Guest Post, Author at Security IT Summit | Forum Events Ltd
Posts By :

Guest Post

CIISec CyberEPQ qualification will kick-start cyber security careers

960 640 Guest Post

The Chartered Institute of Information Security (CIISec) is now managing the UK’s first and only Extended Project Qualification (EPQ) in cyber security. The Level 3 CyberEPQ will give anyone from 14 years old the best possible opportunity to kick-start their cyber security career and will integrate with CIISec’s broader development programmes to provide a clear pathway to progress.

Originally introduced by Qufaro in 2016, the CyberEPQ provides a starting point for anyone considering a career in cyber security. Now under CIISec’s management, and with rebranding underway, the qualification will become a more integral part of helping people to start and then progress their cyber security careers, from apprenticeship to university to full employment. It will open access to the full support of a professional body and an extensive community, ranging from students and academics at CIISec’s academic partner institutions through to established security professionals and corporate partners.

“We’re delighted to welcome the Level 3 CyberEPQ into our broader programme,” commented Amanda Finch, CEO of CIISec. “This qualification provides a springboard for individuals to start their careers, and, embedded within our development programme, it will help individuals to understand exactly what skills are needed to progress in their roles. From cyber digital investigation professionals to system architects and testers to cryptographers to risk management professionals, the variety of roles available in the industry is vast and there are opportunities out there for everyone. This qualification will play a key role in attracting a fresh pool of talent, which the industry so desperately needs to keep up with evolving cyber threats.”

The qualification is underpinned by CIISec’s skills framework, which is designed to help individuals and organisations understand precisely what skills are needed to fulfil a specific role at a specific level. Students that enrol in the CyberEPQ will also have access to CIISec’s development programme, which supports individuals and their employers at all stages of their career, from apprenticeships to junior-level associates, to full members and people at the peak of their careers.

Contact the CyberEPQ team at CIISec for further information – cyberepq@ciisec.org.

https://www.ciisec.org/
https://cyberepq.org.uk/

The fastest growing threat

960 640 Guest Post

By Atech

Did you hear about the hackers who got away from the scene of the crime? They just ransomware.

There are countless evolved versions of this joke out there. Just as the jokes are evolving, ransomware attacks are evolving, too, and they are not funny. The true cost of an attack consists of both the cost of the forensic investigation, any downtime suffered, and on top of that any costs that the business agrees to pay the threat actors. The damage can have a lasting impact on the business.

According to the UK National Cyber Security Centre, there were three times as many ransomware attacks in the first quarter of 2021 as there were in the whole of 2019. And research by PwC suggests that 61% of technology executives expect this to increase in 2022. Once again, we can largely blame this on the pandemic, and the growth in the amount of activity carried out online and in digital environments.

Ransomware typically involves infecting devices with a virus that locks files away behind unbreakable cryptography and threatens to destroy them unless a ransom is paid, usually in the form of untraceable cryptocurrency. Alternatively, the software virus may threaten to publish the data publicly, leaving the organization liable to enormous fines.

Ransomware is typically deployed through phishing attacks – where employees of an organization are tricked into providing details or clicking a link that downloads the ransomware software or malware onto a computer. However, more recently, a direct infection via USB devices by people who have physical access to machines is becoming increasingly common. Worryingly there has been an increase in these types of attacks targeting critical infrastructure, including one at a water treatment facility that briefly managed to alter the chemical operations of the facility in a way that could endanger lives. Other ransomware attacks have targeted gas pipelines and hospitals.

Education is the most effective method of tackling this threat, so read on to find out what you can do to fight this threat more effectively than ever before.

‘Simplicity is the ultimate sophistication’ for Access Control

960 640 Guest Post

By Tim Boivin (pictured), Marketing Director, PortSys

Leonardo DaVinci’s philosophy in the headline has never rung so true as it does today in IT – especially when we’re talking about providing users secure access in our perimeterless world.

If your access approach is wrong, your risk of being hacked ramps up exponentially. Counterintuitively, installing more security solutions can make access less – not more – secure. Each different access solution, each port opened to the outside world, increases your attack surface.

