McAfee Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

McAfee

McAfee on cybersecurity for the ‘new normal’ while managing the skills gap

960 640 Stuart O'Brien

Cybersecurity is now in the midst of an unprecedented challenge. While the scale, complexity and financial impact of data breaches and cyber attacks continue to increase, the pool of skilled professionals to fill security roles is dwindling.

According to research in March from the Department for Digital, Culture, Media and Sport, approximately 653,000 (48%) businesses have a basic skills gap, which means that those in charge of cybersecurity at those organisations lack the confidence to carry out the tasks laid out in the Government-backed Cyber Essentials scheme and do not have external support to do so. 

In practice, this means that almost half of UK businesses are unable to tackle the cybersecurity basics, such as setting up firewalls, storing or transferring personal data and detecting and removing malware. A further 408,000 organisations have “more advanced skills gaps”, covering areas such as penetration testing and security architecture.

Being unable to recruit skilled talent is simply exacerbating this problem, with employers identifying 35% of their security vacancies in the last three years as “hard to fill”.

Security teams are now being tasked with greater responsibility than ever, including getting entire workforces mobilised to work from home efficiently and securely, while battling a changing threat landscape. In light of the challenges they face today, it is more important than ever to take an intelligent, cloud-native approach to endpoint security.

We spoke to Adam Philpott, EMEA president at McAfee, about ways of managing the skills gap without compromising on security…

What can be done to tackle the skills gap issue in cybersecurity?

“To tackle such a complex issue requires both “top-of-the-funnel” intervention and investment from government organisations, but also collaboration across the cybersecurity industry and concrete measures from companies themselves.

“We can try to bring talent in further down the line, for example training employees later in their careers, but ensuring we have more talent available in the first place is essential. That is why nationwide investments in training in the technology sector, such as the establishment of a new UK Cyber Security Council to provide a framework for cybersecurity qualifications, are crucial and instrumental to closing the widening skill gap.

“However, there’s much that individual businesses can do to tackle the issue at their level, including implementing initiatives (whether it’s in collaboration with others in the industry or on their own) to promote greater diversity and attract more talent. For example, at McAfee we are targeting talent from outside of IT and security for many roles – an approach that requires thoughtful support mechanisms for onboarding and ongoing development.”

How much of an impact is a lack of diversity having on the wider skills gap, and how can it be combatted?

“A lack of diversity in recruitment processes, often coming through unconscious bias, means that businesses are missing out on large parts of the talent spectrum. This leads to slower progress in tackling the technical skills gap currently facing the industry.

“Building diverse teams should be a no-brainer for businesses, as doing so has clear benefits – from boosting creativity to achieving greater financial success. Companies in the top quartile for gender diversity are 15% more likely to have financial returns above their respective national industry medians, as well as benefitting from a wider bank of perspectives and expertise to draw on. Above all, diversity in the workforce is attractive to new talent and leads to better problem solving as well as improved service for customers of all backgrounds and perspectives.

“When working to combat the skills gap, companies should aim to weave diversity into every single process, programme and initiative. In practice, this means constantly thinking about different ways to access a more diverse talent pool, such as implementing flexible working practices. Alongside this, it’s important that companies are addressing the problem in the recruitment and interview processes, to ensure that hiring is as fair as possible. For instance, if an organisation is looking to recruit a better balance of men and women, it could change the wording in job adverts to make them more gender neutral or ensure that there is at least one woman on every interview panel making a recruitment decision on a candidate.”

How can organisations ease the burden on stretched IT teams without compromising on security?

“The average IT department manages thousands of endpoints, from desktops to IoT devices and everything in-between. Unfortunately, many security solutions simply dump too much information on stretched security teams and rely on senior analysts to investigate threats. When the skills gap issue is factored in, this can lead to serious holes in an organisation’s security posture.

“During the last few months of Covid-19 and the shift towards remote working, many businesses have been forced to accelerate a process of digitization, which in turn gives rise to two dimensions of complexity. Firstly, the infrastructure complexity that comes with more devices being connected and more cloud services being consumed. All of this needs protecting within the security OpEx envelope.

Secondly, there’s the security complexity, where a fragmented (or “best of breed”) solution weakens an organisation’s overall security posture. Both of these complexities put an undue burden on talent, exacerbating the ongoing skills gap issue.

“Some businesses look to outsource their threat detection and analysis, but in essence this only shifts the need for experts from one business to another. Rather than take this approach, organisations need to invest in the right cloud-native tools that identify and contain threats, but also help to upskill more junior staff and lighten the load for employees.

“Integrated solutions monitor and collect activity data from endpoints that could point to a threat, providing the visibility and context needed for security personnel to act. By analysing the data to identify threat patterns, its AI-driven response capabilities can automatically remove or contain threats and notify analysts, while the forensics and analytics tools hunt for identified threats and suspicious activities.

“Automation plays a key role here, handling a high volume of low intellect threats, which frees staff up to focus on higher-value work. By trusting in automated investigation, organisations can reduce alert noise and set up processes which enable staff to do more with less. This is vital for the business to maintain a consistently strong security posture, while allowing human personnel to focus on tasks that do more than just keep the lights on.”

McAfee advocates shared responsibility for cyber security in manufacturing

960 640 Stuart O'Brien

McAfee’s latest Cloud Adoption and Risk Report revealed that between January and April 2020, enterprise use of cloud in the manufacturing industry spiked by 144%, compared to the average overall enterprise increase of 50%.

Likewise, external attacks on cloud accounts increased by 630%, with manufacturing verticals seeing a 679% increase in threats, making it one of the most affected sectors.

A previous report from McAfee – Grand Theft Data II – The Drivers and Shifting State of Data Breaches – revealed that IT security professionals across all sectors, including manufacturing, are still struggling to fully secure their organisation and protect against breaches, with 61% claiming to have experienced a data breach at their current employer

The firm says data breaches are getting more serious and are under greater scrutiny – nearly three-quarters of all breaches have required public disclosure or have affected financial results.

One major issue highlighted in the report is that security technology continues to operate in isolation, with 81% reporting separate policies or management consoles for cloud access security broker (CASB) and data loss prevention (DLP), resulting in delayed detection and remediation actions.

Mo Cashman, Principle Engineer at McAfee, has outlined key issues with this approach and how they can be addressed:

Why is collaboration and shared responsibility important for improving overall governance in the manufacturing industry?

“We often see blurred lines when it comes to responsibility for data security, cybersecurity and compliance in the manufacturing space. Unfortunately, lack of clarity about who owns what as part of a shared responsibility model means Information Technology (IT) and Operational Technology (OT) convergence is increasing cyber risk. For example, IT systems are used on the OT side, giving OT teams some level of responsibility for managing data security and governance. However, a combination of differing systems and policies as well as lack of transparency between teams can make it challenging to manage security as a whole. This challenge is further compounded because shared responsibility must also factor in the supply chain, and suppliers often bring their own security controls into the mix through the installation of their own devices. 

“By implementing a shared responsibility model, teams can come together and create full visibility of who is responsible for each piece of the puzzle – for example, handling security at system and programming levels. This can ensure that the right controls are adopted where they are needed, while providing an encompassing view of security systems across the organisation.  

“With a collective understanding of risk and responsibility between IT, OT and the supply chain, organisations are moving their security posture and data governance up one level. A good example of this already in practice is the cloud: as organisations become increasingly aware of their role in the shared responsibility model to secure the cloud, they are becoming more aware of their risk levels and able to manage these more effectively.” 

What are the potential consequences for manufacturers that fail to implement  a shared responsibility model across IT/OT/supply chain?

“Failure to adopt a shared responsibility model across IT, OT and the supply chain can leave manufacturers with unnecessary expenses, higher risks and weakened security. From a cost perspective, organisations could be paying for additional but unnecessary security licensing and monitoring. Without clarity on which tools are already in use across IT and OT teams, organisations will not only face challenges with interoperability but they’ll risk doubling up on tooling and training costs. Instead, taking a more holistic approach of the organisation as a whole will enable IT and OT teams to decide where responsibility lies and lower costs. For instance, OT teams have very specific requirements and expertise. While overall monitoring to collect and understand data might sit with IT, OT can layer on context for specific alerts based on their expertise. Taking a collaborative approach where everyone’s responsibility is clear will enable organisations to streamline processes and limit unnecessary costs.

“Ultimately, a key consequence of failing to adopt a shared responsibility model is a higher level of risk and poorer overall security. Without clear dividing lines on responsibility and a collaborative approach, IT will not have the comprehensive view of systems required to keep track of all data and potential threats. As a result, pockets of vulnerable systems are likely – falling through the cracks between teams. Limited visibility means limited security. 

“This security issue is compounded in the manufacturing sector as the type of vulnerabilities impacting IT systems are often very different to those impacting OT. While lots of research exists around IT threats, less research is available on the OT side. Given that OT systems are usually lightweight and could be prone to damage if too much traffic is thrown at them, vulnerability discovery can be challenging. The combination of limited research and levels of system vulnerability which are harder to uncover means manufacturers can easily find themselves exposed to cyberattacks if a shared responsibility model is not employed.” 

What current factors are driving manufacturing organisations to reconsider their current set-up and move to a shared responsibility model?

“Faced with uncertainty and confusion about what the ‘new normal’ will look like has meant business leaders are thinking about resilience more than ever. In doing so, they’re considering their enterprise as a whole – moving away from a more siloed view. For manufacturers, future resilience depends on their systems remaining up and, importantly, secure. This requires business leaders to think more closely about the role that people, process and technology play. When considering a return to normality, organisations are wondering how they would deal with cybersecurity challenges if staff are working remotely, or how they could operate more flexibly to adjust as restrictions ease and tighten in response to the rate of virus transmission in future. Taking this holistic view of the whole organisation inevitably starts to break down barriers between teams and puts the shared responsibility model front and centre.”

What benefits will shared responsibility bring to the future of the manufacturing space?

“Firstly, shared responsibility allows manufacturing organisations to leverage expertise where it lies. For example, while IT teams have a centralised view and understanding of IT risks, they should collaborate with OT teams for industry context as required. Collaboration here will allow for quicker identification and investigation of alerts, reducing response time as teams both detect and mitigate threats more quickly.

“In the manufacturing sector particularly, safety is an important benefit of adopting a shared responsibility. Improved security, via a shared responsibility model, will help teams to uncover security risks before they have major consequences for customers. What’s more, if OT, IT and the supply chain work together, teams will be able to identify new security boundaries and reduce future risk.”

McAfee has also outlined practical steps that manufacturers can take:

·       Elect a governance committee. Creating a committee that includes individuals across IT, OT and the supply chain is vital. It can remove silos and provide a consolidated view of risk across the business as a whole. 

·       Conduct regular audits. Running audits across both IT and OT is key to ensuring visibility across systems, as well as opening doors to question processes and systems. What systems are out there? Who are the suppliers? What SLAs/security contracts are in place? Through these audits, teams can identify risks, kick-start contractual discussions with suppliers and agree the process to mitigate vulnerabilities before they occur.  

·       Start with monitoring. Increasing overall levels of monitoring will provide greater visibility. This monitoring should go hand-in-hand with implementing threat detection capabilities and the response plans that go with them. Ultimately, response times can be reduced if IT and OT teams understand their roles and responsibility in the process. 

·       Asses the overall security architecture. Fostering a more holistic view of the current enterprise set-up and how this maps with existing security standards is crucial. If IT and OT teams use different models to meet different criteria, manufacturers should aim to bring these models together into one consolidated enterprise view of cyber risk. 

·       Create a security awareness programme. By implementing a security awareness and readiness programme, organisations can ensure that all teams are educated on security procedures and are actively involved in maintaining them. This programme should include everyone from end users to OT engineers, and all the way up to executive level, in order to ensure that all areas of the manufacturing process are covered.

McAfee flags autonomous vehicle hacking risks

960 640 Stuart O'Brien

IT security giant McAfee’s has successfully tricked an autonomous vehicle to accelerate up to 85 MPH in a 35 MPH zone using just two inches of electrical tape.

The McAfee Advanced Threat Research (ATR) team and McAfee Advanced Analytic Team (AAT) partnered to explore how artificial intelligence can be manipulated through research known by the analytics community as adversarial machine learning or, as McAfee calls it, ‘model hacking‘.

McAfee ATR successfully created a black-box targeted attack on the MobilEye EyeQ3 camera system, utilised today in many vehicles including certain Tesla models. Through this attack, McAfee researchers were able to cause a Tesla model S implementing Hardware pack 1 to autonomously speed up to 85 mph, after manipulating the AI technology to misclassify a speed limit sign that read 35 mph.

McAfee says the implications of this research are significant, because:

  • By 2023, worldwide net additions of vehicles equipped with autonomous driving capabilities will reach 745,705 units, up from 137,129 units in 2018, according to Gartner
  • However, there is more discussion and awareness needed about the potential pitfalls and safety concerns associated with such rapid acceleration in this technology.
  • Given this projected growth, it’s a rare and critical opportunity for the cybersecurity industry and automobile manufacturers to be ahead of adversaries in understanding how AI/machine learning models can be exploited in order to develop safer next-gen technologies.

Mo Cashman, Principle Engineer at McAfee, said: “The automotive and cybersecurity industries will need to work together closely to design, develop, and deploy the right security solutions to mitigate threats both before they occur and after they happen. Unlike automotive safety, cybersecurity is not probabilistic. Threats come from a variety of sources, including intentionally malicious and unintentionally malignant. As a result, processes must be put in place to mitigate these cyber threats over the entire lifecycle of the product, from early design decisions through manufacturing to operation and decommissioning.

“With new systems come new attack surfaces and vectors – all of which should lead to new risk management considerations. Manufacturers must recognise this and take the appropriate measures for cyber resilience. Key actions range from conducting rigorous checks to using security tools to distinguish real threats from ‘noise’. Manufacturers must also ensure connections are secured from the cloud through to the vehicle endpoint, minimising vulnerabilities which hackers could use for their own gain.

“No matter the state of the threat landscape today, best practices for automotive security are an evolution and amalgamation of both product safety and computer security. By collaborating with the cybersecurity industry, the automotive and manufacturing sectors can research, develop, and enhance products, services, and best practices for a more secure driving experience.”

McAfee’s Top Tips for manufacturers:

  • Conduct rigorous checks. There are times when a product functions in a way developers/engineers didn’t expect it to perform, as evidenced by McAfee’s research. Perform rigorous checks and validations, considering new scenarios and edge cases that could be introduced in real-world use that perhaps the technology wasn’t specifically designed to handle. Additionally, McAfee encourages auto manufacturers to assess model hacking in systems.
  • Human-Machine teaming. Adversaries are human, continuously introducing new techniques. Machine learning can be used to automate the discovery of new attack methods; creative problem solving and the unique intellect of the security team strengthen the response.
  • Apply multiple analytic techniques and closely monitor changes. Protection methods include multiple techniques, for example noise addition, distillation, feature squeezing, etc. In addition, implement statistically-based thresholds and closely monitor false positives and false negatives, paying attention to the reason for the change. 
  • Take a ‘one enterprise’ and systems approach to security and risk management. Many organisations still operate in silo and this needs to change. Threats enter from multiple routes. As a result, increased collaboration and achieving one unified view across the manufacturer’s digital workplace, cloud services, industrial controls and supply chain are necessary considerations if a manufacturer is to maintain a strong cybersecurity posture as it develops autonomous vehicles.
  • Build a strong culture of security. For manufacturers, safety is often a strategic pillar of the business. Signs are posted highlighting accident-free days and senior leaders are champions of the programme. Bring that same focus to cybersecurity.

McAfee unveils new enterprise security portfolio

960 640 Stuart O'Brien

McAfee says its new MVISION portfolio offers a comprehensive, flexible defense system that manages security products with multiple devices and the cloud in mind.

Specifically, the firm says MVISION strengthens the device as a control point in security architectures by delivering simplified management, stronger Windows security, behavior analytics, and threat defense for Android and iOS devices.

Plus, with its single integrated management workspace, MVISION has been designed to empower enterprise security professionals to proactively manage, optimise, and integrate security controls across any combination of McAfee advanced protection and Windows 10 native capabilities.

“To overcome the complexity created by too many device types, security products, and consoles, things must get simpler and the directional approach to security must shift,” said Raja Patel, vice president and general manager, Corporate Security Products, McAfee. “Modern device security needs to defend the entire digital terrain while understanding the risks at play. This first wave of McAfee’s MVISION technology portfolio provides businesses with an elevated management perspective where security administrators can more easily defend their devices and fight cyber-adversaries in a cohesive and simplified manner.”

The new McAfee MVISION portfolio includes McAfee MVISION ePO, McAfee MVISION Endpoint, and McAfee MVISION Mobile.

ePO is a SaaS that offers a simplified, centralised point of view and comprehension. It removes the deployment and maintenance overhead of backend infrastructure and allows customers to easily migrate their existing ePO environment. Organisations can focus exclusively on reducing security risk with the agility of the cloud ensuring they are always running the latest security capabilities. In addition to the new MVISION ePO SaaS offering, ePO has been updated to enable security teams to better understand threat risks, ensure security compliance, and act faster with less effort than ever before.