Leveraging packet data to improve network agility and reduce costs

Global enterprises spend over $100 billion a year on cybersecurity, but multi-vector threats can still find a way to invade network infrastructures. IT teams need to protect numerous and varied entry points, including mobile devices, and new technologies like the Internet of Things (IoT), virtualization, Wi-Fi hotspots and cloud applications.

At the same time, service providers need secure access to data centers, equipment and campus environments with near-zero network performance latencies. They must also gain visibility into encrypted traffic so they can safeguard their resources.

However, the most vital of these assets is packet data, which offers a shortcut to a comprehensive visibility-driven security program encompassing threat detection and precise investigative capabilities. IT teams can also add controls, flexibility and scalability by delivering the right packets to tools as needed. Throughout this process, they will improve recovery times and increase the return on investment for their cybersecurity budget.

The current landscape

Network administrators are working hard to meet the continuous demands for higher bandwidth while delivering a superior user experience. To do so, they need to gather real-time insights, improve productivity, and stay within monetary constraints. That’s a tough balance to strike, especially given the increased number of vulnerabilities affecting safety, governance, and compliance.

Over 20 billion connected devices are in use worldwide, and cybercriminals are updating their strategies to fit this new environment. Attackers exploit faster internet speeds, next-generation tools, and bad actor hosting sites, to create a wide range of sophisticated attacks. These can include malware, spam services, encrypted attacks to exfiltrate data, potential beaconing and C2 (Command and Control) communications, Distributed Denial of Service (DDoS) attack, and other malicious communications. They target networks and collect sensitive data from right under victims’ noses. With increased targeting of edge services, organizations must adopt a holistic approach to securing their entire distributed security visibility network to deliver the right packet data to their security systems. That begins with a comprehensive security visibility fabric architecture.

The most crucial preventive measure is rapidly addressing application performance issues through actionable insights. Operators can mitigate DDoS attacks at the edge quickly with automated solutions that protect packet data while minimizing risk. They should move storage workloads to the cloud as an extra layer of security.

IT teams who can’t see encrypted traffic face dangerous blind spots in their security, which could lead to financial losses, data breaches, and heaps of bad press. Because of this, it’s essential to protect networks and get smart visibility into these issues.

Regulatory bodies and organizations are shifting to the use of – and even mandating – ephemeral key encryption and forward secrecy (FS) to address the need for greater user security. The monitoring infrastructure will require companies to look at offloading Secure Socket Layer (SSL) decryption to allow tool capacity to keep up and to reduce latency by performing SSL decryption once and inspecting many times to scale the security infrastructure. Having a network packet broker in place to direct specific traffic to your SSL decryption appliance will allow for that decryption step. It will also enable the use of security service chaining to deliver the decrypted packet data to various security systems to maintain and monitor for optimal performance.

What the industry needs 

Many organizations don’t have the proper protective measures in place to fight attackers. They need to embed that capability into workflows because it allows for the rapid detection of issues within both physical and virtual infrastructures.

Enterprises are adopting emerging technologies to handle growing traffic volumes and network speeds. The increase in web applications and multimedia content has spurred a growing demand for simplified data center management, automation and cloud services. As a result, the packet broker market is flourishing with research predicting that the segment will be worth $849 million by 2023.

At the same time, network administrators must provide smart and flexible security solutions while reducing capital expenditures. IT teams can simplify these processes using distributed architecture. To do so, they need a cost-effective, scalable solution with no blind spots, which allows them to evolve packet data storage.

Operators and security administrators who base their actions on up-to-the-minute traffic reports can make decisions in real-time. Devices, applications and public and private clouds all aid in this mission by detecting threats throughout the network.

Why visibility is essential

Security is about controlling risk, and risk is defined by loss exposure. How can a business identify and manage risk? Companies need to be crystal clear on what they think about risk and have a thorough understanding of what they consider as assets. Having control is only possible with visibility into the network that provides access to those assets. Overcoming challenges and maximizing security requires a pervasive visibility layer that reduces downtime while increasing return on investment and enabling efficient operations.

The good news is enterprises are improving visibility as they analyze more information. IT departments need to follow suit by obtaining high-quality packet data and real-time insights. Tech teams can then protect systems from cyberattacks, provide reliable service assurance and comply with regulations.

Enterprises should monitor their infrastructure continuously so they can detect threats before they happen..[…] Read more »….

 

 

Is Your Organization Prepared for the July 1 CCPA Enforcement Deadline?

During the first half of 2020, COVID-19 has redefined the new normal and in many cases put on pause legislation impacting businesses. One exception to these cancellations is the California Consumer Privacy Act of 2018 (CCPA), which took effect at the beginning of this year. With the California Attorney General officially announcing the submission of its final regulations to support the CCPA on June 2, 2020, the official deadline to achieve compliance, and ultimately avoid fines, is July 1, 2020.

The six month grace period between the CCPA’s implementation and enforcement was designed to give businesses an opportunity to assess their compliance needs and act accordingly. As if this wasn’t a tall enough order, mass organizational restructuring and the increase in remote work as a result of COVID-19 has disjointed business’ data processes in some cases deprioritized this pending obligation. As a consequence, the remote work practices hastily implemented within many organizations has driven a significant increase in distributed data over this period, only adding to the complexity. Amid the dispersed work and coming to terms with new business realities, organizations and their shareholders can ill afford the hefty price tag of non-compliance.