That’s where a Zero Trust Access Control approach helps paint your own sophisticated, yet simple, security masterpiece. For instance, Total Access Control (TAC) offers single sign-on to a central portal that gives users seamless, secure access to resources they need to do their jobs – and only those resources.

With TAC, you can inspect every connection to evaluate a user’s full context – including robust endpoint inspection, credentials verification, device validation, location of the user and more – prior to granting access to any resources, local or cloud. In addition, each connection to each resource through TAC must first pass the security policies you set – and not those set by some third party such as a cloud provider – before that access is granted.

With TAC’s microsegmentation, users are granted access only to the specific resources they are authorized to access, effectively making users captive within the application resources – rather than gaining access to your entire network infrastructure. Each resource can also have its own rules for access – an advanced level of microsegmentation that allows for variable or even partial secure access to resources, based on the user’s context of access for each request.

TAC makes the lives of end users and administrators alike much simpler, so they can focus on doing their jobs instead of trying to remember what password works where for which application. Along the way, your security becomes much more sophisticated in its ability to close the gaps across your infrastructure and keep hackers out.

That’s an IT security masterpiece Leonardo DaVinci would be proud to paint.

To learn more about TAC, watch our video.

How hackers get caught

960 640 Guest Post

Cyber criminals are intelligent, elusive individuals, making it difficult for law enforcement to track them down. Not all hackers manage to escape retribution, however. Here, Joanne Newton, deputy head of the school of computing at Arden University, explores the traps they fall in to, and how they get caught…

Cyber criminals go to many lengths to hide their identity and cover their tracks. The use of proxy servers, VPNs and encryption can mean it is incredibly difficult to track down and bring a hacker to justice. Because of this, according to industry data only four to five percent of hackers are actually caught, but high-profile cases showcase how even the most skilled can make simple mistakes which lead to them being apprehended.

In 2016, for example the capture of Guccifer 2.0, a hacking persona who became famous for leaking data from the Democratic National Committee, was possible because the hacker failed to activate a VPN before logging on, allowing investigators to trace the IP address back directly.

There was also the high-profile case of Hector Monsegur, leader of the Lulzsec Group that hit organisations such as Playstation, Fox News and the FBI. He was caught after forgetting to use the Tor system to hide his location when accessing a chat room.

There are a number of human flaws and traits that can lead to arrest, from the need to show off and gain credit for crimes – which is more common than you might think – to the inherent ability of humans to make the most basic errors and mistakes.

In July 2019 Paige A. Thompson, a former Amazon employee, was arrested and accused of stealing personal data of millions of Capital One customers.

She was tracked down after she posted online about possessing knowledge of multiple companies and was found to have files and information on Capitol One and Amazon, as well as social security numbers and bank account details from more than 30 different organisations on multiple devices in her bedroom.

There are many types of hackers carrying a range of different risk levels, from hacktivists – who look to raise awareness of a specific issue – to full-scale cyber terrorists. Of those operating, script kiddies tend to be the least experienced, leaving them most likely to face capture. This type of hacker typically tends to rely on tools developed by other attackers to penetrate a network or system, using these tools to target easy-to-penetrate systems which are vulnerable to widely-known threats.

According to industry data, ransomware attacks almost doubled in 2021. The market for ransomware is becoming increasingly professional – with cybercriminal services-for-hire creating an environment in which ransomware is offered as a service.

There is also a diversification of approaches when it comes to extorting money – with threats to publicly release data, or inform their victims’ families about an incident, all of which adds to the danger levels and increases the risks of being caught.

Much can be learned from hackers’ previous mistakes, and organisations globally should consider how they can take real-world observations and apply them to their own business to reduce the threat level.

Knowledge bases of adversary tactics and techniques exist, which can help organisations to plan for all eventualities using real-world observations. The aim of these frameworks is to improve detection by identifying the actions the cyber-criminal may take allowing the organisation to identify gaps in defences.

