Category Archives: Threats

New open source solution reduces the risks associated with cloud deployments

An open source user computer environment (UCE) for the Amazon Cloud, called Galahad, has been launched by the University of Texas at San Antonio (UTSA). The technology will fight to protect people using desktop applications running on digital platforms such as Amazon Web Services (AWS). Galahad will leverage nested virtualization, layered sensing and logging to mitigate cloud threats. These layers will allow individual users to host their applications seamlessly and securely within the cloud avoiding … More

The post New open source solution reduces the risks associated with cloud deployments appeared first on Help Net Security.

Are Virtual Cybersecurity Labs the Future of Cybersecurity Education?

Cybercrime affecting businesses has become so widespread that IT and network security professionals are always thinking about that next breach and the costs of recovering from it. This increased risk has also raised the demand for better virtual defenses to prevent the loss of sensitive organizational data such as personal consumer details and internal communications.

There is a substantial need for cybersecurity training. It’s something that many businesses are interested in, but implementing the right system isn’t easy. Physical labs are expensive, require significant time and resources, and aligning everyone’s schedules is often impossible.

Virtual labs are a great way for you to provide your customers and partners with access to the latest cybersecurity product demos and training. These labs are accessible from anywhere, customers can engage with them on their terms, they cost less, and increase the overall quality of the training.

What’s the Appeal of Virtual Cybersecurity Labs?

In the corporate sphere, there has been a trend in recent years of organizations shifting away from traditional instructor-led courses towards virtual cybersecurity training labs. The transition is due to the high demand for meticulous cybersecurity education that offers first-hand experience to participants while keeping costs low.

Cloud-based training environments are appealing because they offer a scenario-based approach. Since the field of cybersecurity requires analytical and critical thinking in real-world circumstances, the controlled environment of a virtual lab is often cited as the best method for teaching network security. Learners will encounter real-world scenarios, work through them, and engage with essential hands-on material that provides more engagement than a traditional slideshow or lecture.

What Are The Primary Benefits of a Virtual Cybersecurity Lab?

  • These classes offer training and simulations that are run through cloud-based virtual machines that are accessible from any of the major browsers. Participants can engage with the material, request help, and engage in team exercises from anywhere in the world.
  • A virtual lab removes the need for travel costs or high-end hardware on the client side since training is conducted primarily through an Internet browser on the employee’s terminal. The simulation is centralized and accessible from anywhere at any time with nothing but an Internet connection.
  • Because the host hardware is centralized, upgrading the lab in response to continually evolving technologies and security trends can be done inexpensively and quickly.
  • A single lab can be expanded to accommodate additional employees or partners at little to no cost. You can add additional RAM, user slots, and other specs as needed. This has helped make virtual labs a popular choice for growing businesses.
  • Feedback between instructors and participants is instant and convenient. Instructors can step in at any point and offer help, track user participation, and other relevant analytics.

What Should You Look for in a Virtual Cybersecurity Environment Provider?

There is no shortage of virtual lab providers on the market. Cloud-based cybersecurity courses are in huge demand because of the added customization that they offer. The process for developing a suitable training lab differs depending on your organization’s needs and preferences. However, here are a few things to consider:

  • Networking devices, including switches, routers, and firewalls. Remember that you want to support multiple instances of virtualization for the networking scenarios used in the course. While you want the reliability of enterprise-grade equipment, consider looking into the refurbished market if your business needs to keep costs low.
  • Find a reputable virtual lab provider. There are many virtual IT labs on the market. Find one that offers the right mix of features, analytics, and the ability to scale as you grow.
  • Have the right IT team in place. Your IT team will need to create the environments for any material that you want to teach within the cloud. Getting started isn’t hard, but it will require an IT professional that knows how to prepare the needed virtual environments.

The goal of this process is to build a successful hands-on virtual cybersecurity lab that is scalable to all participants and teaches essential cybersecurity skills in real-world environments to your customers and business partners.

