Monday, July 31, 2023

Report says no evidence that cyber insurance coverage makes victim pay more

11:11 PM FireSaleHackBoy No comments

Over the past two years, security analysts have been discussing the impact of cyber insurance on ransomware attacks. There have been claims that companies covered by cyber insurance end up paying higher amounts to hackers who launch such attacks. Tech platforms like Quora and Reddit have even allowed discussions on which cyber insurance covers attract the most criminals, adding fuel to the debate.

To address these concerns and put an end to speculative discussions, the National Cyber Security Centre (NCSC) partnered with the Research Institute for Sociotechnical Cyber Security to conduct a comprehensive study. The aim was to investigate whether having insurance coverage influences cyber criminals to demand more from their victims and whether insurance companies secretly pay commissions to these criminals for demanding higher ransoms.

After meticulous research and analysis, the joint report from NCSC and the Research Institute revealed that there is no “compelling evidence” suggesting that ransomware attack victims with cyber insurance end up paying more than those without any insurance coverage. The findings indicated that being covered by a cyber insurance policy did not significantly impact the ransom amounts paid by the victims.

Furthermore, the evidence collected during the study did not indicate any suspicious collaboration between insurance companies and ransomware spreading criminals. There were no indications that these companies incentivize or encourage hackers to demand higher ransoms from insured victims to maximize their own benefits.

In response to the growing concern over ransomware threats, British officials from Whitehall have initiated discussions on a Counter Ransomware initiative. They recognize that various government departments face acute digital threats and are actively seeking measures to combat cybercrime. The British Parliament, in collaboration with the NCSC and other government partners, is working to implement effective strategies to counter this rising cyber threat, which poses significant challenges to businesses and organizations operating in the country.

While concrete actions are being taken to address the issue, it remains crucial to safeguard IT assets from file encrypting malware threats. Additionally, efforts must be made to ensure that insurance firms do not engage in any collusion with criminals, ensuring a more secure and resilient cybersecurity landscape for businesses and individuals alike.

The post Report says no evidence that cyber insurance coverage makes victim pay more appeared first on Cybersecurity Insiders.

August 01, 2023 at 11:05AM

What your peers want to know before buying a DLP tool

9:12 PM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand.

Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology.

Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations.

Data classification and labeling

The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business.

To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data.

Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type.

Techniques to identify sensitive data

DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the document to a home printer violates the policy and is not permissible. How does the DLP tool know that the document includes sensitive data? Content inspection techniques and contextual analysis help identify sensitive data.

The inspection capability of the DLP solution is very important. It’s important to note that traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on-premises environments. Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user, and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee).

What actions will the DLP solution perform

After it’s clear that the tool can classify sensitive data, a logical next question is what actions the tool will perform to prevent loss of that data. A DLP solution performs actions such as sending out alerts for DLP policy violations, warnings using pop-up messages, and blocking data entirely to prevent leakage or exfiltration. Another feature might include quarantining data. Organizations should be able to define their policies based on their policy, standards, controls, and procedures.

Traditional DLP relies heavily on content analysis and does not always accurately identify sensitive data. Sometimes traditional tools block normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is sensitive.

Conclusion

There are many DLP tools on the market. A DLP solution might also be a capability in another security tool such as an email security solution. Selecting the right tool requires knowledge of market trends, the gap between traditional and modern DLP tools, data loss prevention best practices, and the purchasing organization’s security initiatives and goals. Given the many options and variables to consider, it can be challenging to understand the nuances and distinctions among solutions on the market.

The post What your peers want to know before buying a DLP tool appeared first on Cybersecurity Insiders.

August 01, 2023 at 09:09AM

Pioneering Application Security: AI Meets Human Intelligence – Insights from an Interview with ImmuniWeb’s Dr. Ilia Kolochenko

8:12 PM FireSaleHackBoy No comments

With a growing dependency on digital platforms, cybersecurity has become a pressing concern for businesses worldwide. At the forefront of the battle against cyber threats is ImmuniWeb SA, a global application security company based in Geneva, Switzerland. Since its inception in 2019, ImmuniWeb has demonstrated rapid growth, serving over 1,000 clients from more than 50 countries and boasting a 90% customer retention rate.

As Dr. Ilia Kolochenko, Chief Architect & CEO of ImmuniWeb, explains, “Our mission is to enhance organizations’ cybersecurity posture by identifying, understanding, and rectifying their network and application vulnerabilities, as well as third-party risks. We aim to proactively protect their web and mobile applications, APIs, microservices, cloud and network infrastructure, and third-party systems processing corporate data.”

AI and Machine Learning: The ImmuniWeb Difference

ImmuniWeb distinguishes itself in the cybersecurity landscape through its innovative combination of human intelligence and artificial intelligence, or ‘HI+AI’. This unique fusion not only optimizes task performance speed but also enhances accuracy in vulnerability detection and encourages intelligent automation.

As Dr. Kolochenko elaborates, “We use numerous machine learning models trained on real penetration testing to improve accuracy and speed in vulnerability detection, saving the costs of our customers by intelligent automation. This integration allows us to perform tasks faster and more efficiently than human beings alone, eliminating false positives, minimizing false negatives and providing our clients with an unparalleled level of insight into their cybersecurity posture.” ImmuniWeb’s innovative use of technology has garnered industry recognition, earning awards such as the Gartner Cool Vendor, IDC Innovator, and several trophies of SC Awards Europe the most recent from 2023.

Comprehensive Cybersecurity Solutions for Applications

With 20 award-winning solutions under its belt, ImmuniWeb offers services covering 20 distinct use cases related to cybersecurity, compliance, and privacy. This comprehensive approach allows ImmuniWeb to provide a robust defense against cyber threats throughout the entire application lifecycle.

“ImmuniWeb’s AI Platform uncovers sophisticated vulnerabilities and provides actionable remediation advice to software developers,” says Dr. Kolochenko, underlining the comprehensive and strategic approach that the company takes towards application security.

Democratizing Cybersecurity and Contributing to Industry Development

Committed to making cybersecurity accessible to all, ImmuniWeb offers a free Community Edition that currently runs over 100,000 daily tests, allowing SMEs, universities, and municipal governments to test their cybersecurity, privacy, and compliance at no cost. Beyond commercial activities, ImmuniWeb contributes to the sustainable development of the cybersecurity industry through strategic partnerships with global entities like the UN ITU, CyberPeace Institute, national CERTs, and law enforcement agencies.

Staying Ahead of Cyber Threats: The Future of ImmuniWeb

As cybersecurity threats continue to evolve, so too does ImmuniWeb. With a focus on refining AI capabilities to improve accessibility and effectiveness of cybersecurity, ImmuniWeb is poised to stay ahead of emerging threats. “Our focus is on refining our AI capabilities to make cybersecurity more accessible and effective for organizations worldwide,” concludes Dr. Kolochenko.

