Introduction to Cyber Security

Crouching Threat Hunter, Hidden Adversary
By Alex Valdivia, Director of Research at ThreatConnect Many security teams are reasonably proficient at responding to an attack. That
3 Immediate Fraud Trends to Watch for and How to Fight Back
By Benji Taylor, Senior Director of Service Delivery, Arkose Labs   Cybercrime continues to evolve at an alarming rate. To
Understanding the Challenges of IoT Security
Guest Post By Guillaume Crinon Global IoT Strategy Manager at Avnet Deploying an IoT solution isn’t like putting a product
From NordVPN: Is our freedom of speech at stake? The most significant laws that will shape the future of the...
By Daniel Markuson, digital privacy expert at NordVPN   April 6, 2020. 2019 saw some curious laws regarding the internet.
A Cyber Approach to Coronavirus Containment
What lessons can be learned from reviewing how we manage cybersecurity and applying it to an anti-Coronavirus campaign? In recent
Guest Column: California’s Consumer Privacy Act (CCPA) to Change How Companies Store Data Nationwide
By Richard Kanadjian, Encrypted USB Technology and Business Manager of Kingston Technology   Privacy laws are always changing and getting
Most Spam Emails Originate in China, the US, and Germany
 NordVPN Provides 3 Things We All Should Be Alert of When Receiving an Email   February 20, 2020. Even though
Guest Post: Bringing DevSecOps into Play
By Shauli Rozen, CEO of Cyber Armor Continuous integration (CI), continuous delivery (CD) and agile development quickly delivering minimum viable
Guest Post: 2 Tips on How to Protect Kids from Cyberbullying
Kids love surfing the internet during their free time. But, many don’t recognize the risks they expose themselves to when
2020 predictions from Greg Wendt, Executive Director, Appsian 
Greg Wendt, Executive Director, Appsian predicts: This year there will be a shift of CIO’s from systems technology experts to data-centric

Introduction to Cyber Security

What is cyber security? This introduction to cyber security offers a brief overview of an immense, sprawling subject. Indeed, quite a few books have been written on this subject. It’s impossible to capture it all in a single web page. However, we thought it would be useful to provide a high-level introduction to this topic.

Cyber security is a field of endeavor that spans professions, technologies, processes, laws, law enforcement and national security. At its root, cyber security is about protecting digital assets from harm, theft or malicious, unauthorized use. A digital asset could be a database, a piece of technology like a computer or smartphone, a website, an e-commerce business and so forth.

An introduction to cyber security needs to reference its predecessor. The cyber security field is not new, though it used to be called by (and still is, to some extent) different names. It was known as “information security” (InfoSec). The legal side of it was known as “computer crimes.” The word “cyber” has come into nearly universal use today due to several major shifts that have occurred in the field.

Introduction to Cyber SecurityCyberspace, a concept popularized in science fiction, posits that we (the human users of technology) imagine the invisible, abstract “space” existing between us, our computers, and other computers and their users, as a physical place. It’s fake, but real. Got it? The cyber space has become real enough that it’s a very useful metaphor to describe criminal or malicious acts taking place between people and entities (e.g. governments, corporations) using computers.

We talk about cyber security because life in the modern world has become highly digital. As so many of our interactions and fundamental life processes rely on computers, then crime and malfeasance take place in cyberspace. Hackers are doing much more than affecting InfoSec. They’re affecting people’s lives, in some cases literally, through “cyber physical” acts like hacking connected cars and so forth.

 

Photo by Engin Akyurt from Pexels

Crouching Threat Hunter, Hidden Adversary

By Alex Valdivia, Director of Research at ThreatConnect

Many security teams are reasonably proficient at responding to an attack. That is, when they know they’re under attack. The problem is that the guards stationed at the wall are generally just on the lookout for approaching armies, not realizing the danger hiding in the shadows. Ninjas are silently sneaking into the castle, and the guards too often have no idea. For too many organizations, by the time the team finds out they’re about to go to war with cybercriminals, they’ve already lost the first battles.

They don’t need more armor or thicker walls – they need threat hunters. Unlike those armored guards manning the walls, threat hunters provide a more agile and human way of identifying threats already on the network. More like detective work than guard duty, threat hunting entails the exploitation of known tactics, consistencies, motivations, and other known information about an adversary in order to identify and contextualize related intelligence. In other words, threat hunting helps to sleuth out the more human dimensions of a bad actor as well as the behaviors that provide crucial information about security incidents or weaknesses that might otherwise go undetected.

While threat hunting is considered a proactive strategy, it also comprises reactive and retroactive components.

While threat hunting is considered a proactive strategy, it also comprises reactive and retroactive components. When an organization identifies the pertinence of an adversary, the team wants to not only identify intelligence that will be relevant in the future, but also to determine whether information related to that actor might be related to past activity. Properly implemented, this generates a feedback loop between the proactive and the reactive, with operational functions informing strategy and using threat intelligence processes to focus on relevant information.

Take a simple example: a company receives an email with an attachment that may or may not be malicious. Initial steps include identifying information about the email and about the infrastructure involved in sending the email, as well as any infrastructure with which the attachment is designed to communicate. Next, analysts identify the specific tactics or consistencies of the bad actor. For example, if a malicious command and control domain can be identified from the document, then analysts can direct their attention at WHOIS and other registration records. This allows the threat hunters to start asking questions such as: Where was the domain registered? When was it registered? What else is hosted at the IP connected to that domain? How black is the blackness of a ninja’s belt?

