Category: Detect

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction

Artificial Intelligence (AI) is the mimicry of certain aspects of human behaviour such as language processing and decision-making using Large Language Models (LLMs) and Natural Language Processing (NLP).

LLMs are specific type of AI that analyse and generate natural language using deep learning algorithms. AI programs are made to think like humans and mimic their actions without being biased or influenced by emotions.

LLMs provide systems to process large data sets and provide a clearer view of the task at hand. AI can be used to identify patterns, analyse data, and make predictions based on the data provided to them. It can be used as chatbots, virtual assistants, language translation and image processing systems as well.

Some major AI providers are ChatGPT by Open AI, Bard by Google, Bing AI by Microsoft and Watson AI by IBM. AI has the potential to revolutionize various industries including transportation, finance, healthcare and more by making fast, accurate and informed decisions with the help of large datasets. In this article we will talk about certain applications of AI in healthcare.

Applications of AI in healthcare

There are several applications of AI that have been implemented in healthcare sector which has proven quite successful.
Some examples are:

Medical imaging: AI algorithms are being used to analyse medical images such as x-ray, MRI scans and CT scans. AI algorithms can help radiologists identify abnormalities – assisting radiologists to make more accurate diagnoses. For example, Google’s AI powered Deepmind has shown similar accuracy when compared to human radiologists in identifying breast cancer.
 

Personalised medicine: AI can be used to generate insights on biomarkers, genetic information, allergies, and psychological evaluations to personalise the best course of treatment for patients.

This data can be used to predict how the patient will react to various courses of treatment for a certain condition. This can minimize adverse reactions and reduce the costs of unnecessary or expensive treatment options. Similarly, it can be used to treat genetic disorders with personalised treatment plans. For example, Deep Genomics is a company using AI systems to develop personalised treatments for genetic disorders.

Disease diagnosis: AI systems can be used to analyse patient data including medical history and test results to make more accurate and early diagnosis of life-threatening conditions like cancer. For example, Pfizer has collaborated with different AI based services to diagnose ailments and IBM Watson uses NLP and machine learning algorithms for oncology in developing treatment plans for cancer patients.

Drug discovery: AI can be used in R&D for drug discovery, making the process faster. AI can remove certain constraints present in drug discovery processes for novel chronic diseases. It can lead to saving millions of patients worldwide with a sped-up process, making it both cost and time efficient.

Per McKinsey research, there are around 270 companies working in AI-driven discovery with around 50% situated in the US. In addition, they have identified Southeast Asia and Western Europe as emerging hubs in this space. For example, Merck & Co. are working to develop a new treatment with the help of AI for Alzheimer’s.

What to expect in the future

We are seeing a revolution in the field of Machine Learning and AI happen in the past few years. Now we have LLMs and Image Processing Systems which can be used for faster, more efficient and prioritized results to make decisions more accurately and provide the best possible patient care.

Properly trained AIs are not biased – it’s important to develop these AI systems ethically. The efficiency of these systems depends on specific application and implementation.

AI systems can be biased if they are trained on biased data, so it is important to ensure that the data these models are trained on is diverse and representative. Implementation of AI in healthcare is still in early stages in drug discovery and it’ll see a continued growth going forward.

The post The role of AI in healthcare: Revolutionizing the healthcare industry appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The California Privacy Rights Act (CPRA) was passed in November 2020. It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data.

Companies were given until January 1st, 2023, to achieve compliance. This article will discuss the key requirements of the CPRA and provide practical tips for companies to implement the necessary changes to ensure compliance.

What is the California Privacy Rights Act (CPRA)?

The CPRA is California’s most technical privacy law to date. It resembles the EU’s older and more popular General Data Protection Regulation (GDPR). The main difference is that the GDPR framework focuses on legal bases for data processing. On the other hand, the CPRA relies on opt-out consent.

The CPRA builds on the six original consumer rights introduced by the CCPA in 2018. As a reminder, the CCPA rights are:

• The right to know what personal information is being collected by a business
• The right to delete that personal information
• The right to opt in or opt out of the sale of personal information
• The right of non-discrimination for using these rights
• The right to initiate a private cause of action – limited to data breaches

CPRA created two additional rights:

• The right to correct inaccurate personal information
• The right to limit the use and disclosure of sensitive information

The CPRA also introduced the California Privacy Protection Agency (CPPA,) which is the privacy enforcement agency for the new regulations.

How does CPRA impact business operations?

Data collection is a nearly universal activity for companies in the 21st century. Significant changes to data collection and handling practices can cause slight disruptions in operations. For example, the new regulations force businesses to re-evaluate their service provider and contractor relationships. Service providers and contractors, regardless of location, must abide by the same laws when dealing with businesses in California.

