AWS-Cloud-Security-Consulting.jpg

CYBER SECURITY CONSULTING SERVICE AWARDS AND RECOGNITIONS

CyberSecOp's comprehensive managed security services, cyber security consulting, professional services, and data protection technology are recognized as industry-leading threat detection and response solutions by major analyst firms, key media outlets, and others.

CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Understanding the UnitedHealth Data Breach: Lessons Learned and Cybersecurity Imperatives

In recent months, the healthcare industry has been rocked by a significant number of cybersecurity breaches, the most prolific of which was at UnitedHealth Group. This breach sheds light on the critical importance of robust cybersecurity measures in safeguarding sensitive patient data and ensuring the continuity of essential services. 

Below we delve into the details of this breach and explore its broader implications for cybersecurity in the healthcare industry as a whole.

The breach at UnitedHealth's tech unit on February 12th was orchestrated by hackers who gained remote access to the network using stolen login credentials. This breach, attributed to the cybercriminal gang AlphV, aka BlackCat, underscored the vulnerabilities inherent in relying solely on passwords for authentication, particularly the absence of multi-factor authentication (MFA). The compromised Change Healthcare Citrix portal, lacking MFA, provided an open gateway for cybercriminals to infiltrate and encrypt the systems, leading to a ransom demand to restore access.

The aftermath of the breach highlighted the significant disruption to American healthcare. Change Healthcare was locked out of the essential systems impacting medical claims processing across the country. UnitedHealth Group has been diligently working with law enforcement agencies and cybersecurity firms, including Google, Microsoft, Cisco, and Amazon, to investigate the breach and secure affected systems.

However, the ransom payment made by UnitedHealth Group underscores the complex ethical and practical considerations surrounding ransomware attacks. While paying the ransom may, or may not truly ensure the decryption of systems and the restoration of services, it also incentivizes cybercriminals to continue their nefarious activities.

In response to the breach, UnitedHealth Group has taken proactive measures to support affected healthcare providers, providing over $6.5 billion in accelerated payments and no-interest, no-fee loans to mitigate the financial impact.

This breach serves as a stark reminder of the urgent need for healthcare organizations to prioritize cybersecurity and implement robust defenses against evolving cyber threats. CyberSecOp continues to provide award winning services, standing ready to assist organizations in mitigating risks, conducting comprehensive risk assessments, and implementing tailored cybersecurity strategies to safeguard sensitive data and ensure the integrity of critical systems.

As the healthcare industry grapples with the fallout of this breach, it is imperative for organizations to learn from these events and strengthen their cybersecurity posture to protect patient privacy and maintain the trust of stakeholders.

Together, we can work towards building a more resilient and secure healthcare ecosystem where patient data remains protected and essential services remain uninterrupted.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Cyber Incident Response: A Comprehensive Guide

In today's world, cyber attacks are a fact of life. Every day, organizations of all sizes are targeted by hackers, criminals, and other malicious actors. While no organization is immune to attack, there are steps that can be taken to minimize the risk of a successful attack and to mitigate the damage caused by an attack that does occur.

One of the most important steps is to have a comprehensive cyber incident response plan in place. A good incident response plan will outline the steps that will be taken to identify, contain, and mitigate a cyber attack. It will also identify the roles and responsibilities of key personnel during an incident.

CyberSecOp is a leading provider of cyber security services. Our Emergency Incident Response team stands ready to support your organization in identifying, mitigating and preventing security incidents. We have the experience and expertise to help you respond to any type of cyber attack, quickly and effectively.

Our team of certified security professionals will work with you to:

  • Identify the nature of the attack

  • Contain the attack and prevent further damage

  • Restore your systems and data

  • Investigate the attack and identify the root cause

  • Develop a plan to prevent future attacks

We understand that a cyber attack can be a disruptive and stressful event. Our team is here to help you through the process and to get your business back up and running as quickly as possible.

The Cyber Incident Response Process

The cyber incident response process can be broken down into the following steps:

  1. Identify the attack. The first step is to identify that an attack has occurred. This may involve detecting suspicious activity, such as unusual logins or changes to network configurations.

  2. Contain the attack. Once an attack has been identified, it is important to contain the attack as quickly as possible. This may involve isolating the affected systems or networks, or removing malicious code.

  3. Mitigate the damage. Once the attack has been contained, it is important to mitigate the damage. This may involve restoring data from backups, or repairing damaged systems. It is also important to investigate the attack to determine how it occurred and to prevent future attacks.

  4. Investigate the attack. Once the attack has been contained, it is important to investigate the attack to determine how it occurred and to prevent future attacks. This may involve gathering evidence, such as logs and network traffic, and interviewing affected employees.

  5. Develop a plan to prevent future attacks. Once the attack has been investigated, it is important to develop a plan to prevent future attacks. This may involve implementing security controls, such as firewalls and intrusion detection systems, and training employees on security best practices.

Cyber Incident Response Resources

There are a number of resources available to help organizations create and implement a cyber incident response plan. Some of these resources include:

  • CyberSecOp can assist with the development of a comprehensive incident response program.

  • The National Institute of Standards and Technology (NIST) has developed a set of guidelines for creating a cyber incident response plan. These guidelines can be found on the NIST website.

  • The SANS Institute offers a number of resources on cyber incident response, including a checklist for creating a plan. These resources can be found on the SANS website.

  • The International Organization for Standardization (ISO) has developed a number of standards for information security, including one for incident response. These standards can be found on the ISO website.

Conclusion

Cyber incident response is an essential part of any organization's security posture. By having a comprehensive plan in place, organizations can minimize the damage caused by a cyber attack and quickly recover from an incident.

If you need help with your cyber incident response plan, please contact CyberSecOp today. We would be happy to help you develop a plan that meets your specific needs.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Company CISOs and Boards Brace for New SEC Cybersecurity Regulations

The U.S. Securities and Exchange Commission (SEC) is proposing new cybersecurity regulations that would require public companies to report cybersecurity incidents within four business days and to have a board-approved cybersecurity policy in place. The regulations are designed to protect investors from the risks of cybercrime and to hold public companies accountable for their cybersecurity practices.

Company CISOs (chief information security officers) and boards are bracing for the new regulations, which they believe will be costly and burdensome to implement. However, they also recognize that the regulations are necessary to protect companies and their investors from the ever-growing threat of cybercrime.

In this blog post, we will discuss the SEC's proposed cybersecurity regulations and what they mean for company CISOs and boards. We will also provide tips for companies on how to prepare for the regulations.

The SEC's Proposed Cybersecurity Regulations

The SEC's proposed cybersecurity regulations would require public companies to do the following:

  • Report cybersecurity incidents within four business days. Companies would be required to report any cybersecurity incidents that have a material impact on the company or its investors.

  • Have a board-approved cybersecurity policy in place. The policy should address the company's cybersecurity risks and how it will manage those risks.

  • Conduct regular cybersecurity assessments. The assessments should identify and fix vulnerabilities in the company's systems and networks.

  • Have a plan in place to respond to a cyberattack. The plan should include steps to contain the damage, notify regulators and customers, and restore operations.

The SEC's proposed regulations are based on the Cybersecurity Framework, a voluntary framework developed by the National Institute of Standards and Technology (NIST). The Cybersecurity Framework provides a set of best practices for organizations to follow to improve their cybersecurity posture.

