Posts

, ,

Meeting the changing demands of cyber security

Cyber attacks are becoming more frequent in the business world today. In light of this, cyber security has become one of the leading concerns for UK businesses. Research conducted by Serviceteam IT in August 2017, revealed over a third of respondents had experienced an increase in cyber security incidents in the past 12 months.

The Technical Director of the National Cyber Security Centre (NCSC) has predicted that at some point in the next few years, a Category 1 national level cyber attack will occur in the UK. A change in thinking regarding cyber security is required from both organisations and the government in order to prevent such an attack from occurring. The Technical director of the NCSC has warned that it may take the inevitable category 1 attack to catalyse such changes to be made.

What changes need to be made in organisations to meet these changing demands?

Utilise your workers

Branded as the ‘weakest link’, employees have been blamed by cyber security professionals for the past 25 years for weaknesses in the security system. It has been argued however, that these are the people that create the value within an organisation. If this is the case, how is it that employees are labelled the weakest link?

The problem lies in the fact that systems are often designed by techies for techies. Ordinary people, that make up the majority of many workforces, are therefore not able to utilise the system in an effective way that ensures security. This needs to change.

People can transform from the weakest to the strongest link in an organisation, if the systems are made more usable. If you can leverage your people better, they can become the first and last line of defence in an organisation. It’s time to stop blaming the users and start modifying the system.

Getting ahead of cyber attacks

There is an opportunity for firms to get ahead of cyber attackers. Organisations need to work with employees to uncover new possibilities instead of relying solely on shelf security solutions. Non-expert technology users are argued to be the secret weapon in the defence systems of the future.

At the moment, organisations are reliant on non-experts making good IT decisions. Training in the past has not been effective in engaging people and ensuring they are trained correctly. These people need to be trained more effectively to enable firms to get ahead of attacks and prevent them from occurring.

Technology collaboration

Currently, the major concern regarding cyber security is the speed of action following an attack. This focus needs to shift in order to win. Organisations need to be able to predict attacks with the aim of preventing them from occurring.

In order to do this, insight can be gained from merging technologies such as AI with the masses of non-experts within organisations. Consequently, there is a need for experts in sociology and psychology in security development teams. These experts will be the most effective in engaging the masses of non-technical users and understanding how they will respond to changes.

Ultimately, there is therefore a need for businesses and the government to change their approach towards cyber security. Security needs to be easier for users to carry out as people are key. As the users of technology, their needs need to come first in order to maximise the strength of security within organisations.

If you’re interested in cyber security, check out some additional blogs surrounding this topic on the website.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Cyber Security in the Workplace Is Everyone’s Obligation

Cyber security is no longer just a technology challenge—it’s a test for everybody who uses and interacts with technology daily. That means: everyone in your organization.

The protection and security of employees’ work and personal lives are no longer separate. They have been intertwined with evolving trends of social networks, the internet of things, and unlimited connectivity.  Because of this, cybersecurity is no longer just the responsibility of the company IT department. It is now the responsibility of every employee, not just to protect their work assets but their personal data as well.

Failure to do so puts your organization at risk.

Cyber attackers do not care about age, gender, race, culture, beliefs or nationality.  They attack based on opportunity or potential financial gain. They attack irrespective of whom the victim is, whether it’s an 8-year boy at home playing computer games on dad’s office laptop or an employee sitting in the office reading emails.

So why are so many organizations experiencing cyber breaches?

Cyber breaches occur because of three major factors:

  • The Human Factor
  • Identities and Credentials
  • Vulnerabilities

Today people are sharing a lot more information publicly, ultimately exposing themselves to more social engineering and targeted spear phishing attacks. The goal of these attacks is to compromise devices for financial fraud or to steal identities in order to access organizations that employees are entrusted with protecting. Once an attacker has stolen a personal identity they can easily bypass an organization’s traditional security perimeters undetected, and if that identity has access to privileged accounts, the attacker can carry out malicious attacks in the name of that identity.

Employees power up devices daily and connect to the internet to access online services so they can get the latest news, shop for the best deals, chat and connect with friends, stream music and videos, get health advice, share their thoughts, and access their financial information.  As they use these online services they can quickly become a target of cyber criminals and hackers.  So, it’s critically important that everyone in your organization learns how cyber criminals target their victims, how to reduce their risk, and how to make it a lot more challenging for attackers to steal their information, identity or money.