Since enforcement action is possible even when there has not been a breach, businesses must quickly understand their CPRA obligations and implement reasonable security procedures.

How much does non-compliance cost?

Non-compliance with CPRA regulations results in financial penalties, depending on the nature of the offenses.

• The penalty for a mistake is $2,000 per offense
• The penalty for a mistake resulting from negligence is $2,500 per offense
• The penalty for knowingly disregarding regulations is $7,500 per offense

Since the penalties are on a “per offense” basis, costs of non-compliance can easily reach millions, particularly in the event of a data breach.

7 Step CPRA checklist for compliance

Process the minimal amount of personal information

The CPRA introduces the data minimization principle. Businesses should only obtain the personal information they need for processing purposes. If you collect any more data than data, it’s time to update your collection practices. The collected data must be stored securely. A reputable cloud storage solution is an excellent way to keep consumer data.

Update your privacy policy and notices

With the eight new rights introduced by the CCPA and CPRA, there must be changes to your privacy policy to abide by these regulations. Adequate policy notices for consumers should accompany the policy changes. You must provide the notices at the starting point of data collection. To re-purpose any already-collected data, you must first get consent.

Establish a data retention policy

To comply with the retention requirements of the CPRA, you must delete the personal data you no longer need. Establishing a data retention policy is a great first step towards compliance. The policy should include the categories of collected information, their purpose, and the time you plan to store it before deletion.

Review contracts with service providers

Service providers must abide by the same regulations. That’s why any third-party contracts must include adequate measures for handling data to ensure its protection and security. Service providers must notify you if they can no longer comply with your requirements.

Take actions to prevent a data breach

Compliance with regulations is only the first step in consumer data protection. You should also take steps to improve your cyber resilience and minimize the chances of a data breach. Ensure employees use modern tools such as password managers to protect their online accounts. Train employees to recognize common scams attackers use to gain access.

You should also consider regular risk assessments and cybersecurity audits to identify system vulnerabilities. Knowing your risks will help you make the necessary changes to protect your data.

Make it easy for customers to opt out or limit data sharing

The CPRA requires businesses to provide consumers with links where they can change how they wish their data to be handled. Consumers must be able to opt out of the sale or sharing of their data. Additionally, consumers have the right to limit the use of sensitive information such as geolocation, health data, document numbers, etc.

Don’t retaliate against customers who exercise their rights

Retaliation against customers who exercise their CPRA rights clearly violates the new regulations. Customers have rights, and you must comply with them to avoid financial punishment.

Final thoughts

California businesses must comply with CPRA regulations. We also see other states implementing the same or similar data protection frameworks. Even if you’re not based in California, understanding these new laws and how they impact your business operations will help you start implementing positive changes.

The post The CPRA compliance checklist every business should follow in 2023 appeared first on Cybersecurity Insiders.

This is the fifth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here. The fourth blog on API testing for compliance is here.

As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs) The table below lists them.

New entities going through compliance for the first time can provide just the most recent quarter’s worth of each of the applicable scans (and rescans, if necessary) as long as they are “clean”, i.e., they passed all the required elements with no critical or serious findings.

Some of the standard’s requirements must be performed “periodically” which is in quotes because the standard does not define the period covered by that term. As a result, QSAs look to clients to use their risk assessments to define and justify periodicity for the various contexts in which the DSS grants discretion to the assessed entity. Each period thus derived should then be documented in the Entity’s Policy, Procedure, compliance calendar, or internal standards documentation set as appropriate.

Some of the scans prescribed by the standard must be completed quarterly, others annually, and all have the caveat: “and repeated after a significant change”, this accounts for the qualifier “minimum” adjacent to the initial scan counts above.

Please refer to separate guidance on what constitutes a “significant change”.

PCI is VERY unforgiving if ASV scans do not occur within a 90-92 day cadence. Remedial or correction scans must be provided as soon as practicable to prove that the CDE was vulnerable for the shortest practical period. A client may not wait for the next month’s scan to prove remediation. However, if a vulnerability takes a long time to fix, documentation of following the process and mitigating arrangements (such as additional firewall or IDS/IPS configurations) will need to be shown instead.

Many entities miss four of the required quarterly scans since they are not explicitly defined in the Standard but are referenced in Section (not Requirement) 3.1 of the Report on Compliance, which asks about the environment and methodology used to confirm the scope of the CDE. (Requirement 3.1 is in Section 6 of the ROC).

The scan they miss is the one that answers the question “how did you prove there is no cardholder data (CHD) outside the Cardholder Data Environment (CDE)”. Since Requirement 3.1.b asks for proof of a quarterly process to ensure that all legitimate CHD is identified and removed when its retention limit expires, it follows that the scans for unexpected CHD should be subject to at least the same periodicity.

