Category Archives: cyberthreats

As Seen on TV: Important Lessons for Winning the Fight Against Cybercrime

In recent years, we’ve seen ample evidence of our collective cybersecurity failures. But we still haven’t learned the most important lessons.

To start, there is no silver bullet — no single technological fix. What’s more, while cybercriminals have been coordinating in organized groups, we have been trying to fight cybercrime in silos. If we are going to beat back the advances of cybercrime, we need better collaboration within the cybersecurity industry, with shared intelligence across public and private sectors.

We must focus more on responding to the inevitable “boom moments” after a breach occurs, not just what comes “left of the boom,” the prevention and detection of threats. Furthermore, we need a drastic elevation of cybersecurity skills and awareness.

On that last point, we need to raise the level of cybersecurity awareness — not just to protect our businesses, but among the general population. Our families and friends must understand what we’re up against and become knowledgeable of security hygiene to deny cybercrime organizations the victims they need to finance their operations.

That’s why I’m so proud that IBM Security teamed up with Atomic Entertainment and Science Channel to create a documentary special that explains, in provocative detail, what we’re up against.

Go Behind the Scenes of the Fight Against Cybercrime

Dark Web: Fighting Cybercrime” — airing on Science Channel at 5 p.m. EST on Thursday, July 19 and available afterward on-demand — brings to a mass audience a close encounter with the dark corners of the internet and offers insights into the history of cybercrime and where it’s headed. Better yet, the film goes behind the scenes of the fight against cybercrime, bringing you right inside a security operations center (SOC) to witness a simulation of a cyberattack and the challenges of responding in the moment to stop the “bleeding” and mitigate further damage.

Take a peek inside the dark world of cybercrime

I’ve been a part of hundreds of these simulations in our IBM Security X-Force Command Centers, and I have seen many accomplished and smart executives grappling with a kind of pressure few have experienced before.

When you watch the Science Channel special, you’ll see why practice runs are essential for security teams and business leaders to understand how to respond to an attack. While first responders and military service members train rigorously to deal with threats, the same can’t be said about organizations under threat of cyberattacks.

Just think about the training and preparation a military pilot goes through — hundreds of hours in simulators and in classroom training. But business leaders today are taught to be deliberate in their decisions, to pause and collect all the data before acting. That’s about the worst thing you can do when there’s a breach. After the boom, you need to act right away to prevent a bad situation from becoming worse.

Learn How to Keep Calm in the Face of a Cyberattack

Many of the people who go through the simulations in our command centers can become flustered and discouraged, despite being highly capable leaders. When the CEO who normally acts with confidence when making business decisions is suddenly thrust into the unknown of a cyberattack, the fight-or-flight adrenaline makes decision-making extremely difficult, and he or she starts to make mistakes.

It’s like trying to learn a new sport: You are bound to fail at first, but it’s by failing that you learn. And it’s far better to strike out or miss a tackle in practice than in a real game.

For many of our clients, it’s very apparent that rehearsing these situations is essential to honing their crisis leadership. By experiencing a simulated cyberattack, teams build muscle memory of what to do and with whom to communicate. By incorporating what they’ve learned, leaders can go back to their organizations and script their responses to automate as much of the decision-making process as possible. You can act faster and more effectively when the rules are written down, processes are established and everyone understands their job.

As the Science Channel special demonstrates, there’s a common thread among successful teams in our cyber ranges, and that’s the calm and collected leadership of people with backgrounds in the military or first responder jobs.

We need more of these disciplined and quick-acting men and women in cybersecurity. But the traditional way of recruiting cybersecurity staff — finding experienced professionals with a background in cybersecurity, college degrees and information security certifications — can overlook nontraditional candidates who can nonetheless do the job. At IBM Security, we’ve advocated and put into practice a “new collar” approach to recruiting professionals. It means looking beyond credentials to find individuals with the skills, aptitude and attributes to adapt to new cybersecurity roles.

Why I’m Optimistic About the Future of Cybersecurity

Unfortunately, there’s a lot of pessimism right now about the acceleration of threats, mounting breaches and exploding costs of incorporating a wide array of disparate and disconnected security technologies into IT environments. Yet, I am optimistic, because we do not have to fight alone.

By collaborating across organizations and within the security industry, we can limit the spread of threats through shared insights and intelligence. Together, the cybersecurity industry and our partners can simplify security by integrating our solutions, because complexity is the enemy of security.

We also have a new partner that can help turn the tide in the fight against cybercrime: artificial intelligence (AI). By advancing the security applications of AI, we create a force multiplier, because automating tasks and limiting false positives frees up human analysts to make critical decisions faster.

