Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts By :

Guest Post

UK Hacking Fines

How to block hidden malicious commands in obfuscated scripts

960 640 Guest Post

By Chris Corde, VP of Product Management, VMWare Carbon Black

For a long time now, our Threat Analysts have flagged the growing threat of script-based attacks, especially from Microsoft PowerShell and Windows Management Interface script commands, and their ability to escape notice in many antivirus solutions. Increasingly, these types of attacks have become the common standard for gaining entry into corporate systems and moving laterally to inflict damage. Today, we announce several new features to help prevent and detect script abuse, including an extension of our ability to prevent script-based attacks build on AMSI integrations, and the ability to translate the actual contents of obfuscated PowerShell scripts in the Carbon Black Cloud console.      

In our current work from home/COVID-19 environment, these script based attacks continue to grow in size and global spread. Common tools like PowerShell enable attackers to hide their intent behind obfuscated script content, and the resulting lateral movement is facilitated by the abuse of Windows Management Interface (WMI), Google Drive and process hollowing. According to our latest Incident Response Report, lateral movement made up a third (33%) of today’s attacks.  

Detecting Stealthy Script Abuse 

To combat this stealthy attack technique, the Carbon Black Cloud has added capabilities that expose the exact commands behind obfuscated PowerShell scripts. By adding this capability directly into our NGAV product console, we’re able to assist less experienced security teams in detecting attacks they may have otherwise missed, as well as accelerate a formerly time-consuming investigation process. This feature also includes new insights on PowerShell scripts for those using older, legacy systems that don’t support AMSI.  

Due to broad usage of PowerShell in enterprise IT environments, many of these obfuscated scripts go unnoticed by EPP solutions because they trigger either no alert, or deceivingly low-level alerts. This makes it easy for threat actors to hide nefarious commands. Normally, you would have to copy that script and paste into an external script translation app that would offer limited details around the command line, and could take anywhere from several hours to days to resolve. The ability to translate these obfuscated scripts with a button-click during alert triage or threat hunting will save analysts hours of investigation time, by allowing them to quickly see the code and determine whether the intent is malicious or not immediately.  

Preventing Script Abuse Without Decreasing Productivity 

Thanks to our Threat Analysis Unit, VMware Carbon Black built prevention rules onto our AMSI inspection capabilities, along with machine learning to translate these previously hidden scripts. Customers can now quickly at the click of a mouse, translate the script in the Carbon Black Cloud dashboard to see the entire decoded script within seconds, along with an assigned risk score.  This new functionality brings a level of protection and visibility for these advanced attacks rarely seen in endpoint protection platforms, providing customers’ immediate access in-console to the script translation details during both alert triage and threat hunting.  

PowerShell alerts are highlighted in the console, showing the reason why a specific script was flagged, and delivering additional context behind the prevention to speed resolution times. When customers investigate the specific details, they can now simply click a button to translate the obfuscated script.  

In addition to translating obfuscated scripts, we’ve also improved readability of PowerShell scripts through syntax highlighting, making it easier for customers to scan for string content vs PowerShell command-lets and function calls while searching for threats.  

Working closely with our Threat Analysis Unit, we’ve also expanded prevention capabilities for script-based Windows attacks built on Microsoft AMSI Integrations into our default prevention policy, making it easy for customers using our product to have an effective security posture right out of the box,  

VMware Carbon Black’s Threat Analysis Unit updated the default policy to include additional granularity for frequently used off-the-shelf attacker frameworks seen regularly in script-based attacks. These updated rules offer high-fidelity prevention for script-based attacks that decrease false positives and take the strain off already resource-deficient security teams. These updated preventions are available upon download of our latest Windows sensor 3.6 coming out this week.  

Giving resellers the key to unlocking end user continuity, productivity and flexibility

960 640 Guest Post

By Dave Manning, Operations Director, Giacom

Until recently, the transition to working from home was unfolding at a gradual pace for many businesses. Although there is much research to back up the benefits of flexible and remote working, many business leaders remained sceptical, believing that office working remained the setup that would be most productive and beneficial from a cultural perspective. 

But the current crisis delivered an ultimatum for many businesses – cease operations or deploy technology to enable employees to work from home for the foreseeable future. There are, of course, several industries where working from home is not an option, but for the majority, there are ways to simply facilitate it – demonstrated by the fact that more than 39% of adults in employment are now working from home, compared to around 12% last year. 

