Black Hat 2023 is in full swing.
Check out this new episode of ITSecurityGuyTV on cybersecurity and healthcare. AT&T’s head of evangelism, Theresa Lanowitz, visits with ITSecurityGuyTV, Charlie Harold, in this new episode on edge computing’s role in healthcare.
2984 Cybersecurity.ATT.com with Theresa Lanowitz at BHUSA2023 from Security Guy TV on Vimeo.
The post Edge computing’s role in healthcare appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The landscape of cybercrime continues to evolve, and cybercriminals are constantly seeking new methods to compromise software projects and systems. In a disconcerting development, cybercriminals are now capitalizing on AI-generated unpublished package names also known as “AI-Hallucinated packages” to publish malicious packages under commonly hallucinated package names. It should be noted that artificial hallucination is not a new phenomenon as discussed in [3]. This article sheds light on this emerging threat, wherein unsuspecting developers inadvertently introduce malicious packages into their projects through the code generated by AI.
Artificial intelligence (AI) hallucinations, as described [2], refer to confident responses generated by AI systems that lack justification based on their training data. Similar to human psychological hallucinations, AI hallucinations involve the AI system providing information or responses that are not supported by the available data. However, in the context of AI, hallucinations are associated with unjustified responses or beliefs rather than false percepts. This phenomenon gained attention around 2022 with the introduction of large language models like ChatGPT, where users observed instances of seemingly random but plausible-sounding falsehoods being generated. By 2023, it was acknowledged that frequent hallucinations in AI systems posed a significant challenge for the field of language models.
Cybercriminals begin by deliberately publishing malicious packages under commonly hallucinated names produced by large language machines (LLMs) such as ChatGPT within trusted repositories. These package names closely resemble legitimate and widely used libraries or utilities, such as the legitimate package ‘arangojs’ vs the hallucinated package ‘arangodb’ as shown in the research done by Vulcan [1].
When developers, unaware of the malicious intent, utilize AI-based tools or large language models (LLMs) to generate code snippets for their projects, they inadvertently can fall into a trap. The AI-generated code snippets can include imaginary unpublished libraries, enabling cybercriminals to publish commonly used AI-generated imaginary package names. As a result, developers unknowingly import malicious packages into their projects, introducing vulnerabilities, backdoors, or other malicious functionalities that compromise the security and integrity of the software and possibly other projects.
The exploitation of AI-generated hallucinated package names poses significant risks to developers and their projects. Here are some key implications:
To protect themselves and their projects from the risks associated with AI-generated code hallucinations, developers should consider the following measures:
The exploitation of commonly hallucinated package names through AI generated code is a concerning development in the realm of cybercrime. Developers must remain vigilant and take necessary precautions to safeguard their projects and systems. By adopting a cautious approach, conducting thorough code reviews, and independently verifying the authenticity of packages, developers can mitigate the risks associated with AI-generated hallucinated package names.
Furthermore, collaboration between developers, package managers, and security researchers is crucial in detecting and combating this evolving threat. Sharing information, reporting suspicious packages, and collectively working towards maintaining the integrity and security of repositories are vital steps in thwarting the efforts of cybercriminals.
As the landscape of cybersecurity continues to evolve, staying informed about emerging threats and implementing robust security practices will be paramount. Developers play a crucial role in maintaining the trust and security of software ecosystems, and by remaining vigilant and proactive, they can effectively counter the risks posed by AI-generated hallucinated packages.
Remember, the battle against cybercrime is an ongoing one, and the collective efforts of the software development community are essential in ensuring a secure and trustworthy environment for all.
The guest author of this blog works at www.perimeterwatch.com
Citations:
The post Code Mirage: How cyber criminals harness AI-hallucinated code for malicious machinations appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Photo by Tom Fisk
Many industries are experiencing rapid growth thanks to the seemingly overnight advancement of new technologies. Artificial intelligence, for example, has swiftly gone from a vague possibility to being a major component in numerous digital systems and processes. Another technology that has somewhat snuck up on us is blockchain.
Many people associate blockchain with cryptocurrency. However, while blockchain was primarily being used as a decentralized ledger to secure and confirm cryptocurrency trades, it is now being used in numerous other applications across a range of industries.