The SEC's proposed regulations are likely to face opposition from some companies, who argue that they are too burdensome and costly. However, the SEC is likely to move forward with the regulations, given the increasing risk of cybercrime.

What the Regulations Mean for Company CISOs and Boards

The SEC's proposed cybersecurity regulations will have a significant impact on company CISOs and boards. CISOs will need to ensure that their companies are in compliance with the regulations, which will require them to implement and maintain a robust cybersecurity program. Boards will need to oversee the company's cybersecurity program and ensure that it is effective.

The regulations will also have a financial impact on companies. Companies will need to invest in cybersecurity controls and staff to comply with the regulations. The costs of compliance will vary depending on the size and complexity of the company.

Tips for Companies on How to Prepare for the Regulations

Companies can take the following steps to prepare for the SEC's proposed cybersecurity regulations:

  • Assess your cybersecurity risks. The first step is to assess your company's cybersecurity risks. This will help you to determine which areas need the most attention.

  • Implement appropriate security controls. Once you know your risks, you can implement appropriate security controls to mitigate them. This could include things like firewalls, intrusion detection systems, and data encryption.

  • Train your employees. Your employees are your first line of defense against cyberattacks. Make sure they are trained on cybersecurity best practices, such as how to identify and avoid phishing scams.

  • Stay up-to-date on cybersecurity news and trends. The cybersecurity landscape is constantly changing. Make sure you stay up-to-date on the latest news and trends so you can protect your company from new threats.

  • Conduct regular cybersecurity audits. Regular cybersecurity audits can help you to identify and fix vulnerabilities before they are exploited by attackers.

  • Implement a cybersecurity awareness program. A cybersecurity awareness program can help your employees to understand the risks of cybercrime and how to protect themselves and the company.

By taking these steps, you can help your company to comply with the SEC's proposed cybersecurity regulations and protect itself from the ever-growing threat of cybercrime.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

PlayStation Network Breaches (PSN Hacks)

PlayStation Network was launched in the autumn of 2006 and offers games, music and movies to people with PlayStation consoles.

2021 PlayStation Network Users Account Breach

On July 14, 2021 Sony Urges PSN Users to Use 2-Step Verification After Reports of Hacking. Sony urged users of its PSN service to use 2-step verification after receiving user reports of account hacking. Several users have submitted inquiries through the official Japanese PlayStation Support. While the issue has to do with PSN accounts, there is no indication that any of Sony’s official accounts were breached. This includes any hacking attempts or any breach of information through the service.

2014 PlayStation Network Breach

On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures. The data included personal information about Sony Pictures employees and their families, emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for certain films, and other information.

On December 24, 2021 Xbox live and PlayStation Network attack and Christmas was ruined for millions of gamers. Millions of people could not use their games consoles for a second day as disruption on the Xbox Live and Sony PlayStation networks continued after an apparent cyber-attack.

The group calling itself Lizard Squad once again claimed responsibility for bringing down both networks on Christmas Eve, which could have affected nearly 160 million gamers. This was once again distributed denial of service, or DDOS, the attack is overloading the systems of both services by generating fake access requests. More than 110 million people use the PlayStation Network (PSN) and at least 46 million use Xbox Live, both of which connect players to other gamers and services through the internet. Lizard Squad had apparently threatened to target both networks at Christmas describe itself as the “next-generation Grinch”.

 2011 PlayStation Network Breach

This PlayStation Network attack took the down for 23 days

The first reported play PlayStation Network Breach was disclosed between April 17 and April 19, 2011.

Sony learned that user information had been stolen from its PlayStation Network seven days ago, prompting it to shut down the network immediately.

The company said user account information for the PlayStation Network and its Qriocity service users was compromised between April 17 and April 19.

On April 20 PlayStation Network services were disabled to investigate the security incident. Sony update it blog that all data was encrypted and the database of customer information exposed to the unknown attacker. The data base includes information such as name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, handle/PSN online ID, as well as profile data including purchase history and billing address (city, state, zip), and PlayStation Network/Qriocity password security answers.

On April 30, 2011, Sony report that recovery is on it was and it hope to restore all services with the week.  Sonly also update that it was work with multiple security firms. May 3, 2011, Sony announced that a total of 77 million customers were affected in the breach.

On May 2 Sony issued a press release, according to which the Sony Online Entertainment (SOE) services had been taken offline for maintenance due to potentially related activities during the initial criminal hack. Over 12,000 credit card numbers, albeit in encrypted form, from non-U.S. cardholders and additional information from 24.7 million SOE accounts may have been accessed.

On May 6 Sony stated they had begun "final stages of internal testing" for the PlayStation Network, which had been rebuilt.  However, the following day Sony reported that they would not be able to bring services back online within the one-week timeframe given on May 1, because "the extent of the attack on Sony Online Entertainment servers" had not been known at the time. On May 14 various services began coming back online on a country-by-country basis, starting with North America. On May 23 Sony stated that the outage costs were $171 million.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

What is Cybersecurity Maturity Model Certification (CMMC)

The Cybersecurity Maturity Model Certification (CMMC) is a unified standard intended for implementing cybersecurity across DoD contractors.

The CMMC has been in development for a number of years, but the first details on the framework were released in January 2020. The framework makes use of a “maturity” model, in which audits will be conducted by third-party assessors. Firms will be assigned a “level” that represents the cybersecurity protections, or maturity level they have demonstrated.

Breach Report and predicted loss by 2024

A recent study predicted that business losses due to cybercrime will exceed $4.5 trillion by 2024. The threat to the Defense Industrial Base (DIB)--the network of more than 300,000 businesses, organizations, and universities that research, engineer, develop, acquire, design, produce, deliver, sustain, and operate military weapons systems--is especially alarming due to current cyber warfare activities by cybercriminals and state-sponsored actors.

Security is a foundational component of acquisition

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S) recognizes that security is a foundational component of acquisition and that some contractors are trading security to benefit cost, schedule, and performance. It's estimated that the DoD supply chain consists of more than 300,000 businesses and organizations, all of which are targets. Most of these organizations are small to mid-size businesses, which are the most vulnerable to cyber-attacks. Based on over 100 Data Breach Investigation's CyberSecOp recognized that organizations between 100 -300 employees are prime victims for cyber criminals because of lack of security controls.

CMMC Model Structure

The goal of CMMC is to provide a framework for the improvement of cybersecurity in DIB sector organizations. CMMC currently defines 17 domains of technical capability, each with five levels of certification (L1 through L5) and specific practices. The DoD will require an organization to have CMMC Level 3 certification before it can receive Controlled Unclassified Information (CUI) in any domain.

CMMC Domains

CCMC-Compliance.png

CMMC Leveled Practices

The majority of the practices (110 of 171) originate from the safeguarding requirements and security requirements specified in FAR Clause 52.204-21 and DFARS Clause 252.204-7012. The practices fall into five levels:

  • Level 1 represents basic cyber hygiene, and focuses on the protection of federal contract information (FCI). It consists of practices that correspond only to the basic safeguarding requirements specified in 48 CFR 52.204-21 ("Basic Safeguarding of Covered Contractor Information Systems").

  • Level 2 is a transitional step in cybersecurity maturity progression to protect CUI. Level 2 consists of a subset of the security requirements specified in NIST SP 800-171, as well as practices from other standards and references.

