Why Traditional SIEMs Are Falling Short
Modern-day cybersecurity threats require close monitoring and effective response. However, as data expands from on-premises to the cloud – or somewhere in between – new blind spots are emerging.
Modern-day cybersecurity threats require close monitoring and effective response. However, as data expands from on-premises to the cloud – or somewhere in between – new blind spots are emerging.
Why Cybersecurity Matters for your Small Business, What You’ll Learn- Cybersecurity basics, Risk management, Cybersecurity Framework, Small business cybersecurity resources.
Cybersecurity: protecting electronic devices and associated data and information.
Why put your already limited resources into preparing for and protecting against cybersecurity attacks?
The original immutable laws of security (v2 updated below) identified key technical truths that busted prevalent security myths of those times. In that spirit, we’re publishing a new complementary set of laws focused on busting prevalent myths in today’s world of ubiquitous cybersecurity risk.
Since the original immutable laws, information security has grown from a technical discipline into a cybersecurity risk management discipline that includes cloud, IoT and OT devices. Now security is part of the fabric of our daily lives, business risk discussions, elections, and more.
As many of us in the industry followed this journey to a higher level of abstraction, we saw patterns of common myths, biases, and blind spots emerge at the risk management layer. We decided to create a new list of laws for cybersecurity risk while retaining the original laws (v2) as is (with a single slight change of “bad guy” to “bad actor” to be fully correct and inclusive).
Each set of laws deals with different aspects of cybersecurity – designing sound technical solutions vs. managing a risk profile of complex organizations in an ever-changing threat environment. The difference in the nature of these laws also illustrates the difficult nature of navigating cybersecurity in general; technical elements tend toward the absolute while risk is measured in likelihood and certainty
Because it’s difficult to make predictions (especially about the future), we suspect these laws may evolve with our understanding of cybersecurity risk.
KEY POINTS
Phishing is on the rise, and anyone who uses email, text messaging, and other forms of communication is a potential victim.
These attacks, in which a cybercriminal sends a deceptive message that’s designed to fool a user into providing sensitive information such as credit card numbers or to launch malware on the user’s system, can be extremely effective if done well.
These types of attacks have become increasingly sophisticated — making them more dangerous — and more common. An October 2022 study by messaging security provider SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over a six-month period, and found more than 255 million attacks. That’s a 61% increase in the rate of phishing attacks compared with 2021.
The study revealed that cybercriminals are shifting their attacks to mobile and personal communication channels to reach users. It showed a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
“What we’ve been seeing is an increase in the use of voicemail and text as part of two-pronged phishing and BEC [business email compromise] campaigns,” said Jess Burn, senior analyst at Forrester Research. “The attackers leave a voicemail or send a text about the email they sent, either lending credibility to the sender or increasing the urgency of the request.”
The firm is receiving a lot of inquiries from clients about BEC attacks in general, Burn said. “With geopolitical strife disrupting ransomware gang activity and cryptocurrency — the preferred method of ransom payment — imploding as of late, bad actors are going back to old-fashioned fraud to make money,” he said. “So BEC is on the rise.”
One of the iterations of phishing that people need to be aware of is spearphishing, a more targeted form of phishing that often uses topical lures.
“While it is not a new tactic, the topics and themes might evolve with world or even seasonal events,” said Luke McNamara, principal analyst at cyber security consulting firm Mandiant Consulting. “For example, as we are in the holiday season, we can expect to see more phishing lures related to shopping deals. During regional tax seasons, threat actors might similarly try to exploit users in the process of filing their taxes with phishing emails that contain tax themes in the subject line.”
Phishing themes can also be generic, such as an email that appears to be from a technology vendor about resetting an account, McNamara said. “More prolific criminal campaigns might leverage less specific themes, and conversely more targeted campaigns by threat actors involved in activity like cyber espionage might utilize more specific phishing lures,” he said.
Individuals can take steps to better defend themselves against phishing attacks.
One is to be vigilant when giving out personal information, whether it’s to a person or on a website.
“Phishing is a form of social engineering,” Burn said. “That means that phishers use psychology to convince their victims to take an action they may not normally take. Most people want to be helpful and do what someone in authority tells them to do. Phishers know this, so they prey upon those instincts and ask the victim to help with a problem or do something immediately.”
If an email is unexpected from a specific sender, if it’s asking someone to do something urgently, or if it’s asking for information or financial details not normally provided, take a step back and look closely at the sender, Burn said.
“If the sender looks legitimate but something still seems off, don’t open any attachments and mouse or hover over any hyperlinks in the body of the email and look at the URL the link points to,” Burn said. “If it doesn’t seem like a legitimate destination, do not click on it.”
If a suspicious-looking message comes in from a known source, reach out to the person or company via a separate channel and inquire as to whether they sent the message, Burn said. “You’ll save yourself a lot of trouble and you’ll alert the person or company to the phishing scam if the email did not originate from them,” he said.
It’s a good idea to stay up on the latest phishing techniques. “Cyber criminals constantly evolve their methods, so individuals need to be on alert,” said Emily Mossburg, global cyber leader at Deloitte. “Phishers prey on human error.”
Another good practice is to use anti-phishing software and other cyber security tools as protection against potential attacks and to keep personal and work data safe. This includes automated behavior analytics tools to detect and mitigate potential risk indicators. “The use of these tools among employees has increased significantly,” Mossburg said.