Blockchain-as-a-service, for example, is offered as a third-party management of cloud-based networks for companies building blockchain applications. And as a whole, many industries are starting to use blockchain for securing transactions such as the shipping and logistics sector.
Blockchain is quickly becoming the new must-have technology, but like any new tech, it has seen an interesting evolution from where it started to where it is today.
Blockchain was first created to make the trading of digital currency more secure. The concept was to have a decentralized currency that could easily be tracked without relying on banks. Thus, blockchain was invented as a public ledger that stored all information in blocks, with each block representing a transaction. Each new block that was created would then include a sequence from the previous block, which would then link or chain all of the blocks together.
This blockchain technology is what makes transactions or the exchange of information so much more secure because blocks are difficult to replicate or change. If someone wanted to replicate or change one block, they would have to change all the previous ones that it is linked to as well.
Once other industries realized the genius of the concept, they started adopting it as well. Financial institutions, for example, which of course, are founded on the idea of transactions and exchanging of money, quickly saw the appeal of using blockchain. Fintech companies, in particular, that had their sights set on building finance systems of the future were early adopters of blockchain technologies. Many of these same businesses are now combining blockchain technologies with mobile tech offerings, among others, to increase efficiency.
Now, we are seeing what is being called “blockchain scaling,” which is the newest innovation using blockchain. Traditionally, every computer in a network must process every transaction, which is slow. But with blockchain, the process can be scaled and accelerated without sacrificing security.
Today, a scaled blockchain is believed to be fast enough to power our more advanced technologies that store and exchange data and information, like the Internet of Things (IoT). This makes blockchain ideal for any number of industries, not just cryptocurrency trading and banks.
If there is one process that encompasses transportation, shipping, and logistics, it’s the supply chain. And supply chain management, like numerous other processes, has seen a sudden growth with digitalization and the adoption of new technologies that allow for optimization and fewer inefficiencies.
Supply chain processes rely on the linking of various systems to coordinate the manufacturing and shipping of products. In other words, a wealth of data is being shared and transferred throughout the supply chain process, making this an ideal sector to use blockchain technology.
The global shipping industry has long faced a number of issues that result in delays and other errors, which can come at high costs. With blockchain, however, shipping companies will have the framework to mitigate these issues and speed up operations.
In particular, the U.S. Department of Transportation Maritime Administration reports that blockchain can help with the following to increase shipping efficiency:
For example, a lack of real-time information availability and poor tracking capabilities leads to high volumes of canceled orders and cargo loss, which can cost companies thousands of dollars. But these issues can be solved with blockchain technologies.
Delays related to B/Ls are another problem. A B/L provides all the necessary information for the processing of a shipment from carrier to shipper, serving as a receipt, contract, and document of ownership. But traditionally, B/Ls can take days to arrive but are needed for a shipment to be processed.
Fraud is also a concern, as B/Ls can easily be modified and forged. Blockchain, however, enables the digitalization of these documents and speeds up the process of exchanging data throughout the entire shipping process, creating an overall more efficient shipping system.
The transportation industry is also expected to benefit greatly from blockchain. The implementation of this technology in the freight industry is slow-moving, but once it happens, it will benefit carriers in various ways. Such changes with blockchain that are expected include:
As a whole, blockchain can increase efficiency across the freight and transportation sector while also reducing administrative burdens and increasing transparency.
The aviation sector is another industry that deals in transportation and shipping, where blockchain has captured interest. It can help with security and identity management, baggage management, ticketing, maintenance orders, loyalty programs, and more. Any process that involves sharing data or information, which is most processes these days as everything is digitized, can benefit from blockchain technologies.
As a final note, it’s important to understand that, for all the advantages of using blockchain, the implementation of any new technology comes with risks. Though people sing the praises of blockchain for how secure it is, it’s not foolproof.
Cybercriminals, for example, get more clever with every passing day, and they can and will find ways to compromise blockchain technology. This is not to say that the shipping and transportation industries should avoid blockchain, but rather that when implementing this new technology, companies should make cybersecurity a priority.
