Category Archives: Network

The banking sector’s top cybersecurity challenges

Estimated reading time: 2 minutes

While most industries around the world are affected by the looming danger of cyber threats, the banking sector has always been the worst hit. Naturally, this brings upon considerable damages due to the very environment that the banking sector works in – they deal in billions of dollars every single day, trading with a plethora of people and businesses all over the world. They also deal in an incredibly important and vast financial information from multiple customers, making the banking industry a veritable goldmine for cybercriminals.

Recently, a cyber attack on Cosmos Bank in Pune, India resulted in Rs. 94 crore being stolen. In 2016, Bangladesh Bank, the country’s central bank, was hacked and the hackers successfully stole 81 Million USD. The hackers used the bank’s SWIFT credentials to transfer money into various banks across the globe before the heist was discovered. Hackers had used a combination of social engineering and viruses to obtain employee credentials and access the bank’s network to make the transfers. Fortunately, the transfer of 800 Million+ USD was stopped after the discovery of the breach. These incidents make it clear that the negligence of cybersecurity can have severe consequences on the banking sector.

  1. Insider Threats

Insider threats refer to current or former employees who may have been responsible for security breaches in an organization. This is a major issue for banks – in 2015, Morgan Stanley fired a financial adviser in its wealth management division who stole data from 350,000 clients or 10% of its customer base. In fact, 82% of financial organizations considered insiders with legitimate access as the main threat to cybersecurity.

  1. Not investing in the best cyber defence

At times, banks can lag behind when it comes to following the latest cybersecurity measures, which can bring about a catastrophe. Merely investing in the best and most powerful solutions does not always work – cybersecurity is an ever-evolving threat and even banks need to be proactive and conduct a continuous risk assessment and intelligence gathering.

  1. Dependence on legacy banking systems

Cybercriminals love targeting banks because they are aware that banks are not very keen on upgrading to modern systems from their legacy systems. These legacy systems have plenty of loopholes and issues which cybercriminals are aware of, ensuring that they use these channels as their primary attack routes.

An Indian survey suggested that there was a 350% increase in cybercrime in India which happened through legacy systems.

  1. Malware & frauds

Banks and financial institutions are extremely vulnerable to various forms of cyber attacks and online frauds. 40% of banking, financial services and insurance (BFSI) businesses have been attacked at least once and there has been a multifold increase in credit and debit card related frauds.

With the majority of mobile banking transactions happening on personal devices, this is also likely to increase.

  1. Non-patched systems

A major survey of over 7,000 financial firms found that more than 1,300 of them had at least one patched security vulnerability. Given their cumbersome infrastructure, most banks work with applications that contain unpatched, known security vulnerabilities.

Seqrite helps to mitigate such threats with its range of dynamic, scalable and future-ready solutions: Endpoint Security, Data Loss Prevention, Unified Threat Management and mSuite with powerful features like Patch Management, IDS/IPS, Device Control, Gateway Protection, ensures the provision of a strong cybersecurity setup.

The post The banking sector’s top cybersecurity challenges appeared first on Seqrite Blog.

Cybersecurity to be the biggest threat to the enterprise for the next decade

Estimated reading time: 3 minutes

Ernst & Young (EY) conducted a CEO imperative survey and gathered exclusive insights from 200 global CEOs and some of Forbes’ largest private players about what they thought will be the biggest problem for businesses in the coming years? The professional services giant asked the same question to 100 senior investors that have managed at least $100 billion worth of assets.The result – the elite group of participants overwhelmingly voted for cybersecurity to be the biggest threat for the enterprise in the next five to ten years.

Seqrite is in agreement with the report and while stakeholders are thinking right, they are not fully understanding the gravity of the situation, at least not yet.

As per our findings for Q1 – 2019 that Seqrite released through a periodic threat report recently, our labs detected 28 million malware to penetrate Windows Operating Systems, and this is just for three months.

Cyber attackers are always trying to stay one step ahead when it comes to designing malware that can outsmart the best cybersecurity systems. Recent examples of malware such as Emotet and TrickBot are classic use cases of how sophisticated and complex malware is evolving into.

If enterprises have to consider cyberattacks as the main problem here, stakeholders need to look at the mediums through which malware penetrates into a business network. So here, we have a host of channels such as emails, content collaboration platforms, office messengers, social media, websites, etc.

Today’s times are times of digital transformation. More and more organizations are going digital by lightning speeds. This change is dynamically required for every business for a number of reasons some of which are –

  • To stay at par with the competition
  • To be efficient and agile
  • To be fast and to be in sync with how everybody is doing business today

Hence, the aforementioned penetration channels are in reality the core component of an enterprise’s initiative for digitalization. Hackers know that businesses cannot function without digital mediums and this is where most attacks are happening nowadays. Compare this to a couple of decades back where businesses were alien to cyberattacks as digitalization was at its minimum.

