Category Archives: IT security

Defining and Understanding User and Entity Behavior Analytics (UEBA)

User and Entity Behavior Analytics, or UEBA for short, provides you with a comprehensive solution for IT security while helping find and detect any user or anomaly that might be harmful to the network.

Defining UEBA

This is basically a cybersecurity solution that can recognize and essentially remember normal user behavior. As such, it can identify weird or anomalous instances whenever a user or an entity deviates from their regular “pattern.” A good example of this is if a user normally downloads 10MB worth of data in a da, but suddenly starts to download 100GB, the UEBA would detect this as anomalous and flag it.

A great feature of UEBA is that it uses a combination of machine learning, statistical analysis, and complex algorithms in order to detect deviations in patterns that can lead to harmful effects for the entire system. The UEBA can essentially aggregate the data that you have.

The main difference of UEBA is that it does not track events or monitor devices; instead, it tracks the actions of all the organization’s users and its entities. It focuses more on insider threats, which can include rogue employees or those who have been compromised by outside machinations.

Benefits of UEBA

Hackers and malicious attackers are evolving to the point that conventional security tools are fast becoming obsolete. Firewalls, gateways, and intrusion prevention applications can be bypassed now, which is especially true with bigger corporations, since their IT is more complex to maintain and manage.

Detection is now incredibly important, more so than ever, because it is just a matter of time for hackers to figure out your defenses and get into the network. It is up to other systems, such as UEBA, to detect anomalous activities for immediate response and potential threat prevention.

How UEBA Works

The concept of UEBA is quite simple. Hackers can steal usernames and passwords, but it would be difficult for them to mimic an employee’s habits or normal behavior when accessing the company’s network, especially since their intent is to steal rather than to work.

A relatable analogy here is if a thief is able to steal your credit card. That thief would then go on a shopping spree, using your card in retail stores that you do not normally visit. This would trigger the bank’s fraud detection policies.

Because of this, UEBA has proven to be an important part of any organization’s IT security.

  • It can detect insider threats, such as an employee or group of employees who’ve decided to go rogue against the company by stealing data. This can be detected by UEBA.
  • It can detect compromised accounts like in the above example. A hacker may obtain the username and password of an employee and start stealing information. This anomalous behavior can be detected by UEBA.
  • A brute-force attack is a common hacker tool that can be hindered or otherwise prevented by UEBA.
  • It can detect changes in user permissions or the creation of super admins to flag these, especially if they are deemed unnecessary by the system.
  • UEBA can prevent unauthorized access of sensitive and protected data, limiting access to only those who actually need said data.

Best Practices of UEBA

UEBA was established due to the malicious behavior of users and other entities. It  is not meant to replace other monitoring systems but  to complement them instead, which enhances your organization’s overall security.

It is a great idea to harness Big Data, statistical analysis, and mechanical learning in order to prevent a huge increase in useless alerts due to the large amount of data generated.

UEBA essentially helps you take a more proactive approach in IT security and threat detection. It creates a layer of protection against malicious attacks. And as they say, prevention is always better than a cure.

Also Read,

It Should be Cybersecurity and not IT security

IT Security Procedures You Should Not Forget After Electronic Gadget Shopping

IT Security Culture Evolution of Businesses Exposed

The post Defining and Understanding User and Entity Behavior Analytics (UEBA) appeared first on .

Cyber Security: Three Parts Art, One Part Science

As I reflect upon my almost 40 years as a cyber security professional, I think of the many instances where the basic tenets of cyber security—those we think have common understanding—require a lot of additional explanation. For example, what is a vulnerability assessment? If five cyber professionals are sitting around a table discussing this question, you will end up with seven or eight answers. One will say that a vulnerability assessment is vulnerability scanning only. Another will say an assessment is much bigger than scanning, and addresses ethical hacking and internal security testing. Another will say that it is a passive review of policies and controls. All are correct in some form, but the answer really depends on the requirements or criteria you are trying to achieve. And it also depends on the skills and experience of the risk owner, auditor, or assessor. Is your head spinning yet? I know mine is! Hence the “three parts art.”

There is quite a bit of subjectivity in the cyber security business. One auditor will look at evidence and agree you are in compliance; another will say you are not. If you are going to protect sensitive information, do you encrypt it, obfuscate it, or segment it off and place it behind very tight identification and access controls before allowing users to access the data? Yes. As we advise our client base, it is essential that we have all the context necessary to make good risk-based decisions and recommendations.

Let’s talk about Connection’s artistic methodology. We start with a canvas that has the core components of cyber security: protection, detection, and reaction. By addressing each of these three pillars in a comprehensive way, we ensure that the full conversation around how people, process, and technology all work together to provide a comprehensive risk strategy is achieved.