Unlike its European counterpart, the General Data Protection Regulation (GDPR), which imposes fines based on the degrees of violation, the CCPA allows individuals to pursue legal action against companies for their infractions. Non-compliant companies could be on the hook for up to $2,500 per individual violation of a data breach — an amount that can quickly get out of hand. As July 1 quickly approaches, organizations can take the following steps to work toward achieving compliance by the deadline and remaining compliant in the future.

Conduct a data sweep of all endpoints

In today’s remote work environment, employees are downloading, storing and sharing customers’ personal identification information (PII) in a variety of different places, some of which aren’t secure or approved destinations. What seems like a harmless act can put organizations at risk, not just when it comes to compliance but also in terms of overall network security.

To avoid and mitigate the disbursement of this data to unsecure endpoints, organizations should conduct a thorough sweep of all workstations to map out the location of PII data. This should be done regularly to ensure continued compliance and protection from malicious actors. In addition, by understanding where personal and sensitive data resides, this enables organizations to review the workflows and make appropriate changes to mitigate future risk. In an ideal scenario, only a small number of employees will have access to valuable customer and user data therefore limiting how often it’s accessed, reviewed or shared.

While compliance is the responsibility of all departments within the organization, hiring a compliance officer or CISO to spearhead the compliance movement can also help mitigate some of the regulation’s complexities. A dedicated compliance officer can help relay important messages to the company as whole, and drive initiatives, providing a clear leadership and data strategy for the company. As the regulatory landscape grows in size and becomes more complicated, compliance officers or CISOs should be following the latest trends and initiatives to proactively promote organizational compliance.

Ensure consumers understand their right to PII data

The overall goal of the CCPA is to give consumers more control and safeguards over how their data is used. With this in mind, it’s imperative that organizations over communicate to customers to ensure they are aware of the key rights within the CCPA:

  1. The right to know what personal information is being collected, used, shared or sold, as well as the categories of personal information the business has collected on consumers over the previous 12 months.
  2. The right to request the deletion of personal information.
  3. The right to opt-out of the sale of personal information.
  4. The right to non-dscrimination for the exercising of a consumer’s privacy rights.

In addition to these new regulations, organizations must also provide the resources to submit a request for the disclosure of personal information. These types of situations require that organizations over communicate with their customers for compliance and transparency. To do this, organizations should ensure that consumer rights are prominently displayed on publicly facing content, including a dedicated page on the company website and inclusion in all marketing materials or third party contracts. While these new rights will be enforced by the CCPA, now may be a good time for organizations to assess what types of data management initiatives they can undertake to be proactive.

Create internal processes to address new compliance obligations

It’s also worth noting that with the new consumer rights listed above, the CCPA requires organizations to adhere to a new set of obligations, including but not limited to:

  1. Notice at collection, meaning that organization must alert consumers at or before the point of data collection.
  2. Organizations must create clear procedures to respond to requests from consumers to opt-out, delete, etc.
  3. Organizations that sell personal information data must provide clear and direct links like “Do Not Sell My Personal Information” on their website or mobile app.
  4. Organizations must verify the identity of consumers who request to know and or delete personal information.
  5. Organizations must disclose financial incentives offered in exchange for the retention or sale of consumer’s PII data.
  6. Organizations must maintain records of requests and how they responded for at least 24 months and have security measures to protect and maintain this information.

At first glance these obligations can seem daunting, but the cost of becoming compliant is far exceeded by the cost of non-compliance…[…] Read more »

 

Fundamentals Of Blockchain Security

Introduction

The goal of blockchain is to create a fully decentralized, trustless digital ledger. This is an ambitious goal since most ledger systems in use today, such as those used to track bank balances, rely upon a centralized authority to maintain the consistency, correctness and integrity of the ledger.

Blockchain is designed to replace this trust in a centralized authority with trust in cryptographic algorithms and protocols. The blockchain is designed so that all of its “guarantees” are reliant upon the correctness and security of protocols and cryptographic algorithms, rather than any of the individuals operating the network.

Structure of the blockchain

The blockchain gets its name from its two main structural components. A blockchain is a series of “blocks” that are “chained” together. The combination of these two features creates a digital ledger with built-in integrity protections.

The blocks

The blocks of a blockchain are what provides the data storage. A block is composed of a block header containing important metadata and a body containing the actual transactions stored in the block.

Source: Wikimedia Commons

Block 11 in the image above shows the structure of a notional block. The block header contains a previous block hash (more on this in a minute), a timestamp, a transaction root and a nonce (important for the Proof of Work consensus algorithm).

The block body is structured as a Merkle tree, which provides a number of different benefits. One of these is the fact that, due to the properties of hash functions, the root value of the tree can be used to summarize the entire tree. Anyone with a list of the transactions contained in the block can regenerate the tree, but it is computationally infeasible to find a different version of the transaction tree with the same root value. This means that a block can contain an infinite number of transactions but maintain a fixed-size block header; however, most blockchains have a maximum limit on block size for protection against Denial-of-Service (DoS) attacks.

The “chains”

The previous block hash value in a block header implements the blockchain’s “chains.” Each block header contains the hash of the previous block in the blockchain.