Many employees are thriving working from home. And the hours they have gained back while working from home are not going to be something they will want to give up easily –  two-thirds (63%) of workers said they are open to full time remote working and never going back to the physical office once the crisis is over. It’s becoming clear that the future will not be a permanent office-based workforce, but will shift to a hybrid model combining both remote and office working, allowing for a larger degree of flexibility. This approach of working fuelled by the pandemic is clearly favoured, as 77% of UK employees believe a mix of office-based and remote working is the best way forward post Covid-19. 

For those companies set up to work from home, it’s clear that if business continuity and productivity are maintained – or even improved – during a crisis, they will long term as well. But companies that aren’t properly set up to support remote working are missing out on significant business value gains. To facilitate hybrid working long term, employees must be equipped not only to survive, but to thrive. So how can resellers support end user organisations in transitioning to this new way of operating in the future?

A cloudy future

The lockdown enforcement saw the need for businesses to adapt to this new way of working almost overnight, resulting in a huge surge of enquiries to resellers to get employees working remotely as quickly as possible. Even with cloud-based solutions gaining popularity over the years, a lot of business infrastructure remain on-premises. Businesses need to be moving to a cloud-based infrastructure where the technology they deploy allows for the flexibility to work remotely and on-premises if required. For IT companies supporting SMBs who want to future-proof their businesses and replace outdated on site servers, the cloud offers a fixed cost server solution to IT companies supporting SMBs, while delivering secure storage and easy provisioning as well as scalability – ensuring a futureproof solution for end users. 

Productivity tools

Collaboration tools have come of age and the race is on to both develop and implement smoother integrated IT communications, video, voice strategies so that business can perform at an even higher level whilst working from home. Similar to the transition from letter writing to email, businesses are realising they can actually get more achieved in the same time with cloud-based tools and people not having to travel miles around the country on public transport, in cars or internationally by plane.

And as virtual collaboration tools develop even further to deliver advanced capabilities, employee productivity will only increase. Resellers will be the crucial advisors to companies in order to facilitate their needs, backed up with support from CSPs to help navigate through the most relevant and valuable cloud solutions for their end users. 

Secure setup

Resellers have undoubtedly already experienced the surge of businesses looking to get staff up and running with remote collaboration tools, such as Microsoft Teams etc.. But in the rush to get everyone online and maintain business continuity, security considerations likely slipped much further down the list. Given the continued increase in frequency and sophistication of cyber attacks, especially those capitalising on the current crisis through phishing scams, ‘Zoom-bombing’ incidents and the like, it’s never been more important to prioritise cyber security. 

This is especially true for those organisations that are new to the concept of remote working. While they may have had a solution in place for keeping the corporate network secure within the physical office, a virtual business requires different tools and techniques. This is where resellers can play a crucial role as key consultants to end-users on how they can keep their data secure and deploy reliable, cloud-based backup solutions to safeguard their sensitive information even further. 

A hybrid and flexible infrastructure

While we are all looking forward to this crisis being over, given the nature of the pandemic it’s unlikely that there will be a hard stop to lockdown. Even with the government now lifting some of the restrictions, we can expect a combination of working from home and office working with social distancing and other measures still in place for some time to come. And research has found that 74% of business leaders intend to shift some employees to remote working permanently. No one knows exactly what that journey will look like, so businesses require the toolkit and technology to enable a hybrid working infrastructure now and into the future. 

Moreover, lockdown measures may be starting to ease gradually, but if the UK is faced with a second wave of the virus, or we experience another crisis in the future, additional lockdown measures may have to be put back in place, as was the case in Singapore that struggled to contain a second wave. Flexibility is therefore crucial to safeguard business continuity and enable organisations to maintain optimum productivity levels even in the midst of another unprecedented event. 

The key will be for resellers to support end users in deploying tools that support this new way of working. From unified communications and collaboration software, to cloud-based backup and security tools that keep the corporate network safe no matter where the user is based, resellers hold the key to unlocking end user organisations’ continuity, productivity and flexibility. 

