Category: Featured
Nov 8th
Developing Websites Using IBM Web Content Manager 8.5 Attendee Evaluation
Aug 29th
Cybersecurity: Increasing Regulation
A final aspect of the cybersecurity landscape that is worthy of attention isn’t strictly technology related but instead relates to regulation and legislation. For many years the information technology industry was left to its own devices when it came to how much energy they put into protecting information systems infrastructure. Unfortunately, the industry hasn’t been successful enough in containing such breaches. The public and eventually politicians have noticed that breaches continue to occur even as all of us move more of our lives and sensitive information online.
This has led to an increasing number of jurisdictions to introduce legislation and regulation mandating the security controls that should be present over certain types of data hosted in organizational information systems. The cybersecurity landscape has changed in that IT security staff need today not only to be conversant with the security controls available for the technologies they are responsible for managing, but also with the rules and regulations that apply to the organization’s information systems and responsibilities that must be upheld in the event that an intruder successfully breaches the organization’s systems.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 22nd
Cybersecurity: Transition to the Cloud
The cybersecurity landscape has been substantially altered by organizations moving on-premise workloads to the cloud. Important to note though is that moving infrastructure, applications, and data to the cloud doesn’t mean that the responsibility for information security shifts from organizational personnel to the cloud provider.
As has been amply demonstrated by developers leaving cloud storage containers globally accessible, the security of a deployment in the cloud is as only as good as it is configured by the cloud tenant to be. Just as with on-premise information system security, the settings to secure workloads are present, but they must actually be configured by the information technology professionals responsible for those workloads.
For example, a cloud storage container used by a major US newspaper to host website code allowed read access to anyone in the world. Attackers used this access to inject coin mining code into the web pages delivered by the newspaper to its readers. Each time a reader visited the newspaper website, some cycles of their computer’s CPU worked on generating cryptocurrency for the attackers who had modified the contents of the cloud storage container.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 20th
Cybersecurity: IoT
Another big change in the cybersecurity landscape over the past decade has been the rise of the Internet of Things (IoT). The IoT is the network of physical objects, devices, televisions, refrigerators, home climate systems, cars, and other items, that are increasingly embedded with electronics, software, sensors and network connectivity that enables these objects to collect and exchange data. While consumer operating systems, such as Windows 10, OS X, iOS, and Android have increased security features with every release and update, the operating systems of Internet of Things devices rarely receive long-term security update support from their vendors.
The IoT presents an ongoing challenge on the cybersecurity landscape in that these devices are likely to remain insecure. This is because even when vendors do provide updates unless those updates are installed automatically, few owners of these devices will bother to apply those updates. While people will apply software updates to their computers and phones when reminded, most are less diligent when it comes to applying software updates to their refrigerator, washing machine, or television.
How does this impact the cybersecurity landscape? Botnets, comprised of IoT devices have already been used to perform distributed denial of service attacks. While the processing capability of IoT devices is much less significant than that of desktop computers or servers, it’s likely only a matter of time before an enterprising attacker works out how to get rich using a botnet of refrigerators to mine cryptocurrency.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 15th
Cybersecurity: Automation of Detection
One aspect of the cybersecurity landscape that has become brighter for defenders is that it has become easier to detect attacks that would have otherwise only been apparent through expert analysis of information system’s event log telemetry. While some attackers are overt and do little to hide their presence on the network, competent attackers often spend quite some time performing reconnaissance once they have established a beachhead on the organization’s network. These attackers leave only subtle traces of their presence that you might not be alerted to unless you have sophisticated intrusion detection systems that can recognize signs of the intruder’s activities. If an organization can detect attackers while the attackers are still performing reconnaissance, they can reduce the amount of damage done.
In the past, Security Information and Event Management (SIEM) systems would analyze information and detect suspicious activities based on heuristics developed by the vendor. While these systems are effective in discovering suspicious activity, they are only able to detect suspicious activity if the vendor recognizes the characteristics of that suspicious activity. To recognize new types of suspicious activity, the SIEM system must be updated with new signatures that allow it to recognize the characteristics of that activity.