  • Level 3 focuses on the protection of CUI. It encompasses all of the security requirements specified in NIST SP 800‑171, as well as additional practices from other standards and references.

  • At Level 4, the model begins to focus more on the proactive activities an organization can take to protect, detect, and respond to threats. These practices enhance the organization's ability to address and adapt to the changing tactics, techniques, and procedures (TTPs) used by advanced persistent threats (APT)s.

  • Level 5 focuses on the protection of CUI from APTs. The practices increase the depth and sophistication of cybersecurity capabilities.

CMMC Cyber Compliance Services

DOD has made the effort to simplify CMMC, but it is surely still complicated. CMMC is based on several other standards, including DFARS, CERT RMM, 800-171, AU ACSC Essential Eight, UK NCSC Cyber Essentials, ISO 27001, CIS Critical Security Controls, and the NIST Cyber Security Framework. Utilizing all the above information security standards make it very challenging for most DOD contractors to copy with CMMC. Get compliant with CyberSecOp CMMC Assessment, Security Program & Advisory Services.

Author: Kaushik Reddy

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Cybersecurity Risks in a Pandemic: What you need to know

The COVID-19 pandemic has alerted many organizations to gaps in their information security infrastructure heretofore unrealized. Most of these deficiencies have been revealed as a direct outcome of the shift from a workforce-in-place physical environment centered around a fixed and determinable worksite location to a distributed, unstructured environment where most employees and individuals are working remotely.

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations.

The lack of a centralized workspace raises a multiplicity of information security concerns, including but not limited to the following:

1.      Does the company have an established Work-From-Home (WFH) information security policy, and if not, how is remote worker security managed?

2.      Are employees adequately trained to work remotely, and do they have the appropriate tools at their disposal to ensure the preservation of the security environment?

3.      How does the organization manage mobile device and laptop security, including encryption?

4.      Control and testing of the commercial VPN?

5.      Does the organization maintain a comprehensive data loss protection policy?

6.      How, if at all does the organization address data loss protection?

7.      Does the organization have a breach response plan for mobile and remote WFH employees?

At CyberSecOp, we can help your organization address these, as well as other concerns related not only to the current operating environment but also pertaining to any and all operating challenges you may face as part of your ongoing operations. Our skilled team of information security professionals can provide a comprehensive assessment of your information security framework and suggest remediation and complementary additions to your existing framework, as the case may be.

There are several things to consider if and when the time comes for firms to return to the office. CyberSecOp recommends:

  • Third-Party network risk assessment

  •   Operational Responses to Security Incidents

  • Work from Home Security

  • Virtual Meeting Applications

  • Updates and Patches

  •   A full virus scan on workstations returning to the office

  • Full Windows/Mac updates

  • Review Wi-Fi connections on returning devices: Some people may come back and still connect to Optimum Wi-Fi (This can be very risky)

  • Delete any accounts not for company use

  • Provisioning devices employees may have bought in haste (Hardening AV adding to the domain)

  • Mobile device management strategy for new mobiles, or devices that employees are using more

  • Pandemic Policy, Cybersecurity Policy Wireless policy

It is important for organizations to foresee possible consequences transitioning from working remotely to returning to the office. CyberSecOp can help facilitate this transition.

AUTHOR: Michael Young

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Hackers Taking Advantage of Covid19 to attack major industries

With the unprecedented events of the past few months and no end in sight to the COVID-19 pandemic, hackers are leveraging the related chaos as a means of targeting, hi-jacking, infiltrating, and generally creating havoc among major industries around the globe.

The suddenness of the global governmental response combined with the rapid shift to remote work solutions has created a haphazard environment for many businesses that simply do not have the time to implement due diligence and information security controls. Unfortunately, the smart bad guys are taking advantage.

In California’s’ Bay Area, two school districts have become recent victims of breaches that exploited the unexpected thrust to online learning. Video conferencing sessions were hacked and infiltrated by uninvited guests; hundreds of online learning passwords were inadvertently exposed to public consumption. School administrators were left scrambling and ultimately had to ban all usage of video conferencing until proper security measures were implemented.

Hospitals and medical facilities are reeling from the virus spread, and hackers are paying no solace to this industry as they hammer away with targeted phishing campaigns and other website-based attacks. The World Health Organization (WHO) has reported several unsuccessful attacks against their network, with one geared around impersonating the WHO email system. Hammersmith Medicines Research (HMR) a UK based research team tasked with creating a Covid19 vaccine, unfortunately, did fall victim to a cyber-attack, as malicious actors were able to access and then post medical data from thousands of patients.

Education and healthcare are not the only sectors being infiltrated. Financial firms are being hit with targeted phishing attacks called whale or spear-phishing - Using Covid19 as the backdrop. Attackers are creating very specific, sophisticated emails that create a sense of urgency and ultimately increase the odds of the recipient becoming a victim.

It is an important time to ensure that your business leaders are setting an example by exhibiting best practice security behaviors that will ultimately set the tone and trickle down the entire organization. Top management commitment, effective strong policies that are communicated to the entire organization, and a measurable security awareness along with a sound risk management framework; are just some of the layers in security that will decrease the attack surface of any business.

CyberSecOp offers a full suite of cyber-security solutions that include:

  • Full Security Assessments

  • Gap Analysis

  • Policy Creation

  • Security Awareness Training and Measurement

  • 24/7 Security Operations Center (SOC)

  • Ransomware Response

  • Penetration Testing

  • Vulnerability Scanning and Management

  • Forensics

  • VISO (Virtual Information Security Officer)

Read More
Cyber Security Services, Data Breach, Security Breach CyberSecOp Cybersecurity & Breach News Cyber Security Services, Data Breach, Security Breach CyberSecOp Cybersecurity & Breach News

Decrease Potential Data Breach, with Simple Security Control

Some senior management folks might find this strange, but you can significantly make your organization harder to breach. In fact, just a handful of defenses can do more to lower your cybersecurity risk than anything else. These include fighting social engineering and phishing better, patching the most likely to be attacked software far better, and requiring multi-factor authentication (MFA) for all logons.

Zero-day and information system protection

Because zero-day flaws usually refer to software that is widely in use, it’s generally considered good form if one experiences such an attack to share any available details with the rest of the world about how the attack appears to work — in much the same way you might hope a sick patient suffering from some unknown, highly infectious disease might nonetheless choose to help doctors diagnose how the infection could have been caught and spread. patch management is critical in protecting information technology systems.

Ransomware Breach and Criminals

The typical use case for ransomware is a shotgun approach type distribution campaign of dropping ransomware on people's machines, and then you charge them for getting their data or services back,” says Jeffery Walker, CISO at CyberSecOp. “Another use case is for covering tracks. These tools have the façade of ransomware: They would encrypt data, they would post a ransom note, and they would ask for money. They will even give you details on how to pay, but they're used to remove things from the endpoint while throwing off defenders into believing that the reason why that data was lost was because of a random hit by ransomware, but in some cases this is a cover up of a more bigger breach”

Vulnerabilities and Exploits

These are all vulnerabilities that could be exploited by cybercriminals bent on stealing personally identifiable information and protected health information – activity that could also play havoc disrupting healthcare delivery processes.

The study, based on network traffic data monitored by CyberSecOp over a six-month period, found the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels.