With a strong hash function, it is infeasible to find another version of a block that has the same hash value as is stored in the header of the next block. This is vital to the integrity protections of the blockchain. If an attacker wants to create a fake version of a given block, they must create a fake version of every block that follows it as well.

Blockchains are also governed by the longest chain rule. This says that, in the event that two conflicting versions of the blockchain exist, whichever one is “longer” wins. This means that an attacker not only needs to create a new, fake version of every block after the one that they want to change, but they also need to do so faster than the rest of the network creates the legitimate version. This makes creating a fake version of the blockchain exponentially more difficult than faking a single block.

Basic blockchain cryptography

The design of the blockchain and the protocols that define how it works are new. However, the cryptography that provides blockchain’s security guarantees existed long before Bitcoin. Under the hood, blockchain technology is very dependent on public-key cryptography and hash functions.

Public-key cryptography

Public-key or asymmetric cryptography is designed to use a pair of related keys. The public key is designed to encrypt messages and to verify digital signatures, while the private key performs message decryption and signature generation.

The distributed and decentralized nature of the blockchain makes digital signature technology essential to the integrity of the digital ledger. Blockchain is implemented so that each node in the network stores and updates their own copy of the ledger.

Digital signatures are what keep these nodes honest. Every transaction and block in the blockchain is signed by its creator. This ensures that a malicious node cannot create a fake transaction or block and attribute it to someone else unless they can generate a valid digital signature for that user.

In theory, this is impossible since current public key cryptography algorithms are secure until quantum computers and Shor’s algorithm are a feasible attack vector. In practice, use of weak private keys for blockchain accounts have enabled cryptocurrency thefts on blockchains.

Hash functions

Hash functions are used for a variety of purposes in blockchain systems. Their benefit comes from the fact that they are guaranteed to be both collision resistant and one-way functions.

Collision resistance means that it should be infeasible to find two inputs to a hash function that produce the same output. While the Pigeonhole Principle guarantees that it is possible to find two such inputs (in fact, an infinite number of inputs produce the same output), a hash function should be designed so that the only way to guarantee that you find a match is to search the same number of inputs as there are possible outputs (which is a lot).

In order to be a cryptographically secure one-way function, hash functions must have a number of different properties. They not only need to be one-way functions but also must have a large state space (number of possible outputs) and be non-local (similar inputs produce dissimilar outputs).

As collision-resistant, one-way functions, hash functions are ideally suited to ensuring the integrity of data within a distributed digital ledger…[…] Read more »….

 

 

 

Meet Cheryl Kleiman: Cloud Expert of the Month – June 2020

Cloud Girls is honored to have amazingly accomplished, professional women in tech as our members. We take every opportunity to showcase their expertise and accomplishments – promotions, speaking engagements, publications and more. Now, we are excited to shine a spotlight on one of our members each month.

Our Cloud Expert of the Month is Cheryl Kleiman.

Cheryl Kleiman, Regional Vice President of Sales at Flexential, has over 25 years of executive leadership in sales and marketing in the information technology sector serving multiple industries. She has also served as Treasurer for the Tampa Bay Technology Forum, which earned her an ‘Outstanding Directors’ award from the Tampa Bay Business Journal. She also served as Chair of the organization’s Membership committee. Cheryl currently sits on the boards of March of Dimes, The Outback Bowl, and the Greater Fort Lauderdale Alliance

When did you join Cloud Girls and why?
I was introduced to Cloud Girls by Tamara Prazak in 2018. I immediately wanted to be part of the movement! I knew I could add value and make a difference.

What do you value about being a Cloud Girl?
I value the impact Cloud Girls has and can continue to have in the continued advancement of women in the technology sector, and the ability as a ‘team’ to truly move the needle to affect lives and produce positive outcomes. I also value the group’s common interests, goals, intellect, and knowledge sharing. And of course, the new friendships, both personal and professional, are important to me.

What are the best ways you’ve gained executive sponsorship?

  • Inclusion and awareness into the goal or ask prior to executing
  • Preparedness (do the homework)
  • Performance/Results (do what I say)
  • Accountability (own it)
  • Hard Work (10X)
  • Persuasion (never taking “No’ for an answer)
  • And a Solid, proven business case

How do you avoid being complacent in your role?
Continuous learning, taking on new challenges, always being curious, setting stretch goals for myself, participating in charity work, and never getting comfortable.

What are the most exciting opportunities for women in tech?
I love technology, so I think any opportunity is exciting..[…] Read more »…..

 

Coronavirus-themed Malware and Ransomware Ramp Up

Cybercriminals are known to leverage on global phenomenon for personal gain, be it the elections or the Olympic Games. And COVID-19 is no different. Scammers are using the pandemic to capitalize on a public scare that is already dire.

By Pooja Tikekar, Feature Writer, CISO MAG

Hackers are using social engineering tools to formulate phishing emails in the name of the World Health Organization (WHO) and other regulatory bodies to target vulnerable victims. These phishing emails contain documents with embedded links that result in malware and ransomware attacks.