To ensure blockchain is the most efficient, it’s necessary to first understand all the risks that come with it to mitigate issues going forward. Only then can shipping and logistics companies truly benefit and revolutionize their industries using blockchain technology.
The post The impact of blockchain technology on the future of shipping and logistics appeared first on Cybersecurity Insiders.
As we go about our daily lives, whether that be shopping with the family, enjoying dinner at a restaurant, finding our gate at the airport, or even watching TV, we find ourselves more and more often encountering the QR code. These black-and-white checkerboards of sorts have gained a reputation for being a fast and convenient way of obtaining information via our smartphones while at the same time contributing to environmental conservation, as they allow businesses such as retailers and restaurants to print fewer paper menus or flyers.
But before you whip out that phone and activate your camera, you should be aware that these seemingly innocuous QR codes can also be used for purposes you aren’t anticipating. Adversaries can also abuse them to steal your money, identity, or other data. In fact, the term in the cybersecurity industry for attacks that leverage QR codes as a means of delivery is “quishing.” Although this may sound cute, the intentions behind these intrusions are, in reality, quite sinister.
While it may seem like we have only been interacting with QR codes over the past several years, they were in fact invented almost 30 years ago in 1994 by a Japanese company called Denso Wave, a subsidiary of Toyota Motor Corporation, for the purposes of tracking automotive parts in the assembly process. QR stands for “quick response” and is a sophisticated type of bar code that utilizes a square pattern containing even smaller black and white squares that represent numbers, letters, or even non-Latin scripts which can be scanned into a computer system. Have you ever noticed that there are larger black and white squares in just three of the corners of a QR code? Their purpose is to allow a scanning device to determine the code’s orientation, regardless of how it may be turned.
The use of QR codes has expanded considerably since 1994. They have become a favored means for businesses to circulate marketing collateral or route prospects to web forms, and other even more creative uses have also been cultivated. Instead of printing resource-consuming user manuals, manufacturers may direct their consumers to web-hosted versions that can be reached by scanning codes printed on the packaging materials. Event venues print QR codes on tickets that can be scanned upon entry to verify validity, and museums post signs next to exhibits with QR codes for visitors to obtain more information. During the COVID-19 pandemic, the use of QR codes accelerated as organizations sought to create contactless methods of doing business.
QR codes don’t appear to be going away anytime soon. The speed, and versatility they offer is hard to deny. However, any hacker worth their salt understands that the most effective attacks leverage social engineering to prey upon human assumptions or habits. We’ve become accustomed to scanning QR codes to quickly transact or to satisfy our sense of curiosity, but this convenience can come at a cost. There are several websites that make it incredibly simple and low cost (or free) for cybercriminals to generate QR codes, which they can use to do any of the following:
Spotting a malicious QR code may be difficult because the displayed URLs are often shortened or hosted on cloud platforms, such as Amazon Web Services (AWS). Fortunately, there are things you can do to reduce your chance of falling victim to a quishing attack:
This topic was covered in a SecurityInfoWatch piece today.
The post What may be lurking behind that QR code appeared first on Cybersecurity Insiders.
For anyone who follows industry trends and related news I am certain you have been absolutely inundated by the torrent of articles and headlines about ChatGPT, Google’s Bard, and AI in general. Let me apologize up front for adding yet another article to the pile. I promise this one is worth a read, especially for anyone looking for ways to safely, securely, and ethically begin introducing AI to their business. On June 20th the International Association of Privacy Professionals (IAPP) released a new body of knowledge (BOK) for their soon-to-be-released Artificial Intelligence Governance Professional Certification (AIGP). This first-of-its-kind certification covers a series of knowledge areas, which I’ll explore later in this post. It’s of great value to any professional interested in implementing or managing AI, or simply curious about the field.
The field is booming with new tools, ideas, and use-cases being developed by the hour (at least that’s how it seems sometimes). Several companies, IBM being the most prolific, have also released several technical certifications aimed at the creation and refinement of AI. There are not, however, any certifications aimed at business leaders or non-technical professionals, the people who will approve and use AI in their day-to-day tasks. At least there weren’t until the IAPP announced their new AIGP certification, that is.
