Author: Jane Devry

How organizations can both leverage and defend against artificial intelligence (AI) in security operations. 

While AI has been around for many years and isn’t a new concept, the emergence of generative AI (GenAI) boosted by large language models (LLMs) has drastically changed conversations about AI globally. Before OpenAI’s public release of its GenAI tool ChatGPT, AI was often seen as a tool with limited intelligence and capability. Now, as new use cases with Generative AI continue to prove its expanded capability in areas like security and productivity, its adoption is beginning to span every industry as enterprise executives race to implement AI across their tech stacks and workflows. Companies like Google have also opened a path to experimenting with AI engineering through offerings like Bard and Vertex AI. 

Right now, security teams are witnessing two different conversations around AI in cybersecurity: 

  • First, AI’s potential for defense and all the ways enterprises can leverage its power to shore up security postures while streamlining operations. 
  • Second, concerns regarding both privacy and accuracy, as well as how to defend against bad actors harnessing AI themselves. 

In the grand scheme of it all, these conversations can be segmented into three categories: 

  1. How to leverage AI in security operations
  2. How to secure AI while using it 
  3. How to ultimately defend against AI-driven cyberattacks

Leveraging AI Tools for Security Operations 

Security teams are now asking the critical question, “How can we leverage AI to transform security operations?” More specifically, these teams are looking at GenAI’s uses for predictive analytics, aptitude in detection, investigative capability, workflow automation, and AI copilots.

Modern companies are collecting, storing, and even transporting massive amounts of data every day. The reality is any sensitive information like addresses, payment information, Social Security numbers, and names are considered security-relevant data. The sheer volume of this security-relevant information is too large to even fathom, but they’re collecting it nonetheless. With AI, a new realm of tools and resources opens up for security teams.  

Machine learning (ML) is one of the best tools for accurately identifying patterns in these huge data stores, largely thanks to the mathematical approach it takes when discerning statistical anomalies. One example of ML succeeding is its ability to detect unexpected system access by a user because of their patterned behavior within the specific system. This ability to discern behavioral abnormalities could then be used to assign dynamic risk scores based on user activities that can help determine whether action should be taken to secure internal systems and networks. 

Beyond this, there’s a major role for GenAI in support of a strong defense. Companies are challenged to make sense of the massive streams of security information they must manage while handling a shortage of qualified engineers. In 2024, expect to see cybersecurity tools adopt natural language “prompting” (similar to ChatGPT) into their core user interfaces. This will allow newer, less experienced security analysts to execute powerful, but complex search queries in seconds, and allow a CISO to make quick sense of the information coming out of their security operations center (SOC) by explaining complex data in simple, human language terms.

A Defense in Depth Strategy for Securing AI 

CISOs face a dual challenge: harnessing the productivity potential of GenAI while ensuring its secure deployment. While the benefits of GenAI can be immense, there’s a growing concern among companies about the risks it poses, particularly in terms of unintended training, data leakage, and the exposure of sensitive corporate information or personally identifiable information (PII).

In recent conversations with customers, a striking insight emerged: approximately three-quarters of CISOs have imposed bans on the use of GenAI tools within their organizations, citing security concerns. They are actively seeking strategies to secure these tools before fully integrating them into their business processes. The apprehension is rooted in the fear that GenAI tools, while powerful, might inadvertently learn and disclose confidential corporate secrets or sensitive customer data.

To navigate this complex terrain, companies should adopt a ‘defense in depth’ strategy, a layered approach to security that is well-established in other domains of data protection. This strategy involves not only leveraging traditional endpoint security and data loss prevention (DLP) tools but also integrating more advanced, AI-driven solutions such as user and entity behavior analytics (UEBA). UEBA plays a crucial role in providing a comprehensive view of how GenAI tools are being utilized within the organization. It goes beyond mere usage tracking, delving into the nuances of how these tools are employed and the nature of the data they interact with. By analyzing patterns of behavior, UEBA helps in identifying anomalies and potential risks, thereby enabling a more nuanced and informed assessment of the security posture.

Incorporating UEBA into the security framework allows organizations to understand the full spectrum of GenAI tool usage and its implications. This insight is invaluable for formulating a risk profile that is not just based on hypothetical scenarios but grounded in actual usage patterns. It enables CISOs to make informed decisions about deploying GenAI tools, ensuring that while the organization reaps the benefits of AI-driven productivity, it does not compromise on security.

Defending Against Adversaries with AI 

While AI isn’t the sole culprit for today’s increased levels of cybersecurity attacks, it will continue to gain strength as an enabler. Other productivity improvements like the shift to the public cloud,, have also increased the current threat landscape. As data infrastructure systems evolve, organizations continue to tackle problems like explosive and unmanaged data, expanded attack surfaces, and increased cases of stolen and compromised credentials and ransomware attacks. For every step forward, the industry faces two steps back. No matter where your data is, bad actors are working daily to figure out how to get access to it. 

While we are still in the early stages of GenAI, both fears and promises of the technology will be tested for years to come.

Unfortunately, cyber adversaries are already abusing GenAI tools to enhance the destructive force of security threats. We’re continually seeing major data breaches make headlines, many of which utilize AI. Bad actors will continue developing AI-powered threats that will be increasingly more difficult to detect and prevent. Social engineering techniques combined with the power of GenAI, as just one example, can create persuasive phishing attacks as large data models mimic writing styles and vocal patterns. 

Both AI and human adversaries are proving to be a relentless force for companies to defend against. Security teams need to be well-armed to defeat both. 

The post AI in Cybersecurity: Friend or Foe? appeared first on Cybersecurity Insiders.

Internet Computer Protocol (ICP), a decentralized blockchain network that extends the functionality of Web3 by overcoming the limitations of traditional blockchains and smart contracts, has introduced Verified Credentials (VCs), a walletless solution that enables efficient and trustworthy and sharing of personal data while maintaining privacy and control.

It was officially unveiled at the Digital Identity unConference Europe (DICE) 2024 in Zurich, Switzerland. Verified Credentials also bring with them the first application designed to prevent the manipulation of public discourse on social media by eliminating the problem of bots and fake accounts, a crucial mission given that nearly half the global population is set to vote in national elections in 2024. 