Here are some of the COVID-19-themed cyberthreats:

1. CovidLock

The security team at DomainTools discovered a domain (coronavirusapp[.]site), which claims to have a real-time Coronavirus Tracker. It poses as a download site for an Android app that maps the spread of the virus across the globe. However, the app has a hidden ransomware application named “CovidLock” that threatens to delete contacts, pictures and videos on the victims’ device if a ransom of $100 in Bitcoin is not paid within 48 hours.

Image source: DomainTools
2. Dharma (CrySIS)

Dharma belongs to the family of CrySIS malware and was first discovered in 2016. The malware is distributed in malicious email attachments to deliver the payload. The payload is attached as an executable file by name “1covid.exe,” which begins to encrypt files after it is downloaded. The encrypted files have an extension called “.ncov” (supposedly Novel Coronavirus). It also drops a ransom note prompting users to write an email to “coronavirus@qq.com” to restore their files.

dharma ransom note
Image source: Quick Heal
3. Emotet

The Emotet malware spam (malspam) emails contain a warning note and call to action for downloading a malicious Word doc attachment, which is said to contain precautionary health measures and latest updates related to Coronavirus. On opening the attachment and enabling macros in Office 365, an obfuscated VBA macro script begins to run in the background, which further installs a Powershell script and downloads the Emotet malware. The Emotet script also downloads a few other malicious payloads to extract additional data from the targeted system.

4. Maze

Maze ransomware was discovered in 2019, however, amid the Coronavirus crisis, it is used to target health care organizations. It threatens to publish patient records online, thereby putting the health care organizations at risk of the immediate violation of the General Data Protection Regulation (GDPR). According to DataBreaches.net, the operators of Maze ransomware attacked the London-based clinical testing firm Hammersmith Medicines Research, as it has volunteered its services to the U.K.’s National Health Service (NHS) and local medical practices to help test medical frontline staff for COVID-19.

maze ransom note
Image source: Wikimedia Commons
5. REvil

Also known as Sodinokibi, the REvil ransomware operators are targeting managed service providers (MSPs) and local governments amid the pandemic. The operators scan the internet for vulnerable machines to deploy the malware payload through a Virtual Private Network (VPN). The operators targeted and infected California-based biotechnology company 10x Genomics to steal sensitive information, as the firm is part of an international alliance sequencing cells from patients who have recovered from the Coronavirus.

6. NetWalker

A variant of Mailto, the NetWalker ransomware targets home and corporate computer networks to encrypt the files it finds. It targets victims by sending phishing emails attached to execute the payload of the ransomware. Further, the file name “CORONAVIRUS_COVID-19.vbs” tricks users into executing it. Once the “vbscript” is executed, the ransomware is dropped in “C:\Users\<UserName>\AppData\Local\Temp\qeSw.exe.” The shadow copies are erased from the system, making safe file recovery difficult.

netwalker ransom note
7. Ginp

Kaspersky researchers have discovered the Ginp Banking Trojan that takes advantage of Android users to steal credit card credentials of potential victims…[…] Read more »…..

This article first appeared in CISO MAG.

<Link to CISO MAG site: www.cisomag.com>

New Survey of Consumer Sentiments Reveals Sharp Demographic Divisions in 5G Technology Acceptance

Given that about 81% of Americans now own smartphones and that more than half will only access the internet via mobile connections by 2025, one might assume that 5G technology would be strongly supported and embraced in the United States. A new study of consumer sentiments paints a more complicated picture.

Though there is widespread awareness of 5G, acceptance of and perception of it have some strong divisions along age lines. Older internet users are more likely to be unaware of it, and are also more likely to resist adopting it.

Consumer sentiments toward 5G: Substantial acceptance, but with notable reservations

The study of consumer sentiments was conducted by SYKES of Tampa, Florida. It focused on the responses of generational groups: Baby Boomers (age 55+), Generation X (age 35-54), Millennials (25-34) and Generation Z (under 25).

Baby Boomers represented most of the outlier consumer sentiments; this group was the most likely to be unaware of 5G technology, to think it would apply to wired connections, and to feel it would have no impact on their daily lives. However, this was also the demographic that was most concerned about data privacy. Most of the responses that indicated a high level of concern about 5G data sharing came from Baby Boomers, who were also most likely to avoid using it for as long as possible.

Millennials are the most enthusiastic 5G consumers. They are the most familiar with it, the leading group of early adopters, the most interested in connecting multiple devices to it, and are most enthusiastic about consuming media and entertainment at higher speeds. Early adoption numbers are relatively low (20%), but still significant given that it is presently only available in about 30 cities.

Overall awareness of 5G is high (85%). However, only about 50% appear to be aware that it is for mobile connections only. Over 50% think that the biggest benefit will be faster connection speeds, followed by about 20% who are most interested in connecting multiple devices.

The survey found no shortage of reservations about 5G technology, however. Leading consumer sentiments in this area included potential negative impacts on health, the possibility of use for espionage, environmental impact and increased collection of personal data.

Though Millennials are the leading demographic in embracing 5G mobile technology, they are also the most concerned about environmental impact. There are serious concerns in this area, mostly the anticipated rise in energy use and manufacturing of new devices contributing to climate change. There is also speculation that the unique millimeter waves that 5G networks use may disrupt ecosystems; cellular towers have been shown to cause mutations in bird eggs and to contribute to “colony collapse disorder” in beehives, and the rollout of 5G would require many more small radio towers with similar output to be built.