CyberSecOp compliance solutions deliver cost-effective data protection, data discovery, data classification and data loss prevention for data privacy and compliance.

Read More
CyberSecOp Cybersecurity & Breach News CyberSecOp Cybersecurity & Breach News

Cyber Security: Information Data Protection

CyberSecOp assist clients with managing privacy risk while keeping thier existing controls as effective and efficient as possible to withstand a complex privacy risk environment. We focus on testing, and training based on common employee mistakes and remediate gaps in the process, eeping your systems in line with current regulations,

The revolution that has taken place over the past 20 years has had an impact on both consumers and enterprises. The devices and applications that millions of individuals use on a daily basis contain increasingly more complex information, within a constantly evolving technological environment. The growing digital innovation trends such as cloud computing, big data and the IoT create new opportunities to communicate and exchange information. However, this massive amount of confidential data must consequently be managed and secured efficiently and continuously.

How can a company guarantee the security of its data and of its users' data? What solutions are currently available on the market that can help enterprises optimize the management of information while maintaining their privacy?

CyberSecOp, an american base market leader in the Managed Security Service Provider industry, responds to the companies' need for security, offering a range of solutions and services designed to help customers identify cyber security risks in order to mitigate and monitor them over time.

Through its diverse solutions portfolio, CyberSecOp provides the right mix of technology, processes and sector-specific knowledge, supporting customers during the initial planning phase, from design to implementation, in order to identify the best solutions both in terms of process, as well as technology. The company’s strategic partnerships with key suppliers and expertise with market technologies guarantee customers a solution that provides effective operational coverage, on-premise or remote, with vertical expertise throughout the duration of the project and during the delivery of services.

Moreover, thanks to a Cyber Security Operations Center (CSOC), the delivery of timely services and continuous security monitoring are seamlessly integrated to reduce cyber security-related risks. The service is designed to offer the customer a growth-oriented path aimed at improving the company’s overall security position and risk level awareness.

The Industry 4.0 evolution and the arrival of the IoT have significantly increased the complexity and the level of risk to which all enterprises are subject, necessitating an efficient management of corporate security. In a changing environment characterized by increasing opportunities, while at the same time offset by an exponential increase in associated risks, the availability of CSOC services represents an essential guarantee of security.

Read More

Cyber security IT skills in-demand in US

There’s no doubt that demand for the technologically skilled will only increase in the upcoming years, as practically every company becomes a software-driven enterprise. A survey by the jobs site Monster found that in the US, jobs in the digital sector have multiplied at more than twice the rate of other non-digital tech sectors, and are predicted to grow by 20% in the next decade.

However, which skills will be particularly in demand? While it’s unlikely that the IT skills demanded by the jobs market today will become redundant within our lifetimes, the field is constantly evolving, and there are certainly growth areas on the horizon that IT professionals would do well to educate themselves in.

Cyber security

Cyber security is an area set to grow exponentially in importance in the upcoming years. Every time a breach is suffered by an organisation, there is a huge cost both in terms of financial loss and loss of reputation and brand value.

A recent study carried out by jobs site Indeed indicated that the US is dangerously short on cyber security skills and that the number of cyber security jobs advertised in the US is the third highest globally, meaning demand exceeded candidate interest by more than three times.

Development

Demand for skills in development is here to stay (for the time being anyway – this could change as soon as AI is more widely used to code). In 2017, the demand for software developers and engineers increased by 13% in the UK.

Devops

Another important area of growth is the trend for companies to take a devops approach to their IT departments, meaning that developers well versed in this outlook will be the most employable.

Cloud computing

It’s widely recognised that cloud computing is the future, and every IT professional should feel comfortable using these systems. Demand for cloud infrastructure specialists is increasing across the board.

Machine Learning and AI

These are two obvious areas of increasing growth. In the US, demand for AI jobs increased threefold between 2015 and 2018, even surpassing the UK in terms of demand.

Read More

Prevent DDoS attacks across your enterprise

DDoS (Distributed Denial of Service) attacks feature amongst the most dreaded kinds of cyber attacks, for any enterprise today. This is especially because, as the name itself suggests, there it causes a total denial of service; it exhausts all resources of an enterprise network, application or service and consequently it becomes impossible to gain access to the network, application or the service.

In general, a DDoS attack is launched simultaneously from multiple hosts and it would suffice to host the resources, the network and the internet services of enterprises of any size. Many prominent organizations today encounter DDoS attacks on a daily basis. Today DDoS attacks are becoming more frequent and they are increasing in size, at the same time becoming more sophisticated. In this context, it becomes really important that enterprises look for DDoS attack prevention services, in fact the best DDoS attack prevention services, so as to ensure maximum protection for their network and data.

The different kinds of DDoS attacks

Though there are different kinds of DDoS attacks, broadly speaking there are three categories into which all the different kinds of DDoS attacks would fit.

The first category is the volumetric attacks, which include those attacks that aim at overwhelming network infrastructure with bandwidth-consuming traffic or by deploying resource-sapping requests. The next category, the TCP state-exhaustion attacks, refer to the attacks that help hackers abuse the stateful nature of the TCP protocol to exhaust resources in servers, load balancers and firewalls. The third category of DDoS attacks, the application layer attacks, are basically the ones targeting any one aspect of an application or service at Layer 7.

Of the above-mentioned three categories, volumetric attacks are the most common ones; at the same time there are DDoS attacks that combine all these three vectors and such attacks are becoming commonplace today.

DDoS attacks getting sophisticated, complex and easy-to-use

Cybercriminals today are getting cleverer and smarter. They tend to package complex, sophisticated DDoS attack tools into easy-to-use downloadable programs, thereby making it easy even for non-techies to carry out DDoS attacks against organizations.

What are the main drivers behind DDoS attacks? Well, there could be many, ranging from ideology or politics to vandalism and extortion. DDoS is increasingly becoming a weapon of choice for hacktivists as well as terrorists who seek to disrupt operations or resort to extortion. Gamers too use DDoS as a means to gain competitive advantage and win online games.

There are clever cybercriminals who use DDoS as part of their diversionary tactics, intending to distract organizations during APT campaigns that are planned and executed in order to steal data.

How to prevent DDoS attacks

The first thing that needs to be done, to prevent DDoS attacks from happening, is to secure internet-facing devices and services. This helps reduce the number of devices that can be recruited by hackers to participate in DDoS attacks.

Since cybercriminals abuse protocols like NTP, DNS, SSDP, Chargen, SNMP and DVMRP to generate DDoS traffic, it’s advisable that services that use any of these ought to be carefully configured and run on hardened, dedicated servers.

Do repeated tests for security issues and vulnerabilities. One good example is doing penetration tests for detecting web application vulnerabilities.

Ensure that your enterprise implements anti-spoofing filters as covered in IETF Best Common Practices documents BCP 38 and BCP 84. This is because hackers who plan DDoS attacks would generate traffic with spoofed source IP addresses.

Though there are no fool-proof techniques that can prevent DDoS attacks completely, you can ensure maximum protection by ensuring proper configuration of all machines and services. This would ensure that attackers don’t harness publicly available services to carry out DDoS attacks.

It’s to be remembered that it’s difficult to predict or avoid DDoS attacks and also that even an attacker with limited resources can bring down networks or websites. Hence, for any organization, it becomes important that the focus is always on maximum level protection for enterprise networks, devices, websites etc.

