Category: Detect

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

How can you effectively manage a security budget in a recession? An economic downturn will likely impact your team, so you must prepare to balance your cybersecurity needs with your spending limits.

How will a recession impact security teams?

Cyber attacks become more common during recessions because potential insider threats and fraud cases increase. On top of the risks, you likely must deal with reduced budgets and staff. Less flexible spending usually means you have to take on larger workloads.

In addition, you face increased risk from anyone who was let go due to the economic downturn. They know your organization’s security vulnerabilities and how to exploit them if they want to retaliate. Cybercrime also gives them an opportunity to utilize their skills for financial gain. You must effectively manage your budget to prepare for such effects.

Preparing security budgets for a recession

Your organization will likely cut or limit your security budget, so you must prepare to handle increased security threats with less flexible spending. The key to an adequate long-term solution is to consider the returns you’ll get for each investment.

•  Consider a loan

Getting a loan to boost your security budget may be a good approach if you need more flexibility with your expenses. However, you must be aware of transaction types to navigate the complexities of borrowing adequately. For example, hindering is the practice of keeping assets from creditors, which is fraud. Establish a relationship with a trustworthy lender before committing. In addition, you should ensure you fully understand your contract and repayment responsibilities.

•  Get cyber insurance

Cyber insurance is a great consideration. You can justify the expense because a recession puts you at greater risk for data breaches and network intrusions. Since it typically covers damages, information restoration and incident response, it can put you in a better place financially.

•  Prioritize spending

Prioritizing cybersecurity spending is the first step you should take to prepare your team for an economic downturn. Identify your compliance and essential security needs, and determine how to support them with a smaller budget. You can then take inventory of your technology and labor necessities and decide how to allocate funds properly.

•  Analyze technology needs

You can only effectively manage your security budget if you fully understand what you’re working with. Take inventory of the hardware and software you possess, and categorize it. Even if you don’t have to cut your existing equipment, doing so may give you future spending flexibility. Identify what is essential to your team and isn’t, then decide what you can efficiently operate without.

In addition to potentially saving you money in the long term, taking note of your equipment can inform your security decisions. For example, your cloud platform may be helpful for storage purposes but can also open you up to unique risks. Since everything is a potential attack surface, you may be better off operating with only the essentials.

Assessing your technology may help you optimize spending, as well. You can recognize security gaps more quickly when you have an accurate inventory. It also allows you to patch, update and manage devices, reducing the chance of experiencing an expensive breach.

•  Reconsider vendor relationships

Most organizations have relationships with vendors for their cybersecurity needs. While many outsource to reduce expenses during economic downturns, it can open them up to increased risk. You should reconsider your use of third-party services or platforms. It may be more affordable to use them initially, but consider they may also be making compromises that threaten your data or systems.

Effectively budgeting during a recession

Preparation is crucial, but continuous budget management is essential. You’ll have to routinely reevaluate your security spending to align with the recession’s effects.

•  Leverage automation

Automating workflows with artificial intelligence (AI) is an excellent solution if you have large workloads or need more staff. It can complete tasks in seconds without your input or assistance, so you can let it run on its own while focusing on more essential duties. Despite its speed, its decisions are accurate because they’re data-driven. While AI may require a larger initial investment, it’s usually worth it.

On top of reducing labor expenses, it can save your team money when handling security issues. Organizations using automation and AI saved over $3 million during data breaches and controlled them 74 days earlier than those without the technology. It allows for more flexibility in your department’s budget because dealing with situations becomes more affordable. Since it can also scale with your needs, you can adjust its involvement as necessary.

•  Increase training

Training is essential since human error causes 95% of cybersecurity issues for organizations. You only need to spend on labor, which can be an effective strategy. Your department’s budget may be limited, but consider the benefits of allocating funds toward upskilling. It can inform your team of potential risks during the recession. Also, it can better prepare them to respond to security threats — a critical factor for those dealing with high workloads or understaffing.

•  Focus on employee retention

The cybersecurity skills shortage is a significant factor to consider because you’ll likely see its impact during the recession. The longer it goes on, the more you may feel its effects. Employee retention is essential to mitigate this challenge.

You could use a multi-layered security architecture to make your role manageable. It’s a cost-effective approach to reducing burnout and simplifying tech stacks — some of the main ways to keep your team productive.

Balancing security and spending

A recession may limit your budget, but you can continue to provide security to your organization if you manage it effectively. Ensure you understand your equipment needs, prioritize spending and stabilize your team’s workload.

The post Effectively managing security budgets in a recession appeared first on Cybersecurity Insiders.

We’re pleased to announce the availability of the 2023 AT&T Cybersecurity Insights Report: Focus on Healthcare. It looks at the edge ecosystem, surveying healthcare IT leaders from around the world, and provides benchmarks for assessing your edge computing plans. This is the 12th edition of our vendor-neutral and forward-looking report. Last year’s focus on healthcare report documented how we secure the data, applications, and endpoints that rely on edge computing (get the 2022 report).

Get the complimentary 2023 report.

The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.

At the onset of our research, we established the following hypotheses.

• Momentum edge computing has in the market.
• Approaches to connecting and securing the edge ecosystem – including the role of trusted advisors to achieve edge goals.
• Perceived risk and perceived benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

The role of IT is shifting, embracing stakeholders at the ideation phase of development.

Edge computing is a transformative technology that brings together various stakeholders and aligns their interests to drive integrated business outcomes. The emergence of edge computing has been fueled by a generation of visionaries who grew up in the era of smartphones and limitless possibilities. Look at the infographic below for a topline summary of key findings.

In this paradigm, the role of IT has shifted from being the sole leader to a collaborative partner in delivering innovative edge computing solutions. In addition, we found that healthcare leaders are budgeting differently for edge use cases. These two things, along with an expanded approach to securing edge computing, were prioritized by our respondents in the 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem.

One of the most promising aspects of edge computing is its potential to effectively use real-time data for patient care, revolutionizing healthcare outcomes and operational efficiency. While mobile devices and personal computers are still extremely popular in healthcare, their ubiquitous availability and connectivity make them vulnerable to cyberattacks. Successful cyberattacks can disrupt services, highlighting the need for robust cybersecurity measures.

Edge computing brings the data closer to where decisions are made.

With edge computing, the intelligence required to make decisions, the networks used to capture and transmit data, and the use case management are distributed. Distributed means things work faster because nothing is backhauled to a central processing area such as a data center and delivers the near-real-time experience.

With this level of complexity, it’s common to re-evaluate decisions regarding security, data storage, or networking. The report shares the trends emerging as healthcare embraces edge computing. One area that’s examined is expense allocation, and what we found may surprise you. The research reveals that the allocation of investments across overall strategy and planning, network, application, and security for the anticipated use cases that organizations plan to implement within the next three years.

How to prepare for securing your healthcare edge ecosystem.

Develop your edge computing profile. It is essential to break down the barriers that typically separate the internal line of business teams, application development teams, network teams, and security teams. Technology decisions should not be made in isolation but rather through collaboration with line of business partners. Understanding the capabilities and limitations of existing business and technology partners makes it easier to identify gaps in evolving project plans.