Millennials are also the most concerned about possible negative impacts to health. Concerns here are all over the map from plausible worries about the potentially carcinogenic radiation emitted by towers, to wild conspiracy theories that claim 5G networks are transmitting the coronavirus and weakening human immune systems.

Consumer sentiments about espionage are heaviest among Baby Boomers, who are most likely to believe that China will win the 5G wars and thus use the technology in a way that threatens national security. However, it is a fact that 5G will also enable both carriers and marketers to collect even more personal data about individuals. About 50% of Americans are not comfortable with this, but would accept it as an inevitable flaw in the system so long as they get the promised fast connection speeds and more reliable networks. About 25% don’t care about giving up their personal data; the other 25% (mostly Baby Boomers) plan to avoid 5G for as long as possible for this reason.

5G technology’s obstacles to acceptance

Prior surveys of consumer sentiments help to contextualize these recent results and flesh out the picture of the current market for 5G technology. Consumers have shown significant interest in wireless 5G as an in-home replacement for wired service and as a way to finally decouple entirely from cable TV, particularly in rural communities where infrastructure or market forces limit choice. 5G technology is fast enough to be capable of this, but broader consumer awareness of this possibility (particularly among the older demographics) appears to be relatively low…[…] Read more »

 

Cloud Strategies Aren’t Just About Digital Transformation Anymore

Organizations have been transferring more data, workloads, and applications to the cloud to increase the pace of innovation and organizational agility. Up until recently, the digital transformation was accelerating. However, cloud adoption recently got a major shove as the result of the crisis, which can be seen in:

  • Dramatic remote work spikes
  • Capital expenditure (CapEx) reductions
  • Business model adaptations to maintain customer relationships

In fact, in a recent blog, Forrester reported robust 2020 first quarter growth of top three providers with AWS at 34%, Microsoft Azure (59%), and Google Cloud Platform (52%). The driver, according to Vice President and Principal Analyst John Rymer, is “Faced with sudden and urgent disruption, most enterprises are turning to the big public cloud providers for help.”

“We are seeing a huge increase in our clients wanting to digitize in-person processes and ensure they are accessible 24/7 and integrated with existing technologies through utilizing cloud services [such as] developing contactless ordering systems for physical retail locations, which both reduce the need for face-to-face interaction, but also sync with existing POS and stock management systems,” said Bethan Vincent, marketing director at UK digital transformation consultancy Netsells Group. “This requires both API integrations and a solid cloud strategy, which seeks to build resilience into these new services, protecting against downtime and the knock-on effect of one system affecting another.”

Jiten Vaidya, PlanetScale

Jiten Vaidya, PlanetScale

Speaking of resiliency, there is a corresponding uptick in Docker and Kubernetes adoption. “We have seen an interest in databases for Kubernetes spike during the COVID-19 pandemic. Kubernetes had already emerged as the de facto operating system for computing resources either on-premise or in the cloud,” said Jiten Vaidya, co-founder and CEO of cloud-native database platform provider PlanetScale. “As the need for resiliency and scalability becomes top of the mind, having this uniform platform for database deployment is becoming increasingly important to enterprises.”

While business continuity isn’t the buzzy topic it was during the Y2K frenzy, many consulting firms and technology providers say it’s top of mind once again. However, it’s not just about uptime and SLAs, it’s also about the continuity of business processes and the people needed to support those business processes.

Greater remote work is the new normal

Chris Ciborowski, CEO and co-founder of cloud and DevOps consulting firm Nebulaworks, said many of his clients have increased their use of SaaS platforms such as Zoom and GitLab/GitHub source code management systems.

“While these are by no means new, there has been a surge in use as identified by the increased load on the platforms,” said Ciborowski. “These are being leveraged to keep teams connected and driving productivity for organizations that are not used to or built for distributed teams. [M]any companies [were] already doing this pre-pandemic, but the trend is pouring over to those companies that are less familiar with such practices.”

Chris Ciborowski, Nebulaworks

Chris Ciborowski, Nebulaworks

Dux Raymond Sy, CMO and Microsoft MVP + regional director at AvePoint, which develops data migration, management and protection products for Office 365 and SharePoint, has noticed a similar trend.

“Satya Nadella recently remarked [that] two years of digital transformation has happened in two months,” said Sy. “Organizations and users that were on the fence, have all adopted the cloud and new ways of working. They didn’t have a choice, but they are happy with it and won’t revert to the old ways.”

However, not all organizations have learned how to truly live in the cloud yet. For example, many have adopted non-enterprise, consumer communication and/or collaboration platforms, which have offered free licenses in response to COVID-19. However, fast access to tools can result in ad-hoc, unstructured and ungoverned processes.

“Adoption isn’t a problem anymore, but now productivity and security are. As we emerge from the post-pandemic world, organizations are going to need to clean up their shadow IT, overprivileged or external users that can access sensitive data they shouldn’t and sprawling collaboration environments,” said Sy. “The other mistake we are seeing organizations make is not continuously analyzing their content, finding their dark data, and reducing their attack profile. Organizations need to make a regular habit of scanning their environments for sensitive content and making sure it is where it is supposed to be or appropriately expire it if it can be deleted. Having sensitive content in your environment isn’t bad, but access to it needs to be controlled.”