Conclusion

In the face of ever-evolving cyber threats, ImmuniWeb offers a robust and reliable platform for organizations seeking to secure their applications and data. By combining advanced AI and machine learning with comprehensive service solutions, and an unwavering commitment to industry development and accessibility, ImmuniWeb emerges as a powerful ally in the global fight against cyber threats.

The post Pioneering Application Security: AI Meets Human Intelligence – Insights from an Interview with ImmuniWeb’s Dr. Ilia Kolochenko appeared first on Cybersecurity Insiders.

August 01, 2023 at 07:05AM

RAM dump: Understanding its importance and the process

9:13 AM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

In the realm of digital forensics and incident response, the analysis of volatile memory, commonly referred to as RAM (Random Access Memory), plays a pivotal role in extracting crucial evidence and uncovering valuable information. RAM dump – the process of capturing the contents of a computer’s memory, is a vital step in preserving volatile data for forensic examination. This article aims to shed light on the importance of RAM dump in digital investigations and provide insights into the process involved.

The significance of RAM dump

Volatile nature of RAM: RAM is a volatile form of memory that holds data temporarily while a computer is powered on. Once the system is shut down, the contents of RAM are lost. Therefore, capturing a RAM dump becomes essential to preserve valuable evidence that may not be available through traditional disk-based analysis.
Dynamic and live information: RAM contains real-time information about running processes, active network connections, open files, encryption keys, passwords, and other critical artifacts. Analyzing the RAM dump allows forensic investigators to access this dynamic and live information, providing insights into the state of the system at the time of the incident.
Uncovering hidden or encrypted data: RAM often holds data that may not be easily accessible through traditional file system analysis. It can reveal information about active malware, hidden processes, encrypted data in memory, or remnants of deleted files, offering a wealth of evidence that can be crucial to an investigation.

The RAM dump process

Acquiring a RAM dump: To perform a RAM dump, specialized tools or techniques are used to capture the contents of RAM. Common methods include physical access and utilizing software tools designed for memory acquisition. Physical access allows directly connecting to the computer’s memory modules, while software tools can acquire RAM remotely or by creating a memory image from a hibernation file.
Preserving data integrity: It is essential to ensure the integrity of the RAM dump during acquisition to maintain its evidentiary value. This involves utilizing write-blocking mechanisms, verifying the integrity of the acquired image, and documenting the entire process to establish a proper chain of custody.
Analyzing the RAM dump: Once the RAM dump is acquired, it can be analyzed using specialized software tools designed for memory forensics. These tools enable investigators to extract information, identify running processes, recover artifacts, and search for patterns or indicators of compromise.
Extracting volatile data: The RAM dump analysis involves extracting volatile data such as active network connections, running processes, loaded drivers, registry information, file handles, and other artifacts. This data can be used to reconstruct the system’s state, identify malicious activities, or uncover hidden information.
Memory carving and artifacts recovery: Memory carving techniques are employed to search for specific file types or artifacts within the RAM dump. This process involves identifying file headers or signatures and reconstructing files from the memory image. This can be particularly useful in recovering deleted or encrypted files.

RAM dumps can be acquired using specialised tools like FTK Imager and Magnet Ram Capturer (both of which are available for free) or the analysis can be done using specialised tools or Open source frameworks like Volatility Framework.

Let’s take a look on how to acquire a RAM dump and registry files using FTK Imager.

To acquire RAM and registry files, please follow these steps:

Download FTK imager from here.
Follow the installation steps.
Once installed, Run FTK imager and select Capture memory option from toolbar menu as shown in screenshot:

FTK Imager Capture

Alternatively, you can select Capture memory from the File dropdown menu inside FTK Imager as illustrated in screenshot below:

FTK Imager Capture memory

Once you select Capture memory, provide a destination path where you wish to save the dump file. Alternatively, you can select to include pagefile. After that, the process of capturing memory will begin.

ramdump

You will receive a pop up once the process is finished.

ramdump done

Since I chose to capture memory as well as pagefile I will have two files available.

ramdump files

The file with the name “memdump.mem” is the RAM capture file.

You can take the dump file to analyze as required on your forensics workstation.

Best practices and considerations

Timeliness and live analysis: RAM dump acquisition should be performed as soon as possible to capture the volatile data before it gets overwritten or lost. Additionally, live analysis of the RAM dump can provide real-time insights into ongoing activities and help mitigate immediate threats.
Privacy and legal considerations: Collecting and analyzing a RAM dump may involve accessing sensitive user data or private information. It is crucial to follow legal procedures, obtain proper authorization, and adhere to privacy laws and regulations to ensure compliance and protect the rights of individuals involved.
Proper training and expertise: RAM analysis requires specialized knowledge and skills in memory forensics. Forensic investigators should undergo proper training and continuously update their expertise to effectively handle RAM dump acquisition and analysis.

Conclusion

RAM dump acquisition and analysis are vital components of digital forensics and incident response investigations. The volatile nature of RAM and the real-time information it holds make RAM dump an invaluable source of evidence. By understanding the importance of RAM dump and following proper acquisition and analysis procedures, forensic investigators can uncover hidden data, identify malicious activities, and reconstruct the system’s state during an incident.

However, it is essential to stay updated with evolving technologies, legal considerations, and best practices in RAM analysis to ensure the integrity and effectiveness of the process. Ultimately, RAM dump plays a critical role in modern digital investigations, helping investigators piece together the puzzle and provide essential insights for resolving cases.

The post RAM dump: Understanding its importance and the process appeared first on Cybersecurity Insiders.

July 31, 2023 at 09:10PM

Captcha security to end for Google and Apple users

11:12 PM FireSaleHackBoy No comments

Anticipated for the past two years, Google and Apple Inc. have officially announced their plans to discontinue the use of annoying Captchas for all their users by the end of this year.

Captchas, which stand for “Completely Automated Public Turing Test to Tell Computers and Humans Apart,” are a combination of alphanumeric characters used by servers to differentiate humans from online bots. These captchas typically require users to solve puzzles by selecting correct images from a set of boxes arranged in different forms.

Given the increasing number of users signing up for privacy passes, the two tech giants have decided to simplify the process by implementing a single code for user logins to access services. Once the user authenticates a service request, a digital token is generated and stored in the browser, informing other websites that a human is behind the login.

However, with the rapid advancement of Artificial Intelligence, recent security studies have shown that bots have become highly sophisticated and can now solve captchas within a mere 20-second time-frame, jeopardizing the effectiveness of captcha technology.

The question arises: will this development lead to more troubles? Only time will provide a relevant answer to this concern.

It is worth noting that not all users are pleased with this technology, as captchas can be inconvenient and bothersome at times.