The bread and butter of threat hunting, however, is sleuthing out those clues about the threat which center on human intelligence. Behavior patterns can be exploited by the SOC team to identify other information related to the actor. Documents often contain multiple artifacts, some of which may be distinctive enough to determine the template or network being used by the adversary. Threat hunters then focus on the human patterns identified through these artifacts. Shortcuts, workarounds and code re-use can give rise to a useful sketch of the bad actor’s goals, tools and capabilities.

From an order of operations perspective, identifying adversary behavior takes priority over unmasking the adversary.

From an order of operations perspective, identifying adversary behavior takes priority over unmasking the adversary. Other actors may be using the same techniques or infrastructures, but importantly, this procedural methodology still constitutes a concrete attack pattern that corresponds with a specific set of actions to remediate.

Enriching an organization’s security posture with active threat hunting provides a number of benefits. Foremost, it helps to uncover security incidents and hidden threats lurking in the background of a network. By discovering activity that has already breached a company’s defenses, proactive threat hunting can help to clear away persistent threats and remove malicious presences. With mean dwell times of roughly 78 days, businesses may be shocked to find how long those ninjas have been hiding in the shadows. They’ve practically set up shop.

Effective threat hunting also reduces investigation time following an incident. Information related to the actor can help a SOC team to identify the scope and causes of the current incident, as well as forecast its eventual impact. Critical data can then translate into actionable decisions and lessons learned.

Finally, threat hunting helps to provide analysts with a better understanding of the nature of their organization’s security. SOC teams gain a more cohesive and holistic view of their network’s structure, highlighting vulnerabilities, weak points, and critical points of contact. This also allows analysts to better anticipate future threats, as well as to contextualize the nature of previous incidents.

Finally, threat hunting helps to provide analysts with a better understanding of the nature of their organization’s security.

While traditional methods of cyber defense revolve around reactive security, bad actors have become increasingly sophisticated. The enemies’ highest grades were in stealth, and their Improved methods and tactics for masking their presence have allowed many bad actors to maintain advanced dwell times on company networks, constituting a persistent yet hidden threat, for months or years on end. Proper threat hunting provides a way to combat these bad actors by uncovering them where they’re hiding, identifying relevant information, and providing actionable insights.

When ninjas are hiding in the shadows, you need more than just guards on the wall.

 

About the Author

Alex Valdivia

Alex Valdivia leads ThreatConnect’s research team, an elite group of globally-acknowledged cybersecurity experts dedicated to tracking down existing and emerging cyber threats. He has spoken at B-Sides Las Vegas, DEF CON Skytalks, and has guest lectured for threat intelligence courses at Johns Hopkins University, Metropolitan State University, and the University of South Florida.

3 Immediate Fraud Trends to Watch for and How to Fight Back

By Benji Taylor, Senior Director of Service Delivery, Arkose Labs

 

Cybercrime continues to evolve at an alarming rate. To gain a better understanding of current attack mechanics and perpetrators, my company recently analyzed more than 1.3 billion transactions spanning account registrations, logins and payments across the financial services, e-commerce, travel, social media, gaming and entertainment industries. The most notable trend we discovered was a major spike in human-driven attacks, which rose 90% in Q4 of 2019 compared to six months previously. At the same time, we found that automated attacks — which grew by 25% — are becoming increasingly complex as fraudsters become more effective at mimicking trusted customer behavior.

What’s most interesting about these findings is that cybercrime is no longer solely about making a profit as quickly as possible. Today’s fraudsters are committed to playing the long game, investing ample time, energy and capital to organize sophisticated, multi-step attacks that don’t initially reveal their fraudulent intent and as such, are significantly harder to detect. In fact, the sharp rise in human-driven attacks can be attributed to fraudsters’ latest tactic: leveraging ‘sweatshops,’ i.e. large groups of low-paid workers who carry out launch attacks or make malicious transactions on fraudsters’ behalf.

 

3 Fraud Trends to Monitor 

The trending attacks types that surfaced in our recent analysis demonstrate the unpredictable face of fraud. Fraudsters are showing some surprising routes to monetization and targeting new industries and use cases. Organizations of all sizes, locations and industries must constantly ask themselves, “How can my product or service be used nefariously?” By proactively identifying ways their sites and apps can be abused in the future, they can ensure they are far more resilient to attacks in 2020 and beyond.

 

  1. Social media applications have become lucrative targets. Social platforms would not traditionally be associated with high monetization potential for fraudsters, especially when compared to other industries such as ecommerce and finance. However, due to the volume of rich personal data and high user activity levels, social media platforms have become lucrative targets for fraudsters looking to scrape content, write fake reviews, steal information or disseminate spam and malicious content. In Q4 of 2019 there was a dramatic increase in attack volumes for both social media account registrations and logins. In fact, every two in five login attempts and every one in five new account registrations were fraudulent, making this one of the highest industry attack rates. The human versus automated attack mix also rose, with more than 50% of social media login attacks being human-driven.
  2. Fraudsters are attacking the fun factor in online gaming. As millions increasingly engage in online games, the industry has emerged as a prime monetization avenue for fraudsters across the globe. Our data shows that attacks on gaming platforms are persistent and highly sophisticated, with fraudsters leveraging these applications to use stolen payment methods, steal in-game assets, abuse the auction houses and disseminate malicious content. Simultaneously, fraudsters are using bots to build online gaming account profiles and sell accounts with higher levels, while also targeting online currencies used within select games. Overall, we found that online gaming attack rates grew 25% last quarter, with most of the growth coming from human-driven attacks on new account registration and logins.
  3. Sweatshops are driving up attack levels and creating new global cybercrime hubs. To combat financial and operational scalability challenges, fraudsters are increasingly relying on sweatshop-like workers to carry out their preparation activities for larger cybercrime attacks. According to our findings, human-driven attack levels increased during high online traffic periods, with peak attack levels 50% higher than seen in Q2 of 2019. The extended fraud ecosystem leverages socio-economic disparities across the globe to tap into low-cost resources with high incentive levels to become involved in cybercrime.  Last quarter saw a rise in sweatshop attacks from Venezuela, Ukraine, Vietnam, India and Thailand, while sweatshop attacks originating from the Philippines, Russia and Ukraine nearly tripled compared to Q2 of 2019.

