AWS-Cloud-Security-Consulting.jpg

CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS

CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.

CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

SEC Proposes New Cybersecurity Rules

The SEC proposed to add new Item 106 to Regulation S-K and updates to Forms 10-Q and 10-K that will require public companies to provide periodic updates about previously disclosed cybersecurity incidents when a material change, addition or update has occurred.

These days cyber-attacks are common across all industries and sectors, however, the finance industry inclusive of fintech seems to be one of the most targeted by cyber-attackers and cyber criminals. In 2021, according to Statista, the finance industry was ranked as the second largest target for cyber-attacks being targeted four times more than healthcare and almost nine times more than government. Although most organizations in the finance industry have built formidable security programs, the inbound threats have also become much more frequent and sophisticated. As cyber-attacks constantly grow in number and sophistication, we see organizations being breached every day. According to J Makas at ThinkAdvisor.com, by 2023 an estimated 33 billion accounts will be affected by cyberattacks targeting the financial sector.

SEC in response to rising threats

The Securities and Exchange Commission (SEC), in response to these rising threats and as a result of concerns voiced surrounding the lack of preparedness across the industry to advanced cyber-threats, has proposed new rules with a focus on standardizing and increasing cyber-reporting across the finance industry and public companies. The new rules proposed on March 9th of 2022 would require public companies to make prescribed cybersecurity disclosures. This proposal is an attempt to protect investors and strengthen their ability to evaluate public companies’ cybersecurity practices and incident reporting. cover IT risk management, cyber incident reporting, and cyber risk disclosure. The proposed rules would make cybersecurity a large part of the overall enterprise risk management

The proposed rules are an expansion on SEC’s previous guidance from 2011 and 2018 and would make material cybersecurity incident reporting, including updates about previously reported incidents as well as ongoing disclosures on companies' governance, risk management, and strategy with respect to cybersecurity risks, including board cybersecurity expertise and board oversight of cybersecurity risks, all mandatory.

            In specific, the new rules would add cybersecurity incidents on Form8-K requiring organizations to disclose all cybersecurity incidents and identified risks. The information required on the Form 8-K would cover (a) the timing of cyber-incidents and whether they are resolved or ongoing, (b) required brief details on the nature of the incident, (c) a report on any affected data even if the data was not exfiltrated, d) effects of every cyber incident on the organization’s operations, and e) information on remediation activity. One interesting item of note is that the actual date the cyber-incident began will be required and not just the date it was discovered.

Require companies to disclose

Also, the new rule would require companies to disclose the following in form 10-K:

·         Does the company have a cybersecurity risk assessment program and if so, provide a description of such program;

·         Does the company engage assessors, consultants, auditors or other third parties in connection with any cybersecurity risk assessment program;

·         Does the company have policies and procedures to oversee and identify the cybersecurity risks associated with its use of any third-party service provider (including, but not limited to, those providers that have access to the company's customer and employee data), including whether and how cybersecurity considerations affect the selection and oversight of these providers and contractual and other mechanisms the company uses to mitigate cybersecurity risks related to these providers;

·         Does the company undertake activities to prevent, detect, and minimize the effects of cybersecurity incidents;

·         Does the company have business continuity, contingency and recovery plans in the event of a cybersecurity incident;

·         Have previous cybersecurity incidents have informed changes in its governance, policies, procedures, and technologies;

·         How and whether cybersecurity-related risks and incidents have affected or are reasonably likely to affect its results of operations or financial condition and if so, how; and

·         Cybersecurity risks are considered a vital part of its business strategy, financial planning, and capital allocation and if so, how.

requires cyber risk management to be identified in the organization's 10-K form

The proposed rules will also require information on the company’s cybersecurity governance, board oversight of the cybersecurity risks, and how cybersecurity risks are managed and assessed to be present in the company’s form 10-K as well as in annual reports. Companies will also be required to identify any members of the board with expertise in cybersecurity including their names and a full description of the nature of their expertise. Besides these requirements, there will also be disclosure requirements to tag any data that at any point was considered to be affected in any way by a cyber-incident. Lastly, foreign private issuers ("FPI") will also have mandatory incident disclosures to make.