While the IAPP is the de facto leader in the industry when it comes to privacy certifications, I recognize not everyone may be familiar with them or their offerings. The IAPP was founded in 2000 and currently offers a suite of certifications aimed at professionals, including lawyers, who work with data privacy or governance. Their key offerings include the Certified Information Privacy Professional series (including individual certifications on European, Canadian, and American privacy laws), the Certified Information Privacy Manager, Certified Information Privacy Technologist, as well as a few others. The AIGP is a brand-new offering that hasn’t been fully released yet beyond the newly posted BOK.
The AIGP covers seven different domains that range from fundamental components of AI, all the way to development lifecycles and risk management. The topics on the exam will allow professionals to showcase their knowledge of both AI as a field of study and a technology, but also how to effectively manage it within an organization. Learning what you need to know to pass the test will create an excellent foundation and equip you to identify and leverage opportunities when they appear, and manage risks when they invariably crop up. I’ve listed the seven domains below:
While the certification itself isn’t out quite yet, I highly recommend you visit the IAPP’s website and take a look at the AIGP’s BOK. This will give you a good idea of what you can expect to see on the exam and let you begin preparing while we wait for the official training material to be released. I reached out to the IAPP for more information and was informed that additional training material to support this certification is planned for a Q4 release later this year.
This certification promises to become a milestone in the realm of AI governance, effectively bridging the gap between those with deep technical knowledge and non-technical business leaders. As the presence and use of AI becomes more pervasive, being able to understand its governance, risks, and ethical implications is no longer a luxury, but a necessity. This certification is going to be a vital first step towards achieving that understanding. I’ll continue to follow the development of the AIGP and provide more insights as new information becomes available.
The post Artificial Intelligence Governance Professional Certification – AIGP appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data. Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand.
Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology.
Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations.
The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business.
To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data.
Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type.
DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the document to a home printer violates the policy and is not permissible. How does the DLP tool know that the document includes sensitive data? Content inspection techniques and contextual analysis help identify sensitive data.
The inspection capability of the DLP solution is very important. It’s important to note that traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on-premises environments. Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user, and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee).
After it’s clear that the tool can classify sensitive data, a logical next question is what actions the tool will perform to prevent loss of that data. A DLP solution performs actions such as sending out alerts for DLP policy violations, warnings using pop-up messages, and blocking data entirely to prevent leakage or exfiltration. Another feature might include quarantining data. Organizations should be able to define their policies based on their policy, standards, controls, and procedures.
Traditional DLP relies heavily on content analysis and does not always accurately identify sensitive data. Sometimes traditional tools block normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is sensitive.
There are many DLP tools on the market. A DLP solution might also be a capability in another security tool such as an email security solution. Selecting the right tool requires knowledge of market trends, the gap between traditional and modern DLP tools, data loss prevention best practices, and the purchasing organization’s security initiatives and goals. Given the many options and variables to consider, it can be challenging to understand the nuances and distinctions among solutions on the market.
The post What your peers want to know before buying a DLP tool appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Data Security Posture Management (DSPM) plays a critical role in identifying security risks, prioritizing misconfigurations, and implementing a zero-trust framework. It is an emerging technology, and there are only a few capable solutions that provide good product offerings. Check out the list of some of the best DSPM platforms that can be considered to streamline data protection, governance, and compliance efforts.
Securiti DSPM ranks at the top on Gartner’s list of DSPM platforms in this category. Gartner has given a rating of 4.7 which is the highest amongst other products. The tool is built to protect an organization’s data, especially sensitive data, everywhere. The platform covers data in numerous environments and across various formats, such as structured and unstructured data systems.
Users can gain visibility of their data at rest and in motion across public, private, hybrid, and multi-cloud systems. The solution also covers SaaS environments which is a plus since traditionally, DSPM covers only public clouds. The solution leverages AI/ML-powered sensitive data insights to streamline their data governance strategy, data lineage, access policies and controls, and privacy operations, such as cross-border transfer policies.
Symmetry DataGuard comes second to Securiti in ranking and rating as well. The DSPM solution has received a 4.6 rating in the Product Capabilities and Customer Experience categories. It delivers real-time data protection. With visibility of data and advanced analytics, security teams can not only ensure data security but also availability and integrity. Users can leverage that granular information to power their IAM engines to implement effective data controls, access, and permission.
