations, using a legitimate Box page with Microsoft 365 branding to trick the victims.

The attackers were careful to appear quite convincing. Botnets facilitated spam and malicious emails with sender names and domains from a legitimate third-party vendor, asking readers to view a sensitive financial document. Viewers who clicked the link were led through a series of pages till they landed on a phishing page, built to resemble the Office 365 login portal, where they were asked to log in with their corporate credentials.

According to the cybersecurity awareness and data analysis firm, CybSafe and data from the UK Information Commissioner’s Office (ICO), 90% of the 2376 cyber breaches reported to the ICO in 2019 were attributed to end-users’ errors. This was a significant increase from the years prior, with 61% in 2017 and 87% in 2018. The cybersecurity company reported phishing accounted for 45% of all reported cases, making them the primary cause in 2019 in the UK.

There is a general lack of public understanding around basic secure behavior, such as spotting fraudulent links and phishing emails, sending the wrong document to the wrong person, leaving a computer unlocked, or plugging in unidentified USB sticks. However, there are two sides to this human error issue.

  1. Passive Attacking: End-users and endpoints have become the primary targets for cyber attacks. This is because their behaviors and powerful devices are relatively easier to exploit, making them attractive targets. Security to most end-users is an untaught concept, and one they typically leave to the “experts.” Yet said experts are rarely the most communicative or most persuasive of tutors and thus, fail to communicate the pitfalls of not being security first effectively. Additionally, BYODs rarely include superior security, such as multifactor authentication (MFA), a system that can prevent the vast majority of data breaches by stopping unauthorized clients from accessing a corporate device. This all leads to the end-user becoming the weakest link, triggering a Supply Chain Attack.
  2. Increased IT Infrastructure Complexity: This second aspect encompasses the increasing complexity and distinctiveness of security tools. From intrusion detection, network monitoring, and encryption to security information and event management tools (SIEMs). Typically, more robust options are welcome; the issue is that all of these disparate tools need to be integrated effectively and correctly aligned to provide adequate and effective security. This also means that security teams have to know each tool, their uses, thresholds, and experience to create appropriate baselines. Unfortunately, teams are not trained well enough in the real world and most likely implement the tools with their default configurations. Doing this allows for an easier rollout but a risky and unsecured move, nonetheless. Such settings were predetermined by the manufacturer and basically put usability before all else.
 

“Though shocking, these statistics shouldn’t provoke a negative reaction. Employees of course pose a certain level of cyber risks to their employers, as seen in our findings thus far. Nevertheless, people also have an important role to play in helping to protect the companies they work for, and human cyber risk can almost always be significantly reduced by encouraging changes in staff cyber awareness, behavior, and culture.”

Oz Alashe – (CEO and Founder at CybSafe)

 

Undoubtedly, cybersecurity has dramatically changed, and cybersecurity teams’ capabilities are being stretched past their limits. Fundamentally brought on by a ballooning attack surface blended with ill-informed and inappropriate consequential end-user behavior floated by some organizations that refuse to take security seriously.

 

Endpoint cybersecurity threats

Endpoint security is a critical aspect of the cybersecurity landscape, and it’s becoming increasingly important as the nature of work evolves. With more devices connecting to networks than ever before, from laptops and smartphones to IoT devices, the number of potential entry points for endpoint cyber security threats has multiplied. This makes endpoint cyber security a vital component of any comprehensive security strategy.

Endpoint cyber security threats are diverse and constantly evolving. They include malware, ransomware, phishing attacks, and zero-day exploits, among others. These threats can compromise individual devices, and from there, gain access to the broader network, leading to data breaches or system disruptions.

Malware and Ransomware: Malware is a broad term that encompasses various types of malicious software, including viruses, worms, and Trojans. Ransomware, a type of malware, encrypts a victim’s files and demands a ransom to restore access. These threats can infiltrate endpoints through malicious email attachments, infected software downloads, or malicious websites.

Phishing Attacks: Phishing attacks often come in the form of deceptive emails that trick users into revealing sensitive information, such as passwords or credit card numbers. They can also involve convincing users to click on a link or download an attachment that installs malware on their device.