These rules proposed by the SEC are meant to provide more visibility to investors as well as the federal government, thereby protecting investors as well as standardizing the level of cybersecurity and IT risk management programs across public companies and the finance industry. It is likely that Congress as well as entities such as the SEC will not stop here and will continue to propose further cybersecurity and IT risk management related regulation.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Holistic Ransomware Security Approach

Do you have a holistic approach for security against ransomware? To prevent events from escalating, consider immediate containment and expert remediation assistance. Ransomware attacks are rampant, and include hackers locking up computer systems and demanding a payment to unlock them. Ransomware has had devastating effects on our infrastructure and economy, impeded emergency responders, stalled tax payments and forced government offices back to pen-and-paper operations for weeks on end.

80% of those who paid their ransom were attacked again, and not even security firms are immune to these attacks.  

What is Ransomware?

Ransomware is a form of malicious software (malware) that is designed to encrypt files on a device, making the files and the systems that rely on them unusable. Malicious actors then demand a ransom payment, usually in the form of cryptocurrency, in exchange for decryption. These malicious actors may also make extortion demands, by threating to release stolen data if a ransom is not paid, or may come back after the fact and demand an additional payment in order to prevent the release of stolen data.

Recent Breach of a Top Security Firm

Accenture, one of the largest security firms around, confirmed in August 2021 that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.

Previously, the cybersecurity firm FireEye had been the first call for help at government agencies and international companies who had been hacked by sophisticated attackers. Yet on Dec 8, 2020, FireEye announced it had been breached, and not just data but also some of its most valuable tools had been stolen. 

Ransomware Impact

The impact of a successful ransomware deployment includes both technical and non-technical challenges, and can be crippling to business operations. Modern-day attackers have developed advanced techniques that now require a holistic security risk mitigation strategy, inclusive from the board to technical practitioners.

The impact of ransomware can include:

·         Temporary, and possibly permanent, loss of your company's data

·         A complete shutdown of your company's operations

·         Financial loss as a result of revenue-generating operations being shut down

·         Financial loss associated with the cost of remediation efforts

·         Permanent damage to your company's reputation

How Can CyberSecOp Help Your Organization?

Holistic Security Risk Mitigation Strategy

A holistic approach to cybersecurity can address the following components and their implications for governance, organizational structures, and processes.  Our holistic security program includes a risk management program, which provides an accurate overview of the risk landscape and governing principles that ensure accurate risk reporting. We address:

  • Assets: Clearly defining critical assets

  • Controls: Differentiated controls to balance security with agility

  • Processes: State-of-the-art and fully tested procedures for optimal security and remediation

  • Organization: Bringing the right skills, most efficient decision making, and effective enterprise-wide cooperation into your organization

  • Governance: Investments in operational resilience, prioritized based on deep transparency into cyber risks including third parties and vendors, covering of the whole value chain

  • Patches: Keeping your network up to date with the latest software patches

  • Software Mitigations: Using robust antivirus and firewall protections in your network

  • Backups: Backing up data securely and separately from your network, and routinely testing restoring from backups

Incident Response Services

Scoping and Investigation

The CyberSecOp Incident Response (IR) Team conducts forensic analysis to identify root causes and ensure rapid containment of ongoing attacks. This swiftness to action helps prevent escalation.

Services and Expert Guidance

CyberSecOp IR Team remediates issues throughout the network and implements updates to configurations, architecture, and tooling.

Advanced Threat Analysis

The CyberSecOp Team conducts in-depth investigations including root cause analysis, malware reverse engineering and comprehensive incident reporting.

How Does Ransomware Infect my Network?