  • Businesses that have experienced cyberattacks on operational technology infrastructure – 31%
  • On average, companies lose $2.4 million after a malware attack with up to 50 days of downtime
  • By 2021, cyberattacks are expected to damage the global economy by $6 trillion

Maybe large corporations can recover from this – however, for SMBs and SOHOs the impact of such an attack is going to be back-breaking. CXOs everywhere need to think more about when an attack will happen rather than if it will. This automatically transforms cyberthreats to be more of a business problem than an IT problem.

CTOs and CISOs largely come in the picture here. Secondly, budget re-alignments automatically get highlighted to prioritize more on safeguarding the enterprise. So far, budget allocations have been biased towards enterprise domains such as marketing, sales and IT. This needs to change and cybersecurity needs to receive a substantial chunk of annual budgets.

As for technology officers in the company, they need to start implementing simple but effective methods to secure business networks from cyberattacks.

Secure endpoints, networks, and data

Collaborating with a proven cybersecurity expert is always favourable then procuring an in-house team to fence an enterprises’ Information Technology Infrastructure. CTOs and CISOs should opt for a single solution that encapsulates securing every digital medium made available for the enterprise.

Review cybersecurity readiness of the employees periodically

The biggest threat to enterprise data is its employees. It’s not like employees are making mistakes while knowing that they are doing so. Innocent mistakes happen and with the increasing culture of BYOD and CYOD, critical business data is at risk. Hence, reviewing the cybersecurity readiness of employees periodically is important.

Conduct third-party audits to avoid supply chain attacks

Hacker tendency is such that they will always try and attack the weakest links in an enterprise. Supply chain attacks can happen in any industry and third-party audits act as medical tests to understand if these systems are sick, beforehand.

Have an action plan in place and prepare for the worst-case scenario

CXOs need to zero in on contingency plans in case of an attack. Designing protocols and business continuity processes in case of an attack event helps in ensuring the status quo of an enterprise.

Seqrite is one of the best-in-class cybersecurity solutions that enterprises can leverage on for an invincible cybersecurity system. Cyberattacks are here to stay with hackers finding varied ways to attack networks, more so jumping on to the gold rush created by cyber attacks pertaining to cryptocurrency, data theft, and financial information. With an entourage of CEOs agreeing to the dangers of cybercrimes, enterprises should act now!

The post Cybersecurity to be the biggest threat to the enterprise for the next decade appeared first on Seqrite Blog.

The transformation of enterprise security from 2017 to 2019

Estimated reading time: 2 minutes

The nature of enterprise security is such that it continuously keeps evolving. Trends change, threats vary and morph into different entities, approaches that seem relevant get outdated in six months or sometimes even lesser. For enterprises looking to stay ahead of the curve when it comes to cybersecurity, staying stagnant is not an option. The need of the hour is to keep abreast of the latest new trends and technologies to stay safe.

Thanks to the speed of transformation, enterprise security has seen multifold changes in the last two years, some due to need and some due to necessity. These changes can be summed up through the following pointers:

A move towards a zero-trust network

More and more organizations are moving towards a zero-trust model where no one and nothing is trusted. Introduced by American market research giant, Forrester Research, the zero-trust network model eliminates the concept of a perimeter and calls for enterprises to inspect all network traffic without any classification of ‘internal’ and ‘external.’. Basically, no user or traffic is considered ‘authorized’ and all access to a specific network is governed by the same set of rules.

The evolution from 4G to 5G

In 2017, enterprise security needed to understand 4G – now, network technology has evolved to such an extent that the world is embracing 5G. It is a trend which enterprises must also embrace but at the same time, be aware of the security tradeoffs. As with the advent of any new technology, cybercriminals will also join the bandwagon to ensure they create chaos and profit. 5G will likely have different types of phones, different networks and a completely different kind of technology which will open up new vulnerabilities – early adopters should be extremely careful.

The rise of cryptojacking

An important trend which has caught the industry’s attention is the dangerous threat of cryptojacking. This is a threat which will only become more widespread as the usage of cryptocurrency increases. It works by hackers sending unsuspecting targeted emails with malicious code in them -or they embed this code into sketchy websites. The attack succeeds if malicious code is accessed by unsuspecting users – this malicious code works in the background, silently mining cryptocurrency. This takes up a lot of computer resources and can often lead to slow system performance.