The edge ecosystem is expanding, and expertise is available to offer solutions that address cost, implementation, mitigating risks, and more. Including expertise from the broader healthcare edge ecosystem increases the chances of outstanding performance and alignment with organizational goals.

Develop an investment strategy. During healthcare edge use case development, organizations should carefully determine where and how much to invest. Think of it as part of monetizing the use case. Building security into the use case from the start allows the organization to consider security as part of the overall cost of goods (COG). It’s important to note that no one-size-fits-all solution can provide complete protection for all aspects of edge computing. Instead, organizations should consider a comprehensive and multi-layered approach to address the unique security challenges of each use case.

increase your compliance capabilities. Regulations in the healthcare industry can vary significantly across different jurisdictions, including countries, states, and municipalities. This underscores the importance of not relying solely on a checkbox approach or conducting annual reviews to help ensure compliance with the growing number of regulations impacting healthcare organizations. Keeping up with technology-related mandates and helping to ensure compliance requires ongoing effort and expertise. If navigating compliance requirements is not within your organization’s expertise, seeking outside help from professionals who specialize in this area is advisable.

Align resources with emerging priorities. External collaboration allows organizations to utilize expertise and reduce resource costs. It goes beyond relying solely on internal teams within the organization. It involves tapping into the expanding ecosystem of edge computing experts who offer strategic and practical guidance. The healthcare industry is familiar with the concept of engaging external subject matter experts (SMEs) to enhance decision-making. Involving outside SMEs can help prevent expensive mistakes and accelerate the deployment process. These external experts can help optimize use case implementation, ultimately saving time and resources.

Build-in resilience. Consider approaching edge computing with a layered mindset. Take the time to ideate on various “what-if” scenarios and anticipate potential challenges. For example, what measures exist if a private 5G network experiences an outage? Can patient data remain secure when utilizing a public 4G network? How can business-as-usual operations continue in the event of a ransomware attack?

Successful healthcare edge computing implementations require a holistic approach encompassing collaboration, compliance, resilience, and adaptability. By considering these factors and proactively engaging with the expertise available, healthcare organizations can unlock the full potential of edge computing to deliver improved patient outcomes, operational efficiency, and cost-effectiveness in the ever-evolving healthcare landscape.

The post Get the AT&T Cybersecurity InsightsTM Report: Focus on Healthcare appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As organizations across every sector come to rely more and more heavily on digital data storage, digital work platforms, and digital communications, cyber attacks are becoming increasingly common. Enterprising cyber attackers see opportunities abound with the widespread digital transformation across industries. Social engineering cyber attacks present a particularly potent threat to organizations. 

In this article, we will take a look at why training your employees to become aware of social engineering cyber attacks is key to protecting your business. We will explore the most common forms of social engineering attacks. Finally, we’ll also share key actionable advice to help educate and defend your employees against social engineering schemes. 

Why cybersecurity awareness is important

Oftentimes the most vulnerable element in any organization’s cybersecurity defense system is an unaware employee. When someone does not know the common features of a social engineering cyber attack they can easily fall for even the most widespread cyber attack schemes. 

Educating employees on signs to look out for that might indicate a hidden cyberattack attempt and training employees on security policies and appropriate responses is essential to creating a resilient company-wide cybersecurity policy. 

Three common types of social engineering attacks

To understand how to identify, trace, and respond to social engineering cyber attacks, it is important to get to know the most common forms that social engineering attacks can take. 

A social engineering attack occurs when a bad actor contacts an unsuspecting individual and attempts to trick them into providing sensitive information (such as credit card details or medical records) or completing a particular action (such as clicking on a contaminated link or signing up for a service). 

Social engineering attacks can be conducted over the phone, or via email, text message, or direct social media message. Let’s take a look at the three most common types of social engineering cyber attacks:

• Phishing

Phishing is a type of social engineering attack that has bad actors posing as legitimate, and oftentimes familiar, contacts to extort valuable information from victims, such as bank account details or passwords. 

Phishing attacks can come in the form of emails claiming to be from legitimate sources- such as a government body, software company you use, or relative. Bad actors can hack someone’s legitimate account, making the communication seem more convincing, or they can impersonate an official organization, copying their logo and content style. 

• Pretexting

Pretexting attacks occur when a bad actor invents a story to gain an unsuspecting victim’s trust. The bad actor then uses this trust to trick or convince the victim into sharing sensitive data, completing an action, or otherwise accidentally causing harm to themselves or their affiliated organizations. 

Bad actors may use pretexting to manipulate an individual into downloading malware or compromised software, sending money, or providing private information, including financial details. 

• Baiting

Baiting is a similar type of social engineering attack to pretexting. While in a pretexting attack the bad actor lulls a victim into a sense of false security with a compelling narrative, a baiting attack uses enticing promises to trick a victim into completing an action or providing information. 

Essentially baiting involves a bad actor setting a trap for victims. This trap could be an email attachment or file sent through social media messaging that at first seems legitimate, but includes malware. Victims may not even be aware that they have fallen for a baiting scheme, as the malware could be downloaded onto their device without them knowing about it. Bad actors can also use baiting to steal bank details or other personal data from victims. 

How to educate employees to recognize social engineering attacks

Each employee should be able to adequately recognize and respond to social engineering attack attempts; when every employee knows how to do this your organization will have a robust level of human security defending the organization against cyber breaches. 

• Conduct regular security awareness training

Make sure that cybersecurity is a priority for employee education. The more your employees are reminded of the importance of cybersecurity, the more likely they will be to remember the correct course of action to take in the event of an attack attempt. Include cybersecurity information posters on the walls of your office, upon which you can try integrating QR codes to provide a multimedia and more secure way for employees to access this information while on the go. 

Encourage employees to read up on the latest cybersecurity protocols and attack methods. And schedule regular mandatory cybersecurity training sessions to refresh employees on how to stay vigilant against cyber attacks and where to report suspicious activity when it occurs. 

• Utilize Multi-factor Authentication

Multi-factor Authentication, or MFA, maintains a higher level of security against each attempt to access your company networks and files. Multi-factor authentication can require employees to answer security questions, provide a one-time-only code that is sent to their email or phone number, or pass through secure restricted access digital gateways using another method that verifies their identity and right to access that digital space. 

With multi-factor authentication in place, hackers who successfully access one employee’s phone number, login info, or email address will still not be able to compromise the security of the entire organization. 

Track company KPIs

Your organization should create a shared checklist that employees can consult and reference in the event of a suspected (or successful) cybersecurity breach. 

This document should contain all relevant security KPIs, or key performance indicators, that provide measurable metrics. Employees will be able to trace and evaluate the robustness of your organization’s security system based on whether or not these individual metrics are performing at the appropriate level. 

• Implement strong password requirements

Ensure that every employee is maintaining good password hygiene. Each employee should utilize a unique combination of letters, numbers, and symbols, including both uppercase and lowercase levels. 