Zero-Day Exploits: These are attacks that take advantage of software vulnerabilities that are unknown to the software vendor. Because these vulnerabilities haven’t been patched, they provide an open door for hackers to infiltrate systems and networks.

Advanced Persistent Threats (APTs): APTs are complex, stealthy threats in which an unauthorized user gains access to a network and remains undetected for a prolonged period. These threats are often state-sponsored and aim to steal information or disrupt operations.

To combat these threats, organizations need to adopt a multi-layered approach to endpoint security. This includes the use of antivirus and anti-malware solutions, firewalls, intrusion prevention systems, and endpoint detection and response (EDR) technologies. Additionally, organizations should regularly patch and update software to fix known vulnerabilities, and educate employees about safe online practices to prevent phishing and other user-targeted attacks.

 

The Future of the Cyber Security Landscape

The evolution of large-scale breaches symbolizes a growing trend of security violations both in numbers and their gravity. Data breaches recurrently expose sensitive information that often leaves users at risk for identity theft, ruin businesses’ reputations, and leave businesses liable for compliance violations. Cyber Observer, holistic cybersecurity management, and awareness solutions predict that damages from cyber crimes are projected to reach $6 trillion annually by 2021.

In other words, as enterprises gradually emerge from the current pandemic, we expect to see a surge in new demands. Reacting to these will require CIOs to formulate strategies based on two structural principles; understanding what customers need in a transforming landscape and leveraging technology to respond to these challenges in ways that acknowledge scope, cost, and scale objectives.

It is virtually impossible to write about the cybersecurity landscape’s future without citing Artificial intelligence (AI) and its role in securing endpoints. AI has existed for quite some time, and its use in our daily lives has become so common that we hardly ever stop to really think about it. From “Weak” AI programs such as “AlphaGo” developed by Goggle DeepMind that combined advanced search tree with deep neural networks, to Strong AI and machine learning systems used in flying Drones, Google Nest, and Tesla’s Autopilot. CIOs will carry on utilizing AI in various fields within cybersecurity. If anything, but to combat the numbers of attackers misusing AI and machine learning.

Looking to the future, the potential for new threat classes remains; ubiquitous and non-discriminatory in nature and to which there are currently no known catch-all countermeasures. Intrinsically, meticulous observations on malware features, abnormal acts, attackers’ attributes, and machine learning-based AI algorithms empower the defenders to deal with cyber threats, and in some cases, actually, go on offense. Regrettably, such observations also provide the attackers’ chances to invent novel attack techniques. Particularly as the risk of inputting false data and many other unsolved errors are relatively high in AI, defenders must always stay alert.

 

10 Simple Steps to Protect Your Business

Today, homeowners go beyond the typical door locks and automatic lights to a fully integrated security system that can prevent attacks and detect and respond to an intrusion and even accidents like a fire. Similarly, a business should deploy a multilayered cybersecurity strategy, one that includes.

Prevention: Firewalls, Anti-virus, Anti-malware, Password Management, Cybersecurity Awareness Training

Detection: SIEM, IDS, Threat Intelligence, and Log Monitoring

Response: 24/7 SOC Monitoring Response, Automated Threat Remediation, and Forensic Investigation.

These are all great tools, but in reality, not all businesses can afford top of the line and often proprietary security suites. Fortunately, you or businesses do not need to invest endlessly in new security tools to improve and elevate your current Cybersecurity posture and awareness for the reason that 80% of data breaches can be prevented with the following basic actions.

  1. Patching
  2. Regular vulnerability assessments
  3. Institute end-user security awareness
  4. Ensuring third-party vendor compliance
  5. Endpoint Detection and Response (EDR)
  6. Limiting access to your most valuable data
  7. Securing mobile devices and BYOD devices
  8. Proper device and or software configurations
  9. Conduct employee security awareness training
  10. Develop cyber breach prevention, detection, and response plan
 

Final Thoughts

Improving endpoint cyber security needs to be a top priority in 2020 and the foreseeable future. The border-less and seemingly non-discriminatory nature of cyber-attacks means it is of imperative importance that the cybersecurity industry shares their insights and work together to protect themselves and the wider population.

