Category: Detect

This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here. The fourth blog on API testing for compliance is here.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs) The table below lists them.

New entities going through compliance for the first time can provide just the most recent quarter’s worth of each of the applicable scans (and rescans, if necessary) as long as they are “clean”, i.e., they passed all the required elements with no critical or serious findings.

Some of the standard’s requirements must be performed “periodically” which is in quotes because the standard does not define the period covered by that term. As a result, QSAs look to clients to use their risk assessments to define and justify periodicity for the various contexts in which the DSS grants discretion to the assessed entity. Each period thus derived should then be documented in the Entity’s Policy, Procedure, compliance calendar, or internal standards documentation set as appropriate.

Some of the scans prescribed by the standard must be completed quarterly, others annually, and all have the caveat: “and repeated after a significant change”, this accounts for the qualifier “minimum” adjacent to the initial scan counts above.

Please refer to separate guidance on what constitutes a “significant change”.

PCI is VERY unforgiving if ASV scans do not occur within a 90-92 day cadence. Remedial or correction scans must be provided as soon as practicable to prove that the CDE was vulnerable for the shortest practical period. A client may not wait for the next month’s scan to prove remediation. However, if a vulnerability takes a long time to fix, documentation of following the process and mitigating arrangements (such as additional firewall or IDS/IPS configurations) will need to be shown instead.

Many entities miss four of the required quarterly scans since they are not explicitly defined in the Standard but are referenced in Section (not Requirement) 3.1 of the Report on Compliance, which asks about the environment and methodology used to confirm the scope of the CDE. (Requirement 3.1 is in Section 6 of the ROC).

The scan they miss is the one that answers the question “how did you prove there is no cardholder data (CHD) outside the Cardholder Data Environment (CDE)”. Since Requirement 3.1.b asks for proof of a quarterly process to ensure that all legitimate CHD is identified and removed when its retention limit expires, it follows that the scans for unexpected CHD should be subject to at least the same periodicity.

In fact, unexpected CHD can be a breach risk, and while processes should ensure unexpected CHD is impossible to create, staffers can sometimes create ad-hoc processes to overcome limitations of the sanctioned ones. The unexpected CHD could become problematic in many ways. Physical and logical access may not be limited to those with a job-specific function; encryption may not be performed; the process is undocumented and therefore unmaintained; retention may be non-compliant with policies; disposal may be insecure or non-existent.

Two likely places to find unexpected CHD are the test (QA) environment, and operating system-, or web server application-, level crash dumps. For a large organization with many staff, we recommend scanning the systems of all personnel with direct primary account number (PAN) access or implementing a DLP solution that monitors everything real-time.

To close, every scan should be producing log information and even, possibly, alerts about security issues. Some organizations whitelist the tester to allow more in-depth testing after uncredentialed tests are complete, or if the blocking threshold is too low.

Please check the logs to ensure that you are seeing the testing and adjust thresholds or configurations appropriately. If you whitelist the tester or silence the alerts because you “know it’s coming from the testing”, remember to take them off the whitelist and re-enable the alerts after testing completes. It’s also good practice to review the logs and alerts anyway to make sure no-one piggybacked on the testing to achieve anything nefarious.

Required scans

Frequency	Description	PCI DSS v3.2.1 Reference
Quarterly	Non-CDE scans for escaped CHD	ROC Section 3.1 Question #2
Quarterly	Wireless scans	11.1
Quarterly	Internal network vulnerability scan	11.2.1
Quarterly	External vulnerability scan ASV	11.2.2
As needed	Rescans if problems were found	11.2.3
Annually and as needed	External penetration test	11.3.1
Annually and as needed	Internal penetration test	11.3.2
As needed	Remediation and rescan	11.3.3
Annual (every six months for Service Providers)	Segmentation test	11.3.4 (11.3.4.1 for Service Providers)
Annually and as needed	Software vulnerability scan (different from 11.3)	6.6
As needed	After significant changes	Multiple

 

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Scans required for PCI DSS compliance appeared first on Cybersecurity Insiders.

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation. We excel at active listening which gives us an in-depth comprehension of any issue at hand.

Ultimately, mothers make invaluable assets to the cybersecurity field. We understand the necessity of prioritization and how to make the most out of any situation. We recognize that we cannot have it all at once, but together we can achieve a healthy work/life balance by delegating or outsourcing where feasible. Together, we can secure our futures – both at home and at work – by taking steps towards security today and tomorrow.

Prioritization

Prioritization is an integral element of cybersecurity. Organizations use it to prioritize tasks and resources, detect potential vulnerabilities, take immediate action to reduce the risk of attack, set achievable goals, and stay motivated towards achieving those objectives. By prioritizing their efforts, companies can guarantee their networks and data remain fully safeguarded.

Prioritization helps organizations identify which potential threats and risks are the most critical, so they can prioritize them for priority action. Prioritizing also helps organizations allocate their resources efficiently to tackle the most pressing concerns. By adopting a proactive cybersecurity approach, companies can better safeguard their data, systems, and networks from malicious actors.