To address these concerns, companies have introduced alternative authentication methods such as two-factor authentication (2FA) and biometrics. These options allow users to verify their identity through methods like one-time passwords (OTPs), text verifications, or application-based verifications. For example, Google utilizes Android-based smartphones to send passcodes or authentication prompts to users during their initial login of the day.

In conclusion, as captchas are gradually phased out, the tech industry is exploring various avenues to maintain security and user convenience, and only time will tell how these alternatives will fare in the ever-evolving landscape of online security.

The post Captcha security to end for Google and Apple users appeared first on Cybersecurity Insiders.

July 31, 2023 at 10:18AM

How to improve employee phishing awareness

9:11 PM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it? Let’s delve deeper and unravel the potential issues and solutions.

In recent years, we have seen an uptick in the delivery of malware via phishing attacks. Compounding the problem is the rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals – its effectiveness is exceptional.

Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers.

However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs.

Email messages caught by technical means of protection

It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas.

By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system – that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist.

After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam.

Reporting phishing

Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company’s information security service.

Tools like the “Report Phishing” plugin for Outlook can be extremely useful. This plugin lets employees quickly and easily notify the information security team about potential phishing attempts. If an attack is indeed taking place, vigilant employees can help detect it faster and prevent severe consequences by forwarding the phishing email to the information security team, who can then respond to the incident.

This plugin is also beneficial for simulated phishing campaigns for several reasons:

It helps to evaluate the vigilance of users and the effectiveness of the company’s awareness training program.
It alleviates the burden on the information security service from having to process reports of simulated phishing. The fact is that all real phishing alerts are sent to a dedicated mailbox of the information security service. During a training campaign, this mailbox can quickly fill up. Simulated phishing messages will not end up in this mailbox if the plugin is used. Instead, the platform will simply count the employees who reported the attack, thus preventing cybersecurity specialists from being overwhelmed by unnecessary reports.

Apart from email client plugins, there are other ways to assist employees in taking the right actions when confronted with phishing attacks:

Set up a short and easy-to-remember email address specifically for phishing reports and make sure all employees are aware of it.
Regularly motivate employees to report any suspected attacks. For instance, you could circulate internal newsletters with statistics on reported incidents, discuss how such reporting aids in thwarting attacks, and give recognition to those who have successfully identified a cyber threat.

Sad test results

Companies can run special phishing tests using both clean emails and ones labeled “external sender” or “spam.” These red flags are intended to caution employees to exercise more care when handling such emails, as they are more likely to contain malicious attachments or phishing links. Interestingly, research shows that presenting suspicious details in email headers does not improve phishing detection. Even when emails bear labels like “external sender” or “spam” in the subject line or body of the message, employees click on them nearly as frequently as they do on unlabeled ones.

Why does this happen, and what can be done about it? There could be a level of mistrust towards technology and software algorithms at play here. We often hear the advice, “If you did not receive an email from us, check your spam folder.” And, of course, simple inattention on the part of employees is common.

Curiosity, interest, or fear triggered by the content of the email can lead employees to fall for the hackers’ bait. Certain expertly designed templates, such as those warning of potential account breaches and prompting password changes, generate high click rates. Often the “sender” field in an email might show an address that perfectly matches the legitimate domain of the client. However, the “from” field only displays text, which can be altered by the sender’s email server. To truly ascertain the domain from which the email originated, examining the headers in the email’s properties is necessary. Therefore, again, relying entirely on software and hardware for email information security is unwise. The human factor is a crucial element to consider.

Even following training, phishing emails continue to be opened

Let’s say right away that there are no magic pills against phishing for employees. Training courses are an important part of the process, but they will not work without regular practice. Upon contact with a new variant of phishing, an employee may become confused and eventually fall for the trick of scammers.

Cultivating robust phishing detection skills and enhancing awareness of threats should be continuous processes that involve direct exposure to these threats. Every training phishing email sent, irrespective of the unsafe action statistics, enhances an employee’s awareness: they learn about a new threat, encounter it firsthand, experience the potential impact, and consequently, become less vulnerable. As the proverb says: “Fool me once, shame on you. Fool me twice, shame on me.”

Practical experience affirms the need for ongoing engagement with employees. Mere theoretical training sessions will not protect you from phishing, and a single training session is not sufficient either. Interestingly, reports suggest that after one round of simulated phishing emails, there might be an increase in unsafe actions with mock phishing, even after employees have completed training courses.

Does this suggest that the training courses were entirely ineffective? Not necessarily. It simply indicates that the practical skills needed to recognize phishing are not yet fully developed, reinforcing the notion that understanding the information security theory without practical application is insufficient. It is through regular phishing training emails that employees become more adept at identifying phishing attempts and reporting them to the information security service.

Cycle-based phishing awareness program implementation

A phishing awareness program typically starts with an initial round of simulated phishing emails to evaluate employees’ susceptibility to such attacks. Next, the employees undergo training to learn about phishing and how to spot it. Following the training, another round of simulated phishing is conducted to provide practical reinforcement of the training and to assess its impact on employees. This constitutes the initial cycle of the program. Depending on your resources and the size of your organization, this part may take anywhere from several weeks to a few months to complete.

The process does not stop there. You should conduct new rounds of simulated phishing emails approximately once a month, gradually making them more complex. Employees who consistently fall for phishing attempts should be given additional training.

Yes, this is a slow process. Building sustainable skills takes time, typically at least 12 months. And even after this period, regular phishing simulation exercises are still necessary to ensure employees maintain their alertness. By running regular phishing simulations, employees become more knowledgeable and vigilant, boosting the attack resilience of both the individual and the entire organization.

Conclusion

As you can see, relying solely on technological measures for protection against phishing is not enough. The human factor should not be underestimated. Engaging with employees and motivating them in matters of information security is essential. That is why simulated phishing exercises are so valuable. If you are in charge of cybersecurity for your organization and do not yet have a dedicated process for reporting phishing and other cyber threats, it is time to establish one. This is a straightforward and effective initial step to shield against cyber threats and kickstart a security awareness program. It is important to properly structure the learning process and run multiple cycles of theoretical and practical sessions on an ongoing basis.

The post How to improve employee phishing awareness appeared first on Cybersecurity Insiders.

July 30, 2023 at 09:09AM

Protecting energy infrastructure from cyberattacks

10:11 AM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

In the current geopolitical climate, the energy sector, which powers our modern society – from homes and businesses to critical infrastructure and national defense systems, finds itself under the growing threat of cyberattacks.

With the energy sector’s growing dependence on digital technologies and interconnectivity, the attack surface for cybercriminals has expanded. This situation is further complicated by incidents such as the SolarWinds and Colonial Pipeline attacks years ago, which compromised numerous value chains, along with recent escalations in cyber threats. These circumstances highlight the urgent need for a robust and proactive cybersecurity strategy in the energy sector.

