Category: AlienVault

This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here. The fourth blog on API testing for compliance is here.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs) The table below lists them.

New entities going through compliance for the first time can provide just the most recent quarter’s worth of each of the applicable scans (and rescans, if necessary) as long as they are “clean”, i.e., they passed all the required elements with no critical or serious findings.

Some of the standard’s requirements must be performed “periodically” which is in quotes because the standard does not define the period covered by that term. As a result, QSAs look to clients to use their risk assessments to define and justify periodicity for the various contexts in which the DSS grants discretion to the assessed entity. Each period thus derived should then be documented in the Entity’s Policy, Procedure, compliance calendar, or internal standards documentation set as appropriate.

Some of the scans prescribed by the standard must be completed quarterly, others annually, and all have the caveat: “and repeated after a significant change”, this accounts for the qualifier “minimum” adjacent to the initial scan counts above.

Please refer to separate guidance on what constitutes a “significant change”.

PCI is VERY unforgiving if ASV scans do not occur within a 90-92 day cadence. Remedial or correction scans must be provided as soon as practicable to prove that the CDE was vulnerable for the shortest practical period. A client may not wait for the next month’s scan to prove remediation. However, if a vulnerability takes a long time to fix, documentation of following the process and mitigating arrangements (such as additional firewall or IDS/IPS configurations) will need to be shown instead.

Many entities miss four of the required quarterly scans since they are not explicitly defined in the Standard but are referenced in Section (not Requirement) 3.1 of the Report on Compliance, which asks about the environment and methodology used to confirm the scope of the CDE. (Requirement 3.1 is in Section 6 of the ROC).

The scan they miss is the one that answers the question “how did you prove there is no cardholder data (CHD) outside the Cardholder Data Environment (CDE)”. Since Requirement 3.1.b asks for proof of a quarterly process to ensure that all legitimate CHD is identified and removed when its retention limit expires, it follows that the scans for unexpected CHD should be subject to at least the same periodicity.

In fact, unexpected CHD can be a breach risk, and while processes should ensure unexpected CHD is impossible to create, staffers can sometimes create ad-hoc processes to overcome limitations of the sanctioned ones. The unexpected CHD could become problematic in many ways. Physical and logical access may not be limited to those with a job-specific function; encryption may not be performed; the process is undocumented and therefore unmaintained; retention may be non-compliant with policies; disposal may be insecure or non-existent.

Two likely places to find unexpected CHD are the test (QA) environment, and operating system-, or web server application-, level crash dumps. For a large organization with many staff, we recommend scanning the systems of all personnel with direct primary account number (PAN) access or implementing a DLP solution that monitors everything real-time.

To close, every scan should be producing log information and even, possibly, alerts about security issues. Some organizations whitelist the tester to allow more in-depth testing after uncredentialed tests are complete, or if the blocking threshold is too low.

Please check the logs to ensure that you are seeing the testing and adjust thresholds or configurations appropriately. If you whitelist the tester or silence the alerts because you “know it’s coming from the testing”, remember to take them off the whitelist and re-enable the alerts after testing completes. It’s also good practice to review the logs and alerts anyway to make sure no-one piggybacked on the testing to achieve anything nefarious.

Required scans

Frequency

Description

PCI DSS v3.2.1 Reference

Quarterly

Non-CDE scans for escaped CHD

ROC Section 3.1 Question #2

Quarterly

Wireless scans

11.1

Quarterly

Internal network vulnerability scan

11.2.1

Quarterly

External vulnerability scan ASV

11.2.2

As needed

Rescans if problems were found

11.2.3

Annually and as needed

External penetration test

11.3.1

Annually and as needed

Internal penetration test

11.3.2

As needed

Remediation and rescan

11.3.3

Annual

(every six months for Service Providers)

Segmentation test

11.3.4

(11.3.4.1 for Service Providers)

Annually and as needed

Software vulnerability scan (different from 11.3)

6.6

As needed

After significant changes

Multiple

 

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Scans required for PCI DSS compliance appeared first on Cybersecurity Insiders.

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation. We excel at active listening which gives us an in-depth comprehension of any issue at hand.