Investments in Cybersecurity

When it comes to prioritizing investments in cybersecurity, we understand the critical need for organizations to have adequate resources and technology to protect networks and data. Investing in advanced technology can help organizations stay ahead of threats while providing protection from current ones. Furthermore, investing in training, awareness, and incident response programs helps organizations remain prepared and mitigate any potential risks.

Prioritizing alerts in cyber operations requires organizations to make sure they receive essential information quickly. We believe organizations must be alerted when suspicious activity is detected and be able to act swiftly. Furthermore, organizations must assess potential risks and mitigate them as quickly as possible.

Finally, we understand the criticality of prioritizing active response, risk mitigation, customers, and people – not to mention brand and reputation. Organizations should create an comprehensive active response plan tailored specifically for their requirements. Additionally, we recognize the significance of understanding and managing risk; organizations should prioritize their customers, people, zero trust, brand and reputation to guarantee maximum security.

Overall, mothers can be invaluable resources in this field of cybersecurity. We understand the critical role prioritization plays and how to maximize any situation. By prioritizing investments, alerts, active response plans, risk assessments, customers and people issues as well as zero trust policies – not to mention brand and reputation protection – we can create a cybersecurity strategy that safeguards our organizations from malicious attacks.

The post Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious when it looks normal, so it’s up to their company to properly train workers in prevention and detection.

Phishing attacks are becoming more sophisticated

Misspellings and poorly formatted text used to be the leading indicators of an email scam, but they’re getting more sophisticated. Today, hackers can spoof email addresses and bots sound like humans. It’s becoming challenging for employees to tell if their emails are real or fake, which puts the company at risk of data breaches.

In March 2023, an artificial intelligence chatbot called GPT-4 received an update that lets users give specific instructions about styles and tasks. Attackers can use it to pose as employees and send convincing messages since it sounds intelligent and has general knowledge of any industry.

Since classic warning signs of phishing attacks aren’t applicable anymore, companies should train all employees on the new, sophisticated methods. As phishing attacks change, so should businesses.

Identify the signs

Your company can take preventive action to secure its employees against attacks. You need to make it difficult for hackers to reach them, and your company must train them on warning signs. While blocking spam senders and reinforcing security systems is up to you, they must know how to identify and report themselves.

You can prevent data breaches if employees know what to watch out for:

• Misspellings: While it’s becoming more common for phishing emails to have the correct spelling, employees still need to look for mistakes. For example, they could look for industry-specific language because everyone in their field should know how to spell those words.
• Irrelevant senders: Workers can identify phishing — even when the email is spoofed to appear as someone they know — by asking themselves if it is relevant. They should flag the email as a potential attack if the sender doesn’t usually reach out to them or is someone in an unrelated department.
• Attachments: Hackers attempt to install malware through links or downloads. Ensure every employee knows they shouldn’t click on them.
• Odd requests: A sophisticated phishing attack has relevant messages and proper language, but it is somewhat vague because it goes to multiple employees at once. For example, they could recognize it if it’s asking them to do something unrelated to their role.

It may be harder for people to detect warning signs as attacks evolve, but you can prepare them for those situations as well as possible. It’s unlikely hackers have access to their specific duties or the inner workings of your company, so you must capitalize on those details.

Sophisticated attacks will sound intelligent and possibly align with their general duties, so everyone must constantly be aware. Training will help employees identify signs, but you need to take more preventive action to ensure you’re covered.

Take preventive action

Basic security measures — like regularly updating passwords and running antivirus software — are fundamental to protecting your company. For example, everyone should change their passwords once every three months at minimum to ensure hackers have limited access even if their phishing attempt is successful.

Training ensures employees are prepared since they’re often highly susceptible to attacks. The cybersecurity team can create phishing simulations to mimic actual threats. For example, they send emails with fake links and track how many people click them. If anyone does, you can retrain them on proper behavior to ensure it doesn’t happen again. With attacks becoming more intelligent, preparing the company for everything is essential.

Know how you’ll respond

You can remain protected even when phishing attacks are successful as long as you have the proper security measures in place. For example, out of the 1,800 emails one company received during an attack, 14 employees clicked the link because they didn’t notice the warning signs. Even though the malware was set to install, almost every device remained unaffected because they were updated and secured. The company detected malicious software on the one that wasn’t secured and fixed the issue within hours.

Training can’t prevent every employee from clicking on malicious links or attachments, so you must have a proper response. You can still prevent attacks at this stage if you and your company’s employees know what comes next.

Updated security software and procedures will protect against sophisticated phishing attacks:

• Reporting: Ensure everyone knows how to report to you so you can react quickly to the potential threat. They must identify the signs they’ve clicked on a malicious attachment.
• Prevention: Software that blocks malware from being downloaded will prevent the attack from being successful.
• Detection: Employees must identify if their hardware is being affected and detection software must alert you of a successful breach.
• Response: You should clean any affected hardware immediately to stop the attack from doing damage.

Sophisticated phishing attacks aren’t avoidable, but you can minimize their effects if you manage your response. It’s likely they won’t recognize the email is malicious if they click the link thinking it’s legitimate, so you must train them on the appropriate identification and detection.