Employees should never use the same password for multiple accounts, and they should avoid using any phrases or words that may be easy for hackers to guess. Birthdays, anniversaries, pet names, and song lyrics should never be used as passwords. 

• Establish company-wide cybersecurity policies

Confusion about your organization’s expectations and standards can lead to further weak spots, vulnerable points, and openings for enterprising cyber attackers to exploit. Make sure every employee has a clear understanding of company policies surrounding cybersecurity. 

Organizations that are hiring freelance employees, for example, will need to be on extra high alert. Freelancers or independent contractors your company works with may not always comply with the basic security guidelines and expectations that full-time employees hold to. 

To avoid this, establish clear cybersecurity expectations from the start of the professional working relationship by laying out cybersecurity policies in the freelancer contract. Look for freelancing contract templates that come with flexible customization options, so you can be sure to include the relevant section about cybersecurity policy agreements for freelancers and contractors. 

• Use common sense

It may sound obvious, but following up on a hunch to double-check whether or not an offer or request seems legitimate is a great way to defend against social engineering scams. If you receive an email that seems suspicious, for example, try contacting the original sender- whether that was a colleague, a friend, or a company. Use another method to contact them and double-check whether it was indeed them trying to contact you. 

If a request seems suspect, there is a good chance it is a scam. If a bad actor is trying to scam you, then taking the extra time to verify can save you hours of cleanup, not to mention financial damages and reputation loss. Employees can report suspicious phone calls or text messages directly to their phone carriers, who may be able to track the perpetrator and restrict their access. Or employees can file a complaint with the FBI Internet Crime Complaint Center. 

Final thoughts

Defending against sophisticated social engineering attacks can be a daunting challenge for any organization. The best method of protecting sensitive data and preventing unwanted access to restricted organization networks is to implement a multilayered approach to cybersecurity. 

Provide each employee with the training and education that will eliminate accidental individual cybersecurity slip-ups and you will have a more robust, well-rounded, and dynamic cybersecurity defense system. 

Make use of common sense, encourage employees to report suspicious activity, conduct frequent employee security training sessions, track KPIs with shared checklists, and establish clear company-wide security policies. Ensure that every employee knows how to create a secure password, and set up multi-factor authentication procedures. 

With a highly aware workforce, your organization will be better equipped to prevent phishing, pretexting, baiting schemes, and other forms of social engineering cyber attacks.

The post The human element of Cybersecurity: Nurturing a cyber-aware culture to defend against social engineering attacks appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Today’s companies operate in a complex security environment. On the one hand, the threat landscape is growing. Bad actors are becoming more and more refined as they get access to new tools (like AI) and offerings (like hacking-as-a-service). On the other hand, companies are dealing with more sensitive data than ever before. This has prompted consumers and regulators alike to demand for better security practices.

To top it all off, companies are operating in an increasingly decentralized digital model. Gone are the days of firewalls. Employees want to be able to access work from anywhere, and on their own networks and devices. This has heightened the prevalence of insider threats, making it much easier for employees to inadvertently (or intentionally) share corporate data with others.

One way that insider threats have become particularly problematic is through social media. In this article, we’re taking a closer look at how social media can compromise data security for organizations — and what they can do to address this concern.

The challenge with social media

Depending on the platform, social media encourages users to share information about their life and experiences in varying degrees. When it comes to employees, social media can easily be a channel to discuss work-related topics, whether that’s sharing excitement about an upcoming product feature, posting a photo of a company event, or even sharing sensitive information with a colleague via private chat features. This degree of sharing — both of personal and corporate information — can pose a number of challenges for businesses.

For starters, there’s a risk of accidentally sharing information. An employee could post a picture of their desk on Instagram to show off their lunch for the day or the view from their office and forget to blur the sensitive information on their computer screen. Alternatively, a software developer might seek out peers on a Reddit forum to try and solve a particular issue with their code, and inadvertently share proprietary code when asking for help.

Some social media channels also allow for a certain degree of anonymity. A disgruntled employee could take to Twitter or Reddit and make corporate secrets widely available to competitors or regulators.

On the other side of the equation, cybercriminals use social media platforms as resources for their attacks. These bad actors understand that people are prone to sharing information, so they access public profiles to try and glean useful information that can then be used for sophisticated social engineering attacks. In addition, they can use the likes of LinkedIn to map out an organizational structure, get access to corporate email addresses, and even identify when core individuals are on vacation. They can also review an individual’s follower or contact list, create a fake account for someone at the company that’s not on the list, and encourage the employee to share sensitive information.

All of these challenges can put a business at risk of sophisticated threats including phishing and other forms of social engineering, brand impersonation aimed at tricking customers, data theft, and even large-scale data breaches. Despite the potential impact of a social media leak, it’s notoriously difficult for companies to control the egress of data through these platforms. That said, below are some of the things companies can proactively do to mitigate these threats.

Staying ahead of social media threats

Businesses can’t dictate what their employees say on their personal social media accounts — that’s a given. That said, they can educate their users on the dangers of disclosing too much information and the best ways to protect their data, credentials, and corporate details. This can be done through onboarding training, gamified security weeks where employees are given challenges to identify and act out security best practices, as well as lunch and learns dedicated to security.

For companies that provide their employees with mobile devices, there’s also an opportunity to set clear expectations around what can be posted from a corporate device or not. They can also encourage individuals to change their phone passwords often, and to use a password manager for their social accounts.

There are also services and technologies that can help here. For example, companies can hire social media scanning services to identify fraudulent accounts and flag them to employees. In addition, a comprehensive data loss prevention tool can also be instrumental in identifying when sensitive data has been exposed and kickstarting an immediate response.

Evolving with the times

When it comes to maintaining robust security measures, companies have a responsibility to keep up with cultural shifts and the adoption of new platforms. Security practitioners need to be continually aware of any new threat vectors, incorporating new measures and policies as needed and keeping up with best practices. This is why having a robust, comprehensive, and iterative cybersecurity strategy — one that accounts for both insider and external threats — is more important than ever. 

The post How social media compromises information security appeared first on Cybersecurity Insiders.

Introduction

Whether you are new to the world of IT or an experienced developer, you may have heard of the debugging concept of the ‘programmer’s rubber duck’. For the uninitiated, the basic concept is that by speaking to an inanimate object (e.g., a rubber duck) and explaining one’s code or the problem you are facing as if you were teaching it, you can solve whatever roadblock you’ve hit. Talking to the duck may lead to a “eureka!” moment where you suddenly discover the issue that has been holding you back, or simply allow you to clarify your thoughts and potentially gain a new perspective by taking a short break.

This works because as you are “teaching” the duck, you must break down your code step by step, explaining how it works and what each part does. This careful review not only changes how you think about the described scenario but also highlights flaws you may not have otherwise identified. Since the rubber duck is an inanimate object, it will never tire or become disinterested during these conversations. Understandably, this also means that the duck cannot provide you any actual support. It won’t be able to help you summarize your ideas, offer recommendations, point out flaws in syntax or programming logic.