Forward-thinking organisations should be using this kind of system to help develop a framework for defence developing, penetration testing and threat modelling, to ensure their businesses are as protected as they can be from these threats.

Joanne Newton is Deputy Head of the School of Computing at Arden University.

Five top tips for improving your cyber security visibility and control 

960 640 Guest Post

By Leyton Jefferies, Head of Security Services, CSI

With an increasing number of high-profile security breaches splashed across the media, companies are now looking to improve their cyber security. As the world has become more digitally connected and working from home continues to be part of the way we work, there has become more opportunity for attack.

What are the threats? 

Ransomware has become increasingly sophisticated, and the number of phishing emails has risen exponentially. This has left many businesses vulnerable. The Government’s Cyber Security Breaches Survey found that four in ten businesses (39%) and a quarter of charities (26%) reported having cyber security breaches or attacks in the year March 2020-21, and phishing remains the most common threat vector.

The cost of these attacks is serious too. Around 21% of businesses end up losing money, data or other assets. A third of companies’ report being negatively impacted; for example, they require new post-breach measures, have staff time diverted or suffer broader business disruption.

How have hybrid working models increased cyber risks? 

Working from home and other out of office venues is leaving corporate networks vulnerable as the protection you would normally have behind the perimeter in the office is not in place on home and external networks. To further complicate the situation, users work from several locations with multiple devices and apps.

Company devices that had never moved beyond the organisation’s walls and were kept safely behind firewalls, IDS, DMZs and set up with security solutions that kept cybercriminals from attacking them, are now outside those protected networks. These remote devices are vulnerable to cyber-attacks if existing on-site security solutions are no longer fully effective.

So, what are the key things that businesses should focus on to improve visibility and control? Here are my five top tips:

1.     Make your employees your first line of defence 

Keeping security front of mind while employees are out of the office is an essential step in protecting your organisation. Strong cybersecurity awareness training is critical to prepare an employee to be the first line of defence.

With the lines of home and workspace blurred in a hybrid working world, phishing attacks, unfortunately, are here to stay. Therefore, reducing user risk by helping to identify email scams and malware should become part of bolstering an employee’s security awareness. Organisations can ‘test’ levels of awareness by conducting a custom phishing campaign to see how easily employees can spot a phishing email and how they respond. This can then be measured over time.

Educating about password security and safe internet habits should also be a vital part of staff training.

2.     Protect the endpoint 

Where endpoints are concerned, it’s wise to take a proactive approach to limit what activities can be carried out on the device. Privileged access security is critical to protect access to data, applications and systems. This allows the organisation to keep control of its most valuable data. Each online identity can be set with special access, or specific capabilities and access can be reduced where necessary.

With the high number of endpoints connected to the network, these become easy targets for cybercriminals. Endpoint Detection and Response (EDR) solutions can be deployed that involve continuous real-time monitoring of malicious activity. The solution can disconnect endpoints and shadow IT to respond to threats by utilising rules-based automated response and analysis capabilities.

3.     Using best of breed detection and response services 

Managed Detection and Response (MDR) is a combination of both technology and human expertise to provide security monitoring across an organisation’s entire IT environment. These services can rapidly respond to and eliminate threats. Taking it a step further, Extended Detection and Response (XDR) provides threat detection and incident response by collecting data across multiple security layers. For example, across email, endpoints, cloud workloads, servers and networks to provide a holistic view that allows for faster detection of threats and response times.

4.     Secure your organisation in the cloud 

Business needs are driving more organisations to the cloud than ever before. Cloud technology improves productivity, efficiency and cost savings and offers greater flexibility. But there are particular security implications to watch out for. The public cloud can limit your access control and authentication, so it’s wise to implement Multi-Factor Authentication (MFA), manage user access and integrate compliance into daily procedures.

Next-Generation Antivirus (NGAV) takes traditional antivirus software to a new, advanced level of endpoint security protection. It’s a cloud-based response to detect and prevent malware, identify malicious activity by unknown sources, collect comprehensive data from all endpoint devices to understand better what is going on in the IT environment. It uses predictive analytics driven by machine learning and artificial intelligence and combines with threat intelligence which goes beyond known file-based malware signatures.