Avoid sophisticated phishing attacks

Training and simulated phishing attempts will help protect your company. Updated passwords and security systems will also make your systems more secure. You can prevent sophisticated attacks targeting employees if employees know how to recognize warning signs and the proper procedures.

The post Preventing sophisticated phishing attacks aimed at employees appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cyberattacks have become increasingly common, with organizations of all types and sizes being targeted. The consequences of a successful cyberattack can be devastating. As a result, cybersecurity has become a top priority for businesses of all sizes.

However, cybersecurity is not just about implementing security measures. Organizations must also ensure they comply with relevant regulations and industry standards. Failure to comply with these regulations can result in fines, legal action, and damage to reputation.

Cybersecurity compliance refers to the process of ensuring that an organization’s cybersecurity measures meet relevant regulations and industry standards. This can include measures such as firewalls, antivirus, access management and data backup policies, etc. 

Cybersecurity regulations and standards

Compliance requirements vary depending on the industry, the type of data being protected, and the jurisdiction in which the organization operates. There are numerous cybersecurity regulations and standards; some of the most common include the following:

• General Data Protection Regulation (GDPR)

The GDPR is a regulation implemented by the European Union that aims to protect the privacy and personal data of EU citizens. It applies to all organizations that process the personal data of EU citizens, regardless of where the organization is based.

• Payment Card Industry Data Security Standard (PCI DSS)

This standard is administered by the Payment Card Industry Security Standards Council (PCI SSC). It applies to any organization that accepts credit card payments. The standard sets guidelines for secure data storage and transmission, with the goal of minimizing credit card fraud and better controlling cardholders’ data.

• Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a U.S. law that regulates the handling of protected health information (PHI). It applies to healthcare providers, insurance companies, and other organizations that handle PHI.

• ISO/IEC 27001

ISO/IEC 27001 is an international standard that provides a framework for information security management systems (ISMS). It outlines best practices for managing and protecting sensitive information.

• NIST Cybersecurity Framework

The NIST Cybersecurity Framework is a set of guidelines developed by the U.S. National Institute of Standards and Technology. It provides a framework for managing cybersecurity risk and is widely used by organizations in the U.S.

Importance of cybersecurity compliance

Compliance with relevant cybersecurity regulations and standards is essential for several reasons. First, it helps organizations follow best practices to safeguard sensitive data. Organizations put controls, tools, and processes in place to ensure safe operations and mitigate various risks. This helps to decrease the likelihood of a successful cyber-attack.

Next, failure to comply with regulations can result in fines and legal action. For example, under GDPR compliance, organizations can be fined up to 4% of their global turnover.

Finally, organizations that prioritize cybersecurity compliance and implement robust security measures are often seen as more reliable and trustworthy, giving them a competitive edge in the market. It demonstrates that an organization takes cybersecurity seriously and is committed to protecting sensitive data.

How to achieve cybersecurity compliance

Achieving cybersecurity compliance involves a series of steps to ensure that your organization adheres to the relevant security regulations, standards, and best practices:

1) Identify the applicable regulations and standards

The first step is identifying which regulations and standards apply to your organization. This will depend on factors such as the industry, the type of data being protected, and the jurisdiction in which the organization operates.

2) Conduct a risk assessment

Once you have identified the applicable regulations and standards, the next step is to conduct a risk assessment. This involves identifying potential risks and vulnerabilities within your organization’s systems, networks, and processes and assessing their likelihood and impact. This will help you determine the appropriate security measures to implement and prioritize your efforts.

3) Develop and implement security policies, procedures, and controls

Based on the risk assessment results, develop and implement security policies and procedures that meet the requirements of the relevant regulations and standards. This should also include implementing technical, administrative, and physical security controls, such as firewalls, encryption, regular security awareness training, etc.

4) Maintain documentation

Document all aspects of your cybersecurity program, including policies, procedures, risk assessments, and incident response plans. Proper documentation is essential for demonstrating compliance to auditors and regulators.

5) Foster a culture of security

Employees are often the weakest link in an organization’s cybersecurity defenses. Encourage a security-conscious culture within your organization by promoting awareness, providing regular training, and involving employees in cybersecurity efforts.

6) Monitor and update security measures

Cybersecurity threats are constantly evolving. Continuously monitor your organization’s cybersecurity posture and perform regular audits to ensure stable compliance. This may include conducting regular security audits, pen tests, patching software vulnerabilities, updating software, etc.

Cybersecurity compliance expert tips

Proper compliance can be challenging as implementing and maintaining effective cybersecurity measures requires specialized expertise and resources. Regulations and standards are often lengthy and can be difficult to interpret, especially for organizations without dedicated teams. Many organizations may not have the resources to hire dedicated infoseclegal staff or invest in advanced security technologies. In addition, the cybersecurity world is constantly evolving, and unfortunately, new threats emerge all the time. To overcome the challenges, you can try several helpful approaches:

Implement a risk-based approach: A risk-based approach involves identifying your organization’s most critical vulnerabilities and threats. Focus your limited resources on addressing the highest-priority risks first, ensuring the most significant impact on your security posture.

Utilize third-party services: Small and medium-sized businesses frequently face budget constraints and lack expertise. Utilizing third-party services, such as managed security service providers (MSSPs), can be an effective solution.