Ultimately, mothers make invaluable assets to the cybersecurity field. We understand the necessity of prioritization and how to make the most out of any situation. We recognize that we cannot have it all at once, but together we can achieve a healthy work/life balance by delegating or outsourcing where feasible. Together, we can secure our futures – both at home and at work – by taking steps towards security today and tomorrow.

Prioritization

Prioritization is an integral element of cybersecurity. Organizations use it to prioritize tasks and resources, detect potential vulnerabilities, take immediate action to reduce the risk of attack, set achievable goals, and stay motivated towards achieving those objectives. By prioritizing their efforts, companies can guarantee their networks and data remain fully safeguarded.

Prioritization helps organizations identify which potential threats and risks are the most critical, so they can prioritize them for priority action. Prioritizing also helps organizations allocate their resources efficiently to tackle the most pressing concerns. By adopting a proactive cybersecurity approach, companies can better safeguard their data, systems, and networks from malicious actors.

Investments in Cybersecurity

When it comes to prioritizing investments in cybersecurity, we understand the critical need for organizations to have adequate resources and technology to protect networks and data. Investing in advanced technology can help organizations stay ahead of threats while providing protection from current ones. Furthermore, investing in training, awareness, and incident response programs helps organizations remain prepared and mitigate any potential risks.

Prioritizing alerts in cyber operations requires organizations to make sure they receive essential information quickly. We believe organizations must be alerted when suspicious activity is detected and be able to act swiftly. Furthermore, organizations must assess potential risks and mitigate them as quickly as possible.

Finally, we understand the criticality of prioritizing active response, risk mitigation, customers, and people – not to mention brand and reputation. Organizations should create an comprehensive active response plan tailored specifically for their requirements. Additionally, we recognize the significance of understanding and managing risk; organizations should prioritize their customers, people, zero trust, brand and reputation to guarantee maximum security.

Overall, mothers can be invaluable resources in this field of cybersecurity. We understand the critical role prioritization plays and how to maximize any situation. By prioritizing investments, alerts, active response plans, risk assessments, customers and people issues as well as zero trust policies – not to mention brand and reputation protection – we can create a cybersecurity strategy that safeguards our organizations from malicious attacks.

The post Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious when it looks normal, so it’s up to their company to properly train workers in prevention and detection.

Phishing attacks are becoming more sophisticated

Misspellings and poorly formatted text used to be the leading indicators of an email scam, but they’re getting more sophisticated. Today, hackers can spoof email addresses and bots sound like humans. It’s becoming challenging for employees to tell if their emails are real or fake, which puts the company at risk of data breaches.

In March 2023, an artificial intelligence chatbot called GPT-4 received an update that lets users give specific instructions about styles and tasks. Attackers can use it to pose as employees and send convincing messages since it sounds intelligent and has general knowledge of any industry.

Since classic warning signs of phishing attacks aren’t applicable anymore, companies should train all employees on the new, sophisticated methods. As phishing attacks change, so should businesses.

Identify the signs

Your company can take preventive action to secure its employees against attacks. You need to make it difficult for hackers to reach them, and your company must train them on warning signs. While blocking spam senders and reinforcing security systems is up to you, they must know how to identify and report themselves.

You can prevent data breaches if employees know what to watch out for:

  • Misspellings: While it’s becoming more common for phishing emails to have the correct spelling, employees still need to look for mistakes. For example, they could look for industry-specific language because everyone in their field should know how to spell those words.
  • Irrelevant senders: Workers can identify phishing — even when the email is spoofed to appear as someone they know — by asking themselves if it is relevant. They should flag the email as a potential attack if the sender doesn’t usually reach out to them or is someone in an unrelated department.
  • Attachments: Hackers attempt to install malware through links or downloads. Ensure every employee knows they shouldn’t click on them.
  • Odd requests: A sophisticated phishing attack has relevant messages and proper language, but it is somewhat vague because it goes to multiple employees at once. For example, they could recognize it if it’s asking them to do something unrelated to their role.

It may be harder for people to detect warning signs as attacks evolve, but you can prepare them for those situations as well as possible. It’s unlikely hackers have access to their specific duties or the inner workings of your company, so you must capitalize on those details.

Sophisticated attacks will sound intelligent and possibly align with their general duties, so everyone must constantly be aware. Training will help employees identify signs, but you need to take more preventive action to ensure you’re covered.