Symmetry DataGuard can be an expensive and you’ll need to invest time to understand the product because of its extensive capabilities and features.
Sentra’s DSPM platform is built for speed and efficiency. The platform offers agentless discovery, which means that data doesn’t leave an organization’s secure environment, and hence there’s zero disruption to the productivity of teams.
Another important aspect of Sentra’s DSPM solution is that it is easy to implement and scale. It further offers great integration capability and thus enables organizations to integrate with various ecosystems for discovering data.
Up to 77% of users would recommend Dig Security Platform, suggests Gartner. The DSPM platform has garnered a 4.2 rating on the review platform. The tool can help security and data teams to effectively identify and discover data and perform accurate categorization and classification.
The data detection and response capabilities of the solution further ensure robust data protection. Teams can have a complete understanding of their data spread across physical and virtual databases and protect sensitive data from security risks, such as data exfiltration, ransomware, and shadow data.
Flow Security covers a large set of environments to discover all data of an organization. For instance, the solution can scan through on-prem infrastructure, multiple cloud environments, SaaS applications, and other self-managed databases.
The ML capabilities enable data teams to discover and classify data elements across structured and unstructured formats. The tool can further discover security vulnerabilities and track them for remediation.
Laminar is another emerging solution provider that offers a DSPM platform. The platform offers an agile DSPM solution that delivers speed, accuracy, and efficiency. The tool has received a 4.1 rating by reviewers. Data teams can leverage the platform to gain the required data insights of their multi cloud and SaaS environments.
Various controls can be configured to enable robust data protection in the cloud, such as risk discovery and management, access policies, governance framework optimizations, and compliance management. Since Laminar has a lot of room for improvement, you may find the platform lacking in the department of scalability, which is a must for large-scale data-driven organizations.
TrustLogix cloud data security platform, as the name suggests, is built for the cloud to gain data visibility and optimize controls around security, governance, and compliance. The DSPM platform is built for the cloud, and it can be deployed swiftly. It can be connected to a variety of cloud-native environments along with self-managed clouds and SaaS applications.
It doesn’t require access to the data, but it only scans for schemas and configuration metadata. TrustLogix further reviews the log files to detect any anomalies related to sensitive data access for enhanced protection.
Cyera Platform is a well-trusted DSPM solutions provider in the industry. It provides organizations with comprehensive information on their sensitive data, geographies, and data access controls.
Its DSPM solution covers a lot of ground when it comes to ecosystems in that it can discover data in IaaS, PaaS, self-managed databases, managed databases, as well as DBaaS environments.
The Concentric Semantic Intelligence product delivers DSPM capabilities to help businesses and security teams find their most important data, find security gaps, and prevent unauthorized access.
The complex ML capabilities of Concentric’s functionalities allow autonomous discovery of the data across a business’s data environment and classify a wide number of data elements, such as PCI data, PHI data, and PII data.
Veza’s DSPM solution provides businesses with a powerful vulnerability management system that allows them to discover identities and mitigate risks. The solution can be integrated with a number of cloud and SaaS systems, such as Okta, Slack, OneLogin, GitHub, GitLab, AWS, OCI, AWS DynamoDB, and GCP, to name a few.
BigID ranks as one of the top cloud data management solutions, and they are now also offering a DSPM solution. The solution comes with a decent data discovery and classification engine that categorizes data across different formats and systems. The solution can further identify and track data security risks, help optimize data access policies across roles and users, and enhance security posture.
Data Radar is Fasoo’s product that offers DSPM capabilities. The DSPM platform can replace a traditional data loss prevention solution with an advanced DSPM tool, offering powerful discovery and classification capabilities along with access controls and policies, and risk assessment.
With Normalyze DSPM platform, you can search, identify, and categorize data in your Google, Azure, and AWS data clouds. You can sift through data in cloud-native environments across various data formats.
OneTrust is also a well-known DSPM provider. The solution provides data discovery, classification, and inventorying. You can use the tool to discover security gaps and enhance access controls to implement a zero-trust framework.
Open Raven has a wide range of functionalities that can optimize data security posture. Its DSPM platform can enable businesses to discover and classify data, assess security posture risks, optimize controls, and implement guardrails to meet compliance.