Leverage open-source resources: There are plenty of free and open-source cybersecurity tools, such as security frameworks, vulnerability scanners, encryption software, etc. These can help you enhance your security posture without a significant financial investment.

Utilize cloud-based services: Consider using cloud-based security solutions that offer subscription-based pricing models, which can be more affordable than traditional on-premises security solutions.

Seek external support: Reach out to local universities, government organizations, or non-profit groups that provide cybersecurity assistance. They may offer low-cost or free guidance, resources, or tools to help you meet compliance requirements.

Collaborate with peers: Connect with other businesses or industry peers to share experiences, insights, and best practices related to compliance.  

Final thoughts: Moving towards a security-centric culture

Compliance with cybersecurity regulations and standards is vital but does not guarantee complete protection. Building a culture of security that transcends compliance is essential for safeguarding your organization’s assets and reputation. A security culture focuses on continuous improvement and adaptation to stay ahead of threats, taking a proactive approach to risk management, engaging employees at all levels, and fostering adaptability and resilience.

To build a security-centric culture in your organization, ensure senior leadership supports and champions the importance of security. Provide regular employee training and awareness programs to educate staff about cybersecurity best practices, their roles and responsibilities. Reward employees who demonstrate a strong commitment to security or contribute to enhancing the organization’s security posture. Encourage cross-functional collaboration and open communication about security issues, fostering a sense of shared responsibility and accountability.

The post Navigating the complex world of Cybersecurity compliance appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Intro

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.

Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.

Attack chain

With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.

Email – Social engineering

Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.

In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.

In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the “Open” button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.

One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.

Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.

Tactics and techniques 

This particular campaign employs encoded JScript data to obscure their code, utilizing the Windows tool screnc.exe. While in encoded form, the Open.jse file is not readable.

After decoding the JScript file, a dropper for a .bat file was uncovered. When executed, the .bat file launches a PowerShell instance, which contacts the IP address 198[.]44[.]140[.]32.

Conclusion

To effectively combat the constantly evolving threat landscape, it is crucial for analysts to stay abreast of the latest attack strategies utilized by malware authors. These approaches can circumvent detection if systems are not appropriately configured to prevent such attachments from bypassing proper sanitization and checks. As such, it is essential for analysts to familiarize themselves with techniques to analyze these attachments. Currently, dynamic analysis is recommended, as placing a sample in a sandbox can provide critical information about the malware, including the C2 servers it connects to, process chain information, and where data is written to on disk and then executed. For more in-depth analysis, analysts should also become familiar with the various file formats typically associated with and embedded within OneNote attachments, such as encoded JSE files, htm documents, and ISOs.

However, the best defense is always prevention. Therefore, security teams must update their systems to detect these types of attachments and educate employees on the dangers of downloading unknown and untrusted attachments.

The post OneNote documents have emerged as a new malware infection vector appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital age, sensitive information is constantly being shared and transmitted over various electronic devices and networks. Whether it’s personal information like social security numbers and financial information like card information, or business information like trade secrets and client data, it’s important to ensure that this information is kept secure and protected from unauthorized access. One of the most effective ways to do this is through encryption.

Encryption is the process of converting plain text or data into an unreadable format using an encryption algorithm, which can only be deciphered or decrypted by those who have the decryption key. This ensures that if the file or email is intercepted or accessed by unauthorized users, they will not be able to read the information.

In cybersecurity, encryption plays a crucial role in ensuring data confidentiality, integrity, and authenticity. In day-to-day life, encryption is used in various ways to make life easier for the common man. For example, encryption is used in online transactions to protect the user’s financial information from being intercepted and stolen by hackers. Encryption is also used in messaging and email applications to protect the privacy of conversations and messages from being read by unauthorized users.

Why encrypt files and Emails?

It is important for computer users to encrypt their files and emails because they may contain sensitive information that could be intercepted or accessed by unauthorized users. Encryption adds an extra layer of security to protect against the risks. Encryption ensures that even if the information is intercepted by a malicious user, it is unreadable and unusable. This can prevent the loss of sensitive data.
Encryption is becoming more important for organisations in order to comply with privacy and data protection regulations like GDPR, PCI-DSS, and HIPAA. These regulations require businesses to take steps to protect sensitive data, and failure to comply can result in legal and financial penalties. Encrypting emails and files can save individuals and organisations from various cyberthreats such as identity theft, financial fraud etc., as well encryption ensures the confidentiality and integrity of data.

How to encrypt files:

Here are some steps you can follow to encrypt files:

• Identify the file you want to encrypt, it can be any file such as document, image, video etc.
• Choose the encryption software, there are various tools available alongside built in encryption features in Windows and MacOS. Some popular encryption tools available are Veracrypt, 7-zip, GnuPG, AxCrypt. Proceed with the installation of the tool you chose.
• Browse the file which you want to encrypt in the encryption tool you installed.
• Choose the encryption algorithm, you can choose as per your needs from algorithms given in the tool, such as AES, blowfish etc.
• Now, encryption tool will ask you to create a passphrase or password, which will be used to encrypt and decrypt the file. Choose a strong and complex password. Keep the password safe since it is the key to decrypt the file and avoid sharing it with anyone.
• After choosing the password, start the encryption process within the encryption tool. Time consumed for encrypting files may vary based on file size and encryption algorithm chosen.
• Once the encryption process is complete, the encrypted will be saved with a new file extension depending on the encryption tool used.