Read More

What is Botnet - Cybercriminals #1 Weapon

The word Botnet is formed from the words ‘robot’ and ‘network’. Cybercriminals use special Trojan viruses to breach the security of several users’ computers, take control of each computer and organise all of the infected machines into a network of ‘bots’ that the criminal can remotely manage.

Botnet Prevention- What is Botnet   

Botnet Prevention- What is Botnet   

 

How Botnets can impact you
Often, the cybercriminal will seek to infect and control thousands, tens of thousands or even millions of computers – so that the cybercriminal can act as the master of a large ‘zombie network’ – or ‘bot-network’ – that is capable of delivering a Distributed Denial of Service (DDoS) attack, a large-scale spam campaign or other types of cyberattack.

In some cases, cybercriminals will establish a large network of zombie machines and then sell access to the zombie network to other criminals – either on a rental basis or as an outright sale. Spammers may rent or buy a network in order to operate a large-scale spam campaign.

How to prevent your computer becoming part of a Botnet
Installing effective anti-malware software will help to protect your computer against Trojans and other threats.

Botnet.gif
Read More
Security Consulting, Security Compliance, Ransomeware, Data Breach, Botnet CyberSecOp Cybersecurity & Breach News Security Consulting, Security Compliance, Ransomeware, Data Breach, Botnet CyberSecOp Cybersecurity & Breach News

Businesses Expansion of Attack Surfaces

One of the main reasons cyber risk increases exponentially is the rapid expansion of attack surfaces. In these places, software programs are vulnerable to attack or probe by an adversary. According to the SANS Institute, attack surfaces can include any part of a company’s infrastructure that exposes its networks and systems to the outside, from servers and open ports to SQLs, email authentication, and even employees with “access to sensitive information.” It can also include user input via keyboard or mouse, network traffic, and external hardware that is not protected by cyber hardening technology.

It would be easy to blame the Internet of Things (IoT) for expanding attacks, as Intel projects two billion smart devices worldwide by 2020. But in reality, the IoT is only part of the attack surface epidemic.

According to Cybersecurity Ventures, there are now 111 billion new lines of code written each year, introducing vulnerabilities both known and unknown. Not to be overlooked as a flourishing attack vector are humans, which some argue are both the most important and the weakest link in the cyberattack kill chain. In fact, in many cybersecurity circles, there is a passionate and ongoing debate regarding just how much burden businesses should put on employees to prevent and detect cyber threats. However, what is not up for debate open is just how vulnerable humans are to intentionally or unintentionally open the digital door for threat actors to walk in. This is most evident because 9 out of 10 cyberattacks begin with some form of email phishing targeting workers with mixed levels of cybersecurity training and awareness.

Critical Infrastructure Protection Remains a Challenge

Critical infrastructure, often powered by SCADA systems and equipment now identified as part of the Industrial Internet of Things (IIoT), is a significant contributor to attack surface expansion. Major attacks targeting these organizations occur more from memory corruption errors and buffer overflows exploits than from spear-phishing or email spoofing and tends to be the motive of nation-states and cyber terrorists more so than generic hackers.

“Industrial devices are designed to have a long life span, but most legacy equipment still in use was not originally built to achieve automation and connectivity.” The IIoT does provide many efficiencies and cost-savings benefits to companies in which operational integrity, confidentiality, and availability are of the utmost importance. Still, introducing technology into heavy machinery and equipment that wasn’t built to communicate outside of a facility has proven challenging. The concept of IT/OT integration, which is meant to merge the physical and digital security of corporations and facilities, has failed to reduce vulnerabilities in a way that significantly reduces risk. As a result, attacks seeking to exploit critical infrastructure vulnerabilities, such as WannaCry, have become the rule and not the exception.

To date, ARE CYBERCRIMINALS winning? 

Critical infrastructure cybersecurity has relied too much upon network monitoring and anomaly detection to detect suspicious traffic before it turns problematic. The challenge with this approach is that it is reactionary and only effective after an adversary has breached some level of defense.

We take an entirely different approach, focusing on prevention by denying malware the uniformity it needs to propagate. We use a binary randomization technique that shuffles the basic constructs of a program, known as basic blocks, to produce functionally identical code but legally unique. When an attacker develops an exploit for a known vulnerability in a program, it is helpful to know where all the code is located so that they can repurpose it to do their bidding. Binary randomization renders that prior knowledge useless, as each instance of a program has code in different locations.

One way to visualize the concept of binary randomization is to picture the Star Wars universe at the time when Luke Skywalker and the Rebel Alliance set off to destroy the Death Star. The Rebel Alliance had the blueprints to the Death Star and used those blueprints to find its only weakness. Luke set off in his X-Wing and delivered a proton torpedo directly to the weak spot in the Death Star, destroying it. In this scenario, the Death Star is a vulnerable computer program, and Luke is an adversary trying to exploit said computer program.

Now imagine that the Galactic Empire built 100 Death Stars, protected by RunSafe’s new Death Star Weakness Randomization. This protection moves the weakness to a different place on each Death Star. Now imagine you are Luke, flying full speed toward the flaw in the Death Star, chased by TIE fighters, only to find that the weakfaultnot where the blueprint showed. The Rebel attack fails, and the Galactic Empire celebrates by destroying another planet. Like the Death Star scenario above, code protected with binary randomization will still contain vulnerabilities. Still, an attacker’s ability to successfully exploit that vulnerability on multiple targets becomes much more difficult.

 

Read More
Security Consulting, Security Compliance, GDPR compliance, Data Breach CyberSecOp Cybersecurity & Breach News Security Consulting, Security Compliance, GDPR compliance, Data Breach CyberSecOp Cybersecurity & Breach News

A Step-by-Step Guide to a Successful SIEM Deployment

SIEM (Security Information and Event Management) deployment based on firsthand experience implementing SIEM for a broad range of customers.

SIEM-2.jpg

 

Discovery Phase - Laying the Groundwork

  1. Review the organizational security posture and the initial business case for SIEM. Then prioritize the goals of the SIEM implementation from the most critical to the optional—taking into account the tasks that must be performed in order to support the effort.
  2. Review in detail the organizational security policy to consider the intent behind the policy. Separate those policies from a priority standpoint. Determine what’s critical, what’s necessary for mandatory compliance and what policies are best practices to ensure a secure environment.
  3. Identify current controls that are auditing those policies to determine compliance level. Ideally, a SIEM implementation should not be the first time the organization identifies that its security policy or how it’s implemented isn’t working according to plan. The reality is that these deployments often expose gaps in security execution that must be remediated before those elements can be integrated into a daily alerting and reporting structure.  
  4. Identify a smaller representative subset of the current policy and devices where SIEM can be applied and enough data can be gathered to determine what changes need to occur.
     

Pilot Phase - Beginning the Implementation

The primary goal of this phase is to determine which specific SIEM project goals can be implemented in order to establish initial ROI while creating a baseline operational model and run-book.

  1. The lessons learned from the discovery phase are used to implement a larger subset of technology.
  2. The assumptions developed during the discovery phase are tested in real time.
  3. The list of devices should be expanded to incorporate a wider set of technologies and numbers.
  4. The information developed from this phase is used to determine the final steps of controlled deployment and maturity phase.