Are Virtual Cybersecurity Labs Really the Future?

It’s safe to say that cloud technology isn’t going anywhere at this point. We are still feeling the effects of the innovation wave that was caused by the invention of cloud technology.

Everything we do today is tied to the cloud in some way.

  • The most popular software offered by Adobe and Microsoft is all cloud-based.
  • That CRM your business relies on is powered by the cloud.
  • Your favorite Spotify playlist is stored in the cloud.

B2B training is changing. The advancements in virtual labs have accelerated the obsolescence of traditional labs. Agile companies that want to stay competitive will need to accept this and transition their cybersecurity, IT, and product demos to the cloud.

New technologies are frightening to businesses with established processes. But if we’ve learned anything from the failures of Kodak, Nokia, Xerox, Blockbuster, and other large corporations, it’s that failing to stay in line with innovation can (and will) lead to disastrous results in the long-term.

The post Are Virtual Cybersecurity Labs the Future of Cybersecurity Education? appeared first on CyberDB.

Security awareness training: a constant in a changing world

There are two schools of thought when it comes to users and cybersecurity. Some people working in the industry think of users as the weakest link. We prefer to see them as the first line of defence. Cybersecurity training programmes can address staff shortcomings in knowledge, promote positive behaviour and equip non-experts with enough information to be able to spot potential threats or scams.

In our previous post, we looked back through the BH Consulting blog archives to trace the evolution of ransomware. This time, we’ve gone digging for a less technical threat. Instead, it’s a constant challenge for any infosec professional: security awareness.

Training shortfall

Back in April 2014, we reported on a survey which found that just 44 per cent of employees received cybersecurity training. David Monahan, research director with Enterprise Management Associates, summed up the issue perfectly:

“Without training, people will click on links in email and release sensitive information in any number of ways. In most cases they don’t realise what they are doing is wrong until a third-party makes them aware of it. In reality, organisations that fail to train their people are doing their business, their personnel and, quite frankly, the Internet as a whole a disservice because their employees’ not only make poor security decisions at work but also at home on their personal computing devices as well.”

One year later, little had changed. In a post from April 2015, Lee Munson covered a survey by SpectorSoft of 772 IT security professionals. “Not only do many firms have staff who lack even a basic level of security awareness they often, as the report concludes, have poorly trained staff too, with many of the survey respondents citing a lack of expertise as being a significant problem in terms of defending against insider threats.”

Accidents will happen

At least the post acknowledged that damage can sometimes be the result of accidental actions. Too often, security vendors throw around phrases like ‘insider threat’ that, intentionally or not, tar all user actions as malicious.

But could it be that some people are just naturally more susceptible to spilling the beans? Another post from April 2015 reported on a study from Iowa State University that claimed to spot which people are likely to fall for social engineering tricks that cybercriminals often use. It did this by analysing brainwaves. People with low levels of self control were more likely to reveal confidential information like company secrets, the researcher observed.

That’s not, admittedly, an approach many companies could take in practice, but it couldn’t hurt to ask some targeted questions at interview stage.

In June of that year, a UK Government survey found that the number of breaches had increased year on year. The findings also showed that more businesses large and small were providing ongoing security awareness training to their staff compared to the previous year. Despite that, many of the organisations surveyed also saw an increase in staff-related security breaches during the same period.

Must try harder

As Lee Munson wrote: “While budgets and technical controls obviously come into play and affect an organisation’s ability to protect its digital assets, the human aspect still appears to be the area requiring the most work. Staff training and awareness programmes are known to be effective but many companies do not appear to have leveraged them to their full potential.”

Another post put the need for cybersecurity training and awareness squarely into perspective. Security company Proofpoint showed the extent to which attackers aim for an organisation’s human resources rather than its technical defences. Its report found that people still click on 4 per cent of malicious links they find in emails. BH Consulting’s regular blogger Lee Munson found this to be a surprisingly high figure. “Attackers employ psychology to improve the chances of their attacks succeeding,” he wrote.