By following these steps, you can encrypt your files and protect sensitive information from unauthorized access and interception.

How to encrypt E-mails:

Encrypting emails is another effective way to protect sensitive information from unauthorized access or interception. Here are some steps to follow to encrypt emails:

• There are various email encryption tools and software available, including PGP (Pretty Good Privacy), S/MIME (Secure/Multipurpose Internet Mail Extensions).
• Once you have chosen an email encryption tool, you will need to install the tool and configure it to work with your email account with the steps provided in documentation of the tool. There are also extensions available for PGP and other encryption algorithms available to configure it easily for your email.
• After setting up your email encryption account, compose your email as usual. While composing your email, you can encrypt it using the tool you choose, this usually involves selecting the option to encrypt the email and choosing the public key of recipient. Choosing the recipient’s public key while encrypting the email will ensure that the recipient is able to decrypt the email using their private key.
• Once the email is encrypted, you can send it as usual. The recipient will need to have the corresponding private key to decrypt the email and view its contents.

Encrypting files and emails is a critical tool in protecting sensitive information from unauthorized access, interception, and tampering. By following the steps outlined above, you can ensure that your files and emails are encrypted using strong encryption algorithms and passwords or passphrases, and that your sensitive information is kept secure and protected.

The post Encrypting files and emails: A beginner’s guide to securing sensitive information appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s network, data, and other assets stay vigilant and on top of trends. Everybody within an organization should work to establish and maintain good cybersecurity habits and measures, but much of the security burden falls on the chief information security officer (CISO). Below are some key insights for any CISO to take into consideration.

Concerns and challenges

Since the beginning of the COVID-19 pandemic three years ago, hybrid and remote working solutions have been rising in popularity. This should be a priority area: according to a report from Malwarebytes, 20% of companies reported that a remote worker had caused a security breach. In comparison, 55% cited training employees in security protocols as a major challenge in transitioning to work-from-home infrastructure. Because the shift to hybrid and remote work happened quickly and with an eye for ease of access over security, employees working offsite can pose a great risk to an organization if not provided with adequate cybersecurity training and policies.

AI and machine learning are also on the rise, increasingly being utilized by businesses and cybercriminals alike. It is important to recognize that while AI enhancements can provide aid, there is no replacement for the human element in developing a cybersecurity strategy. Understanding and deploying AI and machine learning tools can not only help with fraud detection, spam filtering, and data leak prevention, but it can allow a security officer insight into cybercriminals’ use of the tools. Increasing awareness of the criminal toolkit and operations provides an opportunity to get ahead of threat trends and potentially prevent attacks and breaches.

Another major issue is the shortage of qualified cybersecurity professionals leading to a significant struggle with recruitment and retention. In a Fortinet report, 60% of respondents said they were struggling to recruit cybersecurity talent, and 52% said they were struggling to retain qualified people. In the same survey, around two-thirds of organization leaders agreed that the shortage “creates additional risk.” Many factors work in tandem to perpetuate the problem, but the solution doesn’t have to be complicated. Ensuring your employees have a healthy work environment goes a long way, as well as tweaking hiring practices to select “adaptable, highly communicative and curious” people, as these traits make for an employee who will grow and learn with your company.

Tips for improving cybersecurity

One of the top priorities for CISOs should always be to ensure that all employees are properly trained in cyber hygiene and cybersecurity best practices. Insider threats are a serious issue with no easy solution, and a good number of those (more than half, according to one report) are mistakes due to negligence or ignorance. Traditional threat prevention solutions are often concerned with “keeping bad guys out,” and do not protect against those who are already inside the organization.

With hybrid and remote work both expanding the attack surface and hindering enforcement of security policies, it is crucial that all workers, remote or not, understand the role they play in protecting the organization against attacks and data breaches. Companies should also employ the principle of least privilege and implement a zero-trust framework to keep employees from accessing areas of the network that are not necessary for their jobs and lower the chances of either malicious or accidental data breaches.

While the threat landscape is constantly evolving, tried-and-true solutions are still able to cover a lot of ground, so long as security officers and teams are willing to adapt their methods. Many security fundamentals are classics for a reason. It is important to address cybersecurity holistically, rather than as a purely technological issue with technological fixes. Investing in security solutions is just one part of a robust security protocol, which should include not only attack detection and prevention tools, but secure policies from the ground up. Securing networks, devices, data, and other company resources requires many-layered protection.

Perhaps the most important thing for CISOs is ensuring that their voices are heard throughout the company and that cybersecurity is not just an inconvenience for employees to slog through and immediately forget. This means a total culture shift to make every person at every level of the organization understand and respect their own role in keeping data and assets safe. The atmosphere surrounding cybersecurity policies and protocols should be one of cooperation rather than compliance.

