Aug 29th

Cybersecurity: Increasing Regulation

A final aspect of the cybersecurity landscape that is worthy of attention isn’t strictly technology related but instead relates to regulation and legislation. For many years the information technology industry was left to its own devices when it came to how much energy they put into protecting information systems infrastructure. Unfortunately, the industry hasn’t been successful enough in containing such breaches. The public and eventually politicians have noticed that breaches continue to occur even as all of us move more of our lives and sensitive information online.

This has led to an increasing number of jurisdictions to introduce legislation and regulation mandating the security controls that should be present over certain types of data hosted in organizational information systems. The cybersecurity landscape has changed in that IT security staff need today not only to be conversant with the security controls available for the technologies they are responsible for managing, but also with the rules and regulations that apply to the organization’s information systems and responsibilities that must be upheld in the event that an intruder successfully breaches the organization’s systems.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 22nd

Cybersecurity: Transition to the Cloud

The cybersecurity landscape has been substantially altered by organizations moving on-premise workloads to the cloud. Important to note though is that moving infrastructure, applications, and data to the cloud doesn’t mean that the responsibility for information security shifts from organizational personnel to the cloud provider.

As has been amply demonstrated by developers leaving cloud storage containers globally accessible, the security of a deployment in the cloud is as only as good as it is configured by the cloud tenant to be. Just as with on-premise information system security, the settings to secure workloads are present, but they must actually be configured by the information technology professionals responsible for those workloads.

For example, a cloud storage container used by a major US newspaper to host website code allowed read access to anyone in the world. Attackers used this access to inject coin mining code into the web pages delivered by the newspaper to its readers. Each time a reader visited the newspaper website, some cycles of their computer’s CPU worked on generating cryptocurrency for the attackers who had modified the contents of the cloud storage container.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 20th

Cybersecurity: IoT

Another big change in the cybersecurity landscape over the past decade has been the rise of the Internet of Things (IoT). The IoT is the network of physical objects, devices, televisions, refrigerators, home climate systems, cars, and other items, that are increasingly embedded with electronics, software, sensors and network connectivity that enables these objects to collect and exchange data. While consumer operating systems, such as Windows 10, OS X, iOS, and Android have increased security features with every release and update, the operating systems of Internet of Things devices rarely receive long-term security update support from their vendors.

The IoT presents an ongoing challenge on the cybersecurity landscape in that these devices are likely to remain insecure. This is because even when vendors do provide updates unless those updates are installed automatically, few owners of these devices will bother to apply those updates. While people will apply software updates to their computers and phones when reminded, most are less diligent when it comes to applying software updates to their refrigerator, washing machine, or television.

How does this impact the cybersecurity landscape? Botnets, comprised of IoT devices have already been used to perform distributed denial of service attacks. While the processing capability of IoT devices is much less significant than that of desktop computers or servers, it’s likely only a matter of time before an enterprising attacker works out how to get rich using a botnet of refrigerators to mine cryptocurrency.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 15th

Cybersecurity: Automation of Detection

One aspect of the cybersecurity landscape that has become brighter for defenders is that it has become easier to detect attacks that would have otherwise only been apparent through expert analysis of information system’s event log telemetry. While some attackers are overt and do little to hide their presence on the network, competent attackers often spend quite some time performing reconnaissance once they have established a beachhead on the organization’s network. These attackers leave only subtle traces of their presence that you might not be alerted to unless you have sophisticated intrusion detection systems that can recognize signs of the intruder’s activities. If an organization can detect attackers while the attackers are still performing reconnaissance, they can reduce the amount of damage done.

In the past, Security Information and Event Management (SIEM) systems would analyze information and detect suspicious activities based on heuristics developed by the vendor. While these systems are effective in discovering suspicious activity, they are only able to detect suspicious activity if the vendor recognizes the characteristics of that suspicious activity. To recognize new types of suspicious activity, the SIEM system must be updated with new signatures that allow it to recognize the characteristics of that activity.
Cloud-based services, such as Azure Security Center, Azure Advanced Threat Protection, and Windows Defender Advanced Threat Protection, provide organizations with more effective threat detection functionality than traditional methods, such as manual telemetry analysis. These cloud-based services have access to Microsoft’s Security Graph. Microsoft’s Security Graph centralizes the security information and telemetry that Microsoft collects across all its sources. This includes telemetry related to attacker activity across all of Microsoft’s customers, as well as information from Microsoft’s own ongoing security research efforts.

Through machine learning analysis of this vast trove of data, Microsoft can recognize the subtle characteristics of attacker activities. Once the characteristics of a specific attack are recognized through analysis of this immense data set, similar activity will be detected should it occur on customer networks.

The cybersecurity landscape has also changed now that defenders increasingly have access to tools like Azure Security Center that can highlight and, in some cases, remediate security configuration problems on monitored information systems. In the past information security professionals would have to work through configuration checklists when hardening servers, clients, and other equipment. Today services such as Azure Security Center can provide recommendations as to what configuration changes should be made to on-premises and cloud-hosted workloads to make them more secure. Security configuration recommendations provided by these services can also be updated as new threats emerge. This helps ensure that an organization’s security posture remains up-to-date.

Defenders also have access to breach and attack simulation tools. Rather than relying on experienced penetration testers to perform red team exercises to locate known vulnerabilities in an organization’s information systems configuration, breach and attack simulation tools simulate an attack and locate known vulnerabilities. While such tools won’t find every possible vulnerability, they are likely to detect the vulnerabilities most often exploited by attackers. If defenders remediate all vulnerabilities found by such tools, their engagement with penetration testers performing red team exercises is likely to be more valuable. Using such tools before engaging a red team will certainly reduce the likelihood of expensive penetration testers discover a list of obvious configuration vulnerabilities that should have been found by even the most cursory of examinations. When an organization engages penetration testers, the hope is that they’ll discover something that the organization’s information security staff couldn’t have seen, not something that they knew about but didn’t get around to addressing.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.

Aug 13th

Cybersecurity: Monetization of Malware

A big change in the recent cybersecurity landscape is coin mining software. Coin minding software is software that mines cryptocurrency, such as Monero, Bitcoin, or Ethereum. This is a big change because in the past it was difficult for an attacker to monetize an intrusion. Coin mining software makes monetizing intrusions straightforward. An attacker who successfully deploys coin mining software on a target organization’s information system just has to sit back and wait for the cryptocurrency to start rolling in.

In the past, amateurs may have been motivated to learn how to attack information systems by a variety of factors including curiosity. With the current mania around cryptocurrencies and the promise that it may be possible to earn such currency by running freely available exploit tools, it’s not unreasonable to assume that amateurs will be even more motivated to attack information systems in the hope of generating income.

Click HERE to learn more about Cybersecurity Training & Development Opportunities at Babbage Simmel or call (614) 481-6555.