Enter now the tool taking the world by storm, ChatGPT. Even at its most basic tier ChatGPT offers incredible value for those who learn how to work with it. This tool combines in one package all the benefits of the rubber duck, patience, reliability, support, while also being able to offer suggestions. While it provides the patience and reliability of the classic ‘rubber duck’, ChatGPT also has the ability to offer helpful suggestions, review code snippets*, and engage in insightful dialogue.

ChatGPT has the opportunity to significantly speed up development practices and virtually eliminate any form of “coders-block” without needing any complex setup or advanced knowledge to use effectively. The tool can also remove many barriers to entry that exist in programming, effectively democratizing the entire development pipeline and opening it up to anyone with a computer. The premise of a rubber duck extends beyond the realm of programming. Individuals across various professions who require an intuitive, extensively trained AI tool can benefit from ChatGPT – this modern interpretation of the ‘rubber duck’ – in managing their day-to-day tasks.

*This is highly dependent on your use-case. You should never upload sensitive, private, or proprietary information into ChatGPT, or information that is otherwise controlled or protected.

Benefits

ChatGPT offers numerous benefits for those willing to devote the time to learning how to use it effectively. Some of its key benefits include:

• Collaborative problem-solving
• Ability to significantly reduce time spent on manual tasks
• Flexibility
• Ease of use

Drawbacks

The tool does come with a few drawbacks, however, which are worth considering before you dive into the depths of what it can offer. To begin with, the tool is heavily reliant on the user to provide a clear and effective prompt. If provided a weak or vague prompt it is highly likely that the tool will provide similar results. Another drawback that may catch its users by surprise is that not a replacement for human creativity or ingenuity. You cannot, thus far, solely rely on the tool to fully execute a program or build something entirely from scratch without the support of a human to guide and correct its output.

Suggestions

Although ChatGPT is a fantastic tool I recognize that using it can be overwhelming at first, especially if you are not used to using it. ChatGPT has so many capabilities it is often difficult to determine how best to use it. Below are a few suggestions and examples of how this tool can be used to help talk through problems or discuss ideas, regardless of whether you’re using it for programming or not.

Structure your prompt

When making any request that does not have a clearly defined scope or conclusive answer, you must construct your prompt appropriately. To help craft the perfect prompt, it can be helpful to write out what you are looking to accomplish, and what you are looking for ChatGPT to assist with before you begin writing your prompt. Using that information, you can extract the key information to form your request. You can improve the output provided by ChatGPT in a few ways, including:

• Adding as much information as you have. The more you give it, the better it will be able to assist. This may include:
  • Your industry or role
  • Examples of similar topics, or references you want its output to mimic
  • Additional supporting information such as location, budget, age, or other relevant details
• Making your request clear, and specific.
• Refining its output as you go (e.g., asking it to expand on a topic)

Ask directly

If you know what you’re looking for, it can be helpful to directly ask ChatGPT what it needs to help you solve your problem. For example, you may structure your prompt like this:

“I need help doing . I would like you to provide guidance on completing it, as well as any suggestions you deem relevant. What information do you need from me to assist you?”

At this point, ChatGPT will give you a breakdown of what information it needs to assist you. This often comes in a well-structured list, with a sentence or two of description attached to each category to help you understand what it is looking for.

Elaborate, elaborate, elaborate

As you work through the collaborative process, it can be helpful to amend your initial ask by providing additional details or insight. At any point during the back-and-forth, you are encouraged to elaborate on your initial point, or any area you feel it is struggling. This may include giving more details on your project or problem, providing examples of what you have already tried, or asking the tool to change how it is giving you information. Occasionally you may also need to ask it to ignore previous information, or to alter the course it is taking.

Useful prompts

I’ve listed some other useful prompts below along with some use cases to give you some ideas how to use this tool.

• “I want you to act as and assist me with .”
• “Please write about improving as a .”
• “Using please .”
• “Create of suggestions, considering .”

Sample conversation

Provided prompt: Please write about ways to improve security implementation into a CI/CD pipeline**.

Response: Implementing security into a Continuous Integration/Continuous Deployment (CI/CD) pipeline can ensure that the software you deliver is free from vulnerabilities. Continuous security, often known as DevSecOps, is about infusing security practices into your DevOps process. Here are several ways to improve security implementation into a CI/CD pipeline:

1. Static Application Security Testing (SAST): Use SAST tools in the CI pipeline to analyze source code for potential security vulnerabilities. These tools can help you identify issues before they become significant problems, and they’re most effective when used early in the development cycle. The process should be configured to break the build if issues of a certain severity level are discovered.
2. Dynamic Application Security Testing (DAST): Use DAST tools in the CD pipeline to analyze your web applications in their running state for vulnerabilities. DAST can effectively detect issues that appear only in a running application, like injection attacks and cross-site scripting.
3. Dependency Scanning: Most projects use a lot of dependencies, and it’s crucial to regularly check these for vulnerabilities. Automated dependency checkers can alert you about insecure libraries and suggest safer alternatives or updates.

**This prompt was submitted to ChatGPT 4. Its response was truncated to only list the first three recommendations.

Conclusion

From helping developers solve problems, to empowering small businesses to compete in ways they never imagined, the new age of AI-powered technology is certain to bring numerous changes to the way people and businesses operate. While this technology is certainly still in its infancy, it has astronomical potential to reimagine how we do our work. The current features offer numerous opportunities to act as a force multiplier when paired with subject matter experts, and can handle a lot of work that is currently handled manually.

Even when you can’t share specific details due to security or privacy concerns, ChatGPT and similar tools can be used to brainstorm ideas on a more generalized level. It is essential for all organizations, and individuals, to stay abreast of new technologies as they become available so that appropriate use cases can be developed and implemented. This is not to say that the tools available today are without fault, or should be relied on to the exclusion of all else, however. In the business environment, every new tool should be reviewed and approved for specific use where necessary. Individually, we must each take some responsibility for how we use technology and ensure it is employed in both an ethical and effective manner.  

I encourage you to test drive the tool yourself so you can see what it can do for you, or for your business. ChatGPT can be applied to many industries and numerous topics, and is primarily limited by your own creativity. Even with its current drawbacks, this tool has the potential to become a fulcrum for us to apply the lever of human ingenuity against to reap incredible results.

The post ChatGPT, the new rubber duck appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the realm of data security, there exists a captivating technique known as whitespace steganography. Unlike traditional methods of encryption, whitespace steganography allows for the hiding of sensitive information within whitespace characters, such as spaces, tabs, and line breaks.

This inconspicuous approach to data concealment has gained significant attention in recent years as a means of secure communication. In this blog, we will delve into the world of whitespace steganography, exploring its techniques, applications, tools, and ethical considerations for educational purposes.

Whitespace steganography is a method of concealing data within whitespace characters that are often overlooked or deemed insignificant. By strategically modifying the frequency or arrangement of whitespace characters, hidden messages can be embedded within a text document. To the naked eye, the document appears normal, but those aware of the encoding technique can retrieve the concealed information.