Today, for most users, their wallets such as Metamask, work as their universal Web3 identity. With VCs, ICP offers a walletless infrastructure and tooling to issue, share, and consume credentials in a privacy-preserving fashion. 

VCs, described in ICP’s latest Roadmap as one of the key focus areas, are built on top of the Internet Identity (II), a decentralized identity solution running end-to-end on the Internet Computer blockchain. Internet Identity provides a robust authentication solution based on passkeys rather than passwords or seed phrases. Passkeys are built on a standardized technology that offers protection against phishing attacks. This makes Internet Identity both more convenient and secure than traditional sign-in methods.

Verifiable credentials are digital representations of data (qualifications, achievements, or attributes) that are cryptographically secured and portable. A VC is a digital version of a physical credential that the holder can quickly share online with service providers needing to verify a claim, such as age or humanity. The VC is tied to a user through a digital identity provider like Internet Identity

Jan Camenisch, CTO of the DFINITY Foundation commented “The new Verifiable Credentials feature of Internet Identity addresses long standing problems for online privacy-preserving authentication: all a user needs is a computing device that has a passkey (all recent ones do) and a browser. Apart from dApps on the Internet Computer, traditional systems can also plug in with Internet Identity and allow users to authenticate with Verifiable Credentials, e.g., proving that they are a real person, that they did KYC, or that they are over 18.”

Until now, users authenticating with Internet Identity to a dApp were assigned a unique and pseudonymous identifier for each dApp without any additional attributes such as name, age, or residency. The Verified Credentials framework allows users to assign identity attributes to their Internet Identity. 

The user can easily manage and reuse the credential without dApps being able to tie it back to them. VCs put users in control of who they share their credentials with and how much information they want to divulge. For instance, a user can verify their age without revealing their name or date of birth, a feature called selective disclosure.

When end-users authenticate to an application, Internet Identity creates their unique identifier for that service. This way, different applications cannot track users as they explore the web.

Moreover, the Verified Credentials framework solves the problem of dApp interoperability in a privacy-preserving fashion. Internet Identity (II) acts as the trusted intermediary between a Relying Party and an Issuer, using an alias to share credentials instead of the user’s real principal.

Proof of Unique Humanity (PoUH)

One of the first applications of Verified Credentials in the ICP ecosystem is the Proof of Unique Humanity (PoUH), implemented by the decentralized on-chain messaging app OpenChat and developed by Decide AI. The identity issuer links a credential to biometric data such as facial, finger or palm print recognition, requiring users to prove that they are human and possess only one account on a platform.

Users anonymously using multiple accounts and bots has long been considered an issue that not only contributes to the amount of illicit behavior conducted online, but also underpins the level of toxic discourse prevalent on traditional social media platforms.

A report published at the end of 2023 by Queensland University of Technology showed that the spread of disinformation by bots is getting worse. Researchers identified a network of 1,200 automated X (formerly Twitter) accounts promoting the conspiracy theory that Trump beat current President Joe Biden in the 2020 election, which attracted over three million impressions. They also discovered a separate network of 1,300 accounts broken into clusters circulating pro-Trump messages, including misleading news items. 

Proof of Unique Humanity (PoUH) will help combat the activity of bots and foster more virtuous discourse on social media. The problem with the existing Proof of humanity is that it is easy to manipulate. Users or bots can solve all sorts of proof of humanity tests and do it a hundred times over to get a hundred accounts.

On the other hand, Proof of Unique Humanity (PoUH) prevents people from piloting multiple online accounts by linking a credential to the biometric data. It eliminates the risk of a user creating hundreds of social media accounts, or taking advantage of token farming or airdrops by using more than one account.

About the Internet Computer

The Internet Computer Protocol (ICP) is a decentralized cloud 3.0 protocol that allows developers to build and run services and enterprise systems directly on a public blockchain network with unprecedented scalability. Services running on top of ICP are tamper-proof and can natively interact with the outside world in a trustless manner, both with traditional web 2.0 services and with other blockchains. The fast, low-cost, and energy-efficient protocol establishes a new paradigm for how a decentralized network truly operates in web3.

 

 

 

The post Internet Computer Protocol Launches Walletless Verified Credentials to Build Trust in the Public Discourse appeared first on Cybersecurity Insiders.

The rise in online shopping brings more than just the ease of overnight shipping and competitive pricing – it also gives hackers more opportunities to take advantage of financial and personal information.

According to Veriff, there was a 40% increase in identity fraud in 2023 compared to 2022. Payment industries also saw a 54% increase in the net fraud rate to 6.28% over the same period.

It seems like every week another major retailer is getting hacked. Ticketmaster recently fell victim to a security breach, potentially impacting 560 million users’ personal information ranging from identities, addresses, card numbers’ last four digits, and expiration dates. The amount of customer data stolen is nearly unfathomable.

How do we begin combatting this costly issue that’s growing more complex? It starts with your cybersecurity approach.

How to Keep Shoppers Safe in the Evolving Cyber Threat Landscape 

For e-commerce organizations, strengthening cybersecurity approaches is more than just about preventing financial losses. Consumers need to trust who they give their money to and where they spend their time. They want to have confidence in sellers, knowing that their information is kept safe.

At G2A.com, we provide a trusted and highly secure marketplace by rigorously verifying all our sellers. Only business-verified sellers are allowed on our platform, ensuring the highest standards through our strict KYC (Know Your Customer) process. Not only do we safeguard the transactions between our sellers and their customers but above all, we strengthen their credibility. Sellers on their own traditionally don’t have quick access to state-of-the-art technology and security. When they tap us, they can confidently meet their customers with the best possible quality.

Both consumers and sellers benefit from knowing that their transactions are protected. Let’s take a look at a few different ways to remain proactive in your approach and benefit all parties.

Tap AI But With a Human-First Focus 

AI has become a crucial tool in recognizing ongoing and potential cybersecurity threats.