The growing DDoS landscape 

960 640 Guest Post

By Anthony Webb, EMEA Vice President at A10 Networks  

Last month, news reports highlighted one of the biggest DDoS attacks ever recorded. The attack, which targeted a large European bank, generated 809m packets per second (Mpps). This is a new industry record for a PPS-focused attack which is more than double the size of previous attacks. A10 Networks recently launched its Q2 2020: State of DDoS Weapons Report, based on approximately 10 million unique source addresses tracked by A10 Networks, and the report sheds more light on the loud, distributed nature of DDoS attacks and the key trends and observations that enterprises can learn from when adopting a successful defence. 

DDoS Botnet Agents  

We’ve previously written about how IoT devices and DDoS attacks are a perfect match. IoT devices such as smart watches, routers and cameras are now commonly infected by malware and under the control of malicious actors who use them to launch flexible DDoS attacks. Our researchers accumulated knowledge of repeatedly used hosts in these attacks, scanning for those that show malware-infected characteristics that deserve to be treated with caution whilst under a DDoS attack.  

The report highlighted the top three countries hosting DDoS botnet agents as follows: 

·        China 15% 

·        Vietnam 12% 

·        Taiwan 9% 

From the countries above, the top ASNs hosting DDoS botnet agents were: 

·        Chungwha Telecoms (Taiwan) 

·        China Telecom 

·        China Unicom CN 

·        VNPT Corp (Vietnam) 

Malware Proliferation 

With IoT devices vulnerable, largely due to devices lacking the necessary built-in security to counter threats, this allows threat actors an opportunity to target these devices, through a collection of remote code execution (RCE) exploits and an ever growing list of default user names and passwords from device vendors, to constantly increase the size and strength of DDoS attacks. Our weapons intelligence system detects hundreds of thousands of events per hour on the internet, providing insights into the top IoT exploits and the attack capabilities.  

One of the key report findings highlighted thousands of malware binaries being dropped into systems, in the wake of the different IoT-based attacks and exploits. Among the malware families that were most frequent in attack were the following: Gafgyt family, Dark Nexus and Mirai family. The related binary names from these malwares were arm7, Cloud.x86, mmmmh.x86 respectively. 

Digging deeper into the characteristics and behaviour of the binary we saw the most this quarter, “arm7”, we found that attack types came in varied forms including, but not limited to, TCP floods, HTTP floods and UDP floods. To mitigate these attacks a firm understanding of these DDoS weapons needs to be established by understanding and reverse engineering the attack toolkits. 

Amplified Attacks  

When it comes to large-scale DDoS attacks, amplified reflection is the most effective. An example of this is when the attacker sends volumes of small requests with the spoofed victim’s IP address to internet-exposed servers. The servers reply with large amplified responses to the unwitting victim. These particular servers are targeted because they answer to unauthenticated requests and are running applications or protocols with amplification capabilities. 

The most common types of these attacks can use millions of exposed DNS, NTP, SSDP, SNMP, and CLDAP UDP-based services. These attacks have resulted in record-breaking volumetric attacks, such as the recent CLDAP-based AWS attack in Q1 2020, which peaked at 2.3 Tbps and was 70% higher than the previous record holder, the 1.35 Tbps Memcached-based GitHub attack of 2018. Although CLDAP does not make the top 5 list of our Amplification attack weapons in Q2, we did record 15,651 potential CLDAP weapons. This makes it a fraction of the top amplification attack weapon this quarter, i.e., portmap, where for every CLDAP weapon, we have 116 portmap weapons available to attackers. The AWS attack shows that even this fractional attack surface has the potential for generating very large-scale DDoS attacks and the only way to protect against these attacks is to proactively keep track of DDoS weapons and potential exploits. 

Battling the Landscape  

Every quarter, the findings of our DDoS attack research point to one thing: the need for increased security. Sophisticated DDoS weapons intelligence, combined with real-time threat detection and automated signature extraction, will allow organisations to defend against even the most massive multi-vector DDoS attacks, no matter where they originate. Actionable DDoS weapons intelligence enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and available vulnerable servers commonly used for DDoS attacks. DDoS attacks are not going away, and it is time for organisations to match their attackers’ sophistication with a stronger defence, especially as new technology like IoT and 5G continue to gain further momentum.   