Why the energy sector is vulnerable

According to McKinsey, the energy sector is particularly vulnerable to cyber threats due to several characteristics that amplify the risk and impact of attacks against utilities:

The threat landscape has expanded, with nation-state actors, sophisticated players, cybercriminals, and hacktivists targeting infrastructure providers. This diverse range of threat actors poses varying levels of sophistication and potential disruptions to electric power and gas operations.
The geographically distributed nature of organizations’ infrastructure further complicates cybersecurity efforts. Maintaining visibility across both information technology (IT) and operational technology (OT) systems becomes challenging, not only within utility-controlled sites but also in consumer-facing devices that may contain cyber vulnerabilities, thereby compromising revenue or the overall security of the grid.
The organizational complexity of the energy sector exposes vulnerabilities to cyberattacks. Utilities often rely on multiple business units responsible for different aspects of energy generation, transmission, and distribution. This diversity introduces separate IT and OT policy regimes, making it difficult to ensure the network’s overall security.

To illustrate the potential impact across the entire value chain, it’s worth noting that electric organizations, in particular, could face cyber threats capable of disrupting various stages, including generation, transmission, distribution, and network segments.

Generation stage: Potential disruptions in this stage could stem from service interruptions and ransomware attacks targeting power plants and clean-energy generators. The primary vulnerabilities lie in legacy generation systems and clean-energy infrastructure that were not originally designed with cybersecurity in mind.
Transmission stage: The large-scale disruption of power to consumers could occur through remote disconnection of services. This is possible due to physical security weaknesses that allow unauthorized access to grid control systems, leading to potential disruptions.
Distribution stage: Disruptions at substations could result in regional service loss and customer disruptions. The root cause of such disruptions can be traced back to distributed power systems and the limited security built into Supervisory Control and Data Acquisition (SCADA) systems.
Network stage: Cyber threats at this stage could lead to the theft of customer information, fraudulent activities, and service disruptions. These threats are driven by the extensive attack surface presented by Internet of Things (IoT) devices, including smart meters and electric vehicles.

Recommendations for enhancing cybersecurity in the energy sector

To further strengthen cybersecurity practices in the energy sector, the following key recommendations should be considered:

Develop strategic threat intelligence: Establish dedicated teams to monitor and analyze threats, providing a proactive view of potential risks. Integrate intelligence reporting into strategic planning and exercise incident response plans regularly.
Integrate security across regions and organizations: Create a unified approach to cybersecurity by establishing common security standards across all regions and business units. Foster a culture of security awareness and streamline processes for information sharing and decision-making.
Design clear and safe network architectures: Implement clear network segmentation and micro-segmentation strategies to limit the spread of cyberattacks within the network. Define security zones and establish secure demilitarized zones (DMZs) between IT and OT networks.
Promote industry collaboration: Engage in partnerships and industry-wide collaborations to develop common standards and best practices for cybersecurity. Participate in regional corporations to share knowledge and discuss security concerns specific to shared power grids. Advocate for security by design in IT and OT technologies, especially in smart-grid devices that may lie outside the utilities’ direct control. Additionally, organizing future-facing industry-wide exercises can help predict and preemptively address emerging threats to broader grid security.
Strengthen employee training and awareness: Build a culture of cybersecurity awareness within energy companies by conducting regular training sessions for employees. Educate them on identifying and responding to potential threats, emphasizing the importance of following established security protocols and reporting any suspicious activities.
Implement robust email security measures: Recognizing that phishing attacks often serve as entry points for cybercriminals, energy companies should prioritize comprehensive email security measures. These measures can include advanced spam filters, email authentication protocols (such as DMARC, SPF, and DKIM), and user awareness campaigns to identify and avoid phishing attempts.
Ensure secure remote access solutions: With remote work becoming increasingly prevalent, energy companies must ensure the security of remote access solutions. This involves implementing strong authentication methods, such as multi-factor authentication (MFA), virtual private networks (VPNs) with robust encryption, and strict access controls to minimize the risk of unauthorized access.
Regular software updates and patch management: Keeping all software systems and applications up-to-date is crucial in protecting against known vulnerabilities that cybercriminals often exploit. Energy companies should establish robust patch management processes to ensure timely updates and apply security patches promptly.
Backup and recovery planning: Developing comprehensive backup and recovery plans is essential for mitigating the impact of cyberattacks. Regularly backing up critical data and systems and maintaining off-site or offline backups can help organizations quickly recover in the event of a breach or system compromise. Testing the effectiveness of backup and recovery plans through regular drills and simulations is also recommended.

Securing energy infrastructure is an ongoing task

Given the increasing integration of IT and OT environments, it’s important to highlight that 94% of IT security incidents have also impacted the OT environment. This underscores the ongoing and comprehensive task of securing energy infrastructure from cyber threats.

In this evolving landscape, effective cybersecurity is not a standalone effort but hinges on several key elements:

Cross-regional and cross-departmental integration
Secure network architectures and demilitarized zones
Recognition of the sector’s unique vulnerabilities
Implementation of layered defense strategies to significantly mitigate risks
Strategic threat intelligence that enables proactive responses to threats
Prioritization of staff training, robust email security, and secure remote access solutions
Regular software updates and industry-wide collaboration

By adhering to these recommendations and fostering a proactive cybersecurity mindset, we can safeguard our critical infrastructure and ensure a resilient energy future.

The post Protecting energy infrastructure from cyberattacks appeared first on Cybersecurity Insiders.

July 29, 2023 at 09:10PM

Ransomware business model-What is it and how to break it?

10:11 AM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

The threat of ransomware attacks continues to strike organizations, government institutions, individuals, and businesses across the globe. These attacks have skyrocketed in frequency and sophistication, leaving a trail of disrupted operations, financial loss, and compromised data. Statistics reveal that there will be a new ransomware attack after every two seconds by 2031 while the companies lose between $1 and $10 million because of these attacks.

As the security landscape evolves, cybercriminals change their tactics and attack vectors to maximize their profit potential. Previously, ransomware attackers employed tactics like email phishing, remote desktop protocol vulnerabilities, supply chain issues, and exploit kits to breach the system and implant the ransomware payloads. But now attackers have significantly changed their business model.

Organizations need to adopt a proactive stance as more ransomware gangs emerge and new tactics are introduced. They must aim to lower their attack surface and increase their ability to respond to and recover from the aftermath of a ransomware attack.

How is ransomware blooming as a business model?

Ransomware has emerged as a thriving business model for cybercriminals. It is a highly lucrative and sophisticated method in which the attackers encrypt the data and release it only when the ransom is paid. Data backup was one way for businesses to escape this situation, but those lacking this had no option except to pay the ransom. If organizations delay or stop paying the ransom, attackers threaten to exfiltrate or leak valuable data. This adds more pressure on organizations to pay the ransom, especially if they hold sensitive customer information and intellectual property. As a result, over half of ransomware victims agree to pay the ransom.