And if at first you don’t succeed? A post from early in 2016 suggested a radical approach to poor security behaviour: disciplinary measures. The blog quoted a survey by Nuix which determined that human behaviour was the biggest threat to an organisation’s security. It said corporations would tolerate risky behaviour less, and would likely penalise staff who “invite a data breach”. That’s one way to “encourage” people to show better security behaviour.

Communication breakdown

Lee rightly raised the question of whether companies have sufficiently communicated their security policies and procedures in the first place. “So, if companies (including yours) are going to penalise employees for not being up to date on all of their security policies, who is going to police the writing and dissemination of those documents in the first place?”.

The message is that security policies need to be clear, so that even a non-technical member of staff can:

  • Understand them
  • Act on them
  • Remember them.

Taken as a whole, the blogs show that while cybersecurity training is a valuable exercise, it’s got to be delivered in a way that the intended audience will understand.

The post Security awareness training: a constant in a changing world appeared first on BH Consulting.

What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections?

With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process.  Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016.  The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference.  Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.

Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention.  After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered.  In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.

However, while it makes perfect sense that there should be no factor prohibiting, manipulating, or changing votes, trying to stop outside influences from disseminating information – whether it be false or not – is a bit more challenging, especially for those governments that support such liberties of freedom of speech and freedom of the press.  Such rights do not come with the asterisk of having to be true or objective.  After all, the dissemination of information is a hallmark of a democratic society whether an audience agrees with the subject matter or not.  Whether the audience elects to believe such information or be influenced by it is entirely a free choice.  Perhaps this is why there is evidence that Internet “trolls” have already been observed replicating the behavior that garnered so much attention after the 2016 presidential election.  As of late July 2018, Facebook said it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections.  Twitter has followed suit removing accounts the company identified as related to Iranian propaganda.

The government has gotten involved trying to be proactive in curbing this online element.  In July 2018, the Department of Justice published a report in which it detailed its efforts to improve security for U.S. elections, highlighting how foreign agents used influence operations via social media platforms. Then in August, the Federal Bureau of Investigation announced its “Protected Voices” initiative to mitigate influence operations targeting future elections.  Part of this effort is to raise awareness among political campaigns about the best ways to defend against attempts by all categories of hostile actors to infiltrate their information technology infrastructure.

Of course, the question that lingers is the one that will be answered after the fact – will this be enough?  Suffice to say, aside from the online trolling activity, the volume is greatly reduced as compared to 2016.   This is due to the fact that it is only a mid-term election of Congressional members and not the Executive Office.  Cyber malfeasance will likely keep to the trolling activities of propaganda/disinformation/misinformation, web-page defacements by hacktivist actors, and distributed denial-o-service attacks against political and election-related sites.

Establishing cyber security strategies and the implementation of security measures into election equipment is something that remains to be done.  Outdated equipment, decentralized operations, and lack of a coherent process and framework to safeguard the election process are areas that need to be addressed in the near term.  But focusing on “fake” or “misleading” news seems more like going after low-hanging fruit than putting a dent into the real problem governing election security.  Like jihadi sympathizers, trolls can create new accounts as quickly as old ones are targeted and dismantled.  Such games of “whack-a-mole” tend to favor the moles rather than the ones trying to take them out, despite gaudy data statistics.

The real test of whether the U.S. actually applied “lessons learned” will come in two years with the next presidential election, particularly if the political climate between the candidates is as contentious as it was in 2016, and the potential international implications are as equally disconcerting.  Any successful repeat of the activities that were outlined by the Intelligence Community would be an abject failure and demonstrate negligence for not mitigating known threats.  For two years the problems have been identified and discussed; let’s hope it doesn’t take another two years to start actually coming up with solutions.

This is a guest post by Emilio Iasiello

The post What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections? appeared first on CyberDB.