In today’s connected world, a breach of one organization can compromise an entire supply chain. Spelling disaster for businesses, eroding public trust and opinions, whilst leaving them in financial collapse, particularly with the General Data Protection Regulation (GDPR) in the EU. It is up to the legitimate security community to learn from each other, sharing what works and what does not. Most importantly, we all need to identify where to improve and ensure we leave no one behind.

Posted on

Aki Levänen: Is A SIEM Necessary?

From time to time, you hear comments in security discussions that “Security Information & Event Management (SIEM) is dead” or that it does not provide sufficient benefit in terms of input to detect and handle security incidents. The advocate may have his own agenda behind his opening: replacing SIEM with another product or experience in his own operating environment where there has been no need for SIEM or has been perceived as useless.

 

However, without taking an immediate opinion on the necessity or unnecessariness of SIEM, the matter can be considered from a few angles. After reflection, based on these thoughts, the reader can think for themselves whether SIEM is necessary and what it might offer me. What does SIEM actually offer and for what purpose? Where is SIEM good and for what purpose and need may better tools be offered? Whose need is being talked about in any context: the organization itself, the Security Operation Center (SOC), or someone else?

 

Investing in collecting logs

 

This blog post focuses more on observation, for example, the National Institute of Standards and Technology, the NIST cybersecurity framework Detect section, and what SIEM as a tool in that context can provide. It is true that from the point of view of collecting logs for the SIEM implementation, you have to invest in it and the workload can be big. The starting point for planning is to know the requirements for the operation and to think about the log policy, which creates the basis for technical supervision. Based on this, one can make an architecture as well as think about what is collected, from where and how. After all, it is not necessary to gather everything in one place, but you can even utilize the analytics in the cloud and pass the events to the person handling them, e.g. SOC, instead of building them yourself in SIEM. In reality, some sort of SIEM or data lake in the cloud is in the background.

 

User accounts and workstations are most often invaded in organizations

 

The most common way is to email the user with an attachment or link to access the workstation or email account, often O365. From the point of view of implementing the observation, I would take advantage of the security features of Microsoft’s O365 e-mail service, for example, instead of collecting data in my own SIEM and building alerts. At the workstations, this is partly the same, but can we investigate what has happened in more detail if necessary? Many security systems do not provide sufficiently detailed information about events and these could be supplemented, for example, by using the Windows system monitor (Sysmon) to collect more detailed information. This data can and should be collected in SIEM to support the analysis. Of course, newer Endpoint Detection and Response (EDR) tools collect information and logs from the vendor’s cloud services that can be alerted.

 

For whom is snapshot information most useful?

 

The word snapshot comes across in every security conversation with organizations. What it is and what it contains varies almost every time. It is often discussed that one should have access to SIEM and get different views and snapshots of technical events. Now, the essential question is, to whom is this level of information relevant? For SOC, yes, definitely support analysis and for the organization’s technical staff to understand events and even provide information for proactive action. The security manager can look at the situation, but often the discussion is in the direction of management, for which SIEM does not provide direct support. At the management level, that information is already much less useful, as the discussion often revolves around risks and events. Yes, these can be formed on the basis of SIEM data by analyzing and making security deviations and describing what should be able to be developed from the point of view of detection capability. This view is more understandable to management and can be discussed, remembering that observation is only one aspect of the whole.

 

Security event management is a necessary extension to observation and a requirement in all frameworks

 

SIEM elevates the events that are collected in the event management system. These are analyzed and security breaches are created, often in a separate ticketing system. These are used to communicate with the various parties involved and to record the measures taken, in which case the activities must also be documented at the same time. The ticketing system usually has built-in integration between actors or portal views. Naturally, various means of communication between the people handling the event are used as support. SIEM does not offer such, although some kind of event flow has been modeled for them as well.

 

The latest in this entity is the SOAR (Security Orchestration, Analysis and Response) system. SOAR acts as a collection system, collecting alerts, ticketing, portals, and also automating SOC operations through use cases. SIEM is not directly replaced by SOAR, but analysis and data collection must take place somewhere in the background of SOAR. Automation sounds appealing to many, but already requires moderately good maturity in handling and responding to security incidents.