Protection:

People
Users understand threat and risk, and know what role they play in the protection strategy. For example, if you see something, say something. Don’t let someone surf in behind you through a badge check entry. And don’t think about trying to shut off your end-point anti-virus or firewall.

Process
Policy are established, documented, and socialized. For example, personal laptops should never be connected to the corporate network. Also, don’t send sensitive information to your personal email account so you can work from home.

Technology
Some examples of the barriers used to deter attackers and breaches are edge security with firewalls, intrusion detection and prevention, sandboxing, and advanced threat detection.

Detection:

The average mean time to identify an active incident in a network is 197 days. The mean time to contain an incident is 69 days.

People
Incident response teams need to be identified and trained, and all employees need to be trained on the concept of “if you see something, say something.” Detection is a proactive process.

Process
What happens when an alert occurs? Who sees it? What is the documented process for taking action?

Technology
What is in place to ensure you are detecting malicious activity? Is it configured to ignore noise and only alert you of a real event? Will it help you bring that 197-day mean time to detection way down?

Reaction:

People
What happens when an event occurs? Who responds? How do you recover? Does everyone understand their role? Do you War Game to ensure you are prepared WHEN an incident occurs?

Process
What is the documented process to reduce the Kill Chain—the mean time to detect and contain—from 69 days to 69 minutes? Do you have a Business Continuity and Disaster Recovery Plan to ensure the ability to react to a natural disaster, significant cyber breach such as ransomware, DDoS, or—dare I say it—a pandemic?

Technology
What cyber security consoles have been deployed that allow quick access to patch a system, change a firewall rule, switch ACL, or policy setting at an end point, or track a security incident through the triage process?

All of these things are important to create a comprehensive InfoSec Program. The science is the technology that will help you build a layered, in-depth defense approach. The art is how to assess the threat, define and document the risk, and create a strategy that allows you to manage your cyber risk as it applies to your environment, users, systems, applications, data, customers, supply chain, third party support partners, and business process.

More Art: Are You a Risk Avoider or Risk Transference Expert?

A better way to state that is, “Do you avoid all risk responsibility or do you give your risk responsibility to someone else?” Hint: I don’t believe in risk avoidance or risk transference.

Yes, there is an art to risk management. There is also science if you use, for example, The Carnegie Mellon risk tools. But a good risk owner and manager documents risk, prioritizes it by risk criticality, turns it into a risk register or roadmap plan, remediates what is necessary, and accepts what is reasonable from a business and cyber security perspective. Oh, by the way, those same five cyber security professional we talked about earlier? They have 17 definitions of risk.

As we wrap up this conversation, let’s talk about the importance of selecting a risk framework. It’s kind of like going to a baseball game and recognizing the program helps you know the players and the stats. What framework will you pick? Do you paint in watercolors or oils? Are you a National Institute of Standards (NIST) artist, an Internal Standards Organization artist, or have you developed your own framework like the Nardone puzzle chart? I developed this several years ago when I was the CTO/CSO of the Commonwealth of Massachusetts. It has been artistically enhanced over the years to incorporate more security components, but it is loosely coupled on the NIST 800-53 and ISO 27001 standards.

When it comes to selecting a security framework as a CISO, I lean towards the NIST Cyber Security Framework (CSF) pictured below. This framework is comprehensive, and provides a scoring model that allows risk owners to measure and target what risk level they believe they need to achieve based on their business model, threat profile, and risk tolerance. It has five functional focus areas. The ISO 27001 framework is also a very solid and frequently used model. Both of these frameworks can result in a Certificate of Attestation demonstrating adherence to the standard. Many commercial corporations do an annual ISO 27001 assessment for that very reason. More and more are leaning towards the NIST CSF, especially commercial corporations doing work with the government.

The art in cyber security is in the interpretation of the rules, standards, and requirements that are primarily based on a foundation in science in some form. The more experience one has in the cyber security industry, the more effective the art becomes. As a last thought, keep in mind that Connection’s Technology Solutions Group Security Practice has over 150 years of cyber security expertise on tap to apply to that art.

The post Cyber Security: Three Parts Art, One Part Science appeared first on Connected.

Businesses Beware: Top 5 Cyber Security Risks

Hackers are working hard to find new ways to get your data. It’s not surprising that cyber security risk is top of mind for every risk owner, in every industry. As the frequency and complexity of malicious attacks persistently grows, every company should recognize that they are susceptible to an attack at any time—whether it comes as an external focused attack, or a social engineering attack. Let’s take a look at the top 5 risks that every risk owner should be preparing for.