5.     Prevention is best 

Today’s attackers know precisely where to find gaps and weaknesses in an organisation’s security posture. Companies, therefore, need to take actions into their own hands to become better protected. And thankfully, there are many ways in which this can be achieved.

Reducing your organisation’s risk of a cyberattack is the best stance – both from a cost and reputation perspective. Re-evaluate your cyber security strategy, have the right tools and services in place and integrate with effective employee education and testing.

Leyton Jefferies, Head of Security Services, CSI

Leyton has been with CSI since 2014 and is responsible for the firm’s security proposition and go to market service strategy, vendor and partner management development and design of CSI’s security solutions portfolio.

ContiLeaks: Ransomware gang suffers data breach

960 640 Guest Post

By Varonis

Conti, one of the most infamous, prolific and successful big game ransomware threats, has suffered yet another embarrassing leak with a treasure trove of both internal chat transcripts and source code being shared by a reported Ukrainian member.

Having previously had their internal manuals and tools exposed by a disgruntled affiliate in August 2021, these latest leaks appear to be in response to the group “officially announcing a full support of Russian government” [sic] and that they would respond to any attack, cyber or otherwise, against Russia with “all possible resources to strike back at the critical infrastructures of an enemy”.

Given that members of the group may themselves be Ukrainian or have close ties to the country, this warning likely inflamed tempers leading to both the warning being updated and these subsequent leaks.

Much as the previous leak allowed their toolsets to be analyzed and revealed common indicators of compromise (IOC), analysis of these recent data leaks and chat logs provides insights into how Conti, and likely other similar ransomware groups, coordinate and conduct their operations.

The outcome of these leaks remains to be seen; Conti and its members may be forced to disband or, as is often the case with ransomware groups, lay low for a period before rebranding and relaunching their operation.

Click here to finish reading the full blog post or visit the Varonis website here.

IT security in 2022 – what you need to know

960 640 Guest Post

By Jack Rosier of QMS International, one of the UK’s leading ISO certification bodies

We’re living in the age of computers, with technology playing a more important role in our lives with each passing year. With the pandemic acting as a catalyst for increasing digitalisation, 2022 is likely to see more technology usage than ever before – so businesses need to make sure they’re prepared.

Embracing technology has been great for us as a global community in many ways. For example, it has enabled people and businesses to almost seamlessly shift to remote or hybrid working models, with a plethora of collaborative software to utilise.

However, this can be a double-edged sword. The more technology organisations interact with, the more opportunities for cyber criminals to launch cyber-attacks.

At the beginning of 2021, QMS International carried out a cyber security survey among businesses and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

This stresses the importance of understanding what good IT security looks like and how you can protect your business, employees, clients and stakeholders from dangerous and costly cyber-attacks. If organisations and individuals are aware of best practises and show due diligence in cyber security protocol, there is minimal reason to worry.

In this article, the experts at QMS International take you through potential risks to IT security in 2022, upcoming changes that might affect businesses, and best practises to implement to ensure cyber operations are completely secure.

Ransomware

The Chief Executive of the UK’s National Cyber Security Centre, Lindy Cameron, has warned that ransomware is “the most immediate danger to UK businesses” and all organisations could be at risk of cyber-attacks through the use of ransomware.

According to an analysis of reports made to the UK’s Information Commissioner’s Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Ransomware is a type of malicious software which cyber criminals deploy on an unsuspecting person’s computer network in order to encrypt their files.

​​If a cyber-criminal is successful in doing this, it enables them to extort the victim into paying large fees to decrypt their files and make them accessible again.

Nowadays, most people tend to have their data backed up somewhere, whether it be on an external hard drive or on the Cloud. Most cyber criminals have clocked onto this and now threaten to release stolen files online. This same threat has also been used on those who have refused to pay the criminal.

Often, cyber criminals will target customer service and HR teams as they are easily reachable employees who hold information valuable to the cyber-criminal.