Dux Raymond Sy, AvePoint

Dux Raymond Sy, AvePoint

All the cybersecurity controls organizations have been exercising under normal conditions are being challenged as IT departments find themselves enabling the sudden explosion of remote workers. In fact, identity and access management company OneLogin recently surveyed 5,000 remote workers from the U.S. and parts of Europe to gauge the cybersecurity risks enterprises are facing. According to the report, 20% have shared their work device password with their spouse or child, which puts corporate data at risk, and 36% have not changed their home Wi-Fi password in more than a year, which puts corporate devices at risk. Yet, 63% believe their organizations will be in favor of continued remote work post-pandemic. One-third admitted downloading an app on their work device without approval.

“Organizations everywhere are facing unprecedented challenges as millions of people are working from home,” said Brad Brooks, CEO and president of trusted experience platform provider OneLogin in a press release. “Passwords pose an even greater risk in this WFH environment and — as our study supports — are the weakest link in exposing businesses’ customers and data to bad actors.”

CapEx loses more ground to OpEx

SaaS and cloud have forever changed enterprise IT financial models, although many organizations still have a mix of assets on-premises and in the cloud. In the wake of the 2008 financial crisis, businesses increased their use of SaaS and cloud. Digital transformation further fueled the trend. Now, CFOs are taking another hard look at CapEx as they fret about cashflow.

Suranjan Chatterjee, Tata Consultancy Services

Suranjan Chatterjee, Tata Consultancy Services

“The pandemic has crystalized the fact that there are basically two types of companies today: those that are able to deliver digitally and connect to customers remotely, and those that are trying to get into this group,” said  Miles Ward, CTO at business and technology consulting services firm SADA. “Since the world turned on its head the past few months, we’ve seen companies in both groups jump on cloud-based tools that support secure connections, scaled communications, rapid development and system access from anywhere, anytime. Using these tools, companies can reduce their risk; nothing feels safer than going from three to five-year commitments on infrastructure to easy pay-as-you-go, and pay only for what you use, commitment-free systems.”

Business models have shifted to maintain customer relationships

Businesses negatively impacted by shelter in place and stay at home executive orders have reacted in one of two ways: adapt or shut down temporarily until the state or country reopens. The ones that have adapted have been relying more heavily on their digital presence to sell products or services online, with the former being supplemented with curbside pickup. The businesses that shut down completely tended to have a comparatively weak digital strategy to begin with. Those companies are the ones facing the biggest existential threat..[…] Read more »…..

 

 

The ever changing role of a CSO with David Levine

With a wide and diverse variety of positions during his 23-year tenure with the Ricoh, Vice President Corporate and Information Security and CSO David Levine shares his perspective on the role of the CISO,  how he stays abreast of industry trends and in the current COVID-19 era, what it means to have a remote team. 

 

Q: How has the role of the CISO changed over your career?

A:  The CISO role has continued to grow in organizational and strategic importance within many businesses, including Ricoh. What was once a blended function in IT is now its own critical function with its leader (CISO/CSO) having a seat at the table and reporting, if applicable, to the board on a regular basis. That’s a significant transformation!

Q: What is the biggest challenge for a CISO today?

A: This ties into my answer above, the security budget and staffing has not necessarily kept pace with increasing demands and importance. As more and more of the organization as well as customers and partners realize they need to engage and include security the team gets spread thinner. This can put a real strain on the organization and its effectiveness. Prioritization and risk assessment become critical to help determine what needs to be focused on. You also cannot ignore the fundamental challenge of just keeping pace with operational fundamentals like vulnerability remediation, patching, alert response and trying to stay ahead of highly skilled adversaries. 

Q: How do you stay abreast of the trends and what your peers are doing?

A: I use a variety of approaches to track what’s going on relative to trends and my peers. Daily security email feeds are a great source to get a quick recap on the last 24 hours, leveraging one or more of the big research firms and being active in their councils is a great mix of access to analysts and peers. I am also active in the CISO community and participate in events run by great organizations like Apex. 

Q: What advice would you give an early stage CIO or CISO joining an enterprise organization?

A: Although I have been with Ricoh for many years, if I was moving to a new organization, I would take the time to ensure I understand:

 

  • the company’s objectives and priorities; 
  • what’s in place today and why;
  • what security’s role in the organization has been;
  • what’s working and what isn’t.

 

I’d also commit to completing initial benchmarking and make sure I spent time, upfront, to start to build solid relationships with key stakeholders.

Q: Have you been putting cloud migration first in your organization’s transformation strategies?

A: We adopted a cloud first mentality a few years ago. The cloud isn’t perfect for everything but in many cases it’s a great solution with a lot of tangible advantages.

Q: What are your Cloud Security Challenges?

A: For us, one of the biggest challenges is keeping pace with the business from a security and governance standpoint. We are currently working on putting in comprehensive policies and requirements, along with tools like a checklist, which will make it clear what’s needed and also enable the various teams to do some of the upfront work without needing to engage my team. That’s a win-win for everyone and reduces the likelihood of a bottleneck.

Q: What are your top data priorities: business growth, data security/privacy, legal/regulatory concerns, expense reduction?

A: YES! In all seriousness, those are all relevant priorities my team and I need to focus on. This further adds to the prior points around more work than hours and resources. 