  1. Your Own Users. It is commonly known, in the security industry, that people are the weakest link in the security chain. Despite whatever protections you put in place from a technology or process/policy point of view, human error can cause an incident or a breach. Strong security awareness training is imperative, as well as very effective documented policies and procedures. Users should also be “audited” to ensure they understand and acknowledge their role in policy adherence. One area that is often overlooked is the creation of a safe environment, where a user can connect with a security expert on any issue they believe could be a problem, at any time. Your security team should encourage users to reach out. This creates an environment where users are encouraged to be part of your company’s detection and response. To quote the Homeland Security announcements you frequently hear in airports, “If you see something, say something!” The biggest threat to a user is social engineering—the act of coercing a user to do something that would expose sensitive information or a sensitive system.
  2. Phishing. Phishing ranks number three in both the 2018 Verizon Data Breach Investigation Report Top 20 action varieties in incidents and Top 20 action varieties in breaches. These statistics can be somewhat misleading. For example, the first item on the Top 20 action varieties in breaches list is the use of stolen credentials; number four is privilege abuse. What better way to execute both of those attacks than with a phishing scam. Phishing coerces a user through email to either click on a link, disguised as a legitimate business URL, or open an attachment that is disguised as a legitimate business document. When the user executes or opens either, bad things happen. Malware is downloaded on the system, or connectivity to a Command and Control server on the Internet is established. All of this is done using standard network communication and protocols, so the eco-system is none the wiser—unless sophisticated behavioral or AI capabilities are in place. What is the best form of defense here? 1.) Do not run your user systems with administrative rights. This allows any malicious code to execute at root level privilege, and 2.) Train, train, and re-train your users to recognize a phishing email, or more importantly, recognize an email that could be a phishing scam. Then ask the right security resources for help. The best mechanism for training is to run safe targeted phishing campaigns to verify user awareness either internally or with a third-party partner like Connection.
  3. Ignoring Security Patches. One of the most important functions any IT or IT Security Organization can perform is to establish a consistent and complete vulnerability management program. This includes the following key functions:
  • Select and manage a vulnerability scanning system to proactively test for flaws in IT systems and applications.
  • Create and manage a patch management program to guard against vulnerabilities.
  • Create a process to ensure patching is completed.

Most malicious software is created to target missing patches, especially Microsoft patches. We know that WannaCry and Petya, two devastating attacks, targeted systems that were missing Microsoft MS17-010. Eliminating the “low-hanging-fruit” from the attack strategy, by patching known and current vulnerabilities or flaws, significantly reduces the attack-plane for the risk owner.

  1. Partners. Companies spend a lot of time and energy on Information Security Programs to address external and internal infrastructures, exposed Web services, applications and services, policies, controls, user awareness, and behavior. But they ignore a significant attack vector, which is through a partner channel—whether it be a data center support provider or a supply chain partner. We know that high-profile breaches have been executed through third partner channels, Target being the most prominent.The Target breach was a classic supply chain attack, where they were compromised through one of their HVAC vendors. Company policies and controls must extend to all third-party partners that have electronic or physical access to the environment. Ensure your Information Security Program includes all third partner partners or supply chain sources that connect or visit your enterprise. The NIST Cyber Security Framework has a great assessment strategy, where you can evaluate your susceptibility to this often-overlooked risk.
  2. Data Security. In this day and age, data is the new currency. Malicious actors are scouring the Internet and Internet-exposed corporations to look for data that will make them money. The table below from the 2018 Ponemon Institute 2018 Cost of a Data Breach Report shows the cost of a company for a single record data breach.

Cost for a Single Record Data Breach

The Bottom Line

You can see that healthcare continues to be the most lucrative target for data theft, with $408 per record lost. Finance is nearly half this cost. Of course, we know the reason why this is so. A healthcare record has a tremendous amount of personal information, enabling the sale of more sensitive data elements, and in many cases, can be used to build bullet-proof identities for identity theft. The cost of a breach in the US, regardless of industry, averages $7.9 million per event. The cost of a single lost record in the US is $258.

I Can’t Stress It Enough

Data security should be the #1 priority for businesses of all sizes. To build a data protection strategy, your business needs to:

  • Define and document data security requirements
  • Classify and document sensitive data
  • Analyze security of data at rest, in process, and in motion
  • Pay attention to sensitive data like PII, ePHI, EMR, financial accounts, proprietary assets, and more
  • Identify and document data security risks and gaps
  • Execute a remediation strategy

Because it’s a difficult issue, many corporations do not address data security. Unless your business designed classification and data controls from day one, you are already well behind the power curve. Users create and have access to huge amounts of data, and data can exist anywhere—on premises, user laptops, mobile devices, and in the cloud. Data is the common denominator for security. It is the key thing that malicious actors want access to. It’s essential to heed this warning: Do Not Ignore Data Security! You must absolutely create a data security protection program, and implement the proper policies and controls to protect your most important crown jewels.