Take preventive action

Basic security measures — like regularly updating passwords and running antivirus software — are fundamental to protecting your company. For example, everyone should change their passwords once every three months at minimum to ensure hackers have limited access even if their phishing attempt is successful.

Training ensures employees are prepared since they’re often highly susceptible to attacks. The cybersecurity team can create phishing simulations to mimic actual threats. For example, they send emails with fake links and track how many people click them. If anyone does, you can retrain them on proper behavior to ensure it doesn’t happen again. With attacks becoming more intelligent, preparing the company for everything is essential.

Know how you’ll respond

You can remain protected even when phishing attacks are successful as long as you have the proper security measures in place. For example, out of the 1,800 emails one company received during an attack, 14 employees clicked the link because they didn’t notice the warning signs. Even though the malware was set to install, almost every device remained unaffected because they were updated and secured. The company detected malicious software on the one that wasn’t secured and fixed the issue within hours.

Training can’t prevent every employee from clicking on malicious links or attachments, so you must have a proper response. You can still prevent attacks at this stage if you and your company’s employees know what comes next.

Updated security software and procedures will protect against sophisticated phishing attacks:

  • Reporting: Ensure everyone knows how to report to you so you can react quickly to the potential threat. They must identify the signs they’ve clicked on a malicious attachment.
  • Prevention: Software that blocks malware from being downloaded will prevent the attack from being successful.
  • Detection: Employees must identify if their hardware is being affected and detection software must alert you of a successful breach.
  • Response: You should clean any affected hardware immediately to stop the attack from doing damage.

Sophisticated phishing attacks aren’t avoidable, but you can minimize their effects if you manage your response. It’s likely they won’t recognize the email is malicious if they click the link thinking it’s legitimate, so you must train them on the appropriate identification and detection.

Avoid sophisticated phishing attacks

Training and simulated phishing attempts will help protect your company. Updated passwords and security systems will also make your systems more secure. You can prevent sophisticated attacks targeting employees if employees know how to recognize warning signs and the proper procedures.

The post Preventing sophisticated phishing attacks aimed at employees appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Intro

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.

Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.

Attack chain

With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.

Email – Social engineering

Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.

phishing email OneNote

In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.

open OneNote

In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the “Open” button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.

One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.

OneNote error

Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.

OneNote sandbox

Tactics and techniques 

This particular campaign employs encoded JScript data to obscure their code, utilizing the Windows tool screnc.exe. While in encoded form, the Open.jse file is not readable.

OneNote jscript

After decoding the JScript file, a dropper for a .bat file was uncovered. When executed, the .bat file launches a PowerShell instance, which contacts the IP address 198[.]44[.]140[.]32.

IP connect

Conclusion

To effectively combat the constantly evolving threat landscape, it is crucial for analysts to stay abreast of the latest attack strategies utilized by malware authors. These approaches can circumvent detection if systems are not appropriately configured to prevent such attachments from bypassing proper sanitization and checks. As such, it is essential for analysts to familiarize themselves with techniques to analyze these attachments. Currently, dynamic analysis is recommended, as placing a sample in a sandbox can provide critical information about the malware, including the C2 servers it connects to, process chain information, and where data is written to on disk and then executed. For more in-depth analysis, analysts should also become familiar with the various file formats typically associated with and embedded within OneNote attachments, such as encoded JSE files, htm documents, and ISOs.

However, the best defense is always prevention. Therefore, security teams must update their systems to detect these types of attachments and educate employees on the dangers of downloading unknown and untrusted attachments.

The post OneNote documents have emerged as a new malware infection vector appeared first on Cybersecurity Insiders.

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.

Requirement 6 of the Payment Card Industry (PCI) Data Security Standard (DSS) v3.2.1 was written before APIs became a big thing in applications, and therefore largely ignores them.

However, the Secure Software Standard  and PCI-Secure-SLC-Standard-v1_1.pdf from PCI have both begun to recognize the importance of covering them.

The Open Web Application Security Project (OWASP) issued a top 10 flaws list specifically for APIs from one of its subgroups, the OWASP API Security Project in 2019. Ultimately if the APIs exist in, or could affect the security of the CDE, they are in scope for an assessment.