Ransomware, like other forms of malware, seeks to take advantage of poor security practices employed by employees and system administrators. According to the Internet Crime Complaint Center (IC3) the most common methods of infection are:

  • Email Phishing: This social engineering attack vector occurs when a cyber-criminal sends an email which appears to be legitimate, but in fact contains a link to a malicious website or document with a malicious script, which then infects the recipient’s computer and associated network.

  • Remote Desktop Protocol (RDP) Vulnerabilities: RDP is a type of software that allows individuals to control the resources of another computer over the internet. RDP is commonly used by employees working remotely and by system administrators to manage computers from a distance.

  • Software Vulnerabilities: These vulnerabilities are flaws in the code of a piece of software (like Microsoft Word) that can be exploited by threat actors to gain control of a system to deploy malware. A common example would be “macros” that get installed within Microsoft Word or Microsoft Excel that lead to infection.

Best Practices and remedial measures

Users and administrators are advised to take the following preventive measures to protect their computer networks from ransomware infection/ attacks:

  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.

  • Check regularly for the integrity of the information stored in the databases.

  • Regularly check the contents of backup files of databases for any unauthorized encrypted contents of data records or external elements, (backdoors /malicious scripts.)

  • Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems

  • Establish a Sender Policy Framework (SPF) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.

  • Keep the operating system third party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.

  • Application white listing/Strict implementation of Software Restriction Policies (SRP)to block binaries running from %APPDATA% and %TEMP% paths. Ransomware sample drops and executes generally from these locations.

  • Maintain updated Antivirus software on all systems

  • Don't open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization's website directly through browser

  • Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

  • Network segmentation and segregation into security zones - help protect sensitive information and critical services. Separate administrative network from business processes with physical controls and Virtual Local Area Networks.

  • Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.

  • Disable remote Desktop Connections, employ least-privileged accounts. Limit users who can log in using Remote Desktop, set an account lockout policy. Ensure proper RDP logging and configuration.

  • Restrict access using firewalls and allow only to selected remote endpoints, VPN may also be used with dedicated pool for RDP access

  • Use strong authentication protocol, such as Network Level Authentication (NLA) in Windows.

  • Additional Security measures that may be considered are

    • Use RDP Gateways for better management

    • Change the listening port for Remote Desktop

    • Tunnel Remote Desktop connections through IPSec or SSH

    • Two-factor authentication may also be considered for highly critical systems

  • If not required consider disabling, PowerShell / windows script hosting.

  • Restrict users' abilities (permissions) to install and run unwanted software applications.

  • Enable personal firewalls on workstations.

  • Implement strict External Device (USB drive) usage policy.

  • Employ data-at-rest and data-in-transit encryption.

  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.

  • Block the attachments of file types, exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf

  • Carry out vulnerability Assessment and Penetration Testing (VAPT) and information security audit of critical networks/systems, especially database servers from CERT-IN empaneled auditors. Repeat audits at regular intervals.

  • Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies

Our IT & cybersecurity consulting service protects you from cyber criminals in myriad ways. From implementing a cybersecurity program, which include a written information security program and cybersecurity assessment, to purchasing our best-in-class cybersecurity consulting and IT security solutions, engaging with CyberSecOp will lead you in the right direction towards an enhanced security stance. CyberSecOp is an ISO 27001 Certification Organization - join thousands of businesses by putting your security in our hands.

Read More

Choosing A Managed Detection & Response Provider

Why Managed Detection & Response Provider may be the right move

Companies outsourcing security need Managed Detection & Response providers (MDR) more than ever to improve cyber resilience. With the security landscape growing more complex, and the costs of maintaining adequate in-house security teams high, it makes sense for many companies to outsource the tasks of threat hunting and response to ensure that they can promptly identify potential threats and react swiftly to mitigate damages. Managed Detection & Response providers often integrate tools such as Endpoint Detection & Response and other solutions to detect threats, analyze risk, and correlate threat data to pinpoint patterns that could indicate a larger attack.