AI systems can quickly analyze vast amounts of data from network traffic and user activity to establish a baseline understanding of what “normal” behavior looks like. They can be programmed to immediately recognize indicators of fraudulent activity in tandem with the transactions made. By learning from historical data, AI can then identify future threats, such as unusual login attempts, data infiltration, and malware.

But AI can’t withstand the entire battle on its own. As AI models are continuously learning and evolving – and may not yet be trained on the newest hacker tricks – a human-first focus is necessary. Humans have a better grasp of contextual awareness surrounding attacks that are out of the norm. Where AI may not pick up on cues like language and tone in phishing, spoofing, or identity-based attacks, human gut instinct will.

Use AI models to handle the mundane elements of cybersecurity and make sure humans can focus on strategic responses, assessing threats, and developing state-of-the-art defense mechanisms.

Foster a Culture of Cybersecurity Awareness 

Your organization’s safety ultimately lies in the hands of your employees.

Keep employees aware of the cybersecurity risks at hand while educating them on the evolving threats that may arise. Give them the hacker’s point of view – even consider putting them in the hacker’s shoes with some role-playing, simulated fraud attempts, and more. – to show them how these bad actors create scams and target their prey.

Also, build continuous awareness by offering always-on training modules and keep lines of communication open for in-the-moment updates on the cybersecurity landscape. For example, create a dedicated Slack channel where everyone can flag attempted phishing scams they’ve received, ask questions, and share threats happening within the industry. This way everyone understands they’re not alone in being targeted and has easy access to solutions to halt attacks.

Educate your consumers, too. Empower customers with knowledge and tools on what to look out for when shopping online. This includes raising awareness of common fraud tactics and risks. Share tutorials and guides depicting different behaviors or topics like creating a safe password while providing them with real-life examples of how they present themselves.

Have a Long-Term View 

In e-commerce, it’s easy to get caught up in loss aversion. This mindset can create a blindspot for organizations in their cybersecurity approach.

Suppose organizations are solely focusing on quick fixes to plug open gaps at the moment. In that case, they’re missing out on the opportunity to create a stronger, more comprehensive approach that keeps them better protected in the future.

Solidify your incident response plan from the start and regularly check in to see what’s working, what needs adjusting, and so on. Update and test your prevention playbooks and employee training to safeguard your strategy as more sophisticated threats arise.

Consider external cybersecurity partners and experts to bring new perspectives to light. Combining your organization’s internal technologies with external expertise ensures that customers are safe as they browse and make purchases.

We’re entering a new era where hackers can strike in the least expected ways. Remain proactive and prepared by investing in a long-term approach to cyber safety while continuously educating both employees and customers. The sooner you start refining your approach, the harder it becomes for these bad actors to strike.

The post A New Age of Threats in Online Shopping: Cybersecurity Tips appeared first on Cybersecurity Insiders.

In early May, the internet was rocked by news of Google supposedly deleting a pension fund account worth $125 billion. Users of the Australia-based UniSuper pension fund’s systems suddenly had issues accessing their accounts for around a week. More than 600,000 pension fund members were affected.

Expectedly, many assumed it was a cyber attack. Several high-profile breaches such as the Maersk ransomware incident have involved major data losses that resulted in operational disruptions. It eventually became clear, though, that the problem was an undiscovered bug that could easily be exploited by threat actors. It is a vulnerability Google was unaware of and did not expect to be possible.

Google fixed the problem around mid-May and posted an explanation about what happened. However, there is an interesting take on the incident that merits some scrutiny: the possible role of IaC management tool Terraform. A New Zealand-based senior software developer shared interesting theories based on his experiences with Google Cloud’s professional services team, pointing to the possible unintended effects of Terraform commands.

Google’s Explanation

In a blog post on May 25, Google detailed how the incident actually happened. The company clarified that the incident only affected one customer in a single cloud region, referring to UniSuper. Specifically, the problem was limited to only one of the customer’s multiple Google Cloud VMware Engine (GCVE) private clouds. The event, Google said, did not impact other Google Cloud services, customer accounts, projects, and data backups.

After Google’s internal investigation, the cloud service provider concluded that the incident happened because of misconfiguration. The company traced this error to an initial deployment of a Google Cloud VMware Engine (GCVE) private cloud by a customer who used an internal tool. There was an issue in the parameter configuration, which resulted in the unintended and undesired consequence of capping the customer’s GCVE private cloud to a fixed term.

Google maintains that their operators, the people responsible for managing and deploying Google Cloud services, acted in line with the company’s internal control protocols. The UniSuper incident was the first problem of its kind they encountered, suggesting that they did not expect that an input parameter left blank could result in the deletion of a private cloud.

Google explained that the blank parameter prompted the system to assign a then-unknown default term. The investigation revealed that this term is for one year, which means that the GCVE private cloud was unwittingly set to terminate after a year. There were no notifications sent to the customer because the deletion was not brought about by a customer request. It was triggered as a consequence of a parameter left blank by Google operators.

The blog post by Google implicitly cleared UniSuper of any fault, saying that it was a Google Cloud issue through and through. A joint statement was released by UniSuper and Google, characterizing the incident as an isolated “one-of-a-kind occurrence” that was not supposed to have taken place.

Was ‘Terraform Destroy’ Truly the Culprit?

As researchers pointed out, it seems that the internal tool used by Google’s operators is Terraform. Commonly used for infrastructure-as-code (IaC) management, Terraform supports a command called ‘destroy,’ which is crucial for infrastructure management. DevOps managers can use Terraform destroy on a specific resource or multiple resources at once.

Using this command requires caution, as it can result in the irreversible removal of an infrastructure component. An accidental execution of the command over unintended resources can easily lead to an outage.

As mentioned in Google’s blog post, the unintended deletion happened because of a blank parameter inadvertently introduced. In this sense, the deletion was akin to the detonation of a long-running time bomb set a year prior (the one-year system-assigned expiration of the private cloud). With these details from Google, it seems highly unlikely that the high-profile mishap was caused by an imprudent use of the Terraform destroy command after all.

If a destroy command had been involved, the situation would have warranted a very different type of explanation. Instead of the fault entirely falling on Google’s operators, the problem would have originated from UniSuper’s own cloud provisioning managers. In this scenario, UniSuper would have applied a Terraform configuration file containing an instruction to remove a private cloud via the destroy command, with Google operators immediately approving it.