Image by Markus Spiske from Pixabay 

Data centre pre-construction – The devil is in the detail

960 640 Guest Post

By Jon Healy, Operations Director at Keysource

Having a detailed pre-construction phase undertaken before starting the design and build or upgrade of a data centre facility has a number of major benefits, however many organisations choose to sidestep this part of the process. In my experience this is a false economy that can often result in, at best, a lack of consistency of supplier responses and a loss of control by the client; and at worst significant additional costs and a major impact to project delivery, especially within live environments.

At Keysource we are trusted in the sector to provide a full range of services to support the full lifecycle of a project from consulting (including pre-construction services), through to project delivery and on-going management. As a result, we see this issue from both sides and we are often cautious about projects in the sector which choose not to have the security and guidance of a ‘pre-construction’ phase.

One of the main challenges is that some organisations rely on the companies tendering for the work to undertake this as part of their bid. Whilst some are able to do this it means that, from the start, it is highly likely that there will be differing views on how to achieve a certain end result. Let’s remember that the cost of this effort will be incurred by the customer as part of the project anyway.

Companies tendering are having to ‘second guess’ at the importance of the key drivers of the project such as resilience, sustainability and futureproofing. There may be a view that this creates a platform for innovation for the supply chain, not “constrained” by prescriptive documentation. However given the typical competitive nature of these projects and factor in the pressures on margins in our sector then there is also a real danger to this approach.

Our experience is that a good pre-construction allows clients to look at the big picture rather than just the specific project addressing issues such as how this will fit in my overall business/IT strategy. It also ensures an increased buy in from all customer stakeholders and may well have some real value to add. It also means that any risks can be addressed early on. With a formal plan in place that includes a robust design, detailed cost schedules and delivery plan there is little to no need for any member of the team to second guess during decision making processes. Ultimately this puts the client firmly in control of what they want.

A good example of this is a recent pre construction project we have just completed for Datum Data Centres, the leading provider of data centre and colocation services,  for the first-floor data centre construction at its site on the Cody Technology Park, Farnborough. This initial service enabled Datum to develop a detailed specification and required delivery methodology for the construction phase.

We started the project by undertaking a needs analysis with Datum which established a detailed brief and performance specification for stakeholder agreement and senior level approval. The next stage was to develop concept solutions to meet the brief including associated commercial, technical and delivery related considerations and identifying risk. Finally, we developed the preferred design, construction phase plan and commercial schedules.

Importantly this preconstruction service evaluated different approaches to deliver the required performance specification giving Datum the ability to mitigate risk associated with the project whilst having the flexibility to make commercial decisions through the process.

As with most data centre construction projects, the programme was a key driver and therefore this approach allowed us to sequence critical path activities such as completing independent surveys, early procurement and team mobilisation to optimise the delivery programme.

Datum have been a long standing customer and over time have become convinced of the benefits of the preconstruction phase and Dominic Phillips, Managing Director at Datum recently commented: “Keysource have completed a range of projects for us including a number of upgrades and fit outs to meet the needs of both our new and existing customers. They have shown us that having a pre-construction phase for these projects is extremely valuable in helping us to achieve the right result that is futureproof and delivers our key objectives of resilience and sustainability.”

They, like us, know that the devil is in the detail.

In case you missed ZIVVER at the Security IT Summit…

960 640 Guest Post

By Zivver

Last month marked ZIVVER’s first appearance at the Security IT Summit and we had a great time meeting so many people (virtually).

If you took some time during the summit to connect with us, we look forward to staying in touch!

And if you missed your chance to meet with us at the summit, now’s a great time to get to know ZIVVER.

We’re a relatively new player in the UK, but our secure communication platform has already established us as a market leader in the Netherlands. In a few short years we’ve earned the trust of over 3000 organisations, including leading insurance companies, top healthcare institutions and the national judicial system, to safeguard their sensitive data. 

How ZIVVER works

Our smart technology platform is designed to prevent human errors, which is consistently cited as the top cause of data leaks (over 75%). With ZIVVER, users receive real-time awareness training when sending sensitive communications electronically, enabling them to prevent mistakes before hitting send.  

The service conveniently integrates with leading email clients such as Outlook and Gmail, so it’s easy to use and won’t impact existing workflows. Plus, with a generous 5TB limit, you’ll never have to worry about file size limits again when you need to transfer files safely. ZIVVER also helps organisations to improve their regulatory compliance as well as business performance. 