It’s absolutely crucial that organisations ensure they’re well equipped to prevent ransomware attacks in the coming year, and make sure all employees have a fundamental understanding of how to spot and avoid potential ransomware attacks.

Spear phishing

With the pandemic forcing people to adopt new technologies, cyber criminals have been using different methods to carry out their attacks. One method that seems to have gained popularity has been spear phishing.

Spear phishing is a type of digital communication scam that targets a specific individual or organisation. It’s designed to trick unsuspecting victims into clicking a link and willingly giving away their credentials. Unlike conventional phishing, which is a broader approach to the same goal, spear phishing is a lot more personal, and can be a lot more deceiving.

In order to prevent spear phishing attacks, organisations should create filters which flag incoming emails as either internal or external, which allows the recipient to see if somebody is trying to trick them.

Additionally, organisations should ensure employees are educated to understand what spear phishing is and how it can be prevented. This information can be simply delivered through eLearning on cyber security.

Remote or hybrid working

Over the past two years, the various lockdowns and a shift in attitudes has led to businesses adopting mass remote working or moving into hybrid working models. Now, in 2022, it’s clear to see that the movement towards remote and hybrid working is here to stay, with 85% of managers believing that having teams with remote workers will become the new norm.

However, remote working presents a number of challenges to an organisation’s cyber security. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic in March 2020 to more than 60% six weeks later when the nation was in lockdown.

Risks like unsafe networks, digital file sharing, and outdated software make up part of a long list of risks that should be addressed by all organisations with remote workers.

These risks should not put off organisations from allowing employees to work remotely, but instead should encourage all businesses to ensure their cyber security policies are up to date and cover remote working responsibilities.

Training employees, carrying out risk assessments, making sure workers are using secure connections, and introducing robust information management frameworks will all help protect your business during hybrid or remote working.

Create a culture of IT security in 2022

From larger businesses to SMEs and start-ups, creating a culture of security is one of the most effective ways to protect your business against all types of cyber-attack in 2022 – and you can do this through ISO 27001 and ISO 27002.

ISO 27001 is the internationally recognised Standard which provides the framework for a comprehensive Information Security Management System (ISMS). It implements 114 legal, physical and technical risk controls that allow an organisation to carry out robust information management.

It’s set to be updated in the coming months to reflect the current challenges to an organisation’s IT security – making 2022 a great time to put in place a futureproof framework to protect your business.

Another Standard receiving an update in 2022 is ISO 27002 – the code of practice for an ISMS, which provides details on the requirements and controls in ISO 27001. Again, this update will make sure ISO 27002 reflects and addresses the current challenges businesses face in relation to IT security.

Adopting the latest versions of these Standards is a great way to give your business all-round protection in 2022 and beyond – so you can reassure your stakeholders and clients, fulfil your legal obligations, and keep your information secure at all times.

Backup is dead: True Cyber Protection is the way ahead

960 640 Guest Post

By Adam Brace, EveryCloud

So, is Backup Really Dead? In the traditional sense we would say yes, as Cyber Criminals have developed and deployed ways that mean backing up alone is not enough to provide true data protection. Now (and especially in the future), to be fully protected, organisations need to ensure their data is recoverable, accessible, private, authentic and secure.

Cyber-attacks and especially Ransomware attacks are rampant within businesses across several industries and show no sign of slowing down. These attacks are not only increasing in frequency but also in complexity and businesses are not adequately protecting themselves against these attacks.

Over $20 Billion dollars was paid out last year due to Ransomware alone with the average amount in the region of $570k. Over 500,000 new viruses are released on a weekly basis so recoverability must be a critical component of any business continuity plan going forward.

Everybody is at risk. Cyber-attacks have become very automated and happen at an industrial level. Many of these attacks are now managed by Artificial Intelligence (AI). Being cheap to deploy means any business is at risk. We are finding, however, that those most at risk tend to be small to medium-sized businesses as well as consumers. This is mainly due to those businesses not having the budgets to deal with the attacks.