In whitespace steganography, several techniques are employed to conceal information effectively. These techniques include altering the frequency of whitespace characters, such as adding or removing spaces, tabs, or line breaks. Another approach involves manipulating the arrangement of whitespace characters to represent encoded data. Various algorithms, such as the Least Significant Bit (LSB) technique, can be utilized to embed and extract hidden messages from whitespace.

Whitespace steganography finds applications in a range of scenarios where secure communication and data protection are paramount. Some common use cases include:

• Covert communication: Whitespace steganography allows individuals to exchange sensitive information discreetly, evading detection and interception.
• Document protection: Concealing critical information within whitespace characters can help protect sensitive documents from unauthorized access or tampering.
• Digital watermarking: Hidden within whitespace, digital watermarks can be embedded in images or documents to protect intellectual property or verify authenticity.

Numerous open-source tools are available that facilitate whitespace steganography. These tools provide features and functionalities for encoding and decoding hidden messages within whitespace characters. Notable examples include Snow, Steghide, OpenStego, and Whitespace. There are also closed source or commercial whitespace steganography tools that offer advanced capabilities and additional security features. These tools often provide user-friendly interfaces, encryption algorithms, and integration with other security technologies. Some popular closed-source tools include SilentEye, OutGuess, and Masker.

In this blog, we will use Snow (Steganographic Nature of Whitespace) to see a working example of whitespace steganography -the tool can be downloaded from here.

As per the documentation, The Snow program runs in two modes – message concealment, and message extraction. During concealment, the following steps are taken.

Message -> optional compression -> optional encryption -> concealment in text

Extraction reverses the process.

Extract data from text -> optional decryption -> optional uncompression -> message

Now, let’s look on a working example.

We have downloaded the 32-bit version of Snow, and we’ve ensured that Java runtime environment (JRE) is installed on our system. Once everything is in place extract Snow to the desired directory. To run Snow, you will need to run command prompt as administrator and move to the directory where you have extracted Snow.

Once you are in the directory, you will need an input file (we are using a text file for demonstration)

Now, let us try to conceal a message “Hello There.” using Snow.
 

In the above example we concealed a message in the input file and created an output file using Snow (to avoid any contradiction we kept the input file in same directory as Snow)

In the above example we used -C for compression, -p for password and -m for message.

Now let us take a look at the output file.

Now let’s see if there are any differences in size of input and output files.

We can observe that there is a difference in size – however, when we open the output file it looks the same as the input file.

Now, let’s try to read the hidden message. Let’s run the command prompt as administrator and move to the directory of Snow where the output file is located.

So, I tried with wrong password once and then with the correct password as you can see below:

This was a demonstration of whitespace steganography using Snow and is purely for educational and research purposes to understand how it works in real life scenarios.

Steganalysis: Detecting steganography

Steganalysis refers to the detection and analysis of hidden messages within digital content. While whitespace steganography can be difficult to detect, specialized techniques and tools are available to identify potential instances of concealment. Steganalysis plays a vital role in identifying potential misuse and ensuring responsible use of steganography. We’ll dive deep into steganalysis in coming blogs.

Ethical usage and disclosure are crucial when it comes to steganography. It is important to adhere to legal regulations and privacy laws governing data security and communication. Whitespace steganography should be used responsibly for educational purposes only, emphasizing the importance of obtaining proper consent and ensuring ethical practices.

Whitespace steganography offers a remarkable approach to secure communication and data protection. By harnessing the power of seemingly innocuous whitespace characters, sensitive information can be concealed within plain sight. Understanding the techniques, applications, and tools associated with whitespace steganography enables individuals to navigate the field responsibly. As technology continues to advance, the future of whitespace steganography holds the potential for further innovations in secure communication and data privacy.

The post Unveiling the secrets: Exploring whitespace steganography for secure communication appeared first on Cybersecurity Insiders.

Executive summary

Credential harvesting is a technique that hackers use to gain unauthorized access to legitimate credentials using a variety of strategies, tactics, and techniques such as phishing and DNS poisoning. Phishing is the most frequent type of cyber threat and can lead to more harmful attacks such as ransomware and credential harvesting.

According to recent research, phishing assaults targeted credential harvesting in 71.5% of cases in 2020. 72% of employees admitted to clicking on a phishing email’s malicious link, making it easy for attackers to gather credentials.

Phishing is a type of social engineering attack that tricks victims into disclosing personal information or downloading malicious software. It is one of the most difficult cyber threats to eliminate as it relies on human defenses, and organizations must consistently teach personnel to spot the newest phishing techniques. 

The Managed Extended Detection and Response (MXDR) SOC team received an alert regarding a user clicking on a suspicious URL in an email and the subsequent traffic was allowed. However, ProofPoint effectively rewrote the URL to prevent some of the potential threats. The SOC team notified the customer about the successful phishing attack by creating an investigation report containing all the events between the attack and lockout.

Investigation

Initial alarm review

Indicators of Compromise (IOC)

The first alert was triggered when a user clicked on a link contained in a phishing email, which was permitted to pass through. The email’s content was crafted to deceive the user into divulging their login credentials. Because the link’s URL did not have a signature indicating a poor reputation on Open-Source Intelligence (OSINT), ProofPoint did not intercept the initial click.

Expanded investigation

Events search / Event deep dive

While investigating phishing cases, you must check all recipients who received the same phishing email and who clicked the attachment URL, and whether the firewall allowed the HTTP URL request or not. A review of the previous ninety days of events revealed there was one additional recipient, however, logs showed the email was quarantined after user’s click. The first click on the malicious URL by the initial user was allowed. However, ProofPoint’s URL defense feature conducted a heuristic behavioral-based analysis and determined the URL to be malicious. As a result, the second click by the initial user and any subsequent clicks by other users were effectively blocked by ProofPoint.

After conducting an OSINT analysis, it was determined that the sender’s email fails to pass DMARC (Domain Message Authentication Reporting and Conformance), and MX record authentication. This raises concerns regarding the legitimacy of the email. Also, OSINT searches indicate that both recipient emails have been compromised, though the exact time remains unknown.

DMARC is a protocol used to authenticate emails and prevent phishing attacks by verifying the sender’s domain. It checks if the sender’s domain matches the domain in the emails “From” header. If they do not match, the email is fraudulent and can be rejected or marked as spam. On the other hand, MX records are DNS records that specify the mail server responsible for accepting email messages on behalf of a domain. Attackers can use MX records to redirect email traffic to a fraudulent mail server and steal sensitive information. Therefore, DMARC and MX records are crucial in preventing phishing attacks by ensuring that email traffic is directed to legitimate mail servers and verifying the authenticity of email senders.

Further investigation into the email’s URL using advanced tools like Urlscan.io and screenshotmachine.com identified it as malicious – attempting to extract user outlook credentials. However, the attachments’ file hash has no OSINT record, which renders static analysis impossible to determine whether the file attachment poses a threat or not. Therefore, it would be a good option to identify the file by analyzing it with a full sandbox* analysis.