API testing transcends traditional firewall, web application firewall, SAST and DAST testing in that it addresses the multiple co-existing sessions and states that an application is dealing with. It uses fuzzing techniques (automated manipulation of data fields such as session identifiers) to validate that those sessions, including their state information and data, are adequately separated from one another.

As an example: consumer-A must not be able to access consumer-B’s session data, nor to piggyback on information from consumer-B’s session to carry consumer-A’s possibly unauthenticated session further into the application or servers. API testing will also ensure that any management tasks (such as new account creation) available through APIs are adequately authenticated, authorized and impervious to hijacking.

Even in an API with just 10 methods, there can be more than 1,000 tests that need to be executed to ensure all the OWASP top 10 issues are protected against. Most such testing requires the swagger file (API definition file) to start from, and a selection of differently privileged test userIDs to work with.

API testing will also potentially reveal that some useful logging, and therefore alerting, is not occurring because the API is not generating logs for those events, or the log destination is not integrated with the SIEM. The API may thus need some redesign to make sure all PCI-required events are in fact being recorded (especially when related to access control, account management, and elevated privilege use). PCI DSS v4.0 has expanded the need for logging in certain situations, so ensure tests are performed to validate the logging paradigm for all required paths.

Finally, both internal and externally accessible APIs should be tested because least-privilege for PCI requires that any unauthorized persons be adequately prevented from accessing functions that are not relevant to their job responsibilities.

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Application Programming Interface (API) testing for PCI DSS compliance appeared first on Cybersecurity Insiders.

In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s future.

As senior leaders revisit their growth strategies, it’s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. These will vary across business units, industries, and geographies. In addition, there is a new delivery model for cybersecurity with the pay-as-you-go, and use-what-you need from a cyber talent pool and tools and platform that enable simplification.

cybersecurity top of mind

It’s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack.

Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat.

Establish Incident Response support before an attack

In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery.

Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential.

Managing vulnerabilities continues to be a struggle for many organizations today. It’s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them.

Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization’s internal and external parties.

A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models.

Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companies can protect their future and safeguard against the costly consequences of a successful cyberattack.

cyber top of mind

The post Improving your bottom line with cybersecurity top of mind appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The future of finance is being reshaped by blockchain technology. This revolutionary technology has the potential to revolutionize how people and businesses interact with money, from offering greater transparency and better security to faster speeds and lower costs.

In this article, we look at eight key impacts that blockchain technology has had on the future of financial services. From smart contracts to decentralized finance, these developments are set to change the face of finance in the years ahead. Read on for an overview of how blockchain technology will shape our economic landscape soon.

  • The potential to revolutionize payments

One of the most significant impacts of blockchain technology on the future of finance is its potential to revolutionize payments. Blockchain-based payment systems enable secure and transparent transactions without the use of third-party intermediaries, reducing transaction fees and time delays.

What this means, from a macro perspective, is that blockchain-based payments have the potential to drastically reduce costs of cross-border transactions, making them more accessible and efficient. Additionally, these systems can improve the accuracy and reliability of payment processing by helping to eliminate fraud and human error in financial operations.

  • Improved asset security and management

Blockchain also has the potential to improve asset security and management. One example of this is smart contracts, which enable automated payments based on predetermined conditions. Smart contracts can help to reduce fraud by automatically executing conditions that both parties have agreed upon, reducing the risk of human error or malicious intent.

Moreover, blockchain-based solutions offer improved transparency when it comes to monitoring the ownership and transfer of assets. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

  • Streamlined financial processes

The implementation of blockchain technology can also streamline existing financial processes. For instance, complex reconciliation tasks such as matching payments to invoices can be automated, reducing the time and resources needed to complete the task.

In addition, blockchain-based solutions can be used to facilitate the exchange of data between different financial systems, providing an improved overview of a company’s finances. This could help to reduce manual errors and improve decision-making processes by providing a more comprehensive view of financial performance.

  • Greater access to banking services

Another major benefit of blockchain technology is its potential to increase access to banking services, especially in developing countries where traditional banking infrastructure remains limited or nonexistent. By eliminating many of the current barriers associated with opening bank accounts, blockchain-based banking solutions have the potential to open new economic opportunities for those who have previously been excluded from participating in the global financial system.