Many companies quickly see a positive business case with us. That’s why over 98% of our customers renew their service agreements, and our average rating on Gartner Peer Reviews is 4.7 out of 5. 

Curious to find out more?

Organisations usually concentrate their security efforts on preventing inbound threats such as spear phishing and anti-virus protection, but often overlook the need to properly safeguard their outbound communications. This can create additional risks since outbound communications typically cause more data breaches. 

Learn how to enhance your email security in our new Outbound Email Security Essentials white paper

You can easily download it by visiting this page.

Mind the gap: Upskilling cyber security teams

960 640 Guest Post

By Matt Cable, VP Solutions Architects & MD Europe, Certes Networks, is of interest at all?

At the end of 2019, it was reported that the number of unfilled global IT security positions had reached over four million professionals, up from almost three million at the same time the previous year. This included 561,000 in North America and a staggering 2.6 million in APAC. The cyber security industry clearly has some gaps to fill.

But it’s not just the number of open positions that presents an issue. Research also shows that nearly half of firms are unable to carry out the basic tasks outlined in the UK government’s Cyber Essentials scheme, such as setting up firewalls, storing data and removing malware. Although this figure has improved since 2018, it is still far too high and is a growing concern. 

To compound matters, the disruption of COVID-19 this year has triggered a larger volume of attack vectors, with more employees working from home without sufficient security protocols and cyber attackers willingly using this to their advantage.

Evidentially, ensuring cyber security employees and teams have the right skills to keep both their organisations and their data safe, is essential. However, as Matt Cable, VP Solutions Architects & MD Europe, Certes Networks explains, as well as ensuring they have access to the right skills, organisations should also embrace a mindset of continuously identifying – and closing – gaps in their cyber security posture to ensure the organisation is as secure as it can be.

Infrastructure security versus infrastructure connectivity

There is a big misconception within cyber security teams that all members of the team can mitigate any cyber threat that comes their way. However, in practice this often isn’t the case. There is repeatedly a lack of clarity between infrastructure security and infrastructure connectivity, with organisations assuming that because a member of the team is skilled in one area, they will automatically be skilled in the other. 

What organisations are currently missing is a person, or team, within the company whose sole responsibility is looking at the security posture; not just at a high level, but also taking a deep dive into the infrastructure and identifying gaps, pain points and vulnerabilities. By assessing whether teams are truly focusing their efforts in the right places, tangible, outcomes-driven changes can really be made and organisations can then work towards understanding if they currently do possess the right skills to address the challenges. 

This task should be a group effort: the entire IT and security team should be encouraged to look at the current situation and really analyse how secure the organisation truly is. Where is the majority of the team’s time being devoted? How could certain aspects of cyber security be better understood? Is the current team able to carry out penetration testing or patch management? Or, as an alternative to hiring a new member of the team, the CISO could consider sourcing a security partner who can provide these services, recognising that the skill sets cannot be developed within the organisation itself, and instead utilising external expertise.

It’s not what you know, it’s what you don’t know

The pace of change in cyber security means that organisations must accept they will not always be positioned to combat every single attack. Whilst on one day an organisation might consider its network to be secure, a new ransomware attack or the introduction of a new man-in-the-middle threat could quickly highlight a previously unknown vulnerability. Quite often, an organisation will not have known that it had vulnerabilities until it was too late. 

By understanding that there will always be a new gap to fill and continuously assessing if the team has the right skills – either in-house or outsourced – to combat it, organisations can become much better prepared. If a CISO simply accepts the current secure state of its security posture as static and untouchable, the organisation will open itself up as a target of many forms of new attack vectors. Instead, accepting that cyber security is constantly changing and therefore questioning and testing each component of the security architecture on a regular basis means that security teams – with the help of security partners – will never be caught off guard. 

Maintaining the right cyber security posture requires not just the right skills, but a mindset of constant innovation and assessment. Now, more than ever, organisations need to stay vigilant and identify the gaps that could cause devastating repercussions if left unfilled. 

Breaking down AI’s role in cybersecurity

960 640 Guest Post

Data security is now more vital than ever. Today’s cybersecurity threats are incredibly smart and sophisticated. Security experts face a daily battle to identify and assess new risks, identify possible mitigation measures and decide what to do about the residual risk. 