Busting 5 Cybersecurity Myths

It is not a secret that many people nowadays do not pay much attention when they surf the web at home or at work. There are new data breaches and exploits on a daily basis and still avoiding to take any precautions may result in a catastrophic consequences. Even the biggest corporations are paying millions of dollars so they can improve their cybersecurity and remain safe. However, if you still believe in some of the cybersecurity myths you may put your own computer or even your whole organization to a huge risk. We from CyberDB have decided to bust some of the top 5 cyber security myths and make it clear for you.

Only the IT department is responsible for cybersecurity

It is not wrong to say that the IT department is responsible to implement new processes and policies to keep the cybersecurity in a top notch state. However, they just don’t have a magic stick to protect all of the computers in the network. In reality each employee should be extremely careful when receiving and opening different e-mail messages from colleagues or third parties. It is dangerous since the infection can spread across all of the departments within the organization and this may cause a further data breach for example.

Using just an antivirus software is enough

Antivirus software might have been enough to safe your business from potential attack 20 years ago – nowadays it definitely is just not enough to protect your whole organization. Hackers find new ways to disable your antivirus and hide their attacks in the system. With ransomware gaining more popularity among hackers the time of getting infected and getting your information locked is just a matter of seconds. So using an antivirus is not always enough, but you also need to stay informed about the latest threats. Check out our database of cyber security vendors to find the best solution for your personal or business needs.

A strong password is enough

It is not a secret that having a long and complex password on your accounts is an essential. However, even big tech giants like Facebook or Apple experience data breaches and are pretty often a target for hackers. Every website requires you to create a strong password, but it is also good to use two-factor-authentication (2FA). At first the user was getting an SMS with a code for 2FA, but even this can be compromised by using a cloned sim card. So make sure you have an app like Google Authenticator for example to make your accounts more secure.

Threats are being spread only through the Internet

Some users may think that disconnecting from the internet will prevent the threats spreading around the network and they are completely wrong. Just imagine what happens if an employee brings an infected flash drive and plugs it in – all of the computers may become infected and your company may lose valuable information. You may have your information stolen even when you shop at a local retailer. So threats are not only online, but in our daily life and we need to be very careful and take care of our personal information.

Only certain industries experience cyber attacks

Some businesses still believe that they may be not targeted by hackers because they are a small or mid-sized business or in a specific industry. Well, they are completely wrong. Some companies also believe they do not have anything that hackers may find valuable to steal. In reality there is information like personal addresses or credit card numbers which can make every business in every industry a potential target. Here are the industries which are most vulnerable to cyber-attacks nowadays:

 Top 10 Sectors Breached

The post Busting 5 Cybersecurity Myths appeared first on CyberDB.

The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed?

The White House has recently published its new National Cyber Strategy, rescinding an Obama-era memorandum Presidential Policy Directive-20 (PPD-20) that laid forth the process by which the United States would undertake cyber attacks against cyber foes, to include foreign state actors.  The Strategy consists of four primary pillars designed to guide how the United States will undergo defensive, and perhaps more importantly, offensive actions in order to preserve its interests in cyberspace.  Per the Strategy, the four pillars are:

  • Protect the American People, the Homeland, and the American Way of Life. The themes in the first pillar focus on key aspects of U.S. homeland security to include critical infrastructure protection, securing federal networks, supply chain management, third party contractors, and improving incident reporting to mitigate the threat of cyber crime.
  • Promote American Prosperity. This pillar focuses on technology that supports the digital infrastructure.  The themes of innovation, protecting intellectual property, designing and implementing next generation infrastructure, and developing and sustaining workforce capability to support the talent pipeline.
  • Preserve Peace through Strength. The third pillar focuses on responsible state behavior in cyberspace and implementing deterrent strategies to influence state behavior. Such activities include building a credible deterrence strategy, imposing consequences to hostile actors, and countering influence operations.
  • Advance American Influence. The fourth pillar addresses collaborating with other governments in order to make the Internet safer and more reliable.  Focus in on a multi-stakeholder approach involving government and private sector to come to consensus on topics such as Internet freedom and Internet governance.