Finally, it bears repeating that we must create more allies in this fight by educating our employees and the general public about threats to their online privacy and security. I think “Dark Web: Fighting Cybercrime” does a standout job of doing just that.

Whether you’re a security professional, business executive or concerned citizen of our digital world, you’ll gain valuable perspective from this fascinating documentary. Check out the trailer below to get a taste of the action, and watch “Dark Web: Fighting Cybercrime” on Science Channel at 5 p.m. EST on Thursday, July 19, and later on-demand. Get your friends and family members to watch too — after all, we’re all in this fight together.

Take a peek inside the dark world of cybercrime

The post As Seen on TV: Important Lessons for Winning the Fight Against Cybercrime appeared first on Security Intelligence.

Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud?

Employee negligence continues to be a top information security risk for key figures in the enterprise, especially IT security professionals who rely on internal threat reports to do their jobs. This risk can take the form of genuine human error, a lack of security awareness or even deliberate attempts to steal corporate data for personal gain.

According to the 2018 State of the Industry report from document destruction company Shred-it, 96 percent of Americans said they view employee negligence as at least a minor cause of data breaches against U.S. companies. Some were even more convinced: Eighty-four percent of C-suites see it as one of their biggest information security risks — and 51 percent of small-business owners agree.

Reflecting this viewpoint, the majority of U.S. businesses revealed that they’re struggling to keep pace with modern workplace trends. In particular, 86 percent of C-suites, and 60 percent of small-business owners said they believe the risk of a data breach is higher when employees work remotely.

How can companies increase cyber awareness among nontechnical employees and better incentivize them to report potential security issues before they become full-blown incidents?

What Are the Consequences of Employee Negligence?

According to the Shred-it report, two main factors are driving up the level of concern over instances of workforce negligence, which includes accessing company systems over remote and unsecured networks or improperly disposing of sensitive data.

Employee carelessness is the first factor and has historically been one of the primary causes of data breaches. The IBM X-Force team uncovered as much in its 2018 Threat Intelligence Index, noting that negligent actions were behind two-thirds of total records compromised in 2017.

Employee negligence is the second factor and makes the job of IT security professionals more difficult. To adequately defend organizations against cyberthreats, security teams need employees to report any issues they come across. However, organizations don’t always encourage them to do so. According to a 2016 Ponemon report, 67 percent of respondents said their organizations don’t provide incentives for employees to report security issues proactively.

This lack of engagement can cause small issues to evolve into major security incidents. For example, 79 percent of respondents to a Keeper Security survey that suffered ransomware attacks said the threat entered their systems through phishing emails.

Employees can help identify phishing attacks — but without the knowledge or incentive to do so, many either fall for the scam or simply keep it to themselves. As a result, security teams must devote their resources and respond to these issues that could have been prevented in the first place.

How Companies Can Minimize the Effects of Human Error

Organizations can counter negligence among their workforce by integrating data protection measures, such as resiliency backup and other disaster recovery tools, into their business practices.

Companies should also continuously evaluate the effectiveness of their security strategies and ensure that internal protocols are keeping pace with the increasingly sophisticated threat landscape. These policies should include ongoing security awareness training for the entire company and provide employees with incentives to report potential threats.

The post Human Error Strains Security Teams: How Can Companies Nip Employee Negligence in the Bud? appeared first on Security Intelligence.

Does the Rise of Crypto-Mining Malware Mean the End of Ransomware?

Crypto-mining malware activity grew significantly in the first quarter of 2018, according to new research, suggesting that threat actors are finding this tactic to be more lucrative than traditional ransomware attacks due to the increasing popularity and value of digital currencies.

But this shift doesn’t signal an end to the threat of ransomware — rather, it points to an evolution toward more targeted attacks against specific organizations and industries, such as healthcare, that are most vulnerable and store particularly valuable data.

Cybercriminals Shift Tactics Amid Cryptocurrency Gold Rush

In short, this new trend shows that cybercriminals follow the money. Amid the rising popularity of cryptocurrencies like bitcoin, Monero and Etherium, threat actors have embraced crypto-mining schemes as a way to generate illicit financial gains with the least amount of effort, in the shortest time possible — and at a relatively low risk of discovery.

According to McAfee Labs Threats Report: June 2018, researchers observed more than 2.9 million samples of crypto-mining malware in the first quarter of 2018 — a 629 percent increase from just 400,000 samples in the last quarter of 2017.