 

Combating Cybercrime Requires a Zero Tolerance Approach that Stamps out Fraud and Abuse in All Its Forms

Fraudsters are more willing than ever to be resourceful and innovative, often laying the groundwork months in advance via lower cost, yet highly nimble, automated attacks. As long as there is money to be made in fraud and businesses continue to tolerate attacks, fraudsters are going to continue to identify the most effective attack methods to achieve optimal ROI. Collectively organizations must stop accepting current fraud levels as ‘the cost of doing business,’ as this is only exacerbating the problem.

Equally critical in the fight against perpetual cybercrime is taking a careful look at what makes an organization’s product or service successful, and determining how fraudsters may exploit that feature. Take the concept of customer experience, for example. In recent years, organizations have become obsessed with delivering frictionless customer experiences, as digital-savvy consumers have demand instant access to services and fulfillment of purchases.

However, as the fraud landscape hots up, businesses need to find a better way to align their customer experience goals with the highest security standards. Next-generation authentication controls can be used as a positive component in the user journey as long as the methods never alienate true customers and the result is better protection from fraud and abuse – which is the ultimate customer experience killer. Rather than prioritizing a frictionless experience at all costs, targeting intelligent friction at risky traffic will dramatically slow down fraudsters and sweatshops to the point that large-scale attacks are impractical and costly.

Ultimately, the only sustainable option for combating cybercrime is adopting a zero tolerance approach that undermines the economic incentives behind fraud. This requires actively monitoring customer touchpoints for all forms of abuse, and ensuring that malicious users encounter sufficient resistance to disincentivize them. This will put an end to the vicious cybercrime cycle of success, whereby fraudsters learn from successful attacks and reinvest the proceeds of fraud into more data and more advanced tools – stopping the continuous upwards trend of fraud attacks that businesses are currently experiencing.

 

About the Author

Benji Taylor is the Senior Director of Solution Delivery for Arkose Labs. He has been working in the Online Fraud and Abuse space for the past six years. He loves exploring the constantly changing fraud attack landscape and seeing new verbose ways companies are finding to quickly and effectively mitigate and reduce the attack service for their customers.

Understanding the Challenges of IoT Security

Guest Post

By Guillaume Crinon

Global IoT Strategy Manager at Avnet

Deploying an IoT solution isn’t like putting a product on a shelf. The solution cannot be created and let go of, as the best ones should flex with business needs and security challenges. Indeed, a safe protocol today might get hacked tomorrow. Or a field of sensors could be compromised or marked ‘end of life’ six months after being deployed globally. This complexity is the root of so many cyber vulnerabilities—especially as deployments in the IoT get even more intricate.

Gartner says worldwide Internet of Things (IoT) security spending was $8.47 billion in 2018. This figure is projected to grow to over $73 billion by 2026, a CAGR of 31.2%. That aligns with predictions that the global IoT market is expected to be $3.9 trillion dollars by 2021, led by discrete manufacturing, transportation, logistics and utilities. However, while that growth is promising, it does pose a challenge, as there can be no one-size-fits-all technology to accomplish IoT security. Any custom IoT solution presents a number of individual security challenges—all on faster timelines and with more data breaches than ever.

This is probably why a 2019 SMB Cyberthreat Study by Keeper Security found that only 40% of service providers have a cybersecurity plan in place to react to a potential breach. That means six out of every 10 providers aren’t preparing for a crack in the system. At the same time, 66% of developers believe a breach is unlikely to happen in the first place – even though 67% experienced one within the last year.

Developers too often forget that the implementation of a security countermeasure is as important as the countermeasure itself.

Developers too often forget that the implementation of a security countermeasure is as important as the countermeasure itself. For instance, HTTPS with the use of private keys and certificates is the right way to HTTP. However, implementing HTTPS in pure software, with unprotected storage and computation of private keys and certificates, is very weak and prone to easy hacking.

One underlying misconception that drives security weakness relates to the idea of Machine-to-Machine (M2M) security. M2M is a misleading acronym. For scalability reasons, in most deployed IoT architectures, machines, appliances, and devices, sensors do not directly talk to one another, but instead report and pull data to and from more or less distant, larger systems that are capable of analyzing and making decisions. This happens either on the edge or in the cloud itself. It is impossible to anticipate which route, network and backhaul will carry the data. We only know that there will be multiple legs operated by as many providers with no guarantee of persistence: network routes are dynamic and the route from point A to point B can be different every day.

As a consequence, network security is insufficient as it only takes care of securing traffic on a leg-by-leg basis.

As a consequence, network security is insufficient as it only takes care of securing traffic on a leg-by-leg basis. As internet users, we know this very well: when accessing the web from public WiFi, our web browsers make sure we have an HTTPS/FTTPS connection to the URL we are visiting. Otherwise, we get a red flag in our URL bar. Just like HTTPS, we need an extra layer of end-to-end security between the connected device and the data repository above every network security so that we do not have to care and trust which network is carrying what. Transport Layer Security (TLS) and derivatives are the best protocols to achieve this — they can be applied to HTTP, FTTP, MQTT and turn them into HTTPS, FTTPS, and MQTTS respectively, exactly what we need in the complicated security world of IoT.