The Strategy follows in line with the President’s May 2018 Executive Order that called for government agency cybersecurity audits designed to identify “areas of improvement, or areas where specific legislation would be needed.”  The EO primarily focused on defensive aspects of the larger cyber umbrella, focusing on federal agencies need to adopt the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity, largely considered the gold standard for security guidelines.  The Government Accountability Office (GAO) has frequently given poor marks for cyber security to U.S. government agencies, and as observed in the recent U.S. State Department breach, challenges persist in improving agency cyber security postures.

Nevertheless, the part of the Strategy that has garnered attention – and correctly so – is the language that clearly removes the tethers that has traditionally restrained the United States from engaging in offensive cyber actions.  Where PPD-20 appeared to be hindered by interagency wrangling, the new Strategy makes it clear that the United States is unburdening itself from such bureaucratic wrangling positioning itself to launch counter attacks quickly and resolutely.  This shift in U.S. cyber policy comes at a time when Russian suspected involvement in the 2016 U.S. elections failed to elicit a “forceful response” either by the then-Obama or the current Trump Administrations, a frequent criticism levied by politicians.

There have been several iterations of a national cyber security strategy over the last decade.  The Clinton Administration had its National Plan for Information Systems, the Bush Administration had its National Strategy to Secure Cyberspace, and the Obama Administration had its Cybersecurity National Action Plan.  While there have been consistent themes in these strategies (e.g., an open and free Internet, the focus on critical infrastructure protection), the latest Strategy shows a more progressive evolution of thinking on how the cyber landscape has changed and how the United States needs to adapt to it.  Noticeably absent in the title is “security”; it is only the National Cyber Strategy, which accurately conveys the fact that “security” cannot be addressed independently without addressing how offensive actions can play a supporting role.  This is not to condemn or criticize past administrations’ strategies; cyber conflict has been evolutionary, and as such, requires each subsequent administration to review the prior one to ensure that it meets the needs and conditions of its environment.

And indeed, as cyber attacks have grown more prolific and increasingly severe, trying to figure out how to use counter attacks as punishment, retaliation, deterrence, or a combination thereof, is critical for governments.  Acknowledging that cyber threats are more than just disruptive/destructive attacks, but can leverage social media platforms, as well as regular and fabricated media outlets to spread propaganda, misinformation, and disinformation to influence targets, must be considered when determining a cyber retaliatory course of action.  Adversaries have typically not suffered any official punitive cyber response from the United States, which may serve to encourage follow on activities such as cyber spying, intellectual property theft, or undue influence operations.  The Strategy clearly articulates its intention to use all of its domestic and collaborative resources with like-minded states to immediately mitigate the threat.  There is no gray area open for misinterpretation.

Unquestionably, the ability for agile actions is necessary in a domain in which attacks happen instantaneously, and in which attribution can be murky at best.  Depending on the intent for conducting a punishing cyber retaliation, the ability to respond quickly to demonstrate that cyber hostility is not tolerated is critical.  However, one big caveat is that prior to launching a counter attack, is to ensure that striking back is done in an appropriate, proportional manner.  There is little doubt that the U.S. possesses the means and resources to conduct such counter strikes.  The biggest challenge for U.S. cyber retaliation – guaranteeing that the target is viable and not hiding behind some civilian façade or operating out of a third country.  The more the U.S. counters these activities, the more adversaries will invariably learn and adjust their operations accordingly, thereby balancing the scales again.  And all eyes will be on the U.S. once more seeing how it will react.

 

This is a guest blog post by Emilio Iasiello

The post The New Cyber Strategy Frees Up U.S. Cyber Muscle. How Will It Be Flexed? appeared first on CyberDB.