 

Log collection and monitoring requirements are included in every information security framework

 

From a compliance point of view, the EU-GDPR has been the most recently highlighted, where the processing of personal data must be traceable from a control point of view. Log collection and monitoring requirements are included in every information security framework. In this way, these control requirements must be able to be solved in IT environments and also in production environments (OT / ICS). Especially in multi-vendor environments, IT vendors do take care of management compliance, but does it meet all the requirements for the organization itself? Most likely, these do not monitor the use of the organization’s own services or do not react to anomalies in the use of the service, but a separate security service, the SOC service, must be purchased. In this context, it may be quite justified to build SIEM itself and to establish controls for both management and operation of all relevant information systems.

 

SIEM is not dead

 

In practice, control solutions as current implementations are a kind of Hybrid implementations instead of a fully centralized SIEM. SIEM is not dead, and it is a very key component in information security control. How control solutions start to evolve is largely dependent on the current state of the organization, operational requirements and development investments. As with navigation, you must first know where it is so that you can move on to the next tick or, in organizational terms, to develop information security. Systems are needed to support analysis to produce information. Based on this information, it is possible to react automatically or by people according to pre-agreed or applied measures and to ensure the continuity of the organization’s activities in information security events.

Posted on

Business Continuity: How Industries Are Adapting To A Post-COVID-19 World

As countries ease restrictions and lockdowns, organizations are taking strategic steps to recover their business and revenue streams.

From the high adoption of virtual reality by the property industry to the increase of AR in retail, companies are accelerating change in many aspects of their business as part of their business continuity plan.

But first, what is a business continuity plan?

 

The Basics of Business Continuity

Every organization has a framework called business continuity management, or BCM, which identifies potential external and internal threats that can threaten the company.

Consisting of disaster recovery, crisis management, contingency planning and business continuity planning, BCM enables the company to effectively respond to an event and ensure the operation of critical business functions.

Business continuity planning (BCP) outlines protocols and procedures that ensure the continued functionality of the business during and after a crisis.

BCP often gets mixed up with disaster recovery, but the two are quite different. Disaster recovery involves the recovery or continuation of technology infrastructure, systems and applications” while BCP covers all aspects of the business, including human resources, infrastructure, technology, contracts, and communication.

Designing a business continuity plan requires extensive steps, from business impact analysis and recovery strategies to plan development and testing. For examples of building a BCP, view this template by Sitel or Lumiform’s business continuity plan template for IT.

 

Recovery Steps After The Outbreak

Many businesses are still reeling from the effects of the lockdowns. But most are tackling the challenges by implementing innovative changes, which may become permanent fixtures of their processes.

  • Digital Transformation In The Property Industry

The real estate and property industry faced a big blow due to the coronavirus. Not only were there bans on open houses and limited viewings, there were also less people buying properties due to the economic situation.

“Market activity will be lower in the next couple of months. I won’t be surprised if sales activity could be down 30% or even 40% in the next few months.”

– Lawrence Yun, Chief Economist of the National Association of Realtors (NARS)

in Yahoo Money

Still, the sector is taking things in stride, shifting to online real estate transactions and digital closings.

For instance, New York real estate companies set up remote closing processes, including electronic notarization, e-signing, live video conferences, and money transfers for their transactions.

In Hong Kong and Singapore, virtual tours and viewings have become “a megatrend” that is accepted among buyers and agents alike. In fact, Hong Kong’s largest property agency, Centaline Property Agency, stated that virtual reality property videos helped to generate HK$100 million in April.

Additionally, online marketing is seeing more emphasis in the industry with the rising utilization of digital marketing automation, chatbots social media, and email marketing.

  • The New Manufacturing Normal

According to Statista, manufacturing shares the spot for the topmost coronavirus-impacted sector with the travel industry, seeing a severe impact on personnel, operations, supply chain and revenue.

On the upside, COVID-19 is the impetus that’s pushing traditional manufacturing ecosystems to be more agile, flexible and digitally enabled. As mentioned in a Forbes article, the sector is expected to experience five years of innovation in the next 18 months with high adoption of technologies.