To put it simply, IoT, as with so many other technologies, embodies innate security defects. They can only be avoided if a technology product ensures three things:

  • Mutual authentication: Devices and servers should and can prove true and unique identities to each other
  • Message integrity: Messages sent between devices and servers should be able to be sent safely so that they can’t be hacked, altered or changed by an interfering party
  • Message confidentiality: Messages should also be able to be coded so only parties authorized to receive them can read what they say—a main center of data privacy

With these three ideas in mind, it becomes possible to commence robust security practices in IoT.

 

About the Author: Guillaume Crinon is the Global IoT Strategy Manager at Avnet, responsible for security and connectivity solutions. He has more than 20 years of experience in the semiconductor industry, mostly in radio-frequency circuit design, but also has extensive experience in metering, building/home automation and security systems. He joined Avnet in 2011. Guillaume graduated from SUPELEC in Paris (MSc in EE) and has co-authored 12 international patents in wireless systems, IC architectures and design to date.

 

From NordVPN: Is our freedom of speech at stake? The most significant laws that will shape the future of the internet 

By Daniel Markuson, digital privacy expert at NordVPN

 

April 6, 2020. 2019 saw some curious laws regarding the internet. Several countries made somewhat questionable moves in an attempt to regulate users’ freedom online — some in more extreme ways than others.

At NordVPN, we support freedom of speech online and believe that the internet should maintain one of its fundamental objectives  to empower every individual connected to it. Of course, some regulations are necessary, but some countries tend to create overly intrusive laws that restrict freedom of expression or free access to information. Many experts worldwide agree that it often happens not only because governments want more control over their citizens, but also because lawmakers lack technical knowledge.

 

Here are some of the laws from different countries that were discussed by cybersecurity experts and human rights activists last year:

 

Vietnam 

On January 1, 2019, Vietnam passed a law that raised some concerns among cybersecurity experts. Some compare Vietnam’s new regulation to China’s internet governance regime, which is marked by censorship, pervasive internet control, and surveillance. For example, the law allows Vietnamese authorities to delete or block access to data, inspect computer systems, and criminalize propaganda against the official government. Even though the official aim of this law is to help to better protect the country from foreign cybersecurity threats, it gives more power to the Vietnamese government to monitor or even block access to information.

 

Russia

On November 1, 2019, Russia’s “sovereign internet” law went into effect. This law enables Russia to disconnect their internet from the rest of the world. In December 2019, Russia successfully tested it. RuNet would essentially work like a gigantic intranet, similar to what large corporations have. This concerns many cybersecurity experts, as people will be kept in a bubble, unable to have a dialogue or access information from outside the country. The idea that Russian citizens will not be able to access outside information is rather worrying – essentially, RuNet could become a tool for country-wide propaganda.

 

China

China is notoriously known for censoring the internet. In 2019, their government implemented more than 60 restrictions. On January 4, 2019, China kicked off a project to take down many sites featuring content with pornography, gambling, parody, promoting “bad lifestyle”, and “bad popular culture” among many others. Later in January, China implemented even more restrictions, such as prohibiting content with “the pessimistic outlook on millennials,” “one-night stand,” “non-mainstream view of love and marriage.” In July 2019, China announced a regulation stating that users who seriously violate related laws and regulations would be subject to the Social Credit System blacklist. And even if some of those sound reasonable, experts fear that these laws are only stepping stones for further censorship.

 

Nepal

In December 2019, Nepal introduced the Information Technology bill, which would empower the government to censor online content, including social media. According to this bill, anyone who posts an “offensive” comment could face up to 5 years of jail time and a fine of 1.5m rupees (about $13,000). The law concerns cybersecurity and human rights experts as it restricts freedom of expression. For example, it criminalizes any content on social media, which is against “national unity, self-respect, national interest, the relationship between federal units.” The law itself contains three sections, and one of them restricts publishing such content via any electronic platform — news websites, blogs, and even sending by email. According to Freedom Forum, 38 journalists were arrested, detained, or questioned by the police in 2019, and the new IT bill might even worsen the situation.

 

Thailand

In February 2019, Thailand’s military-appointed parliament passed a controversial law that gives sweeping powers to state cyber agencies. The government could search and seize data and equipment in cases that are deemed issues of national emergency. This could enable internet traffic monitoring and access to private data, including communications, without a court order. Given the political climate, it is concerning that the law could be weaponized by the government to silence critics.

 

ABOUT NORDVPN

NordVPN is the world’s most advanced VPN service provider, used by over 12 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.

 

A Cyber Approach to Coronavirus Containment

What lessons can be learned from reviewing how we manage cybersecurity and applying it to an anti-Coronavirus campaign?

In recent years, some in the cyber world recognize that there is a lot to learn from the biological world when protecting systems against viruses. Now, the Corona epidemic presents an opportunity for the medical world to learn something from the cyber world. To analyze the strategies selected by various countries, let’s review it through the lens of cyber strategies.

Let’s begin by recognizing that cybersecurity is built in layers. There is no one magic solution or layer which will prevent all the possible attacks. Furthermore, in the cyber world, it has been realized for some time that it is impossible to protect everything for all eternity. There will be victims. Computers will be attacked, information will be stolen, and activity will be interrupted, etc. It has already been accepted in the business world that it is not possible to maintain an extremely high level of protection, while at the same time enabling a business to run at its required pace.