This next generation of cybersecurity threats require agile and intelligent programs that can rapidly adapt to new and unforeseen attacks. AI and machine learning’s ability to meet this challenge is recognised by cybersecurity experts, the majority of whom believe it is fundamental to the future of cybersecurity. Paul Vidic, Director, Certes Networks, outlines how AI and machine learning will play a fundamental role in enabling organisations to detect, react to – even prevent – emerging cyber threats more promptly and effectively than ever before...

Why is Cybersecurity so Important?

Cybersecurity is important because it encompasses everything that pertains to protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and governmental and industry information systems from attempted theft and damage.

As the whole world is becoming more digitalised, cybercrime is now one of the biggest threats to all businesses and government organisations around the world.

According to recent reports, cyber criminals exposed 2.8 billion consumer data records in 2018, costing US organisations over $654 billion. Meanwhile, the 2019 Ninth Annual Cost of Cybercrime Study calculated the total value of risk as $US5.2 trillion globally over the next five years. 

The same report identified the use of automation, advanced analytics and security intelligence to manage the rising cost of discovering attacks.

Enter AI and Machine Learning

Artificial Intelligence (AI) and machine learning technologies address these challenges and are giving rise to new possibilities for cybersecurity threat protection. AI in cybersecurity plays an important role in threat detection, pattern recognition, and response time reduction. Adopting AI in cybersecurity offers better solutions when it comes to analysing massive quantities of data, speeding up response times, and increasing efficiency of often under-resourced security teams.

AI is designed and trained to collect, store, analyse and process significant amounts of data from both structured and unstructured sources. Deploying technologies such as machine learning and deep learning allows the AI to constantly evolve and improve its knowledge about cybersecuritythreats and cyber risk.

For example, by recognising patterns in our environment and applying complex analytics, AI enables us to automatically flag unusual patterns and enable detection of network problems and cyber-attacks in real-time. This visibility supplies deeper insights into the threat landscape which in turn informs the machine learning. This means that AI-based security systems are constantly learning, adapting and improving. 

Risk Identification

Risk identification is an essential feature of adopting artificial intelligence in cybersecurity. AI’s data processing capability is able to reason and identify threats through different channels, such as malicious software, suspicious IP addresses, or virus files.

Moreover, cyber-attacks can be predicted by tracking threats through cybersecurity analytics which uses data to create predictive analyses of how and when cyber-attacks will occur. The network activity can be analysed while also comparing data samples using predictive analytics algorithms. 

In other words, AI systems can predict and recognise a risk before the actual cyber-attack strikes.

Conclusion

Of course, fundamental security measures such as malware scanning, firewalls, access controls, encryption, and policy definition and enforcement remain as important as ever. AI does not replace these; rather, it complements them.

However, as AI and machine learning technologies continue to mature, it is possible to imagine a time when the cybersecurity industry – having long been at the mercy of the malevolent hacker – may finally have the tools to take the lead. 

Proving ROI in cyber security

960 640 Guest Post

Research shows that almost half of businesses have reported cyber security breaches or attacks in the last 12 months. Amongst these businesses that identified breaches or attacks, more have experienced these issues at least once a week so far this year.

Moreover, the unprecedented events of recent months have seen the number of attempted data breaches continue to rise, with cyber hackers using the increase in remote working and individuals’ fears over the coronavirus to their advantage. In fact, a survey showed that 50% of organisations were unable to guarantee that their data was adequately secured when being used by remote workers.

The issue is serious and many businesses are stepping up their cyber security strategies accordingly, with CIOs and their teams increasingly taking a seat at the executive board table. But one thing is still lacking: cyber security ROI. To truly engage with a strategy, board members need to see ROI from every department of an organisation, and cyber security is not exempt from that. However, demonstrating business value in areas such as compliance, risk management or data assurance, has always been challenging. 

Consequently, data security has historically been looked upon as a necessary cost of doing business. However, this no longer needs to be the case. As CIOs, CISOs and network security teams mature into their C-Suite role, proving the value of data security is now both a realistic and achievable corporate objective. Frank Richmond, Vice President Sales Europe, Certes Networks, explains just how CISOs and CIOs can get the Board on board… 

Cyber security as a strategic investment

Today’s current network and data security approaches focus primarily on keeping the cyber hackers out with threat detection and vulnerability management at the core. But modern CIOs and CISOs want – and need – more than this when reporting to the Board; they want “provable security”.