With opportunities everywhere, ransomware attacks have evolved as the threat actors continue looking for new ways to expand their operations’ attack vectors and scope. For instance, the emergence of the Ransomware-as-a-service (RaaS) model encourages non-technical threat actors to participate in these attacks. It allows cybercriminals to rent or buy ransomware toolkits to launch successful attacks and earn a portion of the profits instead of performing the attacks themselves.

Moreover, a new breed of ransomware gangs is also blooming in the ransomware business. Previously, Conti, REvil, LockBit, Black Basta, and Vice Society were among the most prolific groups that launched the attacks. But now, the Clop, Cuban, and Play ransomware groups are gaining popularity as they exploit the zero-day vulnerability and impact various organizations.

Ransomware has also become a professionalized industry in which attackers demand payments in Bitcoins only. Cryptocurrency provides anonymity and a more convenient way for cybercriminals to collect ransom payments, making it more difficult for law enforcement agencies to trace the money. Though the FBI discourages ransom payments, many businesses still facilitate the attackers by paying ransom in bitcoins.

What’s the worst that can happen after a ransomware attack?

A ransomware attack can have consequences for businesses, individuals, and society. Since these attacks are prevalent there are privacy risks in almost every activity online. These attacks are not only a hazard to organisations but they also carve pathways that disrupts every associated client, customer and partner’s online anonymity. Here’s a brief insight into the worst outcomes that can occur following a ransomware attack:

No data recovery and repeated attacks

Ransomware attacks can result in significant data and financial loss. Despite promises, paying a ransom ensures no guarantee that the cybercriminals will return or delete the data they already have compromised. A study finds that nearly 200,000 companies fail to retrieve data after paying the ransom. Besides this, businesses willing to pay the ransom make them a more attractive target. The same study also finds that a ransomware attack hit 80% of companies for a second time, with 68% saying that the second attack happened in less than a month – and the attackers demanded a higher amount.

Financial instability

The most significant impact of ransomware attacks is the devastating financial losses. These attacks will cost victims around $265 billion annually by 2031. The victims are usually organizations that will likely incur the costs associated with customers’ data, investigating the attack, restoring the systems, and deploying robust security measures to avoid such attacks. In addition, if an organization fails to recover the data, it may experience long-term financial instability due to operational disruptions, reduced productivity, revenue loss, and legal liabilities.

Lawsuits and regulatory fines

Cybercriminals exfiltrate valuable data in ransomware attacks. This can result in lawsuits being filed by the affected parties whose data was compromised. Equip Systems, US Fertility, TransLink, and Canon, are some companies that faced lawsuits due to ransomware attacks. Additionally, most businesses are subject to industry regulations like HIPAA, GDPR, and CCPA to maintain data privacy. Suppose the attackers exfiltrate data that includes personally identifiable information and financial or medical records. In that case, the organizations face regulatory fines, losing customers’ trust and causing significant reputational damage.

Operational downtime

Ransomware attacks paralyze the organization’s everyday operations, resulting in significant downtime and productivity losses. Stats reveal that, on average, organizations experience almost three weeks of downtime in the aftermath of a ransomware attack. When a critical infrastructure, network, or system is compromised, businesses fail to provide services, and this downtime significantly impacts their profits and earnings.

Breaking down the ransomware business model

The risk of ransomware attacks is bigger than many organizations might realize. However, the good news is that there are plenty of measures that businesses can take to mitigate these attacks:

Use data backups: Regularly backing up the data helps recover data during a ransomware attack. Businesses must ensure that all critical business data is backed up and stored in a location inaccessible to attackers.
Upgrade, update, and patch systems: The older an operating system gets, the more chances of malware and other threats targeting them. Therefore, retire legacy devices, hardware, or software the vendor no longer supports. It’s also crucial to update the network software with fixes as soon as they are released.
Reduce the attack surface: Organizations with clearly defined rules have been able to mitigate the impact of attack during the initial stages. Hence, create attack surface reduction rules to prevent common tactics that attackers use to launch an attack.
Network segmentation: Develop a logical network segmentation based on least privilege that reduces the attack surface threat and limits lateral movement. If by any means the malicious actor bypasses your perimeter, network segmentation can stop them from moving into other network zones and protects your endpoints.
Have a handy incident response plan: A survey finds that 77% of people say their businesses lack a formal incident response plan. A well-informed incident response plan can help businesses manage ransomware attacks better, minimize impacts, and foster fast recovery.
Deploy XDR and SIEM tools: These tools provide holistic insights about emerging threats and enhance the security professionals’ detection and response capabilities for ransomware attacks.
Employee education: Humans are an organization’s weakest link, and ransomware groups use this loophole to launch attacks. To close this gap, businesses must educate their employees about the latest trends, hackers’ tactics, and ways to respond promptly.

Final words

Over time, the ransomware business model is becoming sophisticated and evolving through double extortion, the RaaS model, and the emergence of new ransomware gangs. As these attacks are unlikely to go away anytime soon, businesses must educate their staff about this lucrative attack and the consequences it presents to the company. Organizations must prioritize basic cybersecurity measures like regularly backing up the data, segmenting the network, and patching the systems. Additionally, they must invest in endpoint protection tools, have an incident response plan handy, and invest enough in security awareness programs to minimize the impact of ransomware attacks.

The post Ransomware business model-What is it and how to break it? appeared first on Cybersecurity Insiders.

July 29, 2023 at 09:09PM

Mobile Device Management: Securing the modern workplace

9:12 PM FireSaleHackBoy No comments

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

More mobile devices, more problems. The business landscape has shifted dramatically, as more endpoints connect to corporate networks from a wider variety of locations and are transmitting massive amounts of data. Economic forces and a lengthy pandemic have caused a decentralization of the workforce and increased adoption of a hybrid workplace model.

Today, employees are more mobile than ever.

The modern workforce and workplace have experienced a significant increase in endpoints, or devices connecting to the network, and managing these diverse endpoints across various geographic locations has grown in complexity.

Here’s an analogy: imagine a bustling city, with its many roads, highways, and intersections. Each road represents a different endpoint, and the city itself symbolizes your corporate network. As the city grows and expands, more roads are built, connecting new neighborhoods and districts. Our corporate networks are like expanding cities.

But along with digital transformation and a distributional shift of the workforce, the cybersecurity landscape is evolving at an equal pace. The multitude of endpoints that connect to the network is widening the attack surface that bad actors with malicious intent can exploit.

From a cybersecurity perspective, more endpoints represent a significant business risk. Organizations need to understand the importance of managing and securing their endpoints and how these variables are intertwined for a complete endpoint security strategy.

The evolution of Mobile Device Management

Traditional Mobile Device Management has existed in some form since the early 2000s, when smartphones entered the marketplace. MDM has evolved over the last few decades, and in some way, Unified Endpoint Management (UEM) represents this modern evolution. Today, unified endpoint management has become a prominent solution for modern IT departments looking to secure their expanding attack surfaces.