Conclusion

Technology and the digital world are on a path of constant, rapid growth that affects every industry and every individual. CISOs, charged with protecting their organizations against cyberattacks and data breaches, face a challenge, especially when employees and fellow executives are not sufficiently informed or involved. It is crucial to remember that every person inside a company is responsible for cybersecurity measures, and every person can cause a data breach through ignorance or negligence. Improving cybersecurity posture while threats are always adapting and following new trends is no easy task, but it is possible with the right tools and practices.

The post CISOs: How to improve cybersecurity in an ever-changing threat landscape appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The future of finance is being reshaped by blockchain technology. This revolutionary technology has the potential to revolutionize how people and businesses interact with money, from offering greater transparency and better security to faster speeds and lower costs.

In this article, we look at eight key impacts that blockchain technology has had on the future of financial services. From smart contracts to decentralized finance, these developments are set to change the face of finance in the years ahead. Read on for an overview of how blockchain technology will shape our economic landscape soon.

• The potential to revolutionize payments

One of the most significant impacts of blockchain technology on the future of finance is its potential to revolutionize payments. Blockchain-based payment systems enable secure and transparent transactions without the use of third-party intermediaries, reducing transaction fees and time delays.

What this means, from a macro perspective, is that blockchain-based payments have the potential to drastically reduce costs of cross-border transactions, making them more accessible and efficient. Additionally, these systems can improve the accuracy and reliability of payment processing by helping to eliminate fraud and human error in financial operations.

• Improved asset security and management

Blockchain also has the potential to improve asset security and management. One example of this is smart contracts, which enable automated payments based on predetermined conditions. Smart contracts can help to reduce fraud by automatically executing conditions that both parties have agreed upon, reducing the risk of human error or malicious intent.

Moreover, blockchain-based solutions offer improved transparency when it comes to monitoring the ownership and transfer of assets. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

• Streamlined financial processes

The implementation of blockchain technology can also streamline existing financial processes. For instance, complex reconciliation tasks such as matching payments to invoices can be automated, reducing the time and resources needed to complete the task.

In addition, blockchain-based solutions can be used to facilitate the exchange of data between different financial systems, providing an improved overview of a company’s finances. This could help to reduce manual errors and improve decision-making processes by providing a more comprehensive view of financial performance.

• Greater access to banking services

Another major benefit of blockchain technology is its potential to increase access to banking services, especially in developing countries where traditional banking infrastructure remains limited or nonexistent. By eliminating many of the current barriers associated with opening bank accounts, blockchain-based banking solutions have the potential to open new economic opportunities for those who have previously been excluded from participating in the global financial system.

Furthermore, blockchain-based solutions can also be used to provide access to non-traditional banking services such as microfinance and lending. This could prove particularly beneficial for small businesses and entrepreneurs who may not have had access to these types of services in the past.

Overall, blockchain technology has the potential to revolutionize the future of finance by providing increased security, efficiency, and accessibility when it comes to financial transactions. As more companies embrace this technology, we can expect to see further innovation and disruption in the industry moving forward.

• Improved transparency

The adoption of blockchain technology promises improved transparency when it comes to financial transactions. Other than just payment processing, blockchain-based systems can be used to monitor and track assets, ownership, transfers, and more. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

Furthermore, the transparency provided by blockchain technology can help promote trust between parties involved in a financial transaction. The immutability of records on the distributed ledger allows users to verify that information has not been tampered with, leading to greater confidence when engaging in digital transactions.

• Increased protection against cyberattacks

One of the biggest advantages of blockchain technology is its ability to improve cybersecurity. Its decentralized structure and cryptographic protocols provide an added level of protection against malicious actors attempting to gain access to sensitive data. Additionally, its distributed ledger ensures that all users have access to a shared version of the database, eliminating any risk of data breaches due to single points of failure.

The enhanced security provided by blockchain technology could prove invaluable in protecting financial information from cybercriminals and reducing the chances of costly data breaches.

• Lower costs for businesses

The implementation of blockchain technology can also help reduce operational costs for businesses. By removing the need for intermediaries such as banks or payment processors when conducting transactions, companies can save on transaction fees and other associated costs. This is particularly beneficial for small businesses who may not have had access to traditional banking services in the past.

In addition, blockchain-based solutions can also be used to streamline processes such as accounting and auditing, reducing the time and money spent on manual processes. This could lead to further cost savings for businesses in the long run.

• Smart contracts

Smart contracts are one of the most promising applications of blockchain technology. These digital agreements enable two or more parties to enter into a contractual agreement without needing a middleman or third party. The contract is then stored on the distributed ledger, ensuring that it cannot be modified or tampered with once it has been agreed upon.

Smart contracts can also be programmed with specific conditions that must be met before they can be executed, making them ideal for use in complex financial transactions where trust between all parties involved is required. This could lead to increased efficiency, cost savings, and less risk of fraud or malicious activities.

Overall, the potential applications of blockchain technology in finance are vast and varied. The technology has the potential to revolutionize the financial industry by providing increased security, transparency, efficiency, and accessibility when it comes to digital transactions. This can prove particularly beneficial for small businesses who may not have had access to traditional banking services in the past. As more companies embrace this technology moving forward, we can expect to see further innovation and disruption in the field of finance.