Furthermore, blockchain-based solutions can also be used to provide access to non-traditional banking services such as microfinance and lending. This could prove particularly beneficial for small businesses and entrepreneurs who may not have had access to these types of services in the past.

Overall, blockchain technology has the potential to revolutionize the future of finance by providing increased security, efficiency, and accessibility when it comes to financial transactions. As more companies embrace this technology, we can expect to see further innovation and disruption in the industry moving forward.

  • Improved transparency

The adoption of blockchain technology promises improved transparency when it comes to financial transactions. Other than just payment processing, blockchain-based systems can be used to monitor and track assets, ownership, transfers, and more. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

Furthermore, the transparency provided by blockchain technology can help promote trust between parties involved in a financial transaction. The immutability of records on the distributed ledger allows users to verify that information has not been tampered with, leading to greater confidence when engaging in digital transactions.

  • Increased protection against cyberattacks

One of the biggest advantages of blockchain technology is its ability to improve cybersecurity. Its decentralized structure and cryptographic protocols provide an added level of protection against malicious actors attempting to gain access to sensitive data. Additionally, its distributed ledger ensures that all users have access to a shared version of the database, eliminating any risk of data breaches due to single points of failure.

The enhanced security provided by blockchain technology could prove invaluable in protecting financial information from cybercriminals and reducing the chances of costly data breaches.

  • Lower costs for businesses

The implementation of blockchain technology can also help reduce operational costs for businesses. By removing the need for intermediaries such as banks or payment processors when conducting transactions, companies can save on transaction fees and other associated costs. This is particularly beneficial for small businesses who may not have had access to traditional banking services in the past.

In addition, blockchain-based solutions can also be used to streamline processes such as accounting and auditing, reducing the time and money spent on manual processes. This could lead to further cost savings for businesses in the long run.

  • Smart contracts

Smart contracts are one of the most promising applications of blockchain technology. These digital agreements enable two or more parties to enter into a contractual agreement without needing a middleman or third party. The contract is then stored on the distributed ledger, ensuring that it cannot be modified or tampered with once it has been agreed upon.

Smart contracts can also be programmed with specific conditions that must be met before they can be executed, making them ideal for use in complex financial transactions where trust between all parties involved is required. This could lead to increased efficiency, cost savings, and less risk of fraud or malicious activities.

Overall, the potential applications of blockchain technology in finance are vast and varied. The technology has the potential to revolutionize the financial industry by providing increased security, transparency, efficiency, and accessibility when it comes to digital transactions. This can prove particularly beneficial for small businesses who may not have had access to traditional banking services in the past. As more companies embrace this technology moving forward, we can expect to see further innovation and disruption in the field of finance.

Conclusion

Overall, blockchain technology has the potential to revolutionize the financial sector by providing increased security, transparency, efficiency and accessibility when it comes to digital transactions. This can lead to reduced costs for businesses, improved cybersecurity measures and smart contracts that enable secure agreements between parties.

As this technology continues to evolve, we can expect to see further innovation and disruption in the field of finance. The benefits of blockchain in finance are clear and significant, so companies should take advantage of its many advantages as soon as possible.

The post The impact of blockchain technology on the future of finance appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Analyzing an organization’s security posture through the prism of a potential intruder’s tactics, techniques, and procedures (TTPs) provides actionable insights into the exploitable attack surface. This visibility is key to stepping up the defenses of the entire digital ecosystem or its layers so that the chance of a data breach is reduced to a minimum. Penetration testing (pentesting) is one of the fundamental mechanisms in this area.

The need to probe the architecture of a network for weak links through offensive methods co-occurred with the emergence of the “perimeter security” philosophy. Whereas pentesting has largely bridged the gap, the effectiveness of this approach is often hampered by a crude understanding of its goals and the working principles of ethical hackers, which skews companies’ expectations and leads to frustration down the line.

The following considerations will give you the big picture in terms of prerequisites for mounting a simulated cyber incursion that yields positive security dividends rather than being a waste of time and resources.