Cyber criminals are endlessly creative in finding new ways to access sensitive data. It is critical for companies to approach security seriously, with a dynamic program that takes multiple access points into account. While it may seem to be an added expense, the cost of doing nothing could be exponentially higher. So whether it’s working with your internal IT team, utilizing external consultants, or a mix of both, take steps now to assess your current situation and protect your business against a cyber attack. Stay on top of quickly evolving cyber threats. Reach out to one of our security experts today to close your businesses cyber security exposure gap!

The post Businesses Beware: Top 5 Cyber Security Risks appeared first on Connected.

October Is National Cyber Security Awareness Month: Be Part of Something Big

2018 marks the 15th year of National Cyber Security Awareness Month (NCSAM). The Internet touches every aspect of our lives, and keeping it safe and secure is everyone’s responsibility. You can make a difference by remaining diligent and staying cyber aware. Be part of something big this month. Learn more, be aware, and get involved.

Connection is an official Champion of NCSAM. We’re dedicating the month of October to spreading the word about the importance of cyber security, and providing tools and resources to help you stay safe and secure online.

Each week during October highlights a different cyber security theme, addressing specific challenges and opportunities for change. Stay tuned for information about the top cyber security threats, careers in cyber security, and why it’s everyone’s job to ensure online safety. What are you doing to keep the Internet safer and more secure? Be sure to check back each week to stay informed, and get tips from our experts about how you can participate in keeping everyone safe online.

The post October Is National Cyber Security Awareness Month: Be Part of Something Big appeared first on Connected.

Be a Conscientious Risk Manager

Whether you are a CIO or CISO in the Federal, State or Local, Education, or Commercial Business areas, you are all faced the with same challenge, whether you accept it or not. In the security risk management world, if the malicious actor wants into your network, they will figure out a way to get in. You of course still need to build a comprehensive risk governance and management plan, but that plan must be built on the premise of how you will respond, when the breach occurs.

Having spent 38 years in Information Security, the one constant that I see, is that the individuals who make it their business to steal or disrupt your data, are better funded, better trained, and have unlimited hours to execute their trade. What we hope to achieve is being a half-step behind them at worst case. There is no way to stay in step, and a step ahead is out of the question.

So what does this really mean to the conscientious risk manager. Create a strategy whereby you frequently identify the threat, and measure the risk against that threat in your as-built infrastructure. Test frequently, outside and inside, using he same tools and techniques the malicious actors use. Test user security awareness, as we know it only takes one click of a phishing email malicious link, to potentially bring down and entire enterprise. Measure, document, prioritize, and build a risk roadmap strategy to keep risk mitigation focus on those most critical exploitable areas.

Three Top Security Imperatives
Keep in mind that your top three security imperatives are: Reducing your threat exposure, enhancing your response and recovery times, and increasing security visibility. What does security visibility mean, implementing the people, process, and technology in key security areas, to give you a fighting chance to detect, and react to malicious and advanced persistent threats.

Let’s talk people, process, and technology. We all know users are the weakest link in any security chain. Not because they have sinister intent, although sometimes they do, but primarily because in today’s high-powered technical, mobile, and social world, it is commonplace for a lapse in judgment to occur. We live in a rapid–fire, high-availability, high-output world, and mistakes can and will be made. So make is less commonplace, train and educate often, and monitor closely for when that lapse in judgment occurs.

Process: Again our high-powered technical, mobile, and social world often demands we run at warp speed.  Who has time to document? Well — make the time.  Good documentation to include process, policies and standards, as well as a documented and managed configuration control process, will help keep you more secure. Every process, policy and standard document has to have an assigned owner, has to have a designated review date, and has to have an oversight or governance process. All roles and responsibilities need to be included in the documentation, and the expected outcome needs to be defined. Make the time to prepare and socialize your critical information security program documentation.

Technology: Many risk owners fall prey to purchasing every piece of security technology available, at what I like to call the security “choke points”, end-point, network, edge, gateway, etc. This is just what everyone does. However, why not use the process we discussed above — measure, document, prioritize, and build a risk roadmap strategy — as your guideline for what you purchase and deploy for technology. Ask yourself — what is so wrong with selecting and implementing a product, only after you validate how it will help you manage your documented security risk? Of course the answer to that is — nothing.

Focus on Seamless Collaboration
You have documented your risk, you have prioritized your risk roadmap, and as a result you know the very specific technology, or set of technologies, you need to implement first. Most importantly, your technology selections should focus on products that collaborate in a seamless way. In other words, your end-point, edge, network, gateway, sandbox, etc., security technologies all talk to each other. We call this approach to complete security visibility across the whole landscape, Unified Security Stack. And, don’t forget that all technology must have a people and process component as well.