Conclusion

Overall, blockchain technology has the potential to revolutionize the financial sector by providing increased security, transparency, efficiency and accessibility when it comes to digital transactions. This can lead to reduced costs for businesses, improved cybersecurity measures and smart contracts that enable secure agreements between parties.

As this technology continues to evolve, we can expect to see further innovation and disruption in the field of finance. The benefits of blockchain in finance are clear and significant, so companies should take advantage of its many advantages as soon as possible.

The post The impact of blockchain technology on the future of finance appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Analyzing an organization’s security posture through the prism of a potential intruder’s tactics, techniques, and procedures (TTPs) provides actionable insights into the exploitable attack surface. This visibility is key to stepping up the defenses of the entire digital ecosystem or its layers so that the chance of a data breach is reduced to a minimum. Penetration testing (pentesting) is one of the fundamental mechanisms in this area.

The need to probe the architecture of a network for weak links through offensive methods co-occurred with the emergence of the “perimeter security” philosophy. Whereas pentesting has largely bridged the gap, the effectiveness of this approach is often hampered by a crude understanding of its goals and the working principles of ethical hackers, which skews companies’ expectations and leads to frustration down the line.

The following considerations will give you the big picture in terms of prerequisites for mounting a simulated cyber incursion that yields positive security dividends rather than being a waste of time and resources.

Eliminating confusion with the terminology

Some corporate security teams may find it hard to distinguish a penetration test from related approaches such as red teaming, vulnerability testing, bug bounty programs, as well as emerging breach and attack simulation (BAS) services. They do overlap in quite a few ways, but each has its unique hallmarks.

Essentially, a pentest is a manual process that boils down to mimicking an attacker’s actions. Its purpose is to find the shortest and most effective way into a target network through the perimeter and different tiers of the internal infrastructure. The outcome is a snapshot of the system’s protections at a specific point in time.

In contrast to this, red teaming focuses on exploiting a segment of a network or an information / operational technology (IT/OT) system over an extended period. It is performed more covertly, which is exactly how things go during real-world compromises. This method is an extremely important prerequisite for maintaining OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities.

Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth.

BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network.

By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are.

Choosing a penetration testing team worth its salt

Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of the game:

• Background and expertise. The portfolio of completed projects speaks volumes about ethical hackers’ qualifications. Pay attention to customer feedback and whether the team has a track record of running pentests for similar-sized companies that represent the same industry as yours.
• Established procedures. Learn how your data will be transmitted, stored, and for how long it will be retained. Also, find out how detailed the pentest report is and whether it covers a sufficient scope of vulnerability information along with severity scores and remediation steps for you to draw the right conclusions. A sample report can give you a better idea of how comprehensive the feedback and takeaways are going to be.
• Toolkit. Make sure the team leverages a broad spectrum of cross-platform penetration testing software that spans network protocol analyzers, password-cracking solutions, vulnerability scanners, and for forensic analysis. A few examples are Wireshark, Burp Suite, John the Ripper, and Metasploit.
• Awards and certifications. Some of the industry certifications recognized across the board include Certified Ethical Hacker (CEH), Certified Mobile and Web Application Penetration Tester (CMWAPT), GIAC Certified Penetration Tester (GPEN), and Offensive Security Certified Professional (OSCP).

The caveat is that some of these factors are difficult to formalize. Reputation isn’t an exact science, nor is expertise based on past projects. Certifications alone don’t mean a lot without the context of a skill set honed in real-life security audits. Furthermore, it’s challenging to gauge someone’s proficiency in using popular pentesting tools. When combined, though, the above criteria can point you in the right direction with the choice.

The “in-house vs third-party” dilemma

Can an organization conduct penetration tests on its own or rely solely on the services of a third-party organization? The key problem with pentests performed by a company’s security crew is that their view of the supervised infrastructure might be blurred. This is a side effect of being engaged in the same routine tasks for a long time. The cybersecurity talent gap is another stumbling block as some organizations simply lack qualified specialists capable of doing penetration tests efficiently.

To get around these obstacles, it is recommended to involve external pentesters periodically. In addition to ensuring an unbiased assessment and leaving no room for conflict of interest, third-party professionals are often better equipped for penetration testing because that’s their main focus. Employees can play a role in this process by collaborating with the contractors, which will extend their security horizons and polish their skills going forward.

Penetration testing: how long and how often?

The duration of a pentest usually ranges from three weeks to a month, depending on the objectives and size of the target network. Even if the attack surface is relatively small, it may be necessary to spend extra time on a thorough analysis of potential entry points.

Oddly enough, the process of preparing a contract between a customer and a security services provider can be more time-consuming than the pentest itself. In practice, various approvals can last from two to four months. The larger the client company, the more bureaucratic hurdles need to be tackled. When working with startups, the project approval stage tends to be much shorter.

Ideally, penetration tests should be conducted whenever the target application undergoes updates or a significant change is introduced to the IT environment. When it comes to a broad assessment of a company’s security posture, continuous pentesting is redundant – it typically suffices to perform such analysis two or three times a year.