Cybersecurity Concerns

Despite the indications that it likely wasn’t careless use of the destroy command that caused the UniSuper outage, it is still worth discussing how important it is to be mindful of Terraform destroy. Threat actors can take advantage of it as they exploit bugs to delete resources and disrupt operations.

There are three possible scenarios where the destroy command can be indirectly triggered, and all of them involve bugs.

In the first scenario, failure to address bugs or issues in Terraform configuration files can wreak havoc during the Plan and Apply phases. These configuration file bugs may cause the unintended marking of resources for deletion. For example, poorly thought-out conditional statements or corrupted configuration files may inappropriately target certain resources for removal.

In the second scenario, organizations may be using external tools that interact with Terraform. These can include cloud provider APIs and provisioning scripts, which may have bugs that prompt them to inadvertently delete resources when they should not. There are cases where Terraform may call for these scripts, usually during configuration changes. If these are applied, the undesirable outcomes can be serious.

Lastly, if organizations use third-party providers to interact with cloud services and platforms, there is always the possibility that these tools can be misused to bring about misinterpretations during the apply phase and even during planning.

To prevent bugs and other cyber issues from using the destroy command to delete resources, it is important to regularly test configurations before applying them. IaC code reviews should also become a routine activity. Moreover, it is important to ensure the quality of the external controls being used and to always be updated with the latest bug fixes and security patches. Finally, the principle of least privilege should be enforced and regular data backups should always be readily available to expedite restoration efforts.

In Summary

To recap, the Terraform destroy command ultimately didn’t cause the UniSuper Google Cloud outage. The incident happened because of a blank parameter that was left unnoticed and unaddressed. Google’s team did not anticipate that the tool they were using would autonomously assign values that could lead them to trouble one year later.

There are still so many things to discover, learn, and understand about modern IT technologies, particularly when it comes to cloud configurations and management. For security teams, collaborating with DevOps armed with a thorough understanding of Terraform commands, is important for maximizing workflow efficiency, uptime and security.

The post Did ‘Terraform Destroy’ Cause the UniSuper Google Cloud Outage? appeared first on Cybersecurity Insiders.

The question is not ‘if’ your organization will face a cybersecurity threat but ‘when.’ The bad news gets worse: suffering one attack does not immunize you against future breaches. Therefore, your approach to improving your organization’s cybersecurity resilience should not only be avoiding all attacks—an unrealistic goal—but enhancing your ability to respond and recover quickly when the inevitable happens.

Improving cyber resilience requires a combination of technology and people power. However, recent research reveals that many organizations fall short in the latter. Fortunately, there are four steps any organization can take to address its people-related security challenges. 

The research discovered a troubling mix of executive apathy, staffing shortages, and inconsistent security practices at organizations worldwide. Only 43% of survey respondents are confident in their ability to manage cyber risk. That number swells to nearly half (48%) of small- and medium-sized businesses (100-2,500 employees) who expressed low confidence in their security readiness. 

One common challenge among smaller organizations is implementing company-wide security policies such as authentication measures and access controls. Half (49%) of the smaller to mid-sized companies surveyed listed this as one of their top two governance challenges, compared to about a quarter of large companies (2,501-5,000 employees). That disparity suggests that smaller organizations struggle with resource limitations and are more vulnerable to management oversight failures. 

Thirty-five percent of smaller organizations report that their management teams fail to recognize cyberattacks as a significant risk or are uninformed about their organizations’ threats. This gap underscores the need for security professionals to educate leadership on a cyber incident’s potential impact on brand reputation and the bottom line. They need to make clear this is not just an IT issue that falls only on the security team’s shoulders. It’s a business priority that requires leadership’s full attention and support.

Skills Gap and Supply Chain Risks

One of the most pressing challenges for larger organizations is the shortage of skilled IT security professionals. Thirty-five percent of respondents with large companies cited this lack as a top concern, closely followed by budget constraints (38%)—both are hurting their ability to respond to incidents effectively.

Securing the supply chain is a concern for organizations of all sizes, with approximately one-third of our respondents acknowledging it as a top challenge. The risks stem from incomplete inventories of third parties with access to sensitive or confidential data and the technical challenges of securing these expansive networks. The risk increases as the supply chain extends beyond a company’s immediate security perimeter, especially to partners and vendors from regions with lax security regulations.

In the Shadows

Compounding these challenges is the Shadow IT phenomenon—the unmanaged use of software and applications. When employees access and deploy software tools without IT’s knowledge, including those that host marketplaces for third-party apps and plugins, they may inadvertently provide unauthorized parties access to sensitive data.

Poor Incident Response Readiness

Despite recognizing the critical nature of the cybersecurity threats they face, many organizations admitted that incident response readiness remains a weak spot for them. 

Encouragingly, approximately half of all businesses surveyed reported they have a formal organization-wide incident response plan in place, and more than half of that group tests their plans at least once a year. 

However, about a quarter (23%) of large companies admit they have never tested their incident response plans, and about one in ten don’t have incident response plans. In the event of a breach, these organizations are much more likely to be uncertain of what to do or, worse, take incorrect actions that exacerbate the situation compared to those that rehearse their response plans. 

One effective approach to testing a response plan is holding a ‘purple team’ exercise. A ‘red team’ launches a mock attack, and a ‘blue team’ coordinates incident response simulations. This enhances an organization’s capabilities to detect, respond to, mitigate, and learn from security incidents, ensuring a more resilient cybersecurity posture. 

However, holding exercises and simulations is only half the battle. Security professionals should implement regularly recurring employee education and training programs.

Improving Cyber Resilience: A Four-Step Approach

Along those lines, the recently updated cybersecurity framework from the U.S. National Institute of Standards and Technology (NIST) can serve as a helpful resource. It organizes cybersecurity outcomes into six high-level functions: Govern, Identify, Protect, Detect, Respond, and Recover and it sets clear cyber resilience milestones and deliverables. 