A sandbox is a controlled environment used to test software and applications without affecting the host system. Sandboxing is important because it helps to identify and mitigate potential security vulnerabilities, viruses, and malware. It also minimizes the risk of damage to the production system by limiting the impact of potential threats to the sandbox, providing an extra layer of security against malicious activity.

Reviewing for additional indicators

At this point, the attacker tried to get “Initial Access (tactic)” into the network by using a “phishing” technique based on the Mitre Att&ck Framework.

During the initial access phase of a cyberattack, attackers use techniques like exploiting vulnerabilities or phishing to gain their first foothold in a network. This foothold then enables them to conduct further attacks. To prevent this, organizations should have a robust defense strategy and perform regular security assessments.

ProofPoint approach

ProofPoint’s URL Defense feature works to protect users from malicious links. This feature uses a two-step approach to ensure maximum protection.

Firstly, if a URL doesn’t have any known malicious signatures, ProofPoint’s URL Defense feature allows the user to click on it using a “URL rewritten” feature. This feature prevents many types of malicious activity, but it’s important to note that until ProofPoint’s heuristic-based analysis determines whether the URL has any potentially malicious behavior, the user may be vulnerable to credential loss if they share their credentials.

Once the user clicks on a URL, ProofPoint’s system analyzes the destination website to identify any potential signs of malicious behavior. If any suspicious activity is detected, access to the website is blocked, and a warning message is displayed to the user. However, if the system doesn’t detect any malicious behavior, the user is able to proceed to the destination website.

It’s important to note that ProofPoint’s URL Defense feature provides significant protection against malicious links, but it may not be able to detect every instance of phishing or malware-based attacks. Therefore, users should remain vigilant when clicking on links in emails and take additional security measures such as multi-factor authentication and employee training to help mitigate the risk of credential loss.

Response

Building the investigation

An investigation was created by following the incident response process. The investigation included identifying the incident, finding the root cause of the incident and Indicators of compromise. Then we made recommendations to the customer on mitigation/remediation steps. We communicated with the customer to ensure necessary actions are executed.

Recommended mitigation steps were:

• Resetting the account password to a stronger one
• Removing the email and email attachments
• Enabling Multi-Factor Authentication (MFA).
• Blocking the URL domain and IP.
• Running an antivirus scan on the asset.

Incident response is an organizational approach and process to manage cybersecurity breaches, incidents, or cyberattacks. It includes multiple steps:

• Identifying an incident/attack
• Minimizing damage
• Eradicating the root cause
• Minimizing recovery cost and time
• Learning lessons from the incident
• Taking preventative action

Customer interaction

The MXDR team responded quickly to the incident and worked with the customer to identify the problem. They confirmed that someone lost their account credentials, but fortunately, no suspicious logins were detected before the account was disabled. The company confirmed they followed the recommended steps, so the email and attachments were quarantined, the URL blocked, and the affected device was scanned by antivirus.

The post Stories from the SOC: Fighting back against credential harvesting with ProofPoint appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

When it comes to protecting data in an evolving threat landscape, two common strategies are at the forefront: incident response and threat hunting. While both processes can safeguard an organization’s data, their approaches, objectives, and execution differ significantly.

Understanding the differences between the two strategies is critical for organizations aiming to:

• develop a comprehensive cybersecurity approach,
• effectively manage incidents,
• proactively detect threats, 
• and build a skilled cybersecurity workforce.

Incident response vs. threat hunting: The basics

Incident response is a reactive process that typically begins when a security breach occurs. It involves a set of processes and procedures used to manage and respond to a cyberattack. The goal is to identify and respond to any unanticipated, disruptive event and limit its impact on the business, minimizing damage and recovery time. Examples of cyberattacks include network attacks such as denial of service (DoS), malware, or system intrusion, to more internal incidents like accidents, mistakes, or system or process failures.

Robust incident response requires the right team, a well-developed plan, and excellent communication.

According to the National Institute of Standards and Technology, the four crucial elements of a robust Incident Response Plan (IRP) should include:

• Preparation
• Detection and analysis
• Containment and eradication
• Post-incident recovery approach

Threat hunting, on the other hand, is about being more proactive. It systematically analyzes an organization’s security posture to identify potential threats before they become active. Threat hunting typically involves looking for threats within your environment and resources that are either compromised or have the potential to be compromised. Risks run the gamut from vulnerabilities with outdated software, insecure access control, or misconfiguration.

In most organizations, threat hunting is conducted by traditional IT security teams and even Incident Response teams. Organizations that have a security operations center (SOC) will often have that team on the frontlines.

Organizations without a SOC or dedicated security team may not be capable of performing threat hunting, but in today’s evolving threat landscape, someone needs to be responsible.

The interplay between incident response and threat hunting

First things first: incident response and threat hunting are not mutually exclusive. In fact, they complement each other as crucial elements of a well-rounded cybersecurity strategy.

Threat hunting can significantly enhance incident response. What this means is that by proactively identifying potential threats, organizations can prevent incidents from occurring in the first place. When incidents do occur, the insights gained from threat hunting can help incident response teams understand the nature of the threat faster and respond more effectively.

So it only makes sense then that incident response can boost threat hunting efforts. By analyzing incidents after they occur, organizations can gain valuable insights into the tactics, techniques, and procedures (TTPs) used by adversaries. These insights can then be used to enhance threat hunting strategies, making them more effective at identifying potential threats.

Empowering organizations through understanding

Understanding the difference between incident response and threat hunting empowers organizations to develop a more comprehensive cybersecurity approach. By knowing when to use each strategy and how they can complement each other, security teams can more effectively manage incidents, proactively detect threats, and protect their systems, data, and reputation.

This knowledge can also help organizations build a more skilled cybersecurity workforce. By training (or hiring) employees in both incident response and threat hunting, organizations can ensure they have the expertise needed to respond to a wide range of cybersecurity challenges.

EDR, XDR, and MDR: How they help with threat detection and response

The role of Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) is a critical component of both incident response and threat hunting. EDR solutions provide visibility into activities surrounding endpoints and allow companies to detect and respond to threats that might not trigger traditional prevention rules. This often leads to faster, more effective incident response.

In the context of threat hunting, EDR solutions can provide valuable insights into endpoint activities, helping organizations identify potential threats before they become active issues. This proactive approach can significantly reduce the time between intrusion and discovery, as time is the most crucial factor in the event of a breach or incident.

The role of Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is an emerging category in cybersecurity that extends the capabilities of Endpoint Detection and Response (EDR). XDR not only focuses on endpoints but also integrates multiple security products into a cohesive security incident detection and response solution. This approach provides broader visibility and context, enabling security teams to detect and respond to threats across various attack vectors, including networks, cloud, endpoints, and applications.

XDR provides several benefits, including improved visibility, simplified security operations, and scalability.

Automated threat hunting is a core component of advanced EDR and XDR solutions. By automating threat hunting activities, organizations can focus their resources on incident investigation and rapid response. This can significantly enhance both incident response and threat hunting, leading to faster detection and response times and improved overall security.