Q: Did you have specific projects or initiatives that have been shelved due to COVID-19 and current realities?

A: Like most of my peers that I have talked to, we have put on hold most “net new” spending for now. The expectation is we will get back to those efforts a bit down the road. We are also taking a look to see what opportunities we have to streamline expenses.

Q: Has security been more of a challenge to manage while your teams have shifted to a Work From Home structure?

A: I am proud of my teams and the ecosystem we put in place. All in all, it’s been a pretty smooth transition. My team is geographically dispersed and a few key resources were already remote. However, that is not to say there aren’t any challenges – not being able to put hands on devices has made some investigations and project work more difficult but we’ve found safe ways to complete the tasks. Ensuring the teams stay connected and communicate is also important. 

Q: What were/are the most significant areas of change due to COVID-19?

A: We certainly had to make some exceptions to allow access and connectivity that we would not have done under normal circumstances, but it was the right thing to do for our business and our customers. We also had to shift some users to work from home who typically would not and as such, didn’t have the right resources. Both of these highlighted areas to focus on in the next revisions of our Business Continuity Plans which contemplated the need to shift work and locations but not necessarily everyone working from home. There is also a need to reemphasize security, policies, training when working from home.

How Video Analytics Help Security Drive Awareness and Insight

In diverse industries, video analytics help security to get a clearer view.

As a rule, there is a lot that video analytics can do to bolster security – whether that’s motion detection for perimeter security; facial recognition for access control; or artificial intelligence (AI) for object classification, to name a few of the possibilities.

As we consider the promise of video analytics in seven key sectors, a common theme emerges. Analytics don’t just enhance the security mission, acting as a force multiplier and driving new levels of awareness and insight. They also boost the position of the security professional, enabling security to leverage its investment in video as a means to drive new levels of efficiency across all levels of the operation.

K-12 Schools

In a K-12 school, where a security officer may need to watch over a large and complex facility, analytics and AI can expand that guard’s reach. “There is the security component from something simple: Was a child left on the playground when everyone returned from recess?” says Forrester Senior Analyst Nick Barber. “AI could be trained to tell the difference between a child and an adult, so that it isn’t falsely triggered if there is a teacher on the playground versus a student.”

“Or, is there an active shooter on campus and should 911 be contacted?” Barber says. AI, as applied to video, could be trained to recognize what a gun looks or sounds like and could automatically alert authorities, while simultaneously relaying the related video. Analytics could support simpler tasks as well, such as taking attendance as students enter the school or classroom.

Universities

The security challenge for universities and college campuses rests with sheer acreage. Universities may have a large security footprint, with their own police departments supported by cameras and a monitoring center. But they also have a lot of ground to cover. Analytics can provide a force multiplier.

Facial recognition, for instance, can offer a ‘be on the lookout’ mechanism to help security identify persons of interest. “If there’s a stalker, the analytics can pick up on those individuals,” says Scott Vogel, CEO of Incyte Security, a data analytics consultancy. Geofencing and other analytic tools can likewise help secure a sprawling perimeter. “You may have people hopping the fence at night to avoid the security gate, and analytics can provide a virtual barrier.”

Healthcare

In the healthcare environment, video is of greatest use in helping to secure entry and exit points, whether that is aimed at keeping unwanted individuals out of an emergency-care situation, or at keeping dementia patients in and on-premise at a senior care facility. “Analytics solutions can alert operators when people either enter or exit secure areas without proper identification procedures, such as swiping a badge, or they can utilize some facial recognition features to be sure that the person on camera who has earned entrance to a secure area is the person they are claiming to be,” says Danielle VanZandt, industry analyst for security, aerospace, defense and security at Frost & Sullivan.

Analytics can also be used to identify potential threats that might otherwise be overlooked by security personnel. Left objects or ‘loitering’ analytics will aid hospital security teams to identify either suspicious packages or behaviors, particularly if these alerts are generated in areas that should not have significant amounts of foot-traffic.

Cannabis

Video analytics can help cannabis growers to identify possible threats to the safety of their crop, says Ryan Douglas, founder of consulting firm Ryan Douglas Cultivation LLC. “High-tech greenhouses install mobile cameras that constantly run along tracks mounted to the ceiling. Analyzing this video can help with the early identification of pest or disease outbreaks, nutritional deficiencies and undesirable growth patterns before they negatively affect a crop,” Douglas says. It’s a way for security to leverage its video investment in support of enhanced operational efficiency.

Security could also utilize analytics to help ensure cannabis retailers comply with regulations, if, for instance, the system was programmed to monitor quantities of product changing hands at the point of sale. “It could ensure that during the purchase transaction, buyers don’t exceed the amount of product that they are legally allowed to purchase,” Barber says.

At grow sites, analytics can also be applied to remote video surveillance systems to help secure the perimeter.  Motion-detection capabilities and geofencing can likewise be leveraged to extend the eyes of the security force over the growing and production operations.

Property Management

For security on a commercial property, video alone can’t cover all the bases. Property management requires a combination of broad vision and deep insights. Beyond mere images, analytics can deliver the intelligence to help security professionals make best use of their time and cover ground more effectively.

“You might have teenagers climbing on the roof of the building. Beyond the general liability problem, they are damaging the roof,” Vogel says. “With analytics, you can identify the places where people go up on that roof and notify security. Within seconds you get notification and hopefully can deter that incident.”