To demystify that process and make it more accessible to employees, senior executives and board members, here’s a four-step checklist to help everyone understand their role in improving cyber resilience:

1.Threats: Identify the circumstances or events that could potentially harm organizational operations, assets, or individuals. The goal is to educate everyone on what can go wrong and the various forms of threats, whether cyber-attacks, system failures, or data breaches.

2.Vulnerabilities: After pinpointing the threats, the next step is to assess the weaknesses within the organization that these threats could exploit. Vulnerabilities might include outdated software and inadequate (or nonexistent) security policies or employee training programs.

3.Likelihood: Evaluate the probability that a given threat will exploit a vulnerability and lead to a cybersecurity incident. That will help you prioritize which risks need immediate attention.

4.Risk: Assess the potential impact of an adverse outcome resulting from the threats exploiting the vulnerabilities. This step combines the elements of threat, vulnerability, and likelihood to provide a comprehensive overview of the potential risk.

Following this checklist will help your entire organization become more proactive in responding to and recovering from cyber attacks more quickly and effectively. Championing this unified approach throughout the organization ensures that cybersecurity becomes a collective responsibility and improves your cyber resilience.

The post Four Steps to Improving Your Organization’s Cyber Resilience appeared first on Cybersecurity Insiders.

The recent cyberattacks affecting water treatment plants and systems across the nation shed light on the need for cybersecurity measures that safeguard these essential services. In fact, the Environmental Protection Agency found that about 70% of utilities inspected by federal officers over the last year violated standards meant to prevent cybersecurity breaches. 

With government entities applying pressure to address cybersecurity vulnerabilities, decision makers might understandably feel overwhelmed about how to move forward. The road to implementing comprehensive cybersecurity measures can feel daunting, given the steep time and cost investments associated with transforming systems, as well as a lack of cybersecurity expertise. Limited budgets and resources, aging infrastructure and legacy systems and balancing operational efficiency with security requirements are just a few challenges weighing heavily on water treatment plant leaders.

So, what can water plant leaders do? This article will discuss four steps decision makers can take to implement effective cybersecurity measures that safeguard their systems and protect them from outside threats, enabling them to carry on business as usual.

Conduct Network Segmentation 

Water treatment plants can begin with network segmentation, the practice of dividing a computer network into smaller, distinct subnetworks or segments. Network segmentation enhances security to ensure operational continuity and protect public health.

For example, let’s say a plant’s network can be divided into several segments, each serving different functions and containing specific types of devices and systems. The Operational Technology (OT) segment contains multiple components, including Supervisory Control and Data Acquisition (SCADA) systems, Programmable Logic Controllers (PLCs), Human-Machine Interfaces (HMIs), sensors, and actuators.

This segment manages the core operational processes of water treatment, such as monitoring and controlling water flow, filtration systems and chemical dosing. To protect this segment, decision makers should implement segmentation to isolate it from others, making it more difficult for cyber attacks to move laterally. If an attacker compromises one segment, the network confines the impact, preventing the attacker from infiltrating the entire system. This containment minimizes potential damage and disruption to water treatment processes, safeguarding the water supply. 

Segmentation also facilitates better access control and monitoring. Water treatment plant leaders should assign specific credentials to each segment, ensuring that only authorized personnel can access sensitive areas. This granular control enhances the overall security posture and helps quickly identify and mitigate security breaches.

Furthermore, network segmentation simplifies compliance with regulatory requirements by isolating and protecting sensitive data, which is crucial for avoiding legal and financial repercussions.

Regularly Update Systems 

Water treatment plant decision makers should run vulnerability scans on their networks and update systems with the latest security patches and software versions to mitigate vulnerabilities. 

U.S. authorities examining the recent cyberattacks discovered that the compromised facilities were using antiquated equipment linked to the internet, secured with inadequate passwords. Implementing multi-factor authentication (MFA) and robust password policies can add an extra layer of security against unauthorized access. Decision makers should consider partnering with a cybersecurity consultant to support this process, as they will be able to compare current security measures against industry standards and best practices.

Implement Employee Training

Water treatment plant leaders should conduct employee cybersecurity training to reduce human error, which is a common vulnerability in security breaches. Training ensures that employees can recognize and respond to cyber threats, such as phishing attacks. It also promotes best practices, like using strong passwords and identifying suspicious activity, enhancing the overall security posture. Leaders should consider participating in CISA cybersecurity training and exercises to enhance security and resiliency. 

The CISA also has information on recognizing and averting phishing attacks, which employees with a lack of cybersecurity awareness may fall victim to by clicking on fake emails or providing sensitive information such as passwords, usernames or even credit card numbers. 

Informed employees can act as the first line of defense, quickly mitigating potential threats and maintaining the integrity of critical systems. Regular cybersecurity training is essential to create a security-aware culture and protect the plant’s operations and public health.

Invest in Advanced Threat Detection and Response Software

It’s essential that water treatment plant leaders can swiftly identify contaminants and ensure regulatory compliance to maintain public trust in the safety and reliability of the water supply. As a result, water plant decision makers should research and invest in advanced threat detection and response software. Prioritize a solution that doesn’t require extensive cybersecurity expertise to manage. 

Managed security service providers can provide vulnerability scanning, antivirus and system upgrades to prevent intrusions and keep water plants running securely for potentially lower overhead costs than hiring and maintaining an in-house security team. Look for providers and solutions that deliver real-time detection and automated response to contain threats faster, reducing the risk of ransomware and other infections across networks.

Safeguarding Systems Now 

There are many challenges water treatment plant leaders are facing in terms of cybersecurity, including limited budgets, fewer resources and outdated systems. However, there are small steps these leaders can incorporate to improve their cybersecurity posture now. 

A good place to start is to implement network segmentation, regularly update systems and enforce multi-factor authentication to enhance security. Employee training is essential to reduce human error and promote a security-aware culture. Investing in advanced threat detection software ensures real-time protection against cyber threats. By taking these steps, decision makers can safeguard critical infrastructure, ensure the continuous delivery of safe water and protect public health. 

 

The post Securing Our Water Supply: Cybersecurity Strategies for Treatment Plants appeared first on Cybersecurity Insiders.