Good information security risk management and risk governance does not come by accident.  It takes planning and execution. In the end, although you may not keep the bad guy out, you will be better prepared for when.

The post Be a Conscientious Risk Manager appeared first on Connected.

Understanding the GDPR

The European Union’s Parliament approved and adopted the General Data Protection Regulation (GDPR) in April 2016. This regulation will take effect after a two-year transitional period, meaning it will be fully enforced on May 25, 2018. At this time, if organizations are non-compliant, they will face hefty fines. There is a tiered approach to these fines; however, at a maximum an organization can be charged 4% of annual global turnover or 20 million euros ($23,554,200).

The GDPR applies to all organizations that process and hold the personal information of EU residents, regardless of the company’s location. To exemplify, the regulation pertains to all organizations located within the EU, as well as organizations that are located outside of the EU that offer good, services, or observe the behavior of EU citizens. These rules also apply to both controllers and processors of information, meaning that the cloud and other technologies are not exempt from the GDPR.

If information can be used to identify a person, directly or indirectly, it is protected under the GDPR. This includes but is not limited to names, email addresses, financials, medical data, and computer IPs.

Steps to take to prepare for the GDPR:

  1. Perform a compliance audit against the GDPR legal framework to identify where gaps exist, then work to remediate these shortcomings.
  2. Classify the personal data your organization possesses that is protected by the GDPR and implement the appropriate security measures. This includes understanding what information you have, where it came from, who it is shared with, and who has access to it.
  3. Appoint a data protection officer for your organization.
  4. Document all processes and keep a record for the Data Protection Association (DPA) in the country or countries your organization conducts business.
  5. Make sure the appropriate contracts are in place to protect your organization and ensure that the businesses you engage with are employing the same security measures.

Infringements of the GDPR include:

  • Not having sufficient customer consent to process personal information.
  • Not having records in order.
  • Violating the “Privacy by Design” and “Privacy by Default” concepts.
  • Failing to notify the data subject and the supervising authority about a breach or incident.
  • Not conducting an impact assessment.

Altogether, the GDPR is the most important change to data privacy regulations in decades. It is intended to make organizations more secure and accountable to their data subjects during all stages of their interactions. For more questions or to implement GDPR standards in your organization, please CONTACT US.

Patch Management

Cyber security controls are only effective if there are no means of bypassing them. If a vulnerability exists that enables someone or something to circumvent your organization’s existing set of security standards, your whole network could then be compromised. With the rise of cybercriminals targeting known vulnerabilities on unpatched systems, especially through worms and malicious code, implementing a patch management system in your organization is critical to maintaining a strong security posture.

Patch management is the routine procedure of administering updates for all technologically based products and programs, primarily applications and operating system versions. The goal is to create a securely configured digital environment in your organization that is consistently protected against all known vulnerabilities.

To be successful, patch management must be an ongoing process in which your system administrator or managed services provider:

  1. Maintains knowledge of available patches.
  2. Determines what patches are appropriate for the specific systems.
  3. Prioritizes the patches and protects your most critical vulnerabilities first.
  4. Tests the patches on non-critical systems before installation.
  5. Performs backups before installing a patch.
  6. Installs patches and makes sure they work properly.
  7. Tests the systems after installation.
  8. Documents all installed patches and the processes utilized.

Patch management is a critically important aspect of cyber security risk management because outbreaks like WannaCry occur because of unpatched vulnerabilities being exploited. In an organization with hundreds of systems, it only takes one compromised system to then harm the entire network. Altogether, in the technological world, there is rarely, if ever, a software or application that is developed without having to be modified or upgraded. As a result, a process must be implemented to distribute patches and remediate known vulnerabilities.

If you would like to discuss patch management in your organization, please CONTACT US.

National Cyber Security Awareness Month

Although National Cyber Security Awareness Month is coming to a close, COMPASS maintains a commitment to raising cyber security awareness throughout the year. The following are this year’s top blog posts that demonstrate ways to implement cyber security risk management in your organization and minimize the threats you may face.

  1. A Risk Manager’s Approach to Cyber Security 

Cyber security threats arguably pose the greatest danger to an organization’s risk management strategy. Risk managers should leverage their organization’s existing risk governance processes and methodologies to effectively analyze and manage cyber threats.

  1. Top 10 Assessment Findings

Although COMPASS’ client base is highly diverse, there are common findings we encounter on almost every single engagement. They are grouped by our approach to cyber security risk management which focuses on the 3 pillars of cyber security – people, policy and technology.