Controlled Deployment Phase - Building Capacity

The primary goal of this phase is to develop a deployment workflow that enables the organization to build capacity as full deployment approaches. This phase also serves as the initial production test run and the completion of operational run-books necessary to manage a full deployment.

Maturity Phase - Continuing to Evolve

Significant work must be performed in order to mature the organization’s security posture and implement the finer points of the deployment. This phase never has an end point—since SIEM must continually evolve.

Read More
Security Consulting, Security Compliance, GDPR compliance CyberSecOp Cybersecurity & Breach News Security Consulting, Security Compliance, GDPR compliance CyberSecOp Cybersecurity & Breach News

Data Protection Officer- Consultants

Why do I need a Data Protection Officer?

While the desire to protect company, customer, and vendor information isn’t new, there are new laws that are requiring organizations to take a more active role in protecting their data.  The EU recently passed the General Data Protection Regulation that requires certain businesses to have a Data Protection Officer.  In order to comply with the rule, it has been estimated that nearly 28,000 DPOs will be needed by the end of 2018.

Specifically, the General Data Protection Regulation requires companies that process data with a public authority or that regularly monitor data subjects on a large scale to have a DPO and a plan in place to protect that data.  It’s important to note that the rule not only effects companies that are biased in the EU, but also those that conduct business with its partner countries.

Because of the non-specific wording of the GDPR, one of the first steps that any company operating within the EU will need to take is to determine whether or not they are subject to the regulations in the law.  It may be necessary to hire a security consultant on a short-term basis to determine this.  Fortunately,  CyberSecOp has plenty of experience in helping companies comply with EU law and IT security background that this position would require.

What is a Data Protection Officer?

In order to comply with the new regulation, a Data Protection Officer must have, “expert knowledge of data protection law and practices”.  Additionally, the DPO must have a good understanding of the organizations' technical structure, organization, IT infrastructure, and technology.

It’s important to note that as long as an employee is capable of performing the basic functions of the role, there is no formal training requirement.  This means that the job can be assigned to an existing employee.  It is also permissible for an organization to hire an outside consultant or security firm to take on this role.

How will this affect my company?

Due to the massive penalties involved with ignoring the new GDPR, any company that meets the criteria and operates in at least some capacity in the EU will need to appoint a Data Protection Officer.  For larger companies, this role is most likely already filled by a data security team.  Small companies will most likely find it to be the most cost-effective to hire an outside company to handle its data security issues.

Mid-size companies, however, will likely struggle to come into compliance with this rule.  Keeping a full-time Data Protection Officer on staff might prove to be cost prohibitive, but it’s also possible that contracting with an outside firm may also run up costs beyond a sustainable level.  In many cases, the solution might be to find a professional with multiple skill sets who could act as the company’s Data Protection Officer while also performing other duties. CyberSecop have a team of security professionals dedicated to helping an organization in comping with GDPR and other data security frameworks.

Read More
Security Compliance, Security Consulting, Ransomeware CyberSecOp Cybersecurity & Breach News Security Compliance, Security Consulting, Ransomeware CyberSecOp Cybersecurity & Breach News

Secure all networks, from the Internet?

In the coming years in 2019-2020, the active mobile users will cross the 5 billion mark globally, and add to this the number of tablet user will also increase. When we analyze these figures it is not difficult to estimate that there are more than 20 million IoT devices in the pipeline ready to hit the base by 2020. It means the above-given figures are all set to be part of the connected world.

All these devices mean lots of valuable data, and where there’s valuable data there are hackers trying to get access to it. Not only do we need to wrestle with new kinds of networks, many of them wireless, but we need to tackle the security of these networks while simultaneously tackling the massive scale of the problem.

Now imagine the kind of valuable data that will be churned out from these devices, and how it will be a gala time for the hackers to break into these devices and get access. No doubt we need to bring such device in our daily life, but the challenge is to get them all secured taking into account the massive breach in the line.

We asked vendors and resellers how they approach security of the WAN in this challenging environment

The internet is the network

The data center is no more the enter of the universe, but it is the Internet that new network that brings all the network closer to each other.

Mobile phone networks are rapidly being repurposed as a general-purpose data network over which voice calls are just one more application. Inside the telcos themselves, the core networking is already running over IP networks, and consumers are very comfortable with messaging applications that talk over IP networks instead of SMS. Devices in the field are adding LTE interfaces as a cheap and easy way to add networking capability to what were once disconnected devices.

“We have to rethink how we approach things,” Kopelke says. “We need to change our thinking from ‘How do I secure and protect the network?’ to ‘How do I secure and protect the data and applications?’”

Gavin Wilson, Asia-Pacific managing director at Cradlepoint “People expect to always be connected. Increasingly the connection is a mix of technologies, rather than a single layer-1 or layer-2 approach.” Instead of a loose collection of isolated technologies, the network is now an abstraction operating at a higher level, and there is no longer a functional difference between “the internet” of decades past and what all these modern mobile devices use to connect”.

The connected world and benefits

This ubiquitous networking is enabling associations to do things that basically weren’t conceivable previously. Without a system to send the information, gadgets in trucks or conveyed by field laborers would need to store information for later use. Presently they can stream a lot of information back to a server farm or straight into the cloud, and they can be inconsistent contact with different parts of the framework.

“The ability to get information out to remote people is a massive benefit, and, if a truck roll over on a delivery, an immediate duress notification can let others know the driver is in trouble,” says Michael Dyson, general manager at Advanced Mobile IT‌

“We also have digital signage that can be remotely updated,” Dyson says. “You can receive diagnostics from remote locations without having to send a technician out to the site and there are buses in New Zealand that can do on-board ticketing and have a GPS for accurate next-stop announcements.”

As it turned out to be consistently more steadily and reasonable, the requirement for the specialist like; satellite telephones, CB radios have dropped abruptly. These more seasoned technologies are turning into a fallback — as opposed to the essential strategy for building up correspondences. The generously higher transfer speed access, combined with the across the board accessibility of the supporting framework, influences the cost/to profit examination straightforward: you’d be distraught not to.

Security

Obviously, simply being associated isn’t sufficient. We likewise need to keep information and applications secure when they’re interfacing with an indistinguishable web from each content kiddie and solidified digital crime with a hunger for other individuals’ data.

“The traditional way to secure the WAN was using firewalls at each branch or backhauling branch traffic to a datacenter and use firewalls there to protect the traffic,” says Stree Naidu, vice president. Asia-Pacific and Japan for Cato Networks. “As long as we think about the firewall as a box that sits somewhere, that box defines the perimeter. But what if the perimeter was defined by a firewall that is everywhere? This is the notion of Firewall as a Service (FWaaS).”

Moving from the physical system of security that is as pervasive as the availability itself is it all about. “Systems that are secured from commencement is the name of the diversion. Rather than being a bit of hindsight or an extra, security in a world with no border implies heating it in from the start.

“It has to be about more than taking an appliance and virutalizing it,” says Zscaler’s Kopelke. “We say that’s just cloud-washing.”

Cato Networks’ Scree agrees. “The challenge most organizations face is how to extend enterprise-grade security to all their branches and mobile users globally,” he says. “Cloud networks with built-in network security can offer a way forward.”