Another technology, multi-factor authentication, “can provide one of the best layers of security to secure your emails,” McNamara said. “It provides another layer of defense should a threat actor successfully compromise your credentials.”
Endpoint security refers to the approach of protecting an endpoint business network when accessed by remote devices like smartphones, laptops, tablets or other wireless devices. It includes monitoring status, software, and activities. The endpoint protection software is installed on all network servers and on all endpoint devices. With the proliferation of mobile devices like laptops, smartphones, tablets, notebooks etc., there has been a sharp increase in the number of devices being lost or stolen as well.
These incidents potentially translate as huge loss of sensitive data or enterprises which allow their employees to bring in these mobile devices (enterprise-provided or otherwise) into their enterprise.
To solve that problem, enterprises have to secure the enterprise data available on these mobile devices of their employees in such a way that even if the device falls into the wrong hands, the data should stay protected.
This process of securing enterprise endpoints is known as endpoint security. Apart from this it also helps enterprises successfully prevent any misuse of their data which they’ve made available on the employee’s mobile devices. (Example: a disgruntled employee trying to cause nuisance to the enterprise or someone who may be a friend of the employee trying to misuse the enterprise data available on the device)
One of the main obligations under the General Data Protection Regulation (GDPR) for
organizations which process personal data (‘controllers’), is that they must do so in a
manner that ensures appropriate security of personal data, including protection
against unauthorized or unlawful processing (including theft, destruction or damage, or
disclosure) using ‘appropriate technical or organizational measures’. This is sometimes
referred to as the principle of ‘integrity and confidentiality’ or the ‘security principle’.
This obligation is an important one, which controllers should be cognisant of, particularly
those who utilize or store sensitive personal data. Whether or not an organization has
appropriate technical and organizational measures in place to ensure the security of the
personal data they process is one of the first questions the Data Protection Commission
(DPC) is likely to ask in the event of a personal data breach or the exercise of the DPC’s
investigative powers. Controllers can also consult our guidance for controllers on data
security when assessing the appropriate security measures they need to implement.
One way in which the risks regarding security of personal data can arise is through what
is known as ‘phishing’ or ‘social engineering’ attacks. Phishing is an example of a type of
social engineering which is commonly used to deceive users. Phishing is where someone
fraudulently attempt to trick users into disclosing sensitive information, such as
usernames, passwords, or credit card details, by disguising themselves as a trusted
source in an electronic communication. By using a trusted source, or name, or familiar
logo as ‘bait’, attackers can go ‘fishing’ for sensitive information, such as personal data.
This can be done in many ways, such as ‘email spoofing’ (where cloned or similar looking
email addresses or names are used) and misdirecting users to enter sensitive information
into a fake website (which looks very much like the legitimate one), or download harmless
looking but malicious software (often disguised as email attachments).
Download The Full Guidance for Organisations on Phishing and Social Engineering Attacks
Bangladesh Project Management Symposium was a daylong informative, inspiring, and interactive signature Conference by PMI Bangladesh Chapter. Each year they provide Project Management Excellence Awards to recognize the Project Managers (PM) as well as the Project Management Offices (PMO) for showing outstanding contributions to the development of the country. They aim to improve the practices of the project management profession while demonstrating leadership and innovation by advancing project management best practices, concepts, theories, and techniques.
Link3 was the proud event partner of the Project Management Symposium & Excellence Awards 2022. Link3 aimed to promote project management tools and solutions for the PMPs to make their lives more convenient and productive that they can avail from Link3. It was a successful and delightful event journey with the PMI Bangladesh chapter.
Change control management is a core element of security operation service and strategies. There are many cybersecurity firms that simply ignore or misuse change control management during the implementation phase. Remember, if your change control management system is ineffective, it can leave you in deep trouble. It may lead to the loss of critical system information, damage your organization’s reputation, expose your business to risks, cause network outages, and even negatively affect your revenue.
The most important element in change control management is the willingness and training of your people in the change process. The system should ideally be customized to your organizational culture, so it cannot create excuses for unfinished work. You need to have a mechanism in place for your business that would make it stand at par with the industry leaders.
The change control management process involves:
When it comes to change control management, you have two options: follow the slow, manual change management process or automate the process, making things simple and seamless for you.
Information and event monitoring also hold a critical place in cybersecurity. It is a method of the cybersecurity operation that shows you the big picture of your organization’s cybersecurity. Valuable information about your business’s security is generated on different sites, often making it cumbersome to monitor all the data from different aspects. The information and event monitoring service make this task easy for you.
The ideal cybersecurity service will provide you with a bird’s-eye view of the trends and patterns in your cyber security, making it easier for you to notice any changes. Instead of looking at information security and event management separately, you should view and monitor both of the components under a single security management system.
Be sure to perform the information and event monitoring by consolidating the warehousing and analysis of logs and allowing real-time assessment. This lets the security experts and technical team quickly deploy defensive measures. The centralization of data also lets you do trend analysis and generate automatic reports for compliance and other purposes.
You should not only do monitoring and analysis of the information and events but also keep eye on system audit events. When you use the log monitoring and analysis service together with your internal policies and procedures, it will simply boost your compliance strategy. Remember, the failure to follow a reliable logging mechanism will mean a huge liability for your business in terms of non-compliance.
Filed Under: Compliance, Security management and governance