“Cybercriminals will gravitate to criminal activity that maximizes their profit,” said Steve Grobman, chief technology officer (CTO) at McAfee, in a June 2018 press release. “With the rise in value of cryptocurrencies, the market forces are driving criminals to crypto-jacking and the theft of cryptocurrency. Cybercrime is a business, and market forces will continue to shape where adversaries focus their efforts.”

Troy Mursch, the security researcher behind the website Bad Packets Report, noted that the industry is seeing so many JavaScript-based crypto-miners because most modern browsers run JavaScript. This means that nearly every web user is a target of malicious crypto-jacking attacks.

Alternatively, attackers can maximize their computing power by infecting a server or other network asset with crypto-mining malware. This tactic makes enterprise networks particularly lucrative targets for crypto-jacking campaigns. Also, browser-based crypto-mining doesn’t require attackers to craft an exploit — and the action usually goes undetected so users might not know they’ve been infected for some time.

Why Ransomware Is Down but Not Out

These characteristics of crypto-mining could explain why some attackers have moved away from traditional ransomware. Victims also know when they’ve suffered a ransomware infection and can respond accordingly, which demotivates potential attackers.

But the fact that opportunistic attackers are leaving ransomware behind doesn’t mean the threat is over and done — it’s merely changing. For instance, threat intelligence provider Recorded Future noted that ransomware attack campaigns are becoming more targeted in nature. This is evident in ransomware actors’ penchant for going after healthcare, an industry in which resource deprivation can threaten people’s lives and trigger urgent responses. According to insurance company Beazley Group, healthcare targeting accounted for 45 percent of all ransomware attacks in 2017.

Attackers are also beginning to leverage the mere threat of high-profile ransomware to extract payment. Action Fraud, the U.K.’s cybercrime reporting center, detected one such scam campaign warning users that they had been infected with WannaCry. In actuality, the emails simply aimed to scare recipients into sending a bitcoin payment, limiting the necessity of even distributing malicious software to obtain its gains.

How Companies Can Defend Against Crypto-Mining Malware

Amid the growth of crypto-mining malware and the ongoing evolution of ransomware, enterprises can defend themselves against crypto-mining malware by investing in an endpoint security solution and creating a patch management program.

Because ransomware relies on suspicious emails and software vulnerabilities for distribution, users can guard against its primary attack vectors by following best security practices. Organizations can further defend themselves by regularly updating antivirus software and training employees to refrain from engaging fraudsters over email.

The post Does the Rise of Crypto-Mining Malware Mean the End of Ransomware? appeared first on Security Intelligence.

Why Growing Cyberthreat Awareness Among CEOs Could Lead to Bigger Security Budgets

Recent data revealed that CEOs are now putting fears about cyberthreats ahead of traditional business concerns, such as an increasing tax burden and the availability of key skills. This shift in priorities may help IT professionals make a stronger business case for more substantial security budgets — a challenge for many C-suite leaders in recent years.

Cyberthreat Awareness on the Rise Among CEOs

Executives around the world have become more aware of the cyberthreat landscape as technology has grown more pervasive in the enterprise. A new survey of global CEOs ranked cyberthreats among the top five most significant impediments to business growth. In North America, CEOs listed IT security as a top priority, with 53 percent of executives reporting that they were “extremely concerned” about cyberthreats.

These findings from consulting firm PricewaterhouseCoopers (PwC) indicate that C-suite executives might be warming up to the idea of allocating more resources for security. While the 2017 study placed cyberthreats at number 10 on the list of impediments to business growth, this concern took the fourth spot in 2018.

Now Is the Time to Push for Bigger Security Budgets

The new data suggests that security leaders should consider reframing their requests to business leaders for more resources to fend off malware, social engineering and other cyberthreats. For example, chief information security officers (CISOs) can get board directors’ attention by focusing on the three R’s — reputation, regulation and revenue — and referring to news headlines to communicate the negative impact of a data breach from a business perspective.

Security leaders can also gain executive buy-in by understanding the organization’s business priorities and explaining how a greater investment in security can help the company achieve those goals. Also, conveying security data in a framework that board directors are used to seeing — such as a risk heat map — can help business leaders better understand the return on investment (ROI) of security investments.

The PwC data shows that CEOs are finally beginning to see the connection between cybersecurity and long-term business growth. For security leaders whose requests for more budget had previously fallen on deaf ears, now is the time to approach the C-suite and make a strong business case for more significant investment in cybersecurity.

The post Why Growing Cyberthreat Awareness Among CEOs Could Lead to Bigger Security Budgets appeared first on Security Intelligence.