The Importance of Managed Detection and Response (MDR)

Managed Detection and Response (MDR) is a service that combines technology with human expertise to detect and respond to threats in real time. MDR providers use advanced analytics, threat intelligence, and human expertise to monitor, detect, investigate, and respond to threats on behalf of their clients.

MDR services provide some key benefits for organizations that need help with threat hunting and incident response:

24/7 Monitoring and response: MDR providers monitor an organization’s environment around the clock, ensuring that threats are detected and responded to promptly, minimizing potential damage.

Access to expertise: MDR services give organizations access to a team of cybersecurity experts. This is particularly beneficial for organizations that lack the resources to build and maintain an in-house security team.

Proactive threat hunting: Unlike traditional managed security services, MDR providers proactively hunt for threats in an organization’s environment, helping to detect and mitigate threats before they can cause damage.

Cost efficiency: MDR services can be more cost-effective than building and maintaining an in-house SOC. They provide access to advanced security capabilities without the need for significant upfront investment in technology and personnel.

The importance of centralized security visibility

Centralized security visibility is a key piece of the unified cybersecurity platform puzzle. Visibility is crucial for both incident response and threat hunting as you can’t detect or respond to things you can’t see. Essentially, visibility allows organizations to detect and respond to threats wherever they unfold, whether in cloud or on-premises environments.

It’s also important to note that centralized security visibility also simplifies compliance efforts. By consolidating security monitoring and compliance management into a single platform, organizations can more easily demonstrate compliance during audits. With more compliance rules and regulations coming into effect, the ability to reduce the time, resources, and costs associated with compliance can be a game-changer.

How AT&T Cybersecurity can help with incident response and threat hunting

In today’s increasingly complex threat landscape, you need a comprehensive, unified solution that can handle both incident response and threat hunting. USM Anywhere from AT&T Cybersecurity offers a unified platform that combines multiple security capabilities, including EDR, SIEM, network intrusion detection, File Integrity Management (FIM), vulnerability assessment, and more.

This approach provides a single pane of glass for security monitoring, reducing cost and complexity.

If you don’t have the resources to handle incident response or threat hunting internally, AT&T Cybersecurity can help. With our Incident response services, AT&T has experts who can support or supplement your team when suspected unauthorized activities are detected with a full incident management program that includes detection, triage, response, and containment and prevention planning.

Or, you can have your entire organization protected with 24×7 security monitoring from AT&T Cybersecurity Managed Extended Threat Detection and Response, powered by our award-winning USM Anywhere platform and AT&T Alien Labs threat intelligence.

Don’t wait for a security breach to occur before taking action. Proactively protect your organization today.

The post What is the difference between incident response & threat hunting? appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the modern world, cybersecurity and cyber insurance go hand in hand. As we head into the future and the presence of AI in every part of your life grows, so will the responsibilities that need to be taken to ensure security and peace of mind regarding your data and personally identifiable information. As the relatively new cyber insurance industry gets on its feet, it will become more accessible to everyday life, and that trend is already emerging. Teens already are involved in many insurance policies (car, life, health, etc.), so why not add cyber to that and bring the extra reassurance that you are protected against any new threats that could come up?

Insurance is put in place to mitigate your risk against external factors that could cause harm to you, your business, or other entities. Cyber insurance is a sub-industry of this and helps reduce risks from ransomware, data breaches, lawsuits, and more. As more industry gears towards individual cyber insurance, we will likely see policies shifting towards protecting against individual data loss and possible foul play. Cyber insurance is a crucial tool for managing risks in a modern environment. With it, customers can expect to mitigate risks in extortion, identity theft, cybercrimes, and data breaches.

For example, if you were sent a phishing email asking for banking information, you click on it, enter your details, and fall victim to a common scam. You get a wire confirmation not long after. If your policy included wire fraud coverage, you would receive adequate compensation for these problems. This same experience can apply to many other situations and problems. It could range from general cybercrime to identity theft, the commonality being that you would be covered and reimbursed for any associated losses. However, because this insurance genre is so new, every policy is tailored to the individual buyer, so each problem has certain exceptions. To get the best coverage and risk mitigation, you must understand the most important thing for you and your family in an ever-evolving world.

What is Cybersecurity Insurance?

Cyber insurance is a policy that protects you and your personal information online. It’s a way to recover if you’re hacked or experience a data breach. Cyber insurance could cover the cost of repairing your computer, restoring data, and defending yourself if attacked. Cyber insurance is vital because cyber-attacks are becoming increasingly common.

How does it work?

Cyber insurance is like any other type of insurance policy where you pay a monthly or yearly premium to a company, and in return, they cover damages that may occur. In the case of cyber insurance, the policies can vary depending on what you need to be covered. Coverage could include cybercrime, extortion, online identity theft, and data breaches. There are different levels of coverage, such as liability and loss of reputation, when companies suffer data breaches that compromise their customers’ personal information. Overall, cyber insurance is an essential safeguard against cyber threats. A cyber-attack can happen to anyone, and the costs can be staggering. Victims will have to contend with the financial burden without cyber insurance.

AI in the modern era and Cyber Insurance

As technology advances, the threat of AI-driven attacks looms over businesses and consumers alike, making cyber insurance a vital consideration for anyone looking to protect themselves from the consequences of an attack. We, as students, wanted to get an industry experts view on this topic as well, so we sat down with Eric Wistrand, CTO of Couch Braunsdorf Insurance Agency, to discuss the increasing relevance of cyber insurance in modern-day markets as AI ramps up and cybercrime becomes more prevalent.     

In that same ever-evolving world comes the new threat of AI; with it could come new types of impersonations, the potential for far more convincing scams, and overall, the mass reemergence of cybercrimes in many aspects of life. According to Eric Wistrand,  cyber insurance will become increasingly relevant in modern-day markets. As AI ramps up, so will cybercrime; this comes with the potential for litigation no matter what side of the table you’re on. Mr. Wistrand states, “Another aspect of cyber insurance is that it can provide coverage for legal expenses and regulatory fines in the event of a data breach. If a company experiences a breach and customer data is compromised, it may face legal actions from affected individuals or regulatory bodies. Cyber insurance can help cover the costs associated with legal defense and any fines or penalties imposed by regulatory authorities.” As highlighted, this aspect of cyber insurance ensures that companies can navigate potential legal actions and regulatory penalties with financial protection. This cyber insurance legal protection aspect isn’t specific to businesses, and cyber insurance could assist in the realm of cyber-derived individual lawsuits.

It’s worth noting that cyber insurance policies need to be standardized across carriers. Mr. Wistrand explains, “All cyber reliability policies in the market right now are different. So each carrier’s policies are custom, essentially tailor-made for the individual’s needs. Each carrier has its forms and language, making standardization and widespread application more difficult.” As Mr. Wistrand explains, each carrier tailors their policies to meet the specific needs of individuals. This level of .customization ensures that cyber insurance coverage is designed to address the unique requirements of each policyholder. This can be seen as a distinct benefit and hardship for anyone purchasing cyber insurance. On the one hand, there is the potential for far more diverse and specifically tailored coverage; on the other, it could be harder to get. However, this risk may be worth it in today’s ever-changing world, even if it takes a bit longer.