Analytics can detect patterns of behavior, noting when a parking lot is filling up. This helps to ensure adequate security coverage when and where it is needed. Video analytic tools can help security to deter theft from commercial properties, by highlighting common traffic-flow patterns and sending out a notification to security officers when those patterns are disrupted. This helps security to see when products may potentially be walking out the back door and, with the help of automated notifications, to respond in real time.

Critical Infrastructure

Consider all the luminous dials in a hydroelectric plant or an oil refinery: Constant reminders that pressure and temperature are key determinants of safety. Security personnel can use analytics to monitor a vast array of analog sensors more effectively and in real time. Point a camera at an analog gauge, program the analytics to watch for threshold levels, “and an alert can get triggered if the pressure rises above a certain point as seen on the dial,” Barber says.

Video can also be used to understand how specific elements of the facility are operating and can signal when key components need replacement. Security thus pushes critical infrastructure closer to an IoT-enabled enterprise, Barber says.

Security personnel also are charged with tracking workers, vendors and others who  at critical infrastructure facilities. Video analytics capabilities, when paired with surveillance systems that provide facial recognition, will help critical infrastructure to improve access control, maintain security logs for entry and exits in specialized areas and better manage visitors or contractors, VanZandt says.

Manufacturing

Access control is a key issue in manufacturing, with security tasked to ensure that only the right people can get to certain places, especially sensitive production areas and inventory stores..[…] Read more »….

 

 

How the COVID-19 Pandemic Reinforced Hackers’ Revenue Models

The industrious and criminal-minded threat actors behind the majority of cyberattacks have reinvented their attack approaches during the ongoing COVID-19 pandemic. Since the advent of the outbreak, cybercriminals are developing new phishing tools, hacking strategies, and exploring different attack avenues to benefit from the crisis and eventually prove their cyber prowess.

By Rudra Srinivas, Feature Writer, CISO MAG

Several new cybersecurity scams and malicious activities have risen during the pandemic.  According to a survey the key cause for the emergence of these new threats is likely due to social distancing norms and malware authors being bored and stuck at home due to the lockdown.

COVID-19 has certainly reshaped the way darknet forums operate. CISO MAG learned four intriguing ways cybercriminals are trying to cash in on public fears.

1. Fake Products in Darknet Markets

Since the beginning of 2020, Coronavirus-related vaccines, virus testing kits, and other fake products are being peddled on the deep web and darknet markets. Hackers are taking advantage of panic as people look for safeguards against the disease. Several security experts warned that the products selling in these hacking forums are in no way real, and buyers are sure to be scammed. For instance, there are fake “vaccines” being sold on the darknet.

2. New Phishing Strategies

COVID-19-related phishing lures, scams, disinformation campaigns, weaponized websites, and malware infections have become widespread across the internet. Recently, a hacker group targeted the World Health Organization (WHO) via a sophisticated phishing attack, which involved an email hosted on a phishing domain that tried to trick the employees into entering their credentials. Researchers are noticing new types of phishing campaigns that pretend to be from authenticate sources, trying to trick users into downloading malicious attachments or entering sensitive data in fake forms.

Recently, a security firm discovered that threat actors distributed malware disguised as “Coronavirus Map” to steal personal information that is stored in the user’s browser. Attackers designed multiple websites related to Coronavirus information to prompt users to click/download an application to keep themselves updated on the situation. The website displays a map (a lookalike of a genuine one) representing the COVID-19 spread. The map generates a malicious binary file and installs it on victims’ devices.

3. Demand for Ransom Soars

With organizations working remotely, the security of the remote employees’ devices becomes a major concern for companies across the globe. Several industry experts stated that remote work increased the risks of cyberthreats like never before. Ransomware attacks on remote workers have become an additional threat level to organizations, especially for health care providers and businesses in financial, federal, and state agencies that deal with sensitive data. The ransomware operators are forcing enterprises to pay high ransom in order to get decryption keys. The average enterprise ransom payments increased 33% ($111,605) in Q1 of 2020 from Q4 of 2019, a survey revealed.

Information technology services provider Cognizant admitted that it is a recent victim of a ransomware attack. The IT giant stated that it was hit by Maze ransomware that caused service disruptions for some of its clients.

4. Income from Selling Credentials

Stolen user credentials and financial information have long been prevalent commodities on hacking forums. But with large swaths of remote workers depending on video conferencing apps and other virtual private networks, hackers are refocusing on these attack surfaces. As endpoint security at home is not as secure as it is in the office, attackers are trying to exploit loopholes.

Over 500,000 account credentials of video conference platform Zoom are being sold on the darknet. According to a recent investigation by IntSights’ researchers, hackers have shared a database containing more than 2,300 usernames and passwords to Zoom accounts on dark web forums. The exposed database contains usernames and passwords of personal Zoom accounts, including corporate accounts belonging to banks, consultancy companies, educational facilities, software vendors, and healthcare providers. Researchers also highlighted that they’ve found various posts and threads of dark web forum members discussing different approaches of targeting Zoom’s conferencing services…[…] Read more »…..

This article first appeared in CISO MAG.

<Link to CISO MAG site: www.cisomag.com>