“With users expecting a higher standard of service, these standalone appliances won’t cut it anymore,” says Dell EMC’s Elmarji. “You need to be able to provide full security on all connected devices, fast access to data, and 24/7 connectivity.”

While it’s still relatively early days for software-defined networks, it’s clear where the momentum is. Customers and resellers alike should be investigating how they can move to using software-based networking to create the secure, ubiquitous networks of the future

Read More
Security Compliance, Security Consulting, NIST, GDPR compliance, Data Breach CyberSecOp Cybersecurity & Breach News Security Compliance, Security Consulting, NIST, GDPR compliance, Data Breach CyberSecOp Cybersecurity & Breach News

Corporate Information Security Steering Committee

Organizations are becoming increasingly aware that if they fail to implement successful security management processes, it could expose them to untenable risk.

The role of the corporate information security steering committee has become an essential tool in the quest for a coordinated corporate security strategy, for reducing duplication in security spending, taking control of complex infrastructures, and, ultimately, reducing security risk. 

One of the first steps for many organizations has been to set up a common security team and embark on enterprise-wide information security programs. However, many of these teams have struggled to align corporate business objectives with strategic security investment.

META Group's research indicates that the majority of new security teams struggle to define and establish their corporate missions, scope, influence, and power bases. Furthermore, these security teams have poorly defined executive charters and operate without effective communications plans. The unfortunate result of such poor grounding is the temptation for newly established teams to immerse themselves in technology quests, searching for elusive enterprise-wide technical solutions.

In contrast, the most effective security organizations are those with clear responsibilities and well-defined processes based upon five primary organizational roles:

  • Leadership - this is the role of the chief information security officer who deals with both the day to day management of the security team as well as continuous communication of the importance and value of security measures

  • Analysis/design - these security analysts help information owners develop meaningful security policies as well as adequate security solutions

  • Security administration - these people look after the day to day administration of access rights, passwords, etc

  • Security operations - resources that continuously monitor the organization's security status and manage incident response procedures.

  • Awareness communication - resources that design and manage ongoing security awareness and training programs. 
    Executive custody and governance -represented by an information security committee

The role of the corporate security steering committee is to coordinate corporate security initiatives at the executive level and thus enable an organization to optimize spending, manage their infrastructure, and minimize security risk. Obtaining consensus and support for corporate-wide security initiatives is especially difficult in highly decentralized and multinational organizations with devolved authority and autonomy. In this type of organization, an executive governance body becomes essential.

Corporate information security steering committees (CISSC) must have a clear charter with a range of functions that should include:

  • Managing the development and executive acceptance of an enterprise security charter.

  • Assessing and accepting corporate-wide security policy (e.g., the corporate policy on security incident response, general behavioral approach). This function's primary objective is to ensure that business requirements are reflected in the security policy, thus ensuring that the procedure enables rather than restricts business operations.

  • Assessing any requests for policy exceptions from individual business units.

  • Assessing, accepting, and sponsoring corporate-wide security investment (e.g., identity infrastructure deployment, remote access infrastructure) and requests to be excluded from common investment.

  • Providing a forum for discussion and arbitration of any disputes or disagreements regarding common policy or investment issues.

  • Acting as custodian and governance body of the enterprise security program by ensuring visible executive support and monitoring progress and achievements. The role of a permanent governance structure reinforces the message that enterprise security becomes an ongoing, long-term initiative.

  • Assessing and approving the outsourcing of common security services and coordinating investment of inappropriate relationship management resources. As the lack of skilled resources increases the need to outsource operational services, executive due diligence, risk assessment, and ongoing effectiveness assessment must be coordinated through the steering committee.

  • Initiating ad hoc projects to investigate the advantages, disadvantages, risks, and costs of common security initiatives and advising the committee with appropriate recommendations.

  • Representing the executive (board of directors) or its nominated information governance body (e.g., an information executive board) in all corporate security matters. Reporting back to these forums on the activities and effectiveness of corporate security programs and investments.

  • Acting as custodian of corporate-wide strategic security processes (e.g., role analysis, data classification) by validating process ownership, responsibilities, and stakeholders.

  • Acting as the respondent to enterprise-level audit exceptions (i.e., those audit exceptions where a specific individual cannot be found to be responsible).

  • Coordinating and validating any external, security-related corporate communications plans and activities (e.g., in the event of a high-profile, publicized security breach).

  • Tracking major line-of-business IT initiatives to identify synergy opportunities or leverage security investment.

  • Governing trust relationships with major e-business partners.

It is essential that steering committee members can make decisions at meetings. This requires the active participation of senior executive business managers, or it must be a permanent subcommittee of an organizational information board. To prevent the committee from becoming an ineffective 'debating society' or forum for driving political agendas, the committee's scope, powers, and objectives should be documented and measured.

Typical members of an information security steering committee include all line of business managers, application owners, regional managers, IT managers, the IT director, the chief security officer, the corporate risk manager, and the chief internal auditor. A clear distinction must be made between the role of the CISSC (i.e., executive custody and governance) and the leadership role (i.e., day-to-day management of the security team) of the chief information security officer.

By developing the emerging role of the chief security officer (CSO) and the security team, enterprises can foster a holistic approach to information security - one that recognizes that policy, process, and communication are as important as technology.

Read More
Security Compliance, Security Consulting CyberSecOp Cybersecurity & Breach News Security Compliance, Security Consulting CyberSecOp Cybersecurity & Breach News

Cloud to Streamline Security for Strategic Growth

As the technology director at Inspira Health Network, François Bodhuin and his staff have their work cut out for them, as they strive to support the organization’s strategic growth, stay on top of technology needs and keep patient data secure.

The New Jersey-based organization, in fact, is constantly looking to expand. “We are a medium-sized system, but we are very active in our expansion plans,” Bodhuin said, noting that the system now has more than 150 service locations in five counties. The health network is currently building a new hospital, adding a two- story patient tower to one of its existing hospitals, expanding its behavioral health program, renovating a satellite ER, recently opened a senior emergency department and purchased a regional medical transport company.

In addition, the Inspira technology department has developed an app to better serve all the patients that will flow into this continually growing health system. The app enables patients to request appointments, get directions to facilities, access a list of providers, view emergency department and urgent care wait times, pay bills and even participate in virtual visits.

So, it made perfect sense for Inspira to move its compliance management software to the cloud when FairWarning introduced a cloud-based managed shared services solution that works to ensure all data is secure by continually monitoring user activity and sending out alerts for any suspicious actions. After all, the health system had already moved a variety of systems to the cloud including its electronic health records, security information and event management (SIEM) and wound care solutions, and has experienced myriad benefits by doing so.

“The cloud saves costs; because you are getting a virtual server, the hardware itself costs less,” he said. In addition, when a managed services provider hosts a solution in the cloud, the healthcare organization does not incur on-boarding or ongoing training costs.

By hosting the compliance solution in the cloud under a managed services arrangement, Inspira will be positioned to:

Take advantage of a team of privacy and security experts. “The team concept to me is a key with managed services. We’re always being asked to work more efficiently. In this case, we will be able to really do that because we will have a team of experts that is performing the function,” Bodhuin said. “Because they’re experts, they know when a complaint is significant. They know when an alert is significant. They know when to ask for an investigation.” In addition, because these experts are well versed in the compliance solution, the learning curve that is typically associated with implementing a new solution is eliminated.