As technology advances, the threat of AI-driven attacks looms over businesses and consumers alike. Mr. Wistrand goes on to state, “Because of the emergence of AI models, we’re going to enter an area where one person that has a concept and is relatively sophisticated but not necessarily off the chart can now launch an attack leveraged by AI, the likes of which we’ve never really seen and it’s gonna be quite scary for businesses and consumers moving forward.” The emergence of AI-powered attacks, which relatively “normal” individuals can now launch, presents unprecedented challenges.

As a result of this sinking level of complexity for these attacks to work, they will become much more common and bring someone who, before the AI revolution, would not be considered a target into the crosshairs of an assailant simply because the resources for these mass attacks are now available. This further reinforces the urgency for consumers to revisit the idea of cyber insurance because, much like when a house fire breaks out, you don’t know when an attack will happen or what the consequences will be. Everyone is a target nowadays, and to be one of the few protected from the results of an attack, looking to cyber insurance may not be a bad idea.

How is it relevant to organizations and modern society?

As a high schooler, protecting your online identity and personal information is essential. While it may seem daunting, it’s a necessary part of life in the modern world. By familiarizing yourself with cyber insurance, you can protect yourself against these threats and enjoy peace of mind. As technology becomes ever more advanced, so too do its risks. Hackers have become more advanced and cyber attacks more frequent.

Cyber insurance has become an indispensable asset to companies that rely heavily on tech in their daily operations and provides coverage against malware attacks, network intrusion, and data loss. Cyber insurance cannot be understated, as the financial repercussions of security breaches can be catastrophic for companies. Cyber insurance provides coverage of costs such as forensic investigations, data restoration services, and legal fees associated with an attack; additionally, it ensures businesses continue operating smoothly after such attacks have taken place by covering losses due to any downtime associated with them.

Overall, cyber insurance is an indispensable risk-management tool in modern business environments. Due to an increasing reliance on technology, businesses face the threat of cyber attacks. Cyber insurance offers companies peace of mind and financial protection should an attack occur; it is a worthwhile investment. Considering its ever-evolving nature, businesses should consider purchasing cyber coverage to safeguard assets while mitigating liabilities.

It is essential to understand the concept of cyber insurance and how it can protect individuals and organizations from cyberattacks or data breaches. Cyber insurance is similar to home and driver’s insurance because it covers unforeseen events. Just as home insurance protects homeowners from damage to their property, cyber insurance protects organizations from damage to their digital property. School districts, for example, are a prime target for cybercriminals, making cyber insurance necessary. Cyber liability insurance protects school districts in the event of cyberattacks or data breaches, covering the costs schools could incur from legal fees, credit monitoring, financial losses, and other services. Cyber insurance for schools is essential to protect educational institutions, students, and staff records.

Like driver’s insurance, cyber insurance premiums can be lowered by preventative measures. Organizations in the education sector can lower their cyber insurance premiums by implementing cybersecurity measures such as regular software updates, employee training, and risk assessments.

It is important to note that cyber insurance is not typically included in general liability insurance policies, just as flood insurance is not typically included in home insurance policies. Therefore, purchasing a separate cyber insurance policy ensures proper coverage in the event of a cyberattack or data breach.

In conclusion, cyber insurance protects organizations from cyberattacks or data breaches. Just as home and driver’s insurance cover unforeseen events, cyber insurance offers coverage for digital property. As a high schooler, it is essential to understand the importance of cyber insurance and how it can protect individuals and organizations from cyber threats.

About the authors:

The co-author, John (Jack) Schlenker, is a Freshman at Ridge High School interested in all things business, finance, and education. He enjoys learning through experiences and always finds it interesting to see activities and topics from a new perspective, especially internationally. “Throughout my time at Ridge, I have learned about many new issues that we face today. One of the biggest and most consistent ones was the issue of cybersecurity and how it is applied in the modern world. I hope to share some of these ideas and help bring a new perspective to anyone who wants to listen!”

Adithya is a Freshman at Ridge High School interested in gaming, gadgets, anime, and working on math proofs. He also enjoys tennis, volunteering to tutor kids in Math and Science, and engaging them with the Big Sibling program at school. “As a Freshman, I am taking a class on financial literacy and computer security where I was introduced to CyberStart, and it got me thinking about how I can apply some of those basic ideas to stay safe in the online (cyber) world-hope you enjoy them!” I constantly seek to expand my knowledge and deepen my experience in dynamic, hands-on STEM initiatives.

The post Navigating the Cyber Insurance landscape as a Gen Z digital citizen appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Following a push for greater cybersecurity capability across the federal structure, new rules are on the way in the aerospace sector. According to the Washington Post, these rules will push liability on airport operators – even smaller enterprises – and demand sophisticated tracking and protection of flight data in the traffic control and data centers of airports nationally. With this push towards new rules and a greater level of security, there will inevitably be room for innovation and procurement of new technologies to fight malicious actors – but what tools will form this new foundation?

Building into the chain

Cybersecurity within the aerospace sector is not limited to just getting the planes off the ground. Indeed, it’s the steps leading up to flight, in the procurement supply chain, where expertise is most required. Fighting off cybersecurity threats effectively is about building resilience into every loop of that chain, and that can only be done so with an interest during every stage of the process.

Indeed, Aviation Week has noted a huge surge in cybersecurity attacks against the supply chain, with levels reaching 600% of the normal in 2023 so far. This extends into government procurement and the super-high security world of federal aviation. The new rules point towards greater responsibility being placed on suppliers from across the chain to take responsibility for their own section and ensure that their safeguards are up to date and using the latest technology.

Changing culture

There is a track record in federal aviation on how to change cultures. As The Register highlights, one pilot-turned-CISO noted how accepting a ‘just’ culture, in which mistakes are accepted, and reported, rather than ruthlessly punished, helped to make pilots better at their job and better at reporting errors. Removing the fear from the process, and having an open but secure system of cyberthreat reporting, will ensure that the culture will change and become more conducive towards fostering security. This is crucial – there must be a tightness over restricting cybersecurity challenges, but there must also be a permissiveness to make mistakes and learn from them.

Meeting future challenges

Cybersecurity faces challenges whenever technology shifts up a gear, and that’s set to happen once again. As the government highlights, electric aviation is on the way – for short haul at least – and that creates yet more flight risk. All modern aircraft are dependent on digital circuits, of course, but the more advanced the craft, the less contingency is built in to account for returning to mechanical means if those digital arrangements are compromised. Accordingly, there’s a lot of catchup for manufacturers to consider in order to meet the demands that electric aviation will present in its ultra-clean future.

In a word, the future of aviation cybersecurity is collaboration. Working with partners, pilots, technologists and planners to meet the challenge requires collaboration. In such a high-profile and high-stakes industry, it’s inarguable that any other approach will work as well.

The post ​​​​​​​With new aerospace Cybersecurity rules set to land – What’s the standard for operators? appeared first on Cybersecurity Insiders.