When using services like social media people are often inadvertently sharing personally identifiable information—both physical and digital—like their full name, home address, telephone numbers, IP address, biometric details, location details, date of birth, birthplace, and even family members’ names.  The more information they make available online the easier it is for a cyber-criminal to successfully use that personal information to target them.

Did you know these facts? Cyber criminals and hackers spend up to 90% of their time performing reconnaissance of their targets before acting, meaning that they typically have a complete blueprint of their target.

With the increase in our digital activities, hackers and cyber-criminals have changed the techniques they use to target people, with email being the number one weapon of choice, followed by infected websites, social media scams, and stealing digital identities and passwords.  Reports and statistics in the past years have shown that more than 80% of data breaches have involved an employee as a victim—hackers claim that it is the fastest way to breach a company’s security controls.

This means that people—including your own employees—are on the front line of cyber security attacks. Threats can start from something as simple as a personal social footprint, and end up with individuals being used as a mule to gain access to your organization’s finances and sensitive information.

The time has come to create a balance between technology and people. We must increase our cyber security awareness to help us protect and secure both our personal assets and our company assets.  The time for a people-centric cyber security approach is now—which means that cyber security is everyone’s responsibility.

About the author: Joe Carson is a cyber-security professional with more than 20 years’ experience in enterprise security & infrastructure. Currently, Carson is the Chief Security Scientist at Thycotic. He is an active member of the cyber security community and a Certified Information Systems Security Professional (CISSP).

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

Hey Alexa – Show Me Whitelisted Malware

Noise is a huge concern for the SOC. Security teams are struggling to deal with the daily barrage of noise coming from a myriad of security tools. As the volume gets louder, teams are increasingly seeking shortcuts and ways to automate certain processes in order to save precious time and cut down the noise.

One such popular shortcut among security analysts is to automate populating a whitelist by pulling from existing lists that the team deems to be safe. Curating a whitelist can be extremely time-consuming, and may seem like a distraction when other investigations are piling up on analysts’ plates. However, we’ve found that using existing lists for whitelisting could mean opening up your organization to vulnerabilities.

The team at Awake Security recently took a closer look at one seemingly benign list – the Alexa Top 1 Million list of domains – to assess whether it would be safe to use for whitelisting. While the Alexa list isn’t intended as a whitelist, many security teams see it as logical starting point. It makes sense that the most visited sites on the web would be nonthreatening, and could automatically be considered safe during an investigation.

In our investigation, however, we found that potentially malicious domains were making it up as high as #447. Just under Glassdoor, only five spots away from Dell and even more popular than BoredPanda.com, was a suspicious domain: piz7ohhujogi[.]com. At first glance, this domain looks suspicious because it appears to be randomly generated nonsense, much like the DGA domains that some malware like to use. At closer examination, courtesy of a quick Google search, we found pages of search results featuring advice on removing the domain from your redirects, with many sites referring to it as a pop-up or redirect virus.

We monitored the list for over a week, and saw this suspicious domain continue to creep up the list, reaching as high as #432. Since then, it has gradually fallen in rank, but it still remains as one of the top domains in the Alexa list.

Learning that this site had made it into the Alexa Top 1M begged the question: What other suspicious domains may have snuck their way in? To find the answer, we compared Alexa Top 1M with six different malware blacklists – Maltrail, ZeusTracker, MalwareDomains.com, Malware Domain List, Malware Bytes and Cybercrime.

The Malware Bytes list had the most domains that were also on the Alexa Top 1M (1308), however the types of domains it included were not all inherently malicious. The first domain, for example, qq.com, is a popular Chinese social website that offers a messaging app. The second was a Chinese news site. However, depending on your organization’s acceptable use policy, these sites and others on the list may still be threats to your whitelist if you don’t condone pirating software (thepiratebay[.]org, utorrent[.]com) or viewing pornography (cam4[.]com).

These are just a few of the examples we unearthed. In the end, it’s important to remember that lists like the Alexa Top 1M are not intended for whitelisting. As tempting as it can be to harness existing lists in order to cut down on noise, there is a danger in putting implicit trust in external sources.

To borrow a phrase from the Alexa website – “Information is power – if you have the right tools.” Those using popular lists for whitelisting should take another look at their tools and their approach to ensure security for their organizations.

About the author: Troy Kent  is a Threat Researcher at Awake Security. He has spent his career in SOCs as multiple Tiers of Analyst and an Investigator; working ticket queues, hunting for security incidents, rapidly prototyping new ideas into existence, working terrible hours and questioning career decisions.

Source: infosec island

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!