Generative AI has the potential to make social engineering attacks much more sophisticated and personalised. The technology can rapidly mine sites for information on a company, individuals, their responsibilities and specific habits to create multi-level campaigns. Through automated gethering of information, the technology can acquire photos, videos and audio recordings which can then be used to craft emails (phishing), voice attacks (vishing) and deep fake videos and images for spear phishing attacks against individuals in positions of power, for instance. 

We’re already seeing evidence of such attacks in action. Back in February the Hong Kong police revealed that a finance worker at Arup, a UK engineering firm, was duped into transferring $25m when he attended a video call in which every attendee, including the CFO, was a deep fake. Similar attacks have been carried out over the WhatsApp platform, with LastPass targeted in April by calls, texts and voicemails which impersonated the company’s CEO and a senior exec at advertising firm, WPP invited to a video call in which they were asked to set up a new business by a clone of the CEO crafted from YouTube videos and voice cloning technology.

Deep fakes go wide

These are no longer isolated incidents either, with the CIO of Arup, Rob Greig, warning in his statement that the number and sophistication of deepfake scams has been rising sharply in recent months. It’s a view substantiated by The State of Information Security 2024 report from ISMS.Online which reveals that 32% of UK businesses experienced deep fake cyber security incidents, with Business Email Compromise (BEC) the most common attack type over the last 12 months. Indeed, reports suggest there was a 780% rise in deep fake attacks across Europe between 2022-23.

GenAI is a gamechanger for crafting deep fakes, because the AI enhances its own production, delivering hyper-realistic content. Physical mannerisms, movements, intonations of voice and other subtleties are processed via an AI encoding algorithm or Generative Antagonistic Network (GAN) to clone individuals. These GANS have significantly lowered the barrier to entry so that creating deepfakes today requires a much lower level of skills and resources, according to the Department for Homeland Security.

Defending against such attacks can prove challenging because users are much more susceptible to phishing which emulates another person. There are giveaways, however, with deep fake technology typically struggling to accurately capture the inside of the mouth, resulting in blurring. There may also be less movement such as blinking, or more screen flashes than you’d expect. Generally speaking, its currently easiest to fake audio, followed by photos while video is the most challenging.

Why we can’t fight fire with fire

While standalone and open source technological solutions are now available that scan and assess the possible manipulation of video, audio and text giving a reliability score as a percentage, success rates are mixed. It’s difficult to verify accuracy because few are transparent about how they arrived at the score, the dataset used or when they were last updated. They vary in approach from those trained on GANs to classifiers that can detect if a piece of content was produced with a specific tool, although even content deemed as authentically created in a piece of software can be manipulated. Many video apps, messaging and collaborative platforms already use AI with respect to filters, making detection even more problematic. 

Given the current technological vacuum, the main form of mitigation today is employee security awareness, with 47% saying they are placing greater emphasis on training in the ISMS.Online survey. However, the survey notes that even well-trained employees can struggle to identify deep fakes and this is being compounded by a lack of policy enforcement; the survey found 34% were not using adequate security on their BYOD devices and 30% were not securing sensitive information. Zero trust initiatives may well help here in limiting access to such sensitive information but few organisations have mature deployments. 

Deloitte makes a number of recommendations on how to mitigate the threat of deep fake attacks in its report The battle against digital manipulation. In addition to training and access controls, it advocates the implementation of a layer of verification in business processes and the clarification of verification protocols when it comes to sanctioning payments. This could be in the form of multiple layers to approve transactions, for example, from code words to token-based systems or live detection verification such as taking a “selfie” or video recording, which is already in use in the banking sector for user verification.

Policy and process

But overarching all of this we need to see a comprehensive security policy covering people, process and technology from an AI-perspective. This should seek to address AI attack detection and response, for example, so that there are channels in place for reporting a suspected Gen-AI attack or if a payment has been made. There are already a number of AI standards that can be used to help here in the governance of AI such as ISO/IEC 42001:2023 as well as the NIST AI Risk Management Framework

Defending against deep fakes will therefore require a three-pronged approach that sees awareness training combined with security controls including access and user verification, as well as frameworks to govern how GenAI is used within the business and remediation and response. Ironically, it’s a problem that is likely to be addressed best by people and process rather than technology.  

Looking to the future, some are suggesting that deep fakes could see senior execs decide to adopt a lower profile online in a bid to limit the capture of their likeness. Yet conversely there are some, such as the CEO of Zoom, who believe we will instead go to the opposite extreme and embrace the technology to create digital clones of ourselves that will then attend meetings on our behalf. These will learn from individual recordings to reproduce our mannerisms, be briefed by us, and report back with a call summary and actions. If that approach is widely adopted then detection technologies will prove to be something of a non-starter, making the primary methods of defence the verification processes and an effective AI policy.

 

 

The post Cyborg Social Engineering: Defending against personalised attacks appeared first on Cybersecurity Insiders.

Software is the heart of our connected world, but as its importance grows, so do cyber threats. According to the Department of Homeland Security, 90% of security incidents come from defects in software design or code. Yet, many developers aren’t prepared to tackle this. The number of new software vulnerabilities has steadily increased year after year since 2016 with no signs of slowing down. However, the situation is far from hopeless. Many security issues are well-documented, and industry best practices can help mitigate them. 

Herein lie six rules of secure software development, designed to strengthen our defenses and cultivate a culture of secure coding.

Shift left – The importance of early integration

The “Shift left” principle emphasizes early and continuous testing to uncover defects in the software development life cycle (SDLC). This principle extends to security, urging the integration of security measures during development.

Detecting security issues early reduces the cost of fixing them. Developers should actively engage in preventing, identifying, and addressing vulnerabilities throughout the development process. The involvement of all team members is crucial, rather than relying solely on security experts before deployment. However, this collaborative approach requires developers to have the necessary security knowledge for it – understanding threats and best practices for secure coding.

Implement a secure development lifecycle (SDL) strategy

Treating software security as an afterthought— a last-minute penetration test or a brief security review at the project’s end—is tempting. However, as previously discussed with the concept of shifting left, delaying security measures exposes systems to potential threats and escalates costs. 