In fact, unexpected CHD can be a breach risk, and while processes should ensure unexpected CHD is impossible to create, staffers can sometimes create ad-hoc processes to overcome limitations of the sanctioned ones. The unexpected CHD could become problematic in many ways. Physical and logical access may not be limited to those with a job-specific function; encryption may not be performed; the process is undocumented and therefore unmaintained; retention may be non-compliant with policies; disposal may be insecure or non-existent.

Two likely places to find unexpected CHD are the test (QA) environment, and operating system-, or web server application-, level crash dumps. For a large organization with many staff, we recommend scanning the systems of all personnel with direct primary account number (PAN) access or implementing a DLP solution that monitors everything real-time.

To close, every scan should be producing log information and even, possibly, alerts about security issues. Some organizations whitelist the tester to allow more in-depth testing after uncredentialed tests are complete, or if the blocking threshold is too low.

Please check the logs to ensure that you are seeing the testing and adjust thresholds or configurations appropriately. If you whitelist the tester or silence the alerts because you “know it’s coming from the testing”, remember to take them off the whitelist and re-enable the alerts after testing completes. It’s also good practice to review the logs and alerts anyway to make sure no-one piggybacked on the testing to achieve anything nefarious.

Required scans

Frequency	Description	PCI DSS v3.2.1 Reference
Quarterly	Non-CDE scans for escaped CHD	ROC Section 3.1 Question #2
Quarterly	Wireless scans	11.1
Quarterly	Internal network vulnerability scan	11.2.1
Quarterly	External vulnerability scan ASV	11.2.2
As needed	Rescans if problems were found	11.2.3
Annually and as needed	External penetration test	11.3.1
Annually and as needed	Internal penetration test	11.3.2
As needed	Remediation and rescan	11.3.3
Annual (every six months for Service Providers)	Segmentation test	11.3.4 (11.3.4.1 for Service Providers)
Annually and as needed	Software vulnerability scan (different from 11.3)	6.6
As needed	After significant changes	Multiple

 

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Scans required for PCI DSS compliance appeared first on Cybersecurity Insiders.

Being a mother and working in cybersecurity necessitates unique skillsets. As mothers, we understand time management, communication, and positive reinforcement. We emphasize the value of clear instructions and providing positive reinforcement. Mothers possess the capacity to remain calm and composed in any circumstance, while also possessing the skillset needed to coach, teach, or evaluate a situation. We excel at active listening which gives us an in-depth comprehension of any issue at hand.

Ultimately, mothers make invaluable assets to the cybersecurity field. We understand the necessity of prioritization and how to make the most out of any situation. We recognize that we cannot have it all at once, but together we can achieve a healthy work/life balance by delegating or outsourcing where feasible. Together, we can secure our futures – both at home and at work – by taking steps towards security today and tomorrow.

Prioritization

Prioritization is an integral element of cybersecurity. Organizations use it to prioritize tasks and resources, detect potential vulnerabilities, take immediate action to reduce the risk of attack, set achievable goals, and stay motivated towards achieving those objectives. By prioritizing their efforts, companies can guarantee their networks and data remain fully safeguarded.

Prioritization helps organizations identify which potential threats and risks are the most critical, so they can prioritize them for priority action. Prioritizing also helps organizations allocate their resources efficiently to tackle the most pressing concerns. By adopting a proactive cybersecurity approach, companies can better safeguard their data, systems, and networks from malicious actors.

Investments in Cybersecurity

When it comes to prioritizing investments in cybersecurity, we understand the critical need for organizations to have adequate resources and technology to protect networks and data. Investing in advanced technology can help organizations stay ahead of threats while providing protection from current ones. Furthermore, investing in training, awareness, and incident response programs helps organizations remain prepared and mitigate any potential risks.

Prioritizing alerts in cyber operations requires organizations to make sure they receive essential information quickly. We believe organizations must be alerted when suspicious activity is detected and be able to act swiftly. Furthermore, organizations must assess potential risks and mitigate them as quickly as possible.

Finally, we understand the criticality of prioritizing active response, risk mitigation, customers, and people – not to mention brand and reputation. Organizations should create an comprehensive active response plan tailored specifically for their requirements. Additionally, we recognize the significance of understanding and managing risk; organizations should prioritize their customers, people, zero trust, brand and reputation to guarantee maximum security.

Overall, mothers can be invaluable resources in this field of cybersecurity. We understand the critical role prioritization plays and how to maximize any situation. By prioritizing investments, alerts, active response plans, risk assessments, customers and people issues as well as zero trust policies – not to mention brand and reputation protection – we can create a cybersecurity strategy that safeguards our organizations from malicious attacks.

The post