UEM is more than just managing endpoints. The “unified” represents one console for deploying, managing, and helping to secure corporate endpoints and applications. UEM offers provisioning, detection, deployment, troubleshooting, and updating abilities. UEM software gives IT and security departments visibility and control over their devices as well as their end-users, delivered through a centralized management console.

For a more detailed discussion of mobile device security, check out this article.

What is the difference between MDM and UEM?

Unified Endpoint Management (UEM) and Mobile Device Management (MDM) are both solutions used to manage and secure an organization’s devices, but their scope and capabilities differ.

Mobile Device Management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees’ mobile devices deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. MDM is primarily concerned with device security, allowing organizations to enforce policies, manage device settings, monitor device status, and secure devices if lost or stolen.

On the other hand, Unified Endpoint Management (UEM) is a more comprehensive solution that manages and secures not just mobile devices but all endpoints within an organization. This includes PCs, laptops, smartphones, tablets, and IoT devices. UEM solutions provide a single management console from which IT can control all these devices, regardless of their type or operating system.

The need for comprehensive endpoint protection

As the number of endpoints increase with the rise of a mobile workforce, so does the need for comprehensive endpoint protection. This includes the use of encryption, secure configurations, and secure communication channels.

Encryption is a critical security measure that helps protect data in transit and at rest. By encrypting data, you can ensure that even if a device is lost or stolen, the data on it remains secure and inaccessible to unauthorized users.

Secure configurations are another crucial aspect of endpoint protection, which involves setting up devices to minimize vulnerabilities and reduce the attack surface. For example, this could include disabling unnecessary services, limiting user privileges, or implementing secure settings for network connections.

For protecting data in transit, secure communication channels are essential. This can be achieved by leveraging Virtual Private Networks (VPNs), which encrypt the data being transmitted and provide a secure tunnel for communication.

The role of MDM in enforcing security measures

Mobile Device Management (MDM) solutions play a key role in enforcing these security measures consistently across all devices. MDM allows organizations to manage and control device settings, ensuring that all devices adhere to the organization’s security policies.

For example, MDM solutions can enforce encryption policies, ensuring that all data stored on the device is encrypted. They can also enforce secure configurations, such as requiring devices to have a passcode or biometric authentication, and disabling features that pose a security risk, such as USB debugging on Android devices.

Check out this infographic for a visual representation of mobile security.

Implementing DLP policies within MDM solutions

Data Loss Prevention (DLP) policies are another crucial aspect of endpoint protection. These policies help prevent unauthorized data exfiltration, whether intentional or accidental.

MDM solutions can help enforce DLP policies by controlling what data can be accessed on the device, and how it can be shared. For example, MDM solutions can prevent sensitive data from being copied to the clipboard or shared via unsecured communication channels.

Security benefits of MDM and UEM

Mobile Device Management (and by extension, Unified Endpoint Management) delivers many benefits for organizations, with the most appealing being reduced costs across multiple departments. By comprehensively automating many IT tasks and processing, UEM often lowers overhead costs and hardware expenditures.

Other key benefits are as follows:

Offers endpoint management integration with multiple platforms: One of the major selling points of UEM software is its ability to integrate with a variety of platforms, including Windows 10, macOS, Linux, Chrome OS, iOS, and Android, among others. With UEM, your business can configure, control, and monitor devices on these platforms from a single management console.

Provides data and app protection across the attack surface: UEM protects corporate data and applications, reducing cybersecurity threats. This protection is accomplished by providing conditional user access, enforcing automated rules, enforcing compliance guidelines, providing safeguards for data loss, and empowering IT administrators to identify jailbreaks and OS rooting on devices.

Helps establish a modern Bring Your Own Device (BYOD) security stance: An effective UEM deployment can go a long way in maintaining the user experience for employees, regardless of who owns the device. UEM can be an effective tool for patching vulnerable applications, updating to the latest OS version, and enforcing the use of endpoint security software that actively protects BYOD devices from network-based attacks, malware, and vulnerability exploits.

Authentication: With the increase in cyber threats, implementing robust authentication measures has become more important than ever. This includes multi-factor authentication, biometric authentication, and other advanced authentication methods.

Enhanced mobile security: As the use of mobile devices for work purposes increases, so does the need for enhanced mobile security. This includes leveraging advanced security measures such as encryption, secure containers, and mobile threat defense solutions.

Remote data wiping: In the event of a device being lost or stolen, or if an employee leaves the company, it’s crucial to ensure that sensitive corporate data doesn’t fall into (or stay in) the wrong hands. UEM solutions provide the capability to remotely wipe data from devices — which can be a full wipe, removing all data, or a selective wipe, removing only corporate data while leaving personal data intact. This feature provides an essential safety net for protecting corporate data.

Application whitelisting: With the vast number of available applications, it is important to control which apps can be installed on corporate devices. UEM solutions allow for application whitelisting, where only approved applications can be installed on the devices, which helps to prevent the installation of malicious apps or apps that have not been vetted for security. It also ensures that employees are using approved and supported software for their work tasks.

Strategies for deploying MDM and UEM

Before rolling out any MDM or UEM solution, an organization must lay the foundation for effective deployment. By embracing a few key strategies, you can dramatically improve the chances of a successful implementation.

Establish a robust endpoint management policy: With BYOD and work from home (WFH), the risk of company data being compromised increases. Before implementing a UEM solution, an endpoint management policy is essential to ensure that all of your endpoint devices meet specific requirements.

Adopt automation: The future of enterprise device management is automation. From deployment to updates to reporting, an automated device fleet is the optimal solution. Automation helps reduce the manual effort and time spent on managing the devices, thereby increasing efficiency. Automation in Mobile Device Management (MDM) brings numerous benefits and has a variety of use cases. By automating tasks such as device enrolment, configuration, and updates, you can significantly reduce the time and effort required to manage mobile devices. This not only increases efficiency but also reduces the risk of human error, which can lead to security vulnerabilities.

Embrace 5G: The advent of 5G is already transforming the importance of mobile devices. The increased speed and reduced latency offered by 5G will enable more devices to be connected and managed efficiently. The increased speed offered by 5G means data can be transferred between devices and the MDM server much faster, enabling quicker updates, faster deployment of applications, and more efficient data synchronization. For instance, large software updates or security patches can be pushed to devices more quickly, reducing downtime and ensuring devices are protected against the latest threats. Reduced latency means that commands issued from the MDM server to the devices are executed almost in real-time — particularly beneficial in situations where immediate action is required, such as remotely locking or wiping a lost or stolen device.

Outsourcing enterprise mobility management: As the complexity of managing a mobile workforce increases, many organizations are considering outsourcing their enterprise mobility management, allowing them to leverage the expertise of specialized providers and focus on their core business functions.