A compromise must always be found, and risks managed. Extremely high levels of security are possible, but this will give rise to a situation where work may grind to a halt. Businesses accept that by running freely, they expose themselves to various levels of cyber threats.

The challenge, which has become the main responsibility of information security managers, along with their organizations, is to learn how to live with this day-to-day compromises. To understand the risks they take, determine what level of risk they can accept, and what level of risk is too great.

Just as businesses weigh various protection approaches, we can see several strategies for protection against Coronavirus being implemented by various countries. In Asia, South Korea, and Taiwan, a relatively advanced approach have been adopted of detecting the threat, finding where it is harbored, and dealing with it surgically wherever identified. All this is in conjunction with a basic layer of disinfecting large areas.

As in the cyber world, this can be seen in the use of advanced concepts of threat hunting and extensive investment in detection and incident responses. All this is above and beyond the basic layer of a standard firewall and endpoint protection in order to provide some basic level of protection throughout the whole organization. This approach is a reflection of an understanding that the “point of contact” to the world will be breached, or in the professional slang, “the perimeter is dead”. It is not possible to achieve full protection and keep the threat outside the perimeter forever. The threat must be sought out on a targeted basis and dealt with wherever identified without giving up on a basic layer of protection, which will succeed anyway in preventing the simpler threats from penetrating.

Aside from these countries, most countries in the world, including Israel, Italy, and The USA have adopted approaches that are considered traditional and older, according to the cyber world. Israel began with an approach that derives from the belief that there is indeed a “perimeter” and that the threat can be blocked externally and prevented from getting inside. As mentioned, in the cyber world, this approach is now widely thought to be inherently irrelevant. Subsequently, Israel, like Italy and the USA, transitioned to taking the approach of a callous and aggressive policy. In the cyber world, such an approach equates to a policy of a strong lock-down of the network, preventing the transmission of information between points in the network. This makes any approach to the resources of the network difficult and, in general, terms attempt to reduce traffic on the network. Such an approach can indeed succeed in producing achievements in terms of preventing breaches of the network and the endpoints, but it also has the effect of preventing most of the activity on the network and, consequently, having an adverse effect on the organization’s business activity. Such an approach to protection was previously beneficial at sensitive locations such as Defense Establishment Institutions, but over the years, they have also understood that it is impossible to operate over time with such difficulties piling up over the activity of the organization.

In the IDF, it was realized several years ago that in order to achieve the aims of the organization, it must allow more access to the network, to facilitate more connections and transmission of information between endpoints. In order to reduce potential risk, the organization has sought more advanced protection approaches.

Throughout the industry, it is now difficult to find organizations that still stick with the approach of a robust and aggressive cyber policy. In the last decade, we have witnessed a shift towards more sensible and considered risk management, which attempts to strike a balance between the need to facilitate activity and the desire for protection.

Britain has attempted to adopt its own unique approach, which, by contrast, the cyber world finds slightly illogical. In fact, Britain has attempted to rely upon the immunity of all its citizens, and in cyber terms, it is as if they are content with the installation of anti-virus software at all the endpoints. This protection approach has not been relevant in the cyber world for approximately 20 years, and there are currently no organizations in existence that use it as their approach for protection, with the possible exception of very small businesses.

It is possible to analyze the operational approaches of the countries from another angle in the cyber world, and that is “threat intelligence”.  On one side of the spectrum is the USA, which appears to have approached this situation with a profound lack of information, to the point of ignorance in the face of the threat. On the other hand, Israel has learned as much as it could about the threat and has attempted to prepare for it ahead of time.

Today in the cyber world, there is a growing acknowledgment of how difficult it is to build a layer of protection against cyber threats without engaging in the acquisition of advanced information related to threats and their nature. Currently, the leading organizations worldwide, with their own ability to protect themselves, are widely reliant upon information when addressing cyber threats.

Another analogy to the cyber world can be analyzed from the public reactions in various countries. Apparently, in Singapore, Taiwan, South Korea, and perhaps other places, the public has strictly complied with governmental directives, understanding the risk and responding well to the threat. On the other end of the spectrum is Italy, which reacted complacently, did not heed governmental instructions, and didn’t understand the size of the threat. Thus, in cyber, the sphere of awareness and training which has been gathering momentum in recent years tries to get the personnel of the organization to appreciate the threat and educate them on proper procedures in the presence of a threat. This is regarded as maintaining “cyber hygiene,” which reminds employees not to open suspicious emails, how to report something suspicious to the organization, etc.

Organizations that have invested in educating people regarding awareness and correct actions have reported an improvement in the immunity of the organization to cyber threats. In organizations that have not invested in this at all, most people find themselves falling prey to cyber-attacks such as email impersonations.

It appears that in the cyber world, more advanced organizations are adopting more innovative approaches, and the use of advanced tools such as threat hunting, detection, incident response, as well as employee awareness have produced better results in coping with cyber threats. Thus, in the physical world, countries that have adopted similar approaches appear to have succeeded, at least for now, in containing the virus’s threat in terms of a dramatic reduction in the number of cases of infection and are on the point of at least a partial return to routine. Countries viewed as maintaining more traditional approaches and that are attempting to sanctify the perimeter or apply tough, aggressive policies as their major effort, are finding it very difficult to contain the threat. These countries are still seeing a rise in cases, coupled with a widespread paralysis of economic activity, and the economy as a whole.

If countries wish to learn lessons from the world of cyber protection in order to deal with the Coronavirus threat, then they must bear in mind that building defenses must consist of several layers. No one method can avoid the threat.