Securing data should be a strategic investment in an organisation’s risk strategy and should quantifiably contribute to the overall value of the business. CISOs expect their network security teams to be equipped with tools that will enable them to make real-time changes to applications based on observable network flow. They want to see that securitypolicies are being enforced properly and, most importantly, prove that their security strategy is actually effective.

To put this into practice, cyber security should be quantifiable, measurable and outcomes-driven. It shouldn’t just be a case of successfully keeping a cyber attacker out of the network after a single breach; a successful cyber securitystrategy is effective only when it is continuously putting data security first and measuring impact against key performance indicators (KPIs) that will instantly show Board members how imperative the strategy – and the technology behind it – really is.

In order to truly demonstrate the effectiveness of the organisation’s security strategy, CIOs and CISOs need to be able to visualise and understand their data, the associated applications, workloads and behaviour, with real-time contextual insight. This, in turn, will enable this understanding to be passed on to other executive Board members. 

The real value of cyber security

Armed with this insight, organisations can then take actionable steps not only to measure the effectiveness of their security strategy, but to gain deep understanding into how to enhance their security posture and to manage and enforce policies. With a data-driven approach to cyber security, the guesswork can be removed and CISOs and CIOs will be able to clearly demonstrate to the Board that ROI has been achieved.

With buy-in from the Board, data security is now more than a ‘necessary cost’, and is instead a fundamental of business operations. The businesses that succeed in enforcing this way of thinking will then truly be able to continuously evolve their cyber security practices to keep their data safe.

The first and last line of defence

960 640 Guest Post

As the frequency and sophistication of cyber attacks increase at an alarming rate, much attention has been paid to high-profile data breaches of enterprise companies. Just recently, EasyJet revealed that the personal information of 9 million customers was accessed in a cyber attack on the airline; and the examples don’t stop there. British Airways was fined £183 million in July last year after hackers stole data of half a million customers and in the same month, the Marriott hotel group was fined £99.2 million for a breach that exposed the data of 339 million customers. 

With media attention typically placed on data breaches of this scale, this could give the incorrect impression that the cyber security risk to SMBs is much smaller. It’s true that SMBs by their very nature don’t have thousands of employees or millions of global customers, but that doesn’t mean that they are not a target. Every business still has a combination of employees with personal data, payroll information, company credit cards, suppliers that use their systems – all valuable data that a hacker could potentially use to their advantage. Clearly, technology has a large role to play – but technology alone can’t prevent every type of attack.

Andrea Babbs, UK General Manager, VIPRE Security, explains how a combination of technology, regular training and tools that help the user to thwart potential hacks can provide a layered defence for organisations to mitigate the threats they face….

Technology alone is insufficient

Life and work as we know it is changing as a result of the Covid-19 crisis. Businesses were forced to implement a working from home policy (if they could) almost overnight, with many unprepared in terms of infrastructure and security. Cyber criminals have used this to their advantage, producing ever more sophisticated, convincing and dangerous methods to target businesses and individuals.

Technology, including solutions that provide a vital protection against email mistakes, can help users spot phishing attacks – such as the email that purports to come from inside the company, but actually has a cleverly disguised similar domain name. This technology can automatically flag that email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack. In addition to email security and endpoint securitythat protects against emerging threats such as spyware, viruses, ransomware etc., this can be a valuable tool in an organisation’s armoury. 

But despite companies such as EasyJet investing significant amounts into essential cyber security software, the breach examples above clearly show that deploying technology in isolation is not enough to entirely mitigate the risk of cyber attacks. The key is to change the mindset from a full reliance on IT, to one where everyone is responsible. 

Employees are a key part of a business’ security strategy. Those that are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are a valuable and critical asset to a company. Employees are the soldiers on the front line in the battle against cyber criminals. They need to be trained to be vigilant, cautious and suspicious and assume their role as the last line of defence when all else fails. 

The threat landscape continues to evolve so rapidly that those businesses not conducting regular cyber security training for their employees are not secure. Relying on security software isn’t enough. But training shouldn’t just be a tickbox exercise either, a once a year session on cyber threats won’t be enough to keep the workforce sufficiently informed and vigilant. 

Security Awareness Training

Organisations cannot be expected to stay one step ahead of cyber criminals and adapt to new threats on their own. They need to recruit their employees to work mindfully and responsibly on the front lines of cyber defence. 