It is important for organizations to regularly assess not only their technical infrastructure, but also their organizational security awareness and policies. Organizations that fail to perform periodic assessments risk leaving themselves exposed to hackers who can exploit these vulnerabilities or negligent insiders who expose data unintentionally.

  1. 5 Steps to Develop a Security Program

Developing a practical and effective cyber security plan is vital to incorporating security into your organization’s risk management strategy. A common misconception is that a cyber security plan is lengthy and difficult to follow. However, that does not have to be the case. COMPASS recommends 5 steps for your cyber security plan.

  1. Business Email Compromise

BECs remain a prominent threat and will continue to be used in targeted scams. The victims of BEC attacks range from small business to large corporations and all employees should be aware of the dangers. Organizations that utilize robust prevention techniques have proven highly successful in recognizing and deflecting BEC attempts.

 

If you have any questions or would like to discuss the unique cyber threats your organization faces, please CONTACT US.

Protecting Critical Infrastructure from Cyber Threats

We’ve made it to week five of National Cyber Security Awareness Month (NCSAM)! The theme this week is “Protecting Critical Infrastructure from Cyber Threats.” The basic infrastructure that supports our daily lives is deeply dependent on the Internet, and, therefore, continually exposed to the risk of new threats and cyber attacks. As security breaches grow in frequency and sophistication every day, it’s crucial to build resiliency and then take steps to protect critical infrastructure to remain safe and secure online.

During the last week of NCSAM, the experts at Connection would like to remind you of the importance of identifying current and future strategies to protect your infrastructure and manage your risk. Cyber security is one of the biggest challenges organizations face today. Regardless of size or industry, every organization must ask themselves, is my security strategy up to date? If your organization is looking to stay on the front line of cyber security, it’s imperative to know how an end-to-end risk management strategy can help you properly secure your infrastructure.

Our security experts have an abundance of experience, and several areas of expertise we can put to work for you. We are committed to keeping your organization safe and secure, and can help design, deploy, and support solutions to address your critical risks and defend your critical infrastructure. For more information, contact one of our security experts today!

The post Protecting Critical Infrastructure from Cyber Threats appeared first on Connected.

NCSAM, Week Five: Protecting Critical Infrastructure

It’s Week 5 of National Cyber Security Awareness Month (NCSAM). This week, the focus is on protecting critical infrastructure—the essential systems that support our daily lives such as the electric grid, financial institutions, and transportation. Unfortunately, attacks on critical infrastructure have become a concern worldwide. A devastating attack isn’t just a theoretical possibility anymore. As we’ve recently seen with Equifax, and other security breaches in healthcare and other industries, the growing threat of serious attacks on critical infrastructure is real. These days, hackers have become much more formidable, and we will undoubtedly see more of these attacks in the future. It’s no longer a matter of if there will be another attack, but when. Let’s celebrate this last week of NCSAM by staying aware and being prepared.

Protecting your infrastructure requires constant vigilance and attention to evolving cyber attacks. Risk is inherent in everything we do, so trying to stay ahead of the cyber security curve is key. Our team of security experts can help you build a security strategy to detect, protect, and react to the complete threat lifecycle. The threats we all need to manage today evolve quickly, and we can help you minimize your risk and maximize your defenses to improve your cyber resiliency. For some expert insight on securing your critical infrastructure, give us a call and discover the Connection difference.

The post NCSAM, Week Five: Protecting Critical Infrastructure appeared first on Connected.

The New Security Reality

It’s week 4 of National Security Awareness Month (NCSAM). Each week of NCSAM is dedicated to a specific cybersecurity theme. The theme this week is “The Internet Wants YOU: Consider a Career in Cyber Security.”

With the continuous state of change in the global threat landscape, organizations face cyber attacks and security breaches that are growing in frequency and sophistication every day. But now, consider this: according to a study by the Center for Cyber Safety and Education, there will be a shortage of 1.8 million information security workers by 2022. This gap should be of great concern to organizations.

Skilled people make the difference in protecting sensitive data, so it’s more critical than ever that organizations begin to attract and retain the cybersecurity talent needed to defend against the evolving threat landscape. At Connection, we help inspire individuals coming out of universities to engage in co-op or intern-related opportunities, and I strongly encourage other organizations to see what they can do to help young people today who are really interested in building their skills in this area.

The figures don’t lie. The demand for cyber security will only continue to grow. Through local collaborative efforts between employers, training providers, and community leaders, we can ensure individuals have the opportunity to build on their tech knowledge and participate in a secure, thriving economy.

The post The New Security Reality appeared first on Connected.

Cyber Security Careers Are in High Demand

October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about the importance of cyber security. Week 4 of NCSAM is all about the growing field of cyber security and why you might want to consider this career.