Pentest report, a goldmine of data for timely decisions

The takeaways from a penetration test should include not only the list of vulnerabilities and misconfigurations found in the system but also recommendations on the ways to fix them. Contrary to some companies’ expectations, these tend to be fairly general tips since a detailed roadmap for resolving all the problems requires a deeper dive into the customer’s business model and internal procedures, which is rarely the case.

The executive summary outlines the scope of testing, discovered risks, and potential business impact. Because this part is primarily geared toward management and stakeholders, it has to be easy for non-technical folks to comprehend. This is a foundation for making informed strategic decisions quickly enough to close security gaps before attackers get a chance to exploit them.

The description of each vulnerability unearthed during the exercise must be coupled with an evaluation of its likelihood and potential impact according to a severity scoring system such as CVSS. Most importantly, a quality report has to provide a clear-cut answer to the question “What to do?”, not just “What’s not right?”. This translates to remediation advice where multiple hands-on options are suggested to handle a specific security flaw. Unlike the executive summary, this part is intended for IT people within the organization, so it gets into a good deal of technical detail.

The bottom line

Ethical hackers follow the path of a potential intruder – from the perimeter entry point to specific assets within the digital infrastructure. Not only does this strategy unveil security gaps, but it also shines a light on the ways to resolve them.

Unfortunately, few organizations take this route to assess their security postures proactively. Most do it for the sake of a checklist, often to comply with regulatory requirements. Some don’t bother until a real-world breach happens. This mindset needs to change.

Of course, there are alternative methods to keep abreast of a network’s security condition. Security Information and Events Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and vulnerability scanners are a few examples. The industry is also increasingly embracing AI and machine learning models to enhance the accuracy of threat detection and analysis.

Still, penetration testing maintains a status quo in the cybersecurity ecosystem. That’s because no automatic tool can think like an attacker, and human touch makes any protection vector more meaningful to corporate decision makers.

The post Looking at a penetration test through the eyes of a target appeared first on Cybersecurity Insiders.

RSAC 2023 was a huge success. We launched our 2023 AT&T Cybersecurity Insights Report, which was met with enthusiasm by the industry and the media. In fact, Will Townsend, writing for Forbes, noted that our report joined other great research by industry peers who are striving to do more than just provide security solutions.

“RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust “me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.” Read more >>

Townsend perfectly captures the AT&T Cybersecurity mission to help business leaders understand both the business and security landscape – and how it’s evolving as technology continues to change the way we work and live. After listening to the challenges organizations are encountering, it’s clear that research and understanding the business landscape are essential parts of a responsible cybersecurity vendor strategy.

DDoS versus ransomware – how does edge computing change the equation?

I participated in a panel discussion hosted by Channel Futures examining the challenges of securing critical infrastructure. The discussion kicked off with a Gartner prediction, “by 2025, 30% of critical infrastructure organizations will experience a security breach resulting in the halting of operations and/or mission-critical cyber-physical system.,” I spoke about our research findings that indicate a change in perceived attacks: when it comes to edge computing, DDoS is perceived as a greater attack concern than ransomware.

“One of the reasons cybercriminals are gravitating to DDoS is it’s cheaper and easier than ransomware.” Read more >>

I did a video interview with BankInfoSecurity.com discussing how edge computing and innovative use cases are changing the way we’re dealing with cyber resilience.

“Organizations are investing in the edge but they also know that their endpoints are changing,” said Lanowitz. “They want to make sure they are futureproofing themselves and going to be dynamic in their cyber resilience. That’s because the  security edge is not linear or a straight line. It’s a circuitous, often confusing, and an often-changing environment that you will have to live with.” Learn more >>

Watch the webcast discussing the AT&T Cybersecurity Insights Report findings.

If you prefer to listen to the research results, we have a webcast for you. Along with my colleague, Mark Freifeld, I take you through the characteristics of edge computing, the challenges edge computing creates because it’s so different from traditional computing, and key takeaways to help you develop your edge computing security strategy.

Here are a few highlights of other coverage that provide context for our research findings.

Articles

• Channel Futures: RSAC 2023: Tackling the Myriad Challenges in Securing Critical Infrastructure 
• Dark Reading: DDoS, Not Ransomware, Is Top Business Concern for Edge Networks
• Help Net Security: Securing the rapidly developing edge ecosystem (paid media initiative)
• The CyberWire Daily Newsletter: Supply-chain attack’s effects spread. New KEV entries. Bumblebee malware loader. Decoy Dog toolset. Discord Papers update.
• Beta News, Ian Barker: Business and tech leaders collaborate to exploit the edge
• BankInfoSecurity: Security Is Now Part of the Edge Ecosystem

Podcasts

• The CyberWire Daily Podcast: Supply-chain attack’s effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.

Video

• Techstrong TV: Enabling Data-Informed Edge Decisions – Theresa Lanowitz, AT&T Cybersecurity
• SC Media: Understanding the Edge Ecosystem and its Impact on Business – Theresa Lanowitz – RSA23 #1
• BizTalks: The AT&T Business: Cybersecurity Landscape

Finally, we have an infographic that provides a graphic look at the results and recommendations. If you have questions about the study, let me know! The best way to get my attention is via LinkedIn.

The post RSAC 2023 | Cybersecurity research on edge computing generates big interest appeared first on Cybersecurity Insiders.