Investment efforts must be put toward prevention. It is essential to create a basic level of control and monitoring of entrances, but the action is also necessary on the level of detection and treatment. This can only be done properly by adequately gathering and analyzing the latest data. It is to be hoped that more and more countries will consider adopting more advanced protection approaches, finding ways of applying them in the physical world in order to accelerate the end of the threat and bring about a return to a normal routine.

About the Author

Zohar Rozenberg

Zohar Rozenberg serves as VP of Cyber Investments for Elron, investing in early-stage cybersecurity and Enterprise software startups. In his previous role as an IDF 8200-unit Colonel (retired), Zohar assisted in the founding of Israel’s National Cyber Bureau, formalizing the country’s national cyber strategy. His final role with the IDF was as the head of its cyber department. He is always looking for bold and innovative entrepreneurs which their ideas promise to shape our tomorrow.

Guest Column: California’s Consumer Privacy Act (CCPA) to Change How Companies Store Data Nationwide

By Richard Kanadjian, Encrypted USB Technology and Business Manager of

Kingston Technology

 

Privacy laws are always changing and getting stricter rather than more lenient. As of January 1, 2020 California’s Consumer Privacy Act (CCPA) has joined other policies like General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA). With the enactment of these privacy laws, data breaches have more serious liabilities for any company that holds sensitive consumer information, including Personally Identifiable Information (PII) of consumers and or any other confidential information. These laws don’t only affect companies in California, but any company that does business in California.

The European Union’s GDPR regulation is currently in effect as well, and it allows non-complying organizations to be fined up to 4 percent of annual global turnover or €20 million (about $20+ million USD), whichever is greater. In addition, companies must always have their records in order, conduct impact assessments, and notify supervising authorities and people affected by breaches or else be fined 2 percent of their annual global turnover.

CCPA (officially called AB-375) incorporates some of the elements of GDPR and takes a broader view of private data and protecting PII. The intentions of the law are to provide California residents (defined broadly enough to cover consumers, employees, business contacts and others) with the ability to know what personal data is collected about them (and have access to this information); how that data is used, sold or disclosed; ability to say no to the sale of personal data; request their data to be deleted; and more. It is necessary for companies of all sizes to lock down the storage, transportation, and management of sensitive consumer and company information.

 

The California Consumer Privacy Act’s (CCPA) Effect on Businesses

While CCPA was originally created to enhance privacy rights and consumer protection for the residents of California, it will impact most businesses across the country and the rest of the world. According to AB-375, companies will be penalized when there is “unauthorized access and exfiltration, theft, or disclosure as a result of the business’ violation of the duty to implement and maintain reasonable security procedures and practices.” The criteria to determine if this law will affect your business are (any one of the three make the law applicable to your business):

  • Do you earn more than half your annual revenue from selling consumers’ personal information?
  • Do you possess the personal information of 50,000 or more consumers, households or devices?
  • Do you have gross revenue of over $25 million?

Companies that do not comply with CCPA are subject to both civil class action lawsuits in the state of California and can be assessed with damages of $100 to $750 per California resident and incident, or actual damages, whichever is greater. Companies are also subject to fines from the state as the California attorney general can sue them for non-compliance.

 

BYOD: Bring Your Own Device & Its Effect on Security

Even with companies adhering to the strictest security mandates and spending millions on cybersecurity, all it takes is one unsecured BYOD device to threaten the entire security system.

Many companies do not restrict employees from bringing their own storage devices, such as USB drives, to make copies of data incorporating PII that should be protected – this is called Bring Your Own Device. While USB drives are incredibly convenient and have been proven to increase productivity, they are also very susceptible to being lost, ending up in the wrong hands. What’s more is that most of these drives are unencrypted, making the data accessible to anyone that has access to the drive.

 

How Does a Company Effectively Manage Removable Storage Devices? 

The safest, most reliable means to store and transfer personal, classified and / or sensitive data is to have a company policy of standardizing the use of hardware-based encrypted USB drives. Cybersecurity experts agree that the use of an encrypted USB flash drive is most effective for keeping confidential information what it was intended to be – confidential.

From a cost perspective, hardware-based encrypted USBs are not much more expensive than non-encrypted devices – and they are like insurance against the unthinkable – the loss and breach of private data that could be exposed otherwise. There is a range of easy-to-use, cost-effective, encrypted USB flashdrive solutions to choose from that can go a long way toward mitigating your privacy and security risks and, quite possibly, save you money and stress.

An example of a cost-effective and easy to use encrypted USB drive is Kingston’s DataTraveler® Vault Privacy 3.0, providing affordable business-grade security. This encrypted solution features military-grade 256-bit AES hardware-based encryption in XTS mode, it protects 100-percent of data stored, and enforces complex password protocol with minimum characteristics to prevent unauthorized access. It also features a read-only access mode to avoid potential malware risks. For additional peace of mind, the drive locks down after 10-incorrect password attempts.

To take things a step further, companies can deploy encrypted USB drives in the field as a matter of practice. Some drives can be managed via software that is on-premises or Cloud-based where an IT architect can white list access to the drive, disable it if it’s lost, enforce password characteristics and much more.

Consumer privacy and data security are concerns for businesses of all sizes, and identifying cost-effective ways to mitigate the risk is of the utmost importance in 2020 and beyond. Customer information and other sensitive data needs to be stored on encrypted USB drives to mitigate any risk of a data breach, data loss, and liability.