Cloud-based services, such as Azure Security Center, Azure Advanced Threat Protection, and Windows Defender Advanced Threat Protection, provide organizations with more effective threat detection functionality than traditional methods, such as manual telemetry analysis. These cloud-based services have access to Microsoft’s Security Graph. Microsoft’s Security Graph centralizes the security information and telemetry that Microsoft collects across all its sources. This includes telemetry related to attacker activity across all of Microsoft’s customers, as well as information from Microsoft’s own ongoing security research efforts.
Through machine learning analysis of this vast trove of data, Microsoft can recognize the subtle characteristics of attacker activities. Once the characteristics of a specific attack are recognized through analysis of this immense data set, similar activity will be detected should it occur on customer networks.
The cybersecurity landscape has also changed now that defenders increasingly have access to tools like Azure Security Center that can highlight and, in some cases, remediate security configuration problems on monitored information systems. In the past information security professionals would have to work through configuration checklists when hardening servers, clients, and other equipment. Today services such as Azure Security Center can provide recommendations as to what configuration changes should be made to on-premises and cloud-hosted workloads to make them more secure. Security configuration recommendations provided by these services can also be updated as new threats emerge. This helps ensure that an organization’s security posture remains up-to-date.
Defenders also have access to breach and attack simulation tools. Rather than relying on experienced penetration testers to perform red team exercises to locate known vulnerabilities in an organization’s information systems configuration, breach and attack simulation tools simulate an attack and locate known vulnerabilities. While such tools won’t find every possible vulnerability, they are likely to detect the vulnerabilities most often exploited by attackers. If defenders remediate all vulnerabilities found by such tools, their engagement with penetration testers performing red team exercises is likely to be more valuable. Using such tools before engaging a red team will certainly reduce the likelihood of expensive penetration testers discover a list of obvious configuration vulnerabilities that should have been found by even the most cursory of examinations. When an organization engages penetration testers, the hope is that they’ll discover something that the organization’s information security staff couldn’t have seen, not something that they knew about but didn’t get around to addressing.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 13th
Cybersecurity: Monetization of Malware
A big change in the recent cybersecurity landscape is coin mining software. Coin minding software is software that mines cryptocurrency, such as Monero, Bitcoin, or Ethereum. This is a big change because in the past it was difficult for an attacker to monetize an intrusion. Coin mining software makes monetizing intrusions straightforward. An attacker who successfully deploys coin mining software on a target organization’s information system just has to sit back and wait for the cryptocurrency to start rolling in.
In the past, amateurs may have been motivated to learn how to attack information systems by a variety of factors including curiosity. With the current mania around cryptocurrencies and the promise that it may be possible to earn such currency by running freely available exploit tools, it’s not unreasonable to assume that amateurs will be even more motivated to attack information systems in the hope of generating income.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 8th
Cybersecurity: Attack Tools Availability and Sophistication
An adage within the cybersecurity industry is that tools that are only available to the elite hacking teams of nation-state intelligence agencies today will be available to teenage script kiddies within five years. “Script Kiddie” is a derisive term to describe an individual who uses sophisticated scripts and applications developed by experts to attack information systems while having no real understanding of the underlying functionality of those tools. Put another way, a “script kiddie” is a “point and click” hacker.
Attack tools are increasingly sophisticated. These automated exploit tools are relatively straightforward to procure and take little in the way of expertise to use. Whereas in the past access to basic tools required gaining access to select communities on hidden bulletin boards or Internet Relay Chat (IRC) channels, today it doesn’t take an enthusiastic amateur more than a few minutes with the results of the right search engine queries to get started. Should they need to learn more about the tools they have acquired, there are hundreds of hours of video tutorials available on the web to assist them.
While sophisticated attack tools are available often for free, there is a paucity of similar tools available for defenders. While the process of launching a basic or even moderately complex attack against an organization’s information systems may be as simple as a mouse click, the defender’s process of securing the configuration of those information systems is manual, complex, lengthy, ongoing and requires a good deal of expertise.