Many security concerns stem from decisions made during the initial phases of development, such as design and requirements specification. To address this, we must integrate security into every SDLC stage, not treat it as a standalone task. Methodologies like MS SDL (Microsoft’s Security Development Lifecycle, BSIMM (Build Security In Maturity Model), and OWASP SAMM (Security Assurance Maturity Model), support this proactive approach. Across these models, training engineers in security is crucial. 

While penetration testing is useful as a final check, over-reliance on it is risky and cannot replace secure software development. 

Secure Your Entire IT Ecosystem 

Software security includes both your code and third-party code. With 80% of all code in modern software coming from third-party packages (Zahan et al, 2022), the potential attack surface is vast – and can be exploited, as seen in 2021 with the Log4Shell vulnerability. 

Moreover, supply chain attacks, including malicious code injection, are also on the rise – there was a particularly dramatic increase by 650% in 2021. Notable incidents like the SolarWinds supply chain attack have had a profound impact on global cybersecurity strategies.  Robust vulnerability management is essential. This includes promptly identifying, assessing, and addressing vulnerabilities in your program’s dependencies. It also requires a strategy for releasing security patches and hotfixes.

From reacting to preventing

When discussing code security, the concepts of robustness and resilience are essential. Robustness involves anticipating and preventing failures, while resilience entails minimizing the impact of failures and facilitating recovery. While both are important, preventing incidents is always preferable to reacting to them afterward. 

Design by Contract (DbC) and defensive programming are two philosophies aimed at fortifying system robustness and resilience.

  • Design by Contract (DbC) defines contracts for functions to declare expected preconditions, postconditions, and invariants, assuming these contracts won’t be violated.
  • Defensive programming assumes system interactions may be incorrect, erroneous, or malicious, so developers should explicitly implement input validation in functions processing user input.

It’s important to recognize that both techniques have their merits – but defensive programming is better at protecting against intentional misuse.

Mindset over technology

When asked about preventing cyberattacks, most people mention firewalls and IDS. Although important, they only offer partial solutions to existing vulnerabilities, with attackers continually finding ways to bypass these defenses. SSRF attacks can get around perimeters, and firewalls won’t make you immune to zero-days like Heartbleed and Log4Shell. So how can we effectively address the challenge of vulnerable code, especially within massive and old codebases? According to Sourcegraph’s The Emergence of Big Code, developers are tasked with managing larger volume of code. In fact, about 51% of developers report having to handle a hundred times more code over the past decade.

Some companies are trying to use AI to write more secure code than developers, but AI mostly uses data from open-source projects, which can be flawed. Consequently, this represents a step in the wrong direction, as we cannot rely on AI by default for secure coding. Developers’ inputs are crucial here. However, expecting developers to ensure security without the resources and support for it isn’t realistic. GitLab’s Global Developer Report (2022) shows that even though companies are focusing more on combining development with security, DevSecOps, security teams lack confidence about their roles, even with lots of tools. 

While automation can help address vulnerabilities, it comes with limitations. These tools can generate false positives leading to unnecessary rework, and false negatives offering a false sense of security. Automation alone won’t solve security issues; human expertise remains irreplaceable. 

Invest in Secure Coding Training

To address cybersecurity effectively, we must tackle both past issues, such as unidentified vulnerabilities in older and third-party code, and future challenges, including vulnerabilities in newly developed code. While tools help with past issues, the key to future security lies in educating developers. This involves comprehensive training to equip them with the necessary skills and mindset for identifying vulnerabilities and writing secure code. 

Hands-on secure coding education proves most effective, allowing developers to observe vulnerable code in action, grasp its exploitation consequences, and learn how to fix it themselves. While microlearning aids in knowledge reinforcement, it’s insufficient for initial skill acquisition. A blended learning approach is recommended – developers start with in-depth, instructor-led training, followed by regular microlearning modules. 

Cydrill’s blended learning journey offers comprehensive training in proactive secure coding for developers. By combining instructor-led training, e-learning, hands-on labs, and gamification, Cydrill provides an effective approach to learning how to code securely.

By adhering to this six key rules of secure software development and investing in comprehensive secure coding training for developers, organizations can fortify their defenses against vulnerabilities and foster a culture of proactive security.

The post The developers’ guide to secure coding: The six steps towards secure software development appeared first on Cybersecurity Insiders.

Small and Medium Size Enterprises (SMEs) are a major driver of the U.S. economy, representing as much as one-third of the private sector GDP. However, from a cybersecurity perspective, these organizations are at a disadvantage. Cybersecurity is typically handled by a company’s IT staff, who become quickly overwhelmed by the complexity and operational workload of managing multiple tools in their security stack. Limited budgets, lean IT teams and a lack of technical knowledge make SMEs prime targets for cyberattacks.  

These challenges are reinforced by Coro’s recent survey of 500 SME cybersecurity decision makers. The findings show that security professionals struggle to manage the many tools in their security stack and the alerts that they generate.  

In fact, more than 73% of security professionals surveyed reported missing, ignoring or failing to act on critical security alerts, with respondents noting a lack of time and staff as the top two reasons.  Respondents said they spend more than 4 hours managing their cybersecurity stacks every day, with an average of 11+ different tools in their stack. And they estimate it takes an average of 4+ months for each new tool procured to become operational, with equal time spent on installation, configuration, training staff and integration with their existing security stack.  

These results underscore the reality of the cybersecurity industry, which focuses on designing tools to meet the needs of enterprise security programs. These tools fail the SME market profoundly.  Enterprise security tools are designed for organizations with large, in-house cybersecurity teams with the time and technical knowledge required to manage and maintain them. Enterprise tools are specialized, and designed to comprehensively mitigate a single, specific threat area. They generate thousands of alerts and provide the feedback required by a finely tuned security stack.  They are complex, and time consuming to deploy and manage.

No wonder SMEs are overwhelmed.

Consolidation as a solution

The workload complexity facing security professionals, and the overwhelming demands it places on already limited resources, are driving SMEs to consolidate their cybersecurity tools. Gartner reported on this trend in 2022, noting that 75% of companies planned to move to a consolidated approach rather than use point products.