It’s impossible to overstate the importance of security in today’s digital world. Cyber attacks are growing in frequency and sophistication every day, and a key risk to our economy and security is the lack of professionals to protect our growing networks. According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. So, it’s critical that that we begin now to prepare our students—and any others who are interested in making a career move—to fill these gaps. Many colleges and universities have developed information assurance programs that help technical, security-minded students achieve a great foundation in this industry. We also challenge corporations to offer intern and co-op opportunities for students in these degree programs, so they can see what security looks like in practical, business-world applications.

Connection is committed to promoting cyber security and online safety. Join Connection during Week 4 of NCSAM, as we explore cyber security as a viable and rewarding profession and encourage people from all backgrounds to see information security as an essential career path.

Read this next:

 

The post Cyber Security Careers Are in High Demand appeared first on Connected.

WPA2 Hacks and You

The world has been rocked once again with a serious flaw in a basic security mechanism that we all take for granted to keep us safe and secure. According to Dark Reading, researchers at Belgium’s University of Leuven have uncovered as many as 10 critical vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure Wi-Fi networks. This is a protocol that—as we have all learned over the last several years—must be configured to keep us safe.

The key reinstallation attack—or KRACKs—impacts all modern wireless networks using the WPA2 protocol. The flaw gives attackers the ability to decrypt data packets that make all private (encrypted) communication no longer private. Although the flaw requires the attacker to have close proximity to the network to execute, this is especially bad news for those with far-reaching wireless signals—such as hotel and hospital lobbies—where an attacker can just sit down and work their trade.

The Vulnerability Notes Database provides a summary and detailed description of the vulnerabilities. It includes a list of vendors who may be affected by the vulnerability, and a status field indicating whether the vendor has any products that are affected.

What can you do?

Vendors are currently identifying their affected products and working on patches to address this attack. In the meantime, here are a few things you can do to keep your information safe:

  1. Apply patches as they are released
  2. Pay careful attention to your wireless environment
  3. Watch for people and technology that look out of place
  4. Utilize a trusted VPN solution
  5. When possible, transfer data over an encrypted channel—such as HTTPS
  6. Restrict sensitive information that would normally pass over a wireless network
  7. And, as always, it’s a good practice to monitor access logs and wireless traffic to look for anomalies in standard business communication

How has this WiFi vulnerability affected your organization? Leave a comment bellow to share your experience and any additional advice you have for staying protected.

Read this next:

 

The post WPA2 Hacks and You appeared first on Connected.

Shut Down Unlikely Attack Vectors in Your Organization

As a security professional, I probably take security more seriously than most. But when we start talking about the Internet of Things (IoT), the science fiction buff in me comes to the forefront a little bit. While we don’t want any kind of attacks to happen to our organizations, it can be a little fun to imagine the crazy ways hackers can use mundane appliances to hack into a network.

For example, earlier this year, a North American casino was hacked through a smart fish tank. Since the equipment in the tank was connected to the Internet, attackers were able to use that as their vector for network access. Fortunately, the breach was discovered quickly afterward—and you never want to hear about security breaches like this, but it certainly does make for a unique story.

That highlights the risks that are out there today. If you’re connected to the Internet, you are vulnerable to attacks. With IoT and the proliferation of smart devices, we’re starting to see some creativity from hackers that is not necessarily being counteracted with the appropriate level of security controls. That fancy fish tank certainly didn’t have the appropriate level of security controls. Having “regular” devices connect to the Internet can bring flexibility and manageability, but it also opens up more vulnerabilities.

That risk is something that everybody needs to understand. Basically, like any good risk owner, you need to think about what device you have, how it’s connecting, where it’s connecting to, and whether or not that connection has a level of security that meets your policy and control expectations. Honestly, what I’ve seen is that because of the easy and seamless connectivity of these smart devices, a lot of organizations are not thinking about necessary security measures. They aren’t quite seeing that a fish tank or a biomedical device or even an HVAC system can be just as vulnerable to attack as a server or application.

So how do you keep your network and data safe and still take advantage of the benefits of the IoT? Employ the same techniques I spoke of last week: protect, detect, and react. Assess, document, and validate risks. Make sure that you have a complete and total information security risk management or risk governance program. Apply these techniques and programs to every single device on your network, no matter how low-level it may seem. Something as normal as a thermostat or refrigerator could be a gateway for a hacker.

Our experts can help you assess your environment for risks and vulnerable points in your network, and help you put together a comprehensive security program that doesn’t leave out anything—even your lobby fish tank or break room fridge.

The post Shut Down Unlikely Attack Vectors in Your Organization appeared first on Connected.

Mobile Device Management

Mobile Device Management (MDM) is a great method to ensure that your employees remain productive and do not violate any corporate policies. In the ever-expanding Bring Your Own Device (BYOD) world, more organizations are allowing employees the freedom to work from their own mobile devices. Tablets, smart phones, and personal laptops are taking a larger and larger space on corporate networks.

While there are numerous advantages to a BYOD environment, allowing personal devices onto a corporate network introduces a variety of security threats. A Mobile Device Management solution helps in securing that environment.

Here are 5 Tips you should implement when securing your devices with a MDM approach:

  1. Require standards for password strength – Make sure that your MDM is configured to require device passcodes that meet or exceed guidelines concerning length, complexity, retry and timeout settings for the appropriate device.
  2. Device Update Compliance – Set a minimum required version for employee mobile devices. This will require that employee devices are kept updated and restrict devices that do not comply with this setting.
  3. Prevent Jail-breaking – Prevent jail-broken or ‘rooted’ mobile devices. Allowing these devices could add an additional attack vector as many ‘rooted’ or jail-broken devices install third-party app stores that may contain malicious apps. Preventing these devices helps secure access to company data.
  4. Require usage of signed apps and certificates – Use your MDM to screen any mobile devices for suspicious applications before allowing access to company resources. These could be email programs, mobile apps, and networks (Wi-Fi or company VPN access). As with jail-broken devices, unsigned apps and certificates may allow malware to infect the device.
  5. Seek Employee BuyIn – Prior to allowing a user device onto your network, require the user acknowledge and accept basic corporate policies. Make sure that the user understands that company administrators will be able to revoke and/or restrict access to devices that don’t comply with company policy.

The best idea is to decide your corporate strategy and then choose a MDM solution that fits your project. For more information on mobile device security, download our iPhone and Android Security Guides. If you would like to begin a conversation about Mobile Device Management, please CONTACT US.

Penetration Testing vs. Vulnerability Scanning

Frequently, new or existing clients will come to us requesting a penetration test. Usually, one of the first things we tell them is that they do not need a penetration test done…yet. Within IT, and within InfoSec specifically, there is a disconnect between terms used by industry professionals, their clients, and the media/public. Two of the most confusing terms are:

  • Penetration Testing
  • Vulnerability Scanning

Most clients will seek out security consulting services to have a ‘pen test’ performed, without knowing what a penetration test entails. Too often they picture a scene from Mr. Robot, or Hackers – someone in a darkened room, in front of a console, furiously typing away to hack into servers.

Most of our clients are organizations that have not worked with a security consulting firm before, but are used to working with managed service providers, so they expect to be sold hardware or software solutions. Because COMPASS is vendor agnostic, we evaluate what our clients’ needs are, and then offer a series of services that we think will help our clients achieve their goals.

As previously mentioned, we almost always have the conversation about Penetration Testing. Whenever we discuss this with our clients we try to help them understand the difference between a penetration test and a vulnerability scan. So, let us get into defining the two:

Penetration Test

A Penetration Test has a specific goal, to exploit weaknesses and gain access to data within your network, to achieve administrator privileges or possibly alter financial data. A Penetration Test should not be performed as a start to your information security program. It should be something performed when you have a security configuration in place that needs to be tested for example; once you have established a patch management process, hardened network devices and essentially closed any known gaps within your network architecture.

A Penetration Test should only be performed once vulnerability assessments have been executed and all remediations implemented, since they can be expensive and should be employed when you want to test security that is already assumed to be in place and adequate.

Vulnerability Scan/Assessment

A Vulnerability Scan or Assessment, whichever flavor you prefer, should be an organization’s first step in building a strong security stance. Vulnerability scans are technical assessments that that are designed to discover as many vulnerabilities as possible within a target network. Vulnerability scan reports include severity ratings for the discovered vulnerabilities, remediation/mitigate instructions and allows for prioritization of vulnerability remediation.

A Vulnerability Scan/Assessment should be performed at the start of your security journey. It will help you to generate a prioritized list of things wrong with the network, from OS patches and third-party vulnerabilities to open ports and services running on perimeter devices. The goal of a vulnerability scan should always be to fix as many findings as possible.

For more information on how to get started with your security assessment, download our Cyber Security Assessment Checklist or CONTACT US for a deeper discussion.

COMPASS Cyber Security Mobile Application

As a part of COMPASS Cyber Security’s ongoing commitment to raising cyber security awareness in the community, we are excited to announce the launch of our very own mobile application! By downloading this app, users will be provided with real-time cyber security threat alerts, best practice tips, and applicable guidance, so they can be prepared for the cyber security risks they may face. It is COMPASS’ mission to “shift the world’s data to be safe and secure” and this app is a testament to that by offering businesses and consumers valuable content they can use to protect their data.

Download the COMPASS Cyber Security app in the iTunes and Google Play stores to begin improving your cyber security posture!