Within the cybersecurity landscape, there is an asymmetry between attacker and defender. Asymmetric in that the resources required for an organization to be reasonably assured that they are protected from the vast majority of intrusions vastly exceed the resources required for a competent attacker to perform a successful intrusion.
One key understanding of the cybersecurity landscape is that the vast majority of attackers are unsophisticated and are using automated vulnerability scanners and exploit tools. Put another way, most attackers by volume are likely “script kiddies” rather than professional hackers. As the vulnerabilities those automated tools attempt to exploit are often already addressed by vendor updates, if an organization is diligent and applies consistent effort to its security posture, it will be able to protect its information systems against the common attacker.
Put another way, if you take an ongoing and systematic approach to secure your organization’s information systems, it’s reasonably unlikely that “script kiddies” will be able to compromise your system. A diligent well-resourced defender is likely to be protected against all but the most highly resourced and persistent attacker.
While there is an asymmetry in terms of the effort required to properly secure information systems, it is possible to reach a stage where your organization’s systems security posture is such that those systems are impervious to all but the most skilled and well-resourced attackers. With time and effort, you can protect yourself against the amateurs, who randomly attack organizations to see if they can get access. With greater time, effort, resources, and skill you’ll be able to protect your organization’s information systems against more competent attackers that deliberately target your organization.
The unfortunate reality is that even when organizations have highly skilled personnel, that personnel are rarely given the necessary amount of time and resources to ensure that the organization’s information systems are configured in the most secure manner possible. The existing problem of asymmetry between attacker and defender is made worse by organizations not giving their defenders the resources they need to do their job.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 6th
Cybersecurity: Skills Gap
It’s regularly reported that the field of information security doesn’t have enough trained personnel to meet industry needs. The recent Global Information and Security Workforce Study by the Center for Cyber Safety and Education projected a global shortfall of 1.8 million information security workers by 2022. Organizations cannot begin to protect themselves from the various threats that exist if they aren’t able to hire the personnel to manage and secure their information systems.
Information security is an ongoing process. It’s not enough to have a consultant come in, deploy, and configure software and hardware, and then your organization’s information systems are secure going forward. Instead, the process of securing information systems is ongoing. For most organizations, this means having IT staff that are trained in information security processes. Until the skill gap is closed, the cybersecurity landscape will be littered with organizations who are unable to substantively improve their security posture because they don’t have access to the personnel that would enable them to do so and existing personnel are overworked due to a shortage of filled headcount.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Aug 1st
Cybersecurity: Application Development Security
The adoption of secure application development practices is another important part of the cybersecurity landscape. Many application developers create applications that are subject to attacks including cross-site scripting (XSS) and SQL injection, even though these attack vectors have been known about and understood for many years. As applications move from being locally installed on computers and devices to running as web applications in the cloud, it is important for organizations to ensure that secure application development practices are followed.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.
Jul 30th
Cybersecurity: Technology Lag
When considering the cybersecurity landscape, it’s important to note that the versions of products that organizations have deployed exist on a spectrum, with a small number of organizations running the latest versions, most organizations running older but still supported versions, and a substantial number of organizations running information systems that are no longer supported by the vendor.
While the latest operating systems and applications still have vulnerabilities, organizations can substantially improve their security posture by ensuring that they are running the most recent versions of operating systems and applications and by keeping those products current with released updates. It’s also important to note that many vendors are less diligent about addressing security vulnerabilities that are discovered in older versions of their products. A vulnerability that may be addressed in the current edition of a product may not be addressed in previous versions of the product.
It’s usually the organizations running outdated or unsupported products that you hear about when a large cybersecurity incident occurs. For example, the 2017 WannaCry ransomware attack disproportionally impacted organizations that had servers running the Windows Server 2003 operating system where the ports that are used for SMB storage protocol were exposed to the internet.
The WannaCry incident is reflective of a substantive part of the cybersecurity landscape in that it demonstrated that not only are a large number of organizations running outdated or unsupported information systems but that the security configuration of the networks that host those systems fell far below best practice.
Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.