In today’s data-driven era, finding the best DSPM platform is crucial for businesses to safeguard data against cyber threats and derive business value while meeting compliance. So, go through the provided list of DSPM platforms and pick the best one to meet your business objectives.
The post Top 15 Data Security Posture Management (DSPM) platforms for 2023 appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it? Let’s delve deeper and unravel the potential issues and solutions.
In recent years, we have seen an uptick in the delivery of malware via phishing attacks. Compounding the problem is the rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals – its effectiveness is exceptional.
Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers.
However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs.
It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas.
By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system – that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist.
After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam.
Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company’s information security service.
Tools like the “Report Phishing” plugin for Outlook can be extremely useful. This plugin lets employees quickly and easily notify the information security team about potential phishing attempts. If an attack is indeed taking place, vigilant employees can help detect it faster and prevent severe consequences by forwarding the phishing email to the information security team, who can then respond to the incident.
This plugin is also beneficial for simulated phishing campaigns for several reasons:
Apart from email client plugins, there are other ways to assist employees in taking the right actions when confronted with phishing attacks:
Companies can run special phishing tests using both clean emails and ones labeled “external sender” or “spam.” These red flags are intended to caution employees to exercise more care when handling such emails, as they are more likely to contain malicious attachments or phishing links. Interestingly, research shows that presenting suspicious details in email headers does not improve phishing detection. Even when emails bear labels like “external sender” or “spam” in the subject line or body of the message, employees click on them nearly as frequently as they do on unlabeled ones.
Why does this happen, and what can be done about it? There could be a level of mistrust towards technology and software algorithms at play here. We often hear the advice, “If you did not receive an email from us, check your spam folder.” And, of course, simple inattention on the part of employees is common.
Curiosity, interest, or fear triggered by the content of the email can lead employees to fall for the hackers’ bait. Certain expertly designed templates, such as those warning of potential account breaches and prompting password changes, generate high click rates. Often the “sender” field in an email might show an address that perfectly matches the legitimate domain of the client. However, the “from” field only displays text, which can be altered by the sender’s email server. To truly ascertain the domain from which the email originated, examining the headers in the email’s properties is necessary. Therefore, again, relying entirely on software and hardware for email information security is unwise. The human factor is a crucial element to consider.
Let’s say right away that there are no magic pills against phishing for employees. Training courses are an important part of the process, but they will not work without regular practice. Upon contact with a new variant of phishing, an employee may become confused and eventually fall for the trick of scammers.
Cultivating robust phishing detection skills and enhancing awareness of threats should be continuous processes that involve direct exposure to these threats. Every training phishing email sent, irrespective of the unsafe action statistics, enhances an employee’s awareness: they learn about a new threat, encounter it firsthand, experience the potential impact, and consequently, become less vulnerable. As the proverb says: “Fool me once, shame on you. Fool me twice, shame on me.”
Practical experience affirms the need for ongoing engagement with employees. Mere theoretical training sessions will not protect you from phishing, and a single training session is not sufficient either. Interestingly, reports suggest that after one round of simulated phishing emails, there might be an increase in unsafe actions with mock phishing, even after employees have completed training courses.
Does this suggest that the training courses were entirely ineffective? Not necessarily. It simply indicates that the practical skills needed to recognize phishing are not yet fully developed, reinforcing the notion that understanding the information security theory without practical application is insufficient. It is through regular phishing training emails that employees become more adept at identifying phishing attempts and reporting them to the information security service.
A phishing awareness program typically starts with an initial round of simulated phishing emails to evaluate employees’ susceptibility to such attacks. Next, the employees undergo training to learn about phishing and how to spot it. Following the training, another round of simulated phishing is conducted to provide practical reinforcement of the training and to assess its impact on employees. This constitutes the initial cycle of the program. Depending on your resources and the size of your organization, this part may take anywhere from several weeks to a few months to complete.
The process does not stop there. You should conduct new rounds of simulated phishing emails approximately once a month, gradually making them more complex. Employees who consistently fall for phishing attempts should be given additional training.