Spear phishing

While phishing is a tactic that continues to be used, it has an upgraded, even more dangerous avatar, popularly known as spear phishing. In spear phishing, users get meticulously personalized emails from a trusted source or a company you’re familiar with and interact quite often. This could be as scrupulous as an email from a friend, colleague or your boss asking you for access to classified information. Attackers are now closely examining their targets and gathering as much information about them to ensure their email is as believable as possible. This is done by employing Advanced Persistent Threats (APTs) to entire systems, gathering humongous amounts of data about enterprise and customer habits, and then using this data to launch a spear-phishing campaign.

Certainly, enterprise security has seen a lot of changes in the last two years which is a natural state of affairs in this sector. It is important for enterprises to invest in solutions which continue to evolve and stay attuned to the latest cybersecurity trends to ensure they are not lagging behind. Seqrite’s range of enterprise security solutions is continuously updated to enable enterprises to remain safe from the ever-evolving threats in today’s digital age.

The post The transformation of enterprise security from 2017 to 2019 appeared first on Seqrite Blog.

Firewalls and the Need for Speed

I was looking for resources on campus network design and found these slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention:

This bothered me, so I Tweeted about it.

This started some discussion, and prompted me to see what NSRC suggests for architecture these days. You can find the latest, from April 2018, here. Here is the bottom line for their suggested architecture:

What do you think of this architecture?

My Tweet has attracted some attention from the high speed network researcher community, some of whom assume I must be a junior security apprentice who equates "firewall" with "security." Long-time blog readers will laugh at that, like I did. So what was my problem with the original recommendation, and what problems do I have (if any) with the 2018 version?

First, let's be clear that I have always differentiated between visibility and control. A firewall is a poor visibility tool, but it is a control tool. It controls inbound or outbound activity according to its ability to perform in-line traffic inspection. This inline inspection comes at a cost, which is the major concern of those responding to my Tweet.

Notice how the presentation author thinks about firewalls. In the slides above, from the 2018 version, he says "firewalls don't protect users from getting viruses" because "clicked links while browsing" and "email attachments" are "both encrypted and firewalls won't help." Therefore, "since firewalls don't really protect users from viruses, let's focus on protecting critical server assets," because "some campuses can't develop the political backing to remove firewalls for the majority of the campus."

The author is arguing that firewalls are an inbound control mechanism, and they are ill-suited for the most prevalent threat vectors for users, in his opinion: "viruses," delivered via email attachment, or "clicked links."

Mail administrators can protect users from many malicious attachments. Desktop anti-virus can protect users from many malicious downloads delivered via "clicked links." If that is your worldview, of course firewalls are not important.

His argument for firewalls protecting servers is, implicitly, that servers may offer services that should not be exposed to the Internet. Rather than disabling those services, or limiting access via identity or local address restrictions, he says a firewall can provide that inbound control.

These arguments completely miss the point that firewalls are, in my opinion, more effective as an outbound control mechanism. For example, a firewall helps restrict adversary access to his victims when they reach outbound to establish post-exploitation command and control. This relies on the firewall identifying the attempted C2 as being malicious. To the extent intruders encrypt their C2 (and sites fail to inspect it) or use covert mechanisms (e.g., C2 over Twitter), firewalls will be less effective.

The previous argument assumes admins rely on the firewall to identify and block malicious outbound activity. Admins might alternatively identify the activity themselves, and direct the firewall to block outbound activity from designated compromised assets or to designated adversary infrastructure.

As some Twitter responders said, it's possible to do some or all of this without using a stateful firewall. I'm aware of the cool tricks one can play with routing to control traffic. Ken Meyers and I wrote about some of these approaches in 2005 in my book Extrusion Detection. See chapter 5, "Layer 3 Network Access Control."

Implementing these non-firewall-based security choices requries a high degree of diligence, which requires visibility. I did not see this emphasized in the NSRC presentation. For example:

These are fine goals, but I don't equate "manageability" with visibility or security. I don't think "problems and viruses" captures the magnitude of the threat to research networks.

The core of the reaction to my original Tweet is that I don't appreciate the need for speed in research networks. I understand that. However, I can't understand the requirement for "full bandwidth, un-filtered access to the Internet." That is a recipe for disaster.

On the other hand, if you define partner specific networks, and allow essentially site-to-site connectivity with exquisite network security monitoring methods and operations, then I do not have a problem with eliminating firewalls from the architecture. I do have a problem with unrestricted access to adversary infrastructure.

I understand that security doesn't exist to serve itself. Security exists to enable an organizational mission. Security must be a partner in network architecture design. It would be better to emphasize enhance monitoring for the networks discussed above, and think carefully about enabling speed without restrictions. The NSRC resources on the science DMZ merit consideration in this case.