Eliminating confusion with the terminology

Some corporate security teams may find it hard to distinguish a penetration test from related approaches such as red teaming, vulnerability testing, bug bounty programs, as well as emerging breach and attack simulation (BAS) services. They do overlap in quite a few ways, but each has its unique hallmarks.

Essentially, a pentest is a manual process that boils down to mimicking an attacker’s actions. Its purpose is to find the shortest and most effective way into a target network through the perimeter and different tiers of the internal infrastructure. The outcome is a snapshot of the system’s protections at a specific point in time.

In contrast to this, red teaming focuses on exploiting a segment of a network or an information / operational technology (IT/OT) system over an extended period. It is performed more covertly, which is exactly how things go during real-world compromises. This method is an extremely important prerequisite for maintaining OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities.

Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth.

BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network.

By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are.

Choosing a penetration testing team worth its salt

Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of the game:

  • Background and expertise. The portfolio of completed projects speaks volumes about ethical hackers’ qualifications. Pay attention to customer feedback and whether the team has a track record of running pentests for similar-sized companies that represent the same industry as yours.
  • Established procedures. Learn how your data will be transmitted, stored, and for how long it will be retained. Also, find out how detailed the pentest report is and whether it covers a sufficient scope of vulnerability information along with severity scores and remediation steps for you to draw the right conclusions. A sample report can give you a better idea of how comprehensive the feedback and takeaways are going to be.
  • Toolkit. Make sure the team leverages a broad spectrum of cross-platform penetration testing software that spans network protocol analyzers, password-cracking solutions, vulnerability scanners, and for forensic analysis. A few examples are Wireshark, Burp Suite, John the Ripper, and Metasploit.
  • Awards and certifications. Some of the industry certifications recognized across the board include Certified Ethical Hacker (CEH), Certified Mobile and Web Application Penetration Tester (CMWAPT), GIAC Certified Penetration Tester (GPEN), and Offensive Security Certified Professional (OSCP).

The caveat is that some of these factors are difficult to formalize. Reputation isn’t an exact science, nor is expertise based on past projects. Certifications alone don’t mean a lot without the context of a skill set honed in real-life security audits. Furthermore, it’s challenging to gauge someone’s proficiency in using popular pentesting tools. When combined, though, the above criteria can point you in the right direction with the choice.

The “in-house vs third-party” dilemma

Can an organization conduct penetration tests on its own or rely solely on the services of a third-party organization? The key problem with pentests performed by a company’s security crew is that their view of the supervised infrastructure might be blurred. This is a side effect of being engaged in the same routine tasks for a long time. The cybersecurity talent gap is another stumbling block as some organizations simply lack qualified specialists capable of doing penetration tests efficiently.

To get around these obstacles, it is recommended to involve external pentesters periodically. In addition to ensuring an unbiased assessment and leaving no room for conflict of interest, third-party professionals are often better equipped for penetration testing because that’s their main focus. Employees can play a role in this process by collaborating with the contractors, which will extend their security horizons and polish their skills going forward.

Penetration testing: how long and how often?

The duration of a pentest usually ranges from three weeks to a month, depending on the objectives and size of the target network. Even if the attack surface is relatively small, it may be necessary to spend extra time on a thorough analysis of potential entry points.

Oddly enough, the process of preparing a contract between a customer and a security services provider can be more time-consuming than the pentest itself. In practice, various approvals can last from two to four months. The larger the client company, the more bureaucratic hurdles need to be tackled. When working with startups, the project approval stage tends to be much shorter.

Ideally, penetration tests should be conducted whenever the target application undergoes updates or a significant change is introduced to the IT environment. When it comes to a broad assessment of a company’s security posture, continuous pentesting is redundant – it typically suffices to perform such analysis two or three times a year.

Pentest report, a goldmine of data for timely decisions

The takeaways from a penetration test should include not only the list of vulnerabilities and misconfigurations found in the system but also recommendations on the ways to fix them. Contrary to some companies’ expectations, these tend to be fairly general tips since a detailed roadmap for resolving all the problems requires a deeper dive into the customer’s business model and internal procedures, which is rarely the case.

The executive summary outlines the scope of testing, discovered risks, and potential business impact. Because this part is primarily geared toward management and stakeholders, it has to be easy for non-technical folks to comprehend. This is a foundation for making informed strategic decisions quickly enough to close security gaps before attackers get a chance to exploit them.