Reduce the need to search for IT staff. Hiring experienced, qualified IT staff is a challenge for all healthcare organizations. “In South Jersey, it is especially difficult to attract people to work in security and privacy. [With managed services], we don’t have to search for IT staff and we won’t have any onboarding costs. All that is built-in to our fees,” he said.

Maintain flexibility. With a managed solution in the cloud, it will be easy for Inspira to grow – as the organization does not need to add staff but can instead simply adjust the services agreement to meet evolving needs.

More readily deal with infrastructure challenges. With managed services, Inspira staff do not need to “worry about patching or managing the server,” he said. In addition, staff don’t need to be concerned with “upgrading the hardware, or the software . . . or worry about disaster recovery,” something that traditionally generates significant downtime, according to Bodhuin.

Leverage the experiences of many. Managed services providers work with a variety of organizations making it possible to “bring many best practices to the table,” which is difficult to do when hosting and maintaining systems internally, Bodhuin noted.

Save considerable time. “There's a lot of daily work that, all of a sudden, you don't have to do because it’s being done by the managed service. In privacy and security, we expect to regain about one to two hours a day for each analyst,” he said. “Now, they can focus their time on responding to issues that are reported to them. All that saved time can be allocated to another function.”

Doing managed services right

While Bodhuin expects to realize these benefits when moving the compliance software to the cloud, his past experience with managed services has provided a litany of lessons learned. More specifically, he knows that to successfully work with a managed services provider requires:

  • Defining expectations explicitly. “You have to define what you trust them to do. You could let the managed service provider run the whole show if you wanted to, in certain functions,” or limit their scope to a defined set of functions, according to Bodhuin.
  • Proactively managing the working relationship. “You really have to keep them on their toes. Make sure they deliver what they say they will deliver,” he advised. “So you really have to pay attention to your statement of work to ensure that you will get what you expect.”
  • Treating the managed service provider as one of our own. “It’s really important that you make these people a part of your team. And if you do that, then you’ll get success. If you don’t do that, then there will be a lot instances where there are conflicts in your priorities,” Bodhuin said.

In the final analysis, with the expertise gained via a managed services arrangement, Bodhuin expects Inspira to save time, reduce costs while minimizing the organization’s overall risk profile. As such, Bodhuin can help the health system support its strategic growth goals. “The technology/security must be ‘a department of yes’, not a ‘department of no’. When you start saying no to people, you're going against the business itself and that can be a real problem,” he concluded.

 

Read More
Security Compliance, Security Consulting CyberSecOp Cybersecurity & Breach News Security Compliance, Security Consulting CyberSecOp Cybersecurity & Breach News

Bypass Two-factor authentication - 2FA Bypass

A majority of users and companies are moving to Two-factor authentication (2FA) for enhancing the security of its data and systems. But contrary to popular belief, it cannot provide a fool-proof layer of security to online accounts since Kevin Mitnick at KnowBe4 has demonstrated that it is very easy to deceive this defensive measure.

KnowBe4 is the world’s leading security awareness training provider and simulated phishing firm with a massive customer base of 17,000 organizations across the world. Mitnick is the company’s chief hacking officer.

In his new exploit, he proved that 2FA is exploitable because hackers can spoof the 2FA requests by sending a fake login page to the user. This may lead to stealing of sensitive user data including username, password and session cookie.

The hacking technique can be seen in the video uploaded here:

The purpose of using 2FA is to add an extra layer of security by combining what an employee already has and what they know. This combination could be between username and password or a code that is sent to the user on the phone or an app.

To exploit the 2FA method of security, the victim is lured into visiting a typo-squatting domain such as LunkedIn.com in order to steal the required user data. Once the information is obtained, the hacker can easily access the actual website and capture session cookie. Once this is achieved, the hacker can remain logged in indefinitely. But this is reliant on accessing the 2FA authentication code once.

As per the CEO of KnowBe4Stu Sjouwerman, Kuba Gretzy, a white hat hacker, and friend of Mitnick, developed a tool for bypassing the 2FA authentication via social engineering techniques and this tool can be “weaponized” for just about any website.

“Two-factor authentication is intended to be an extra layer of security, but in this instance, we clearly see that you can’t rely on it alone to protect your organization,” added Sjouwerman.

The tool is called evilginx. The attack method is based upon proxying the user via the hacker’s system through a credentials phishing technique, which requires the use of a typo-squatting domain. The idea is to let the user give away his/her credentials so that the hacker could steal session cookie.

The phishing email is the core of the attack method. In this particular case, the phishing email is supposedly sent by LinkedIn to a member of the site indicating that somebody is trying to contact through the social network. The email looks authentic initially but if looked closely, it becomes evident that it is a fake email since the return address is incorrect. But, if the user falls for it and clicks on the “interested” button, the malware will soon be downloaded onto the device.

This is the stage when the victim is taken to the authentic LinkedIn website so as to enter login information, which the hacker required. The login information is recorded by the malware as well as the session cookie using the cookie, the attacker acquires direct access to the account and manages to avoid the 2FA phase of the signing-in process.

Watch The Demonstration Here

Read More
Security Compliance, Security Consulting, Botnet, Ransomeware CyberSecOp Cybersecurity & Breach News Security Compliance, Security Consulting, Botnet, Ransomeware CyberSecOp Cybersecurity & Breach News

Ransomware campaign up around the world

A new email ransomware campaign is spreading around the world. Researchers at Fortinet say it’s a spam effort, meaning the messages are not targeted. Instead they are addressed generally, like “Dear customer.” The subject line in the email would be something like “Document number…”, “Your order number” or “Ticket number.” With the email is a malicious attachment that leads to the installation of malware. The initial targets are corporate mail servers used to forward this email. These have been found in Canada, the U.S. the United Kingdom and other countries. 

ransomware-cbyersecurity-consulting.jpg

The best defense against ransomware – or any email-delivered malware – is to watch out for it. Be cautious about unsolicited emails, especially those with attachments. And it’s vital you always have a separate backup of your data made it a way that can’t be infected, just in case you make a mistake.

Meanwhile McAfee reports some Canadian organizations have been victimized by a separate operation. A group security that researchers call Hidden Cobra, believed to be backed by North Korea, has been putting surveillance software on the systems of companies. The suspicion is the Canadian victims have been used as listening or data relay points. The malware that this campaign has installed has not stolen financial or sensitive data but appears to be there find out what’s on a computer, and be ready to launch further attacks.

Companies have to make sure their systems have the latest security patches. In addition, because the malware appears to be distributed through email, employees have to be reminded to be careful on what they click on.

For more on this see my story today on ITWorldCanada.com.

The U.S. National Security Agency has just suffered a black eye from an international standards body. According to a blog on Bitdefender, the International Organization of Standardization – known more commonly as ISO – rejected two new encryption algorithms suggested by the NSA to secure Internet of Things devices. The algorithms would scramble information on Internet-connected devices like home surveillance cameras and toys. But the NSA’s reputation for creating tools to hack into applications apparently give it a bad name at the ISO. One ISO delegate accused the NSA of telling half-truths and lies in its presentation.

If that allegation is accurate, it isn’t good. Internet of Things devices badly need better security. People and companies around the world buy tens of thousands of them a year. Insecure devices don’t improve security.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.

Read More