How to choose the right Manged Detection & Response Provider

Smart moves: you’re making them. How do we know? For one, you’re investigating ways to close the gaps in your threat detection and incident response. Which makes sense, given that assembling the talent and tech to thoroughly thwart attackers requires more than most organizations can commit to. Even smarter, you’re checking out Managed Detection and Response (MDR) Services, an increasingly popular solution which combines expertise and tools to provide monitoring and alerting, as well as remote incident investigation and response that can help you detect and remediate threats.

9 things to look our for when choosing a Managed Detection & Response Provider

  1. Your Managed Detection & Response Provider should combine numerous data inputs from security detection tools, threat intel feeds, third party data sources, and the IT asset database to identify not only where there is a threat but its risk compared to others in the queue.

  2. Assess your company's present and future technology needs and initiatives. Qualify, quantify and communicate those needs throughout your company. Is the Managed Detection & Response Provider able to address your range of needs?

  3. Technology strategies should encompass people and processes as part of the organization's mission and strategies. Do they offer ongoing employee training as part of their service?

  4. Does the Managed Detection & Response Provider continuously assess your organization's performance for meeting objectives? You want a partner that focuses on continuous evaluation and improvement of your objectives.

  5. Review your company's goals and mission. Ensure they are clear and concise and can be communicated to all organizational stakeholders as well as your new IT partner.

  6. Perform annual policy and process reviews to assess organization's readiness for external reviews and incident response.

  7. Identify and create teams within your organization to define current challenges and align initiatives to those challenges.

  8. Through playbooks and pre-defined workflows, you can quickly assess and begin to remediate security incidents based on best practices. Ask a Managed Detection & Response Provider if they include such materials as part of their package.

  9. CIOs/CISOs should have unprecedented transparency to all aspects of the security environment. Through dashboards and visualization techniques, CIOs/CISOs will be more easily able to communicate with Managed Detection & Response Providers which vulnerabilities and threats exist and the risks of inaction.


Read More

Cyber security IT skills in-demand in US

There’s no doubt that demand for the technologically skilled will only increase in the upcoming years, as practically every company becomes a software-driven enterprise. A survey by the jobs site Monster found that in the US, jobs in the digital sector have multiplied at more than twice the rate of other non-digital tech sectors, and are predicted to grow by 20% in the next decade.

However, which skills will be particularly in demand? While it’s unlikely that the IT skills demanded by the jobs market today will become redundant within our lifetimes, the field is constantly evolving, and there are certainly growth areas on the horizon that IT professionals would do well to educate themselves in.

Cyber security

Cyber security is an area set to grow exponentially in importance in the upcoming years. Every time a breach is suffered by an organisation, there is a huge cost both in terms of financial loss and loss of reputation and brand value.

A recent study carried out by jobs site Indeed indicated that the US is dangerously short on cyber security skills and that the number of cyber security jobs advertised in the US is the third highest globally, meaning demand exceeded candidate interest by more than three times.

Development

Demand for skills in development is here to stay (for the time being anyway – this could change as soon as AI is more widely used to code). In 2017, the demand for software developers and engineers increased by 13% in the UK.

Devops

Another important area of growth is the trend for companies to take a devops approach to their IT departments, meaning that developers well versed in this outlook will be the most employable.

Cloud computing

It’s widely recognised that cloud computing is the future, and every IT professional should feel comfortable using these systems. Demand for cloud infrastructure specialists is increasing across the board.

Machine Learning and AI

These are two obvious areas of increasing growth. In the US, demand for AI jobs increased threefold between 2015 and 2018, even surpassing the UK in terms of demand.

Read More

Prevent DDoS attacks across your enterprise

DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service.

In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data.

The different kinds of DDoS attacks

Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit.

The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7.

Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today.

DDoS attacks getting sophisticated, complex and easy-to-use

Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations.

What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games.

There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data.

How to prevent DDoS attacks

The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks.

Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers.

Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities.

Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses.

Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks.

It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc.

Read More