Automation is set to be a top technology investment as manufacturers look to move their productions on-shore or near-shore. While off-shoring provides low labor and productivity costs, IndustryWeek believes that the advancement of robotics and automation “have drastically increased productivity across a number of manufacturing processes [which] can be easily reshored and deployed domestically].”

Aside from manufacturing processes, automation is also being utilized for task and order processing. For instance, IBM used an automated order management system to help a global manufacturer of contact lenses to maintain its supply chain continuity during the outbreak.

Internet of Things (IoT) is another manufacturing technology that is predicted to gain traction with a projected growth of up to USD 136.83 billion by 2026. The rise in IoT will in turn bring higher demand for a faster, more stable network, such as Vodafone’s Mobile Private Network (MPN) solution.

  • Digitized Retail Sector

The retail landscape, on the other hand, saw a boost in e-commerce and digital marketing as movement restrictions drove more retailers online.

Retail giant, Majid Al Futtaim, accelerated their online strategy by launching the e-commerce channel, carrefouruae.com. With more than 250,000 products, the online marketplace saw a ten-times increase in sales over a period of 10 weeks with average daily orders of 1,300.

China alone recorded online retail sales of $360 billion in the first four months of 2020, an 8.6% increase compared to the same period in the previous year. It’s evident that the upsurge of sales is not just limited to online grocery sellers, but expands to non-food e-tailers too.

“[T]here will be a further acceleration in the digital transformation of the retail sector, with the pandemic encouraging more people [to] experience online shopping.”

– Hou Yi, Freshippo CEO & Alibaba Group Vice President,

in FoodNavigator-Asia

Another expected post-COVID-19 retail trend is the use of augmented reality (AR) and artificial intelligence (AI), with the latter predicted to record $8 billion investment within the retail sector by 2024.

Shopify is a prime example of successful AR implementation, which saw a 250% increase in conversion rates after allowing its sellers to add 3D models. As for AI, My Beauty Matches uses algorithms to simplify consumers’ shopping experience by suggesting items from 400,000 products based on their past searches and purchases.

Other retailers, including ASOS, are also maximizing the benefits of these two technologies to thrive in the post-coronavirus world.

  • Online Security Concerns

As companies extend remote working to ensure business continuity, security risks have shifted from the fortified corporate landscape to the more vulnerable off-site areas. And cybercriminals are using that to their advantage.

According to a survey by Barracuda and Censuswide, among global businesses that are working remotely:

  • 46% have encountered at least one cyber security scare
  • 51% witnessed a rise in email phishing attacks
  • 49% expect a data breach or other threats in the coming month

However, contrary to expectations, cyber security spending is forecast to drop for the rest of 2020. Gartner, which predicted an 8.7% growth in cyber security for 2020, revised the value down to 2.4% while Barracuda revealed that 40% of surveyed businesses have cut their cyber security budgets to save costs.

Chief Technology Officer of Barracuda, Fleming Shi, calls the cost-cutting measure a bad move, seeing as more than half of the workforce is not properly trained to handle cyber attacks.

On another note, Gartner foresees an increase in cloud security, which is in agreement with Barracuda’s finding that 53% of businesses are moving their data to cloud-based models. Unfortunately, almost 85% of IT professionals expressed concerns about the vulnerabilities of remote cloud environments.

In an interview with Digital Journal, Chris DeRamus, the Vice President of Technology, Cloud Security Practice at DivvyCloud by Rapid7, mentioned that “Nearly 50 percent of developers and engineers bypass cloud security and compliance policies,” citing Zoom’s bypassing of common security features as an example.

To strengthen cloud security, he believes that engineers should “tackle cloud security flaws earlier in the build pipeline”, and further states that cloud identity and access management (IAM) will see a greater emphasis in the near future.

The above are just a few examples that show the beginnings of major shifts in various industries as organizations strive to recover from the outbreak effects and ensure business continuity.

As the year moves into the second half, there will undoubtedly be more innovation investments ahead, and more companies will be looking for better and more sustainable solutions.