Another reason these attacks are successful is a lack of knowledge in how to put adequate prevention in place.

73% of Ransomware attacks could have been avoided by patching.

Having the right tools in place to automate patch management can alleviate these threats drastically.

We are finding that right now businesses want technology that can simplify their backup management all while ensuring disaster recoverability. They want to be proactive in their defence with the ever-increasing threat of Ransomware attacks and are eager to put the correct tools for their needs in place.

Partnering with Acronis, we help businesses improve security and avoid downtime, whilst eliminating complexity and reducing cost. We help you modernise your cybersecurity and backup with a complete integrated solution.

Find out more here: https://hubs.li/Q014mzVv0

Identify and investigate Business Email Compromise (BEC) scams

960 640 Guest Post

Business Email Compromise is an email-based phishing attack that specifically targets businesses and organizations to steal money, sensitive information, or account credentials. These attacks can be difficult to prevent as criminals may utilize social engineering techniques such as impersonation and intimidation to manipulate users.

Threat actors will often prepare for BEC attacks by first performing reconnaissance on their targets and uncovering publicly available data such as employee contact information to build a profile on the victim organization. Moreover, BEC attacks often focus on employees or executives who have access to more sensitive information or the authority to make payments on the organization’s behalf.

According to the FBI, there are five major types of BEC scams:

  • CEO Fraud: In this scenario, the attacker will pose as the company’s CEO or any executive and send emails to employees, directing them to send money or expose private company information.
  • Account Compromise: An employee’s email account has been compromised and is used to send BEC scams to other organizations and contacts from the compromised account.
  • Attorney/Tax Impersonation: The cyber-criminal will impersonate an attorney or other representatives from organizations like the IRS to scam employees. These attacks will attempt to pressure employees into acting quickly to avoid “official repercussions”.
  • Data Theft: Scammers may target employees in HR or those with access to employee information to obtain sensitive or private data regarding other employees and executives that can be used for future attacks.
  • False Invoice Scheme: The attacker will spoof an email from an organization or vendor that the victim works with. This email may contain an invoice requesting payment to a specific account that the attackers control.

What is the cost of Business Email Compromise (BEC) and how do you identify it? Carry on reading this blog post to learn more by clicking here or visit the Varonis website here.

Ransomware Year in Review 2021

960 640 Guest Post

By Varonis

In 2021, attacks became highly effective and impactful. At the same time, high-volume indiscriminate ransomware threats remained omnipresent throughout the year.

In this post, the Varonis Threat Labs team shares what they observed in the wild while working on ransomware investigations.

Overall, the team identified these five ransomware trends that shaped 2021:

  1. Ransomware-as-a-Service became the go-to model for attackers. 2021 saw a shift toward the Ransomware-as-a-Service (RaaS) business model, where groups recruit affiliates or partners to conduct specific parts of their operation.
  2. Attackers crafted bespoke ransomware. In 2021, threat actors bullied targeted organizations with victim-specific ransomware designed to avoid detection and ensure the efficacy of the attack within the victim’s environment.
  3. Attackers went “big game hunting.” Sophisticated ‘big game hunter’ ransomware groups, both old and new, honed their ability to access victims’ networks worldwide. Cybercriminal groups adopted the now widespread ‘double extortion’ tactic to steal—and threaten to leak—sensitive data.
  4. Ransomware sent shockwaves through the software supply chain. Numerous high-profile incidents targeting high-worth organizations via software supply chains during 2021 demonstrate the impact that ransomware can have on an organization—and, in some cases, led to ‘real-world’ outcomes sending shockwaves across the broader economy.
  5. Attackers bought and sold off-the-shelf commodity malware. Commodity malware continued to be widely adopted by threat actors of varying sophistication—from organized cybercriminal gangs delivering payloads to gain initial access to high-value targets to script kiddies using simple off-the-shelf threats to steal credentials for resale on the dark web.

Click here to read the full blog post to delve into each of the five ransomware trends or you can visit the Varonis website here.