 

Learn more at kingston.com

 

###

About the Author

Richard Kanadjian is currently the Technology and Business Manager of Kingston Technology’s Encrypted USB unit. He joined Kingston in 1994 and has served the company in a variety of roles for both the Flash and DRAM divisions. Among his many positions, Mr. Kanadjian was a field applications engineer in the company’s strategic OEM division, where he helped build relationships with leading PC and chipset manufacturers. Prior to his current role, Mr. Kanadjian was part of the SSD product engineering department helping develop and support Kingston’s enterprise SSDs on both a technical and customer level.

 

Most Spam Emails Originate in China, the US, and Germany

 NordVPN Provides 3 Things We All Should Be Alert of When Receiving an Email

 

February 20, 2020. Even though we get less spam, such emails are still a major threat to internet users. Spam often contains not only commercial information but also links that lead to phishing or malware sites. And spamming techniques keep constantly evolving.

According to Statista.com, more than 50% of emails sent worldwide in 2018 were spam emails and unwanted ads. Most of them originated from China (11.69%), despite the internet censorship existing in the country. The United States of America came second, accounting for a little above 9%, while Germany took third place, reaching slightly above 7%.

Spam emails are focused not only on selling products. They often contain a fake message from a service you use or an institution you trust. Cybercriminals pretend to be your bank, the government, a mobile service provider, or any other trustworthy organization.

“Their goal is to have you open a spam email and click on suspicious links or even download an attachment that hides malware. The risks are high because they want to trick you into giving away sensitive information such as your login credentials or your bank card number,” explains Daniel Markuson, a digital privacy expert at NordVPN.

Most importantly, spammers have honed their skills over the years and developed emails that are hardly recognizable both by humans and by spam filtering algorithms. The messages have become more personalized and specific; they are more fluent and have fewer grammar mistakes than older ones. But the most interesting is the content itself and how it changes over time.

“From dietary pills to CBD oil bargains, from winning a lottery to your account being hacked. The times are changing, and so are people’s needs. It’s all reflected in spam emails, and that is to trick internet users more easily,” says Daniel Markuson, a digital privacy expert at NordVPN.

Interestingly, a big part of spam in 2018 was related to the FIFA World Cup. The event was exploited by cybercriminals who used various deception methods based on social engineering. Scammers created fake FIFA sponsor websites and sent spam emails to get access to attendees’ bank accounts and personal data. They also carried out targeted cyber-attacks. However, the number of email spam was still 4% lower in 2018 than in 2017, according to Statista.com.

But even though the contents may differ, and some may seem legit at first glance, there are a few things you should always be alert of when receiving an email:

 

  1. A spoofed display name. The email will appear to come from a legitimate organization but the sender’s domain name will be entirely different. For example, it might look like Netflix, but if you hover over ‘Sender,’ you’ll see that the email came from netflix@gmail.com.

 

  1. Embedded links. Social hackers might send an email asking you to click on a link and log back into your account (even though you haven’t been active on that site recently). The spoofed URL will lead to an infected website. One way to protect yourself is to right-click on the link and check the address to see if it looks legitimate.

 

  1. Email attachments. Invoices, order confirmations, event invitations, and other attached files can be used to disguise viruses or malware. Don’t open them or reply to the sender if they seem suspicious. Draft a new email to the person you think emailed you.

 

ABOUT NORDVPN

NordVPN is the world’s most advanced VPN service provider, used by over 12 million internet users worldwide. NordVPN provides double VPN encryption, malware blocking, and Onion Over VPN. The product is very user-friendly, offers one of the best prices on the market, has over 5,000 servers in 60 countries worldwide, and is P2P-friendly. One of the key features of NordVPN is the zero-log policy. For more information: nordvpn.com.

 

Guest Post: Bringing DevSecOps into Play

By Shauli Rozen, CEO of Cyber Armor

Continuous integration (CI), continuous delivery (CD) and agile development quickly delivering minimum viable products (MVPs) have become the norm, replacing waterfall development with minor quarterly updates and major yearly or semiyearly releases.

Everything is being built and tested earlier and earlier in the process by tighter teams to ensure even the MVPs go to market with as few defects and security vulnerabilities as possible.

These new processes are creating growing pains for well-established organizations and causing them to be playing catchup with agile startups who have had the opportunity to build these processes from the ground up.

Issues have also arisen in the face of accelerated development – where does security go? When applications were monoliths, most of the security depended on the infrastructure. Now, with the age of microservices and containers, security has become a more critical consideration during the development process. This results in companies facing cultural challenges in adopting or implementing security within the development cycle, and the introduction of a new role / paradigm – the DevSecOps.

The mere concept of DevSecOps means that security is embedded into the development and deployment processes (Continuous Development / Continuous Integration or CI/CD). That simple definition points to the main cultural shift that needs to happen in organizations embracing DevSecOps – security is an inherent part of software development; it’s technical, it’s driven by the developers, and it needs to be embedded in their processes, if it isn’t already.

It also means that the scope of enterprise security is starting to get divided into two different disciplines, requiring very different skills and roles: “IT security” – which is responsible for policies, email protection, document protection, and the general security of the operational environment of the organization. And “Production security” – which is responsible for the solutions deployed by the organization in is data center and in the cloud, this discipline is very technical in its nature and involves the actual production environment of the company.

While CISOs still have overall responsibility for the organization’s security posture, a new breed of security personnel is emerging — the “development-minded” security architect who works closely with the development and DevOps teams on the company production environment.

For example, one security project we are currently running is led by the R&D security architect. He is “R&D born” and went into security as part of his role. During our first meeting, he said, “I am in charge of solution security, but please do not call me CISO. CISOs create policies; I build environments.” That says everything about the shift that is happening.