Yes, this is a slow process. Building sustainable skills takes time, typically at least 12 months. And even after this period, regular phishing simulation exercises are still necessary to ensure employees maintain their alertness. By running regular phishing simulations, employees become more knowledgeable and vigilant, boosting the attack resilience of both the individual and the entire organization.
As you can see, relying solely on technological measures for protection against phishing is not enough. The human factor should not be underestimated. Engaging with employees and motivating them in matters of information security is essential. That is why simulated phishing exercises are so valuable. If you are in charge of cybersecurity for your organization and do not yet have a dedicated process for reporting phishing and other cyber threats, it is time to establish one. This is a straightforward and effective initial step to shield against cyber threats and kickstart a security awareness program. It is important to properly structure the learning process and run multiple cycles of theoretical and practical sessions on an ongoing basis.
The post How to improve employee phishing awareness appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the realm of digital forensics and incident response, the analysis of volatile memory, commonly referred to as RAM (Random Access Memory), plays a pivotal role in extracting crucial evidence and uncovering valuable information. RAM dump – the process of capturing the contents of a computer’s memory, is a vital step in preserving volatile data for forensic examination. This article aims to shed light on the importance of RAM dump in digital investigations and provide insights into the process involved.
RAM dumps can be acquired using specialised tools like FTK Imager and Magnet Ram Capturer (both of which are available for free) or the analysis can be done using specialised tools or Open source frameworks like Volatility Framework.
Let’s take a look on how to acquire a RAM dump and registry files using FTK Imager.
To acquire RAM and registry files, please follow these steps:
Alternatively, you can select Capture memory from the File dropdown menu inside FTK Imager as illustrated in screenshot below:
Once you select Capture memory, provide a destination path where you wish to save the dump file. Alternatively, you can select to include pagefile. After that, the process of capturing memory will begin.
You will receive a pop up once the process is finished.
Since I chose to capture memory as well as pagefile I will have two files available.
The file with the name “memdump.mem” is the RAM capture file.
You can take the dump file to analyze as required on your forensics workstation.
RAM dump acquisition and analysis are vital components of digital forensics and incident response investigations. The volatile nature of RAM and the real-time information it holds make RAM dump an invaluable source of evidence. By understanding the importance of RAM dump and following proper acquisition and analysis procedures, forensic investigators can uncover hidden data, identify malicious activities, and reconstruct the system’s state during an incident.
However, it is essential to stay updated with evolving technologies, legal considerations, and best practices in RAM analysis to ensure the integrity and effectiveness of the process. Ultimately, RAM dump plays a critical role in modern digital investigations, helping investigators piece together the puzzle and provide essential insights for resolving cases.
The post RAM dump: Understanding its importance and the process appeared first on Cybersecurity Insiders.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the current geopolitical climate, the energy sector, which powers our modern society – from homes and businesses to critical infrastructure and national defense systems, finds itself under the growing threat of cyberattacks.
With the energy sector’s growing dependence on digital technologies and interconnectivity, the attack surface for cybercriminals has expanded. This situation is further complicated by incidents such as the SolarWinds and Colonial Pipeline attacks years ago, which compromised numerous value chains, along with recent escalations in cyber threats. These circumstances highlight the urgent need for a robust and proactive cybersecurity strategy in the energy sector.
According to McKinsey, the energy sector is particularly vulnerable to cyber threats due to several characteristics that amplify the risk and impact of attacks against utilities:
To illustrate the potential impact across the entire value chain, it’s worth noting that electric organizations, in particular, could face cyber threats capable of disrupting various stages, including generation, transmission, distribution, and network segments.
To further strengthen cybersecurity practices in the energy sector, the following key recommendations should be considered:
Given the increasing integration of IT and OT environments, it’s important to highlight that 94% of IT security incidents have also impacted the OT environment. This underscores the ongoing and comprehensive task of securing energy infrastructure from cyber threats.
In this evolving landscape, effective cybersecurity is not a standalone effort but hinges on several key elements:
By adhering to these recommendations and fostering a proactive cybersecurity mindset, we can safeguard our critical infrastructure and ensure a resilient energy future.
The post Protecting energy infrastructure from cyberattacks appeared first on Cybersecurity Insiders.