The description of each vulnerability unearthed during the exercise must be coupled with an evaluation of its likelihood and potential impact according to a severity scoring system such as CVSS. Most importantly, a quality report has to provide a clear-cut answer to the question “What to do?”, not just “What’s not right?”. This translates to remediation advice where multiple hands-on options are suggested to handle a specific security flaw. Unlike the executive summary, this part is intended for IT people within the organization, so it gets into a good deal of technical detail.

The bottom line

Ethical hackers follow the path of a potential intruder – from the perimeter entry point to specific assets within the digital infrastructure. Not only does this strategy unveil security gaps, but it also shines a light on the ways to resolve them.

Unfortunately, few organizations take this route to assess their security postures proactively. Most do it for the sake of a checklist, often to comply with regulatory requirements. Some don’t bother until a real-world breach happens. This mindset needs to change.

Of course, there are alternative methods to keep abreast of a network’s security condition. Security Information and Events Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and vulnerability scanners are a few examples. The industry is also increasingly embracing AI and machine learning models to enhance the accuracy of threat detection and analysis.

Still, penetration testing maintains a status quo in the cybersecurity ecosystem. That’s because no automatic tool can think like an attacker, and human touch makes any protection vector more meaningful to corporate decision makers.

The post Looking at a penetration test through the eyes of a target appeared first on Cybersecurity Insiders.

RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions.

“RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust “me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.” Read more >>

Townsend perfectly captures the AT&T Cybersecurity mission to help business leaders understand both the business and security landscape – and how it’s evolving as technology continues to change the way we work and live. After listening to the challenges organizations are encountering, it’s clear that research and understanding the business landscape are essential parts of a responsible cybersecurity vendor strategy.

DDoS versus ransomware – how does edge computing change the equation?

I participated in a panel discussion hosted by Channel Futures examining the challenges of securing critical infrastructure. The discussion kicked off with a Gartner prediction, “by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the halting of operations and/or mission-critical cyber-physical system.,” I spoke about our research findings that indicate a change in perceived attacks: when it comes to edge computing, DDoS is perceived as a greater attack concern than ransomware.

“One of the reasons cybercriminals are gravitating to DDoS is it’s cheaper and easier than ransomware.” Read more >>

I did a video interview with BankInfoSecurity.com discussing how edge computing and innovative use cases are changing the way we’re dealing with cyber resilience.

“Organizations are investing in the edge but they also know that their endpoints are changing,” said Lanowitz. “They want to make sure they are futureproofing themselves and going to be dynamic in their cyber resilience. That’s because the  security edge is not linear or a straight line. It’s a circuitous, often confusing, and an often-changing environment that you will have to live with.” Learn more >>

Watch the webcast discussing the AT&T Cybersecurity Insights Report findings.

If you prefer to listen to the research results, we have a webcast for you. Along with my colleague, Mark Freifeld, I take you through the characteristics of edge computing, the challenges edge computing creates because it’s so different from traditional computing, and key takeaways to help you develop your edge computing security strategy.

Here are a few highlights of other coverage that provide context for our research findings.

Articles

Podcasts

Video

Finally, we have an infographic that provides a graphic look at the results and recommendations. If you have questions about the study, let me know! The best way to get my attention is via LinkedIn.

The post RSAC 2023 | Cybersecurity research on edge computing generates big interest appeared first on Cybersecurity Insiders.

AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity Insights™ Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning.

Get your free copy now.

This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we

This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing.

Watch the webcast to hear more about our findings.

The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.

At the onset of our research, we set out to find the following:

  1. Momentum of edge computing in the market.
  2. Collaboration approaches to connecting and securing the edge ecosystem.
  3. Perceived risk and benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions.

Edge computing has expanded, creating a new ecosystem

Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing.

  • A distributed model of management, intelligence, and networks.
  • Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud.
  • Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments).

Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen.

Business is embracing the value of edge deployments

The primary use case of industries we surveyed evolved from the previous year. This shows that businesses are seeing positive outcomes and continue to invest in new models enabled by edge computing.