By incorporating these trends and strategies into your mobile device management plan, you can ensure that your organization is well-equipped to handle the challenges of a mobile, hybrid and WFH workforce.

How AT&T Cybersecurity can help with MDM and UEM

In today’s digital landscape, securing your organization’s endpoints is more crucial than ever. AT&T Cybersecurity offers a range of endpoint security products and services designed to help you protect your laptops, desktops, servers, and mobile devices. AT&T’s unified approach to managing and securing endpoint devices provides better visibility and closes security gaps that may have been overlooked. With AT&T Cybersecurity, you can protect your organization’s reputation, safeguard against key threat vectors, simplify management, and maintain control with Zero Trust.

Don’t wait for a security breach to happen. Take a proactive approach to your organization’s cybersecurity by exploring AT&T’s endpoint security offerings. Whether you need advanced forensic mapping and automated response with SentinelOne, unparalleled visibility into IoT and connected medical devices with Ivanti Neurons for Healthcare, or high-level, end-to-end mobile security across devices, apps, content, and users with IBM MaaS360, AT&T Cybersecurity has a solution tailored to your needs.

Ready to take your Mobile Device Management to the next level?

Enable your employees with precise access to the applications and data required to do their job from anywhere. Learn more about secure remote access and how AT&T Cybersecurity can work with your organization.

Learn more

The post Mobile Device Management: Securing the modern workplace appeared first on Cybersecurity Insiders.

July 29, 2023 at 09:10AM

Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare

11:12 AM FireSaleHackBoy No comments

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Healthcare. It looks at the edge ecosystem, surveying healthcare IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on healthcare report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

Get the complimentary 2023 report.

The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.

At the onset of our research, we established the following hypotheses.

Momentum edge computing has in the market.
Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

The role of IT is shifting, embracing stakeholders at the ideation phase of development.

Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings.

In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that healthcare leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem.

One of the most promising aspects of edge computing is its potential to effectively use real-time data for patient care, revolutionizing healthcare outcomes and operational efficiency. While mobile devices and personal computers are still extremely popular in healthcare, their ubiquitous availability and connectivity make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures.

Edge computing brings the data closer to where decisions are made.

With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience.

With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares the trends emerging as healthcare embraces edge computing. One area that’s examined is expense allocation, and what we found may surprise you. The research reveals that the allocation of investments across overall strategy and planning, network, application, and security for the anticipated use cases that organizations plan to implement within the next three years.

How to prepare for securing your healthcare edge ecosystem.

Develop your edge computing profile. It is essential to break down the barriers that typically separate the internal line of business teams, application development teams, network teams, and security teams. Technology decisions should not be made in isolation but rather through collaboration with line of business partners. Understanding the capabilities and limitations of existing business and technology partners makes it easier to identify gaps in evolving project plans.

The edge ecosystem is expanding, and expertise is available to offer solutions that address cost, implementation, mitigating risks, and more. Including expertise from the broader healthcare edge ecosystem increases the chances of outstanding performance and alignment with organizational goals.

Develop an investment strategy. During healthcare edge use case development, organizations should carefully determine where and how much to invest. Think of it as part of monetizing the use case. Building security into the use case from the start allows the organization to consider security as part of the overall cost of goods (COG). It’s important to note that no one-size-fits-all solution can provide complete protection for all aspects of edge computing. Instead, organizations should consider a comprehensive and multi-layered approach to address the unique security challenges of each use case.

increase your compliance capabilities. Regulations in the healthcare industry can vary significantly across different jurisdictions, including countries, states, and municipalities. This underscores the importance of not relying solely on a checkbox approach or conducting annual reviews to help ensure compliance with the growing number of regulations impacting healthcare organizations. Keeping up with technology-related mandates and helping to ensure compliance requires ongoing effort and expertise. If navigating compliance requirements is not within your organization’s expertise, seeking outside help from professionals who specialize in this area is advisable.

Align resources with emerging priorities. External collaboration allows organizations to utilize expertise and reduce resource costs. It goes beyond relying solely on internal teams within the organization. It involves tapping into the expanding ecosystem of edge computing experts who offer strategic and practical guidance. The healthcare industry is familiar with the concept of engaging external subject matter experts (SMEs) to enhance decision-making. Involving outside SMEs can help prevent expensive mistakes and accelerate the deployment process. These external experts can help optimize use case implementation, ultimately saving time and resources.

Build-in resilience. Consider approaching edge computing with a layered mindset. Take the time to ideate on various “what-if” scenarios and anticipate potential challenges. For example, what measures exist if a private 5G network experiences an outage? Can patient data remain secure when utilizing a public 4G network? How can business-as-usual operations continue in the event of a ransomware attack?

Successful healthcare edge computing implementations require a holistic approach encompassing collaboration, compliance, resilience, and adaptability. By considering these factors and proactively engaging with the expertise available, healthcare organizations can unlock the full potential of edge computing to deliver improved patient outcomes, operational efficiency, and cost-effectiveness in the ever-evolving healthcare landscape.

The post Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare appeared first on Cybersecurity Insiders.

July 28, 2023 at 09:09PM

Artificial Intelligence Governance Professional Certification – AIGP

9:12 AM FireSaleHackBoy No comments

For anyone who follows industry trends and related news I am certain you have been absolutely inundated by the torrent of articles and headlines about ChatGPT, Google’s Bard, and AI in general. Let me apologize up front for adding yet another article to the pile. I promise this one is worth a read, especially for anyone looking for ways to safely, securely, and ethically begin introducing AI to their business. On June 20th the International Association of Privacy Professionals (IAPP) released a new body of knowledge (BOK) for their soon-to-be-released Artificial Intelligence Governance Professional Certification (AIGP). This first-of-its-kind certification covers a series of knowledge areas, which I’ll explore later in this post. It’s of great value to any professional interested in implementing or managing AI, or simply curious about the field.

The field is booming with new tools, ideas, and use-cases being developed by the hour (at least that’s how it seems sometimes). Several companies, IBM being the most prolific, have also released several technical certifications aimed at the creation and refinement of AI. There are not, however, any certifications aimed at business leaders or non-technical professionals, the people who will approve and use AI in their day-to-day tasks. At least there weren’t until the IAPP announced their new AIGP certification, that is.

Introduction to the IAPP, and the AIGP knowledge areas

While the IAPP is the de facto leader in the industry when it comes to privacy certifications, I recognize not everyone may be familiar with them or their offerings. The IAPP was founded in 2000 and currently offers a suite of certifications aimed at professionals, including lawyers, who work with data privacy or governance. Their key offerings include the Certified Information Privacy Professional series (including individual certifications on European, Canadian, and American privacy laws), the Certified Information Privacy Manager, Certified Information Privacy Technologist, as well as a few others. The AIGP is a brand-new offering that hasn’t been fully released yet beyond the newly posted BOK.