Consolidated, or all in one, platforms, not only increase visibility and reduce operational workloads, they also help strengthen a company’s security posture.  But to date, many approaches have been cobbled together through M&A.  A consolidated solution that’s comprised of multiple tools that still don’t talk to each other is just papering over the cracks of the problem.  A more radical approach is required. 

The way forward: modular cybersecurity platforms 

Coro sees a distinct way forward for SMEs. It starts with designing a solution from the ground up to be seamlessly integrated, interoperable, and managed from a single dashboard.  It should be easy to operate, and easy to scale as a company’s security needs grow.

With these requirements in mind, Coro recently launched Coro 3.0, the world’s first modular cybersecurity platform. Coro 3.0 consolidates the protection of a company’s six most important areas – cloud apps, endpoints, email, sensitive data, network, and users — into a single, unified platform.

Coro 3.0 supports these capabilities through fourteen distinct security modules, including endpoint protection, EDR, email protection, SASE, data governance (DLP), Cloud apps (CASB), VPN, NGFW, DNS filtering, SOC (MDR), Email encryption, and ZTNA, with additional capabilities to be released over time.  Each module is plug and play, activated in seconds with a single click. 

Coro’s new platform was designed explicitly with the intention of simplifying security operations and enabling the scalability that SME organizations need, and at a record low cost of ownership. 

Each security module is interoperable, seamlessly integrated, and architected with the following advantages:

  • One easy-to-use dashboard offers a single pane of glass to consolidate alerts, and easily configure and manage every module 
  • One easy-to-manage agent for all endpoints eliminates the workload of updating and managing multiple vendors’ agents 
  • One AI-driven data engine communicates between modules and eliminates blind spots, automatically remediating threats and only surfacing the most critical security events
  • One intuitive user interface for every module eliminates the need for extra employee training 
  • One click easily activates new security modules or turns them off, with no installation required

Coro’s modular cybersecurity platform is a breakthrough for SMEs, empowering companies to strengthen their security posture and reduce operational workloads at the lowest cost of ownership.

Strengthen your security posture today 

Consolidated solutions can help SMEs solve their cybersecurity resource challenges. The most effective platforms are architected from the ground up to work together and simplify deployment, management and configuration. Ultimately, the goal is to reduce the complexity and cost required to build and manage effective cybersecurity programs. After all, SMEs deserve to be just as cyber secure as global enterprises. 

The post SME Cybersecurity Challenges and Opportunities appeared first on Cybersecurity Insiders.

Outside-In Approach to Partners Key to Firm’s Continued Growth

Welcome to the new SonicWall! 

2024 marks a high note in the transformation of SonicWall, which was founded in 1991 as Sonic Systems, shipping Ethernet cards for NuBus and SE expansion slots. Now, over thirty years later, SonicWall is serving the needs of well over 500,000 global businesses in more than 215 countries and territories, proudly standing as one of the foundational pillars of the cybersecurity industry.

The transformation process began in 2023 with the evolution of our executive leadership team. This resulted in SonicWall bolstering its North American and EMEA executive lineup and security expertise as well as strengthening its channel leadership.

SonicWall’s transformation didn’t end with our leadership changes. The company also doubled down on our commitment to providing the very best security solutions and business tools to our valued partners and customers around the globe. 

To that point, SonicWall made several key strategic acquisitions in the last year. These came from taking an outside-in approach, listening intently to our valued partners about how we could better meet their specific needs and then executing on those insights to better improve our offerings and services. 

The acquisition of Banyan Security, a leading provider of security service edge (SSE) solutions, strengthened SonicWall’s portfolio by adding zero trust security, relied on by leading fortune 100 companies to small businesses who are replacing legacy architectures for SSE solutions. This acquisition was a direct response to the current shift to more dynamic solutions that can adapt to the ever-evolving landscape of threats in the cloud. Banyan’s technology extends SonicWall’s portfolio to the cloud and provides partners and their customers with more flexibility, which is key to the continued development of SonicWall’s cybersecurity platform.

The acquisition of Solutions Granted, Inc., a top Managed Security Service Provider (MSSP), delivering world-class cybersecurity solutions to hundreds of Managed Service Providers (MSPs), reinforces SonicWall’s commitment to our valued partners. Solutions Granted further extends our portfolio to include U.S.-based Security Operations Center services (SOCaaS), Managed Detection and Response (MDR), and other managed services that are tailor-made for MSPs and MSSPs. The acquisition, again, aligns with SonicWall’s outside-in approach, providing partners with a best-of-suite, comprehensive and flexible portfolio that accelerates their growth.

In addition to our strategic acquisitions, SonicWall is proud to unveil SonicPlatform, an innovative cybersecurity management platform designed to unify SonicWall products on a single integrated interface. This platform is especially beneficial for MSPs and MSSPs, enabling them to efficiently manage multiple client environments, automate key tasks, reduce operational costs, enhance service delivery, and garner valuable insights. SonicPlatform represents a significant stride towards a more integrated, efficient, and secure management ecosystem for SonicWall’s increasingly diverse suite of security solutions. 

It’s encouraging to experience the remarkable momentum sweeping across our business and even more exciting to know that this very momentum is fueled in large part by the renewed focus on and growth of our partner community with key new partner wins over the last three quarters as part of a growing trend. 

SonicWall enhanced our partner program with more strategic benefits and opportunities—and it is resonating. Within the last six months, our commitment to providing meaningful initiatives to partners has led to a 42% increase in partner growth year-over-year, with 63% of new partners transacting within the same quarter they onboarded. Additionally, partners in our Service Provider Program increased 91% year-over-year. 

I am proud of our team for its ongoing commitment to excellence from a solutions and partner perspective. It is their combined contributions and efforts that continue to fuel the ongoing success of SonicWall and those we serve. As a team, we remain steadfast in our commitment to delivering the most security-rich, cost-effective, partner-centric, and user-friendly products and services to protect organizations from constantly emerging cyberthreats.

 

The post Cybersecurity Leader SonicWall Rides Wave of Momentum with Company Transformation, Acquisitions, and New Cyber Platform appeared first on Cybersecurity Insiders.