Industry

2022 Primary Use Case

2023 Primary Use Case

Healthcare

Consumer Virtual Care

Tele-emergency Medical Services

Manufacturing

Video-based Quality Inspection

Smart Warehousing

Retail

Lost Prevention

Real-time Inventory Management

Energy and Utilities

Remote Control Operations

Intelligent Grid Management

Finance

Concierge Services

Real-time Fraud Protection

Transportation

n/a

Fleet Tracking

U.S. SLED

Public Safety and Enforcement

Building Management

 

A full 57% of survey respondents are in proof of concept, partial, or full implementation phases with their edge computing use cases.

One of the most pleasantly surprising findings is how organizations are investing in security for edge. We asked survey participants how they were allocating their budgets for the primary edge use cases across four areas – strategy and planning, network, security, and applications.

The results show that security is clearly an integral part of edge computing. This balanced investment strategy shows that the much-needed security for ephemeral edge applications is part of the broader plan.

Edge project budgets are notably nearly balanced across four key areas:

  • Network – 30%
  • Overall strategy and planning – 23%
  • Security – 22%
  • Applications – 22%

A robust partner ecosystem supports edge complexity

Across all industries, external trusted advisors are being called upon as critical extensions of the team. During the edge project planning phase, 64% are using an external partner. During the production phase, that same number increases to 71%. These findings demonstrate that organizations are seeking help because the complexity of edge demands more than a do-it-yourself approach.

A surprise finding comes in the form of the changing attack surface and changing attack sophistication. Our data shows that DDoS (Distributed Denial of Service) attacks are now the top concern (when examining the data in the aggregate vs. by industry). Surprisingly, ransomware dropped to eighth place out of eight in attack type.

The qualitative analysis points to an abundance of organizational spending on ransomware prevention over the past 24 months and enthusiasm for ransomware containment. However, ransomware criminals and their attacks are relentless. Additional qualitative analysis suggests cyber adversaries may be cycling different types of attacks. This is a worthwhile issue to discuss in your organization. What types of attacks concern your team the most?

Building resilience is critical for successful edge integration

Resilience is about adapting quickly to a changing situation. Together, resilience and security address risk, support business needs, and drive operational efficiency at each stage of the journey. As use cases evolve, resilience gains importance, and the competitive advantage that edge applications provide can be fine-tuned. Future evolution will involve more IoT devices, faster connectivity and networks, and holistic security tailored to hybrid environments.

Our research finds that organizations are fortifying and future-proofing their edge architectures and adding cyber resilience as a core pillar. Empirically, our research shows that as the number of edge use cases in production grows, there is a strong need and desire to increase protection for endpoints and data. For example, the use of endpoint detection and response grows by 12% as use cases go from ideation to full implementation.

Maturity in understanding edge use cases and what it takes to protect actively is a journey that every organization will undertake.

Key takeaways

You may not realize you’ve already encountered edge computing – whether it is through a tele-medicine experience, finding available parking places in a public structure, or working in a smart building. Edge is bringing us to a digital-first world, rich with new and exciting possibilities.

By embracing edge computing, you’ll help your organization gain important, and often competitive business advantages. This report is designed to help you start and further the conversation. Use it to develop a strategic plan that includes these key development areas.

  • Start developing your edge computing profile. Work with internal line-of-business teams to understand use cases. Include key business partners and vendors to identify initiatives that impact security.
  • Develop an investment strategy. Bundle security investments with use case development. Evaluate investment allocation. The increased business opportunity of edge use cases should include a security budget.
  • Align resources with emerging security priorities. Use collaboration to expand expertise and lower resource costs. Consider creating edge computing use case experts who help the security team stay on top of emerging use cases.
  • Prepare for ongoing, dynamic response. Edge use cases rapidly evolve once they show value. Use cases require high-speed, low-latency networks as network functions and cybersecurity controls converge.

A special thanks to our contributors for their continued guidance on this report

A report of this scope and magnitude comes together through a collaborative effort of leaders in the cybersecurity market.

Thank you to our 2023 AT&T Cybersecurity Insights Report contributors!

To help start or advance the conversation about edge computing in your organization, use the infographic below as a guide.

Cybersecurity Infographic Insights Report

The post Securing the Edge Ecosystem Global Research released – Complimentary report available appeared first on Cybersecurity Insiders.