The AIGP covers seven different domains that range from fundamental components of AI, all the way to development lifecycles and risk management. The topics on the exam will allow professionals to showcase their knowledge of both AI as a field of study and a technology, but also how to effectively manage it within an organization. Learning what you need to know to pass the test will create an excellent foundation and equip you to identify and leverage opportunities when they appear, and manage risks when they invariably crop up. I’ve listed the seven domains below:

Understanding the Foundations of Artificial Intelligence
Understanding AI Impacts and Responsible AI Principles
Understanding How Current Laws Apply to AI Systems
Understanding the Existing and Merging AI Laws and Standards
Understanding the AI Development Life Cycle
Implementing Responsible AI Governance and Risk Management
Contemplating Ongoing Issues and Concerns

Conclusion

While the certification itself isn’t out quite yet, I highly recommend you visit the IAPP’s website and take a look at the AIGP’s BOK. This will give you a good idea of what you can expect to see on the exam and let you begin preparing while we wait for the official training material to be released. I reached out to the IAPP for more information and was informed that additional training material to support this certification is planned for a Q4 release later this year.

This certification promises to become a milestone in the realm of AI governance, effectively bridging the gap between those with deep technical knowledge and non-technical business leaders. As the presence and use of AI becomes more pervasive, being able to understand its governance, risks, and ethical implications is no longer a luxury, but a necessity. This certification is going to be a vital first step towards achieving that understanding. I’ll continue to follow the development of the AIGP and provide more insights as new information becomes available.

The post Artificial Intelligence Governance Professional Certification – AIGP appeared first on Cybersecurity Insiders.

July 28, 2023 at 09:09PM

ChatGPT boss wants to scan eyeballs of billions amid AI privacy concerns

9:12 AM FireSaleHackBoy No comments

Artificial Intelligence technology-based tools have raised concerns about privacy due to the rapid proliferation of Deep Fake Tech in online platforms. ChatGPT’s Chief, Sam Altman, acknowledges the potential privacy issues and proposes a solution to address them.

Altman believes that the responsibility lies with the individuals who use such evolving technologies, rather than the technology itself.

Recently, a scanning device called ‘WorldCoin’ has been deployed at various locations in Britain and 16 other countries, with plans to expand to 1500 cities. This device captures iris scans to create a unique digital record known as the ‘World ID’ within 20 seconds. The World ID serves as an anonymous passcode and digital passport for authentication into related crypto wallets, services, and applications. Users are rewarded with 25 cryptocurrency tokens worth £1.56 for participating.

However, privacy advocates express concerns about these dystopian practices introduced by Sam Altman and criticize the innovative ‘Orb,’ which facilitates new users’ participation in the OpenAI WorldCoin project. The project aims to replace pictures with codes, leading to comparisons with a scene from the recent “Barbie” movie.

Altman contends that this technology will reshape the US Economy by leveraging machine learning tools and even proposes using it as a voter ID in elections.

While AI technology holds immense potential, it is crucial to strike a balance between innovation and safeguarding users’ privacy. Addressing privacy concerns and ensuring transparent usage of such technologies will be essential for their responsible and ethical integration into various aspects of modern life.

The post ChatGPT boss wants to scan eyeballs of billions amid AI privacy concerns appeared first on Cybersecurity Insiders.

July 28, 2023 at 08:33PM

Microsoft and Samsung launch Advanced Mobile Security Solution

1:11 AM FireSaleHackBoy No comments

Microsoft and Samsung Technology have joined forces to enhance mobile device security for enterprises. This collaboration has resulted in the world’s first mobile hardware-based device attestation, which verifies the identity and integrity of the device.

In simpler terms, an attestation solution means a device that can authenticate another device’s trusted state. This helps security administrators ensure that the information stored on the device remains well-protected.

In practicality, such a solution is incredibly beneficial in enterprise environments. It enables the device to communicate with connected services or networks, assuring them that it is genuine, secure, and compliant with all necessary business security standards.

For those interested in implementing Zero Trust Security Models, the integration of Samsung Galaxy Devices with Microsoft’s Intune Protection offers an excellent security framework capable of defending against even the most sophisticated cyber threats.

Samsung’s Galaxy devices, powered by the Knox Security platform, have already been revolutionized to achieve utmost security. By collaborating with Microsoft technology, Samsung Galaxy users can now benefit from Unified Endpoint Management and a Comprehensive Security Solution, promoting employee flexibility.

NOTE 1: In the rapidly evolving mobile landscape, corporate companies are increasingly adopting Zero Trust models with three core principles – assuming breach, explicit verification, and offering least privileged access. Implementing such principles enables firms to excel, even in regulated industries and the public sector.

NOTE 2: As of January 2023, Samsung Knox protects over 30,000 businesses in more than 110 markets from device attacks. Microsoft’s integration with Samsung offers an end-to-end cloud-based cross-platform security solution that ensures compliance, device management, and privacy, safeguarding BYOD devices from over 65 trillion threats.

The post Microsoft and Samsung launch Advanced Mobile Security Solution appeared first on Cybersecurity Insiders.

July 28, 2023 at 11:42AM

Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare

10:12 PM FireSaleHackBoy No comments

Get the complimentary 2023 report.

At the onset of our research, we established the following hypotheses.

Momentum edge computing has in the market.
Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The role of IT is shifting, embracing stakeholders at the ideation phase of development.

Edge computing brings the data closer to where decisions are made.

How to prepare for securing your healthcare edge ecosystem.

The post Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare appeared first on Cybersecurity Insiders.

July 28, 2023 at 09:09AM

Monday, July 31, 2023

Data classification and labeling

Techniques to identify sensitive data

What actions will the DLP solution perform

Conclusion

The significance of RAM dump

The RAM dump process

Best practices and considerations

Conclusion

Sunday, July 30, 2023

Saturday, July 29, 2023

Email messages caught by technical means of protection

Reporting phishing

Sad test results

Even following training, phishing emails continue to be opened

Cycle-based phishing awareness program implementation

Conclusion

Why the energy sector is vulnerable

Recommendations for enhancing cybersecurity in the energy sector

Securing energy infrastructure is an ongoing task

How is ransomware blooming as a business model?

What’s the worst that can happen after a ransomware attack?

No data recovery and repeated attacks

Financial instability

Lawsuits and regulatory fines

Operational downtime

Breaking down the ransomware business model

Final words

Friday, July 28, 2023

The evolution of Mobile Device Management

The need for comprehensive endpoint protection

The role of MDM in enforcing security measures

Implementing DLP policies within MDM solutions

Security benefits of MDM and UEM

Strategies for deploying MDM and UEM

How AT&T Cybersecurity can help with MDM and UEM

Ready to take your Mobile Device Management to the next level?

Introduction to the IAPP, and the AIGP knowledge areas

Conclusion

Thursday, July 27, 2023

Sponsored

Popular Posts

Labels

Blog Archive