According to Verizon’s 2019 Breach Investigations report, 94 percent of malware is delivered by email, making it the most common attack vector. One element of ensuring that the workforce is alert to the threat of phishing emails is to conduct a regular internal phishing email campaign that can also provide analysis on which employees failed to spot the phishing attempt, and therefore, may require additional training. Would your employees know how to spot a scam attempt? What about the following real-world examples taken from actual events? 

  1. A scammer purporting to be a company executive sends an email to an employee requesting a wire transfer to be sent immediately to a supplier. With a senior colleague making the request, and added pressure at the moment to be seen as ‘working’ when working from home, the employee complies and wires funds to a fake account. 
  2. An email is sent to your outsourced HR provider claiming to be from the company CEO requesting personal employee data. Without spotting the fraudulent nature of the email, the HR provider complies and shares personal information with the scammer which could be used to create false documentation. 

Fortifying the defence strategy

The essence of a solid cyber security strategy is a layered defence that includes endpoint security, email security and a business-grade firewall for the security of your network. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. Employees can, therefore, be a proactive weapon in an organisation’s defence, or a hole in the fence for cyber criminals to pass straight through to the corporate network. That is why regular training, in addition to complementary security tools, can provide a fortified strategy for organisations to mitigate the threat of a cyber attack. The workforce should be trained to question everything, be cautious and double check anything that they think is suspicious. The difference between a trained and an uneducated workforce could mean the difference between an organisation surviving a cyber attack, or suffering the devastating consequences.

Without automation, security gets harder during a business disruption

960 640 Guest Post

FireMon’s 2020 State of Hybrid Cloud Security Survey found that 69.5 percent of respondents have a security team of just 10 people or fewer.  And  most manage both on-premise network security and cloud security.  

These teams are already bogged down with manual tasks at the best of times, so when a crisis  hits, it magnifies the risks of manual processes. Not only is it difficult to maintain essential network operations, but the number of misconfigurations that threaten compliance go up dramatically. 

Worse still, if unexpected interruptions to business continuity lead to team members being out of commission, security and compliance is further compromised because there’s not enough people to execute even the most basic steps of the business continuity plan — forget security configuration and compliance! An unexpected disaster scenario that already threatens data and compliance is further magnified, and so is the risk to the business, including the greater likelihood of lost revenues. 

IT’S ALREADY WAY TOO HARD TO KEEP UP ON A NORMAL DAY 

If you’re already short on people on a regular day, it’s going to be even harder to keep on top of everything that needs to be done when disaster strikes. Some of those manual tasks such as firewall rule updates may simply not get done, or if they do, they’re rushed and are more prone to human errors that lead to misconfigurations. Instead, the priority is to keep the business running and security teams must shift their focus to exceptional, specific user access issues that are cropping up, which are also being done in a hurry without enough attention to compliance because there’s no foundational best practices in place. 

Disruptions also mean some security team members are no longer available, so you’re even further short-staffed at a time when you need all hands on deck. Without automation and logs that provide insight into how and why things are done, you’re dependent on the knowledge of people who may no longer be available to share it.  

AUTOMATE WHAT YOU CAN SO YOU CAN MANAGE WHAT YOU CAN’T 

You can’t control everything, and it’s not a matter of if disaster strikes, it’s when.  Regardless of the cause, a “black swan” event tends to throw a lot of curve balls at security teams. However, if you’ve already automated most cloud configurations and global security policy, your team is in a much better position to deal with the expected.  

There are many things security teams can automate, including: 

  • Identity and access management, including cloud configuration 
  • Updates and patches 
  • Detection and monitoring 
  • Firewall rule updates 

Knowledge transfer through documentation also means you’re not dependent on specific team members to maintain compliance. 

You can’t automate everything at once, but if you start with low-hanging fruit, you’ll see immediate benefits. By establishing a global security policy and making it a baseline for any access configurations, including cloud services, you can be responsive to the lines of business change requests. Organizational knowledge is also quickly accessible, even when disaster strikes and if team members become unavailable. 

There are times when business isn’t as usual – it happens. However, it’s important to learn and adapt while things unfold during those times. In this case, many organizations will decide to lean into cloud migrations and automation to blunt the impacts of future black swan events.