Creating the Right Environment

To successfully initiate a DevSecOps shift, security responsibility needs to be pushed “left and down” in the stack. First “left” – into the engineering team, where R&D leaders and CTOs take more of that responsibility into their groups. Then “down” – from the executive level to developer level.

DevSecOps is a practical role, not academic. It needs to be built into the development teams, adding tools that will enable them to easily deploy secured solutions as well as reduce the amount of overhead it creates.

The challenge is that for developers, functionality will always take first priority — as it should, and that’s why tools that enable them to seamlessly add security best practices to their code and products are extremely important as part of driving the DevSecOps shift.

A practical first step would be to appoint security architects who actively participate in the design process of every solution and work hand in hand with cloud architects and system engineers. These security architects can have a dual reporting line – to the engineering leader and the security officer.

The shift is happening whether organizations are ready or not. They need to step in and take control to ensure that the next big data breach isn’t because of weaknesses in their architectures and applications.

Guest Post: 2 Tips on How to Protect Kids from Cyberbullying

Kids love surfing the internet during their free time. But, many don’t recognize the risks they expose themselves to when online. With technological headways, cyber bullying has become a notable threat to kids. Internet dangers statistics say that the number of kids who encounter bullies keeps growing. And this makes it imminent for parents to safeguard their kids from online risks.

Here are ideas to intensify your child’s online safety:

  1. Educate your child

Have a close relationship with your child, and this will make it easier to notice changes in the child’s behavior. Also, train your child on how to handle a bully by not reacting to provocations. Moreover, train your kid to report any acts of bullying and other online risks faced to you.

If this doesn’t work, consider getting rid of your kid’s phone. By typing “sell Samsung phone” on Google, you’ll find a variety of sites to assist you in exchanging the device. Others will even compensate r help you sell it. However, this will depend on your phone’s model.

  1. Restrain your child from becoming a bully

Most kids don’t understand that talking ill to others online can affect them. So, let your kid know that no one wishes to feel belittled. Help your child recognize the impact of their actions on others and also what would happen if caught harassing others.

Bottomline

There are many online risks, and kids mostly fall prey. So, monitor your child’s online activities and enlighten them on online dangers for chatting with strangers on social media. Kids who have encountered bullies are also likely to become bullies, so talk to your child against the vice.

2020 predictions from Greg Wendt, Executive Director, Appsian 

Greg Wendt, Executive Director, Appsian predicts:

  • This year there will be a shift of CIO’s from systems technology experts to data-centric experts as security increasingly becomes more of a data level issue. As enterprises become more and more aware that the security of sensitive ERP data is a high priority especially with the rise in data privacy regulations such as CCPA, there will be a rise in CDO roles as well as a shift in the roles of CIO’s from focus on systems to a focus on data. This shift will cause many challenges though, as the majority of CIO’s do not specialize in the systems aspect of ERP. Yet, the rise in data-centric compliance initiatives as well as the deployment of fundamental security tools such as multi-factor authentication and SSO within the enterprise, will ease the transition from a systems-centric CIO to a data-centric CIO. Additionally, from an organizational perspective, we can expect more CIO and CISOs at the board level as organizations continue to mature and invest further in security and understand the varying operational budgets.
  • Enterprises can expect the trend of increased data breaches in ERP systems to continue to rise in 2020. Since ERP was first designed as an application product, ERP systems cannot evolve alongside an organization’s ever growing IT environment and are unable to integrate with advanced security initiatives. It is and will remain very challenging to keep ERP systems up-to-date and due to the business criticality of these applications, enterprises are wary of switching them out entirely. In order to secure ERP systems in 2020, business owners must realize the criticality of their businesses’ usability of ERP apps. It is the business owner who is more familiar with the users, and as Gartner concluded, it is the user – not the provider – who fails to manage the controls used to protect an organization’s data. With the growing number of connected applications running across the company, such as payment and HR apps, business owners need to evolve their ERP systems and go beyond firewalls.
  • We can expect more enterprises adopting Privileged access management (PAM) as a key IT security project as well as effective access controls due to heightened third-party risk. PAM is the first, fundamental level of data protection, privacy and compliance when logging and auditing are concerned, and with more and more data privacy regulations on the horizon, PAM will become a key IT security project in the coming year. Additionally, given that the majority (83%) of organisations engaging with third parties to provide business services identified risks, organizations must hold all third parties at greater liability and bound them by their contracts as to data protocols if breached in 2020.
  • Users will increasingly demand ERP access beyond their corporate networks. As organizations continue to ask more of their employees, employees will insist that their ERP transactions are available from any location, at any time. In order to maintain high levels of security, ERP transactions have traditionally been available (only) behind corporate firewalls. However, this model immediately causes user push-back, especially as more organizations rely on mobile workforces to scale and keep business running in the coming years. When enterprises insist that employees only execute their ERP transactions when they have access to a corporate network, users will inevitably avoid it which will cause increased strain on an organization across functions. Therefore, in 2020, we can expect more organizations to invest in solutions that focus on enhancing access controls and logging. More and more organizations will begin to understand the importance of expanding access as a table stakes initiative as productivity requirements shift, demanding users to be as mobile as possible.

 

Bio: Greg Wendt is the Oracle® PeopleSoft security expert. During his 17 year career, he has been recognized as a leader in data security, application architecture and business operations. He served as ERP Application Architect at TCU where he was responsible for TCU’s PeopleSoft system and was Chairman of the Higher Education User Group’s multinational Technical Advisory Group (HEUG TAG). Greg has led criminal justice and cyber security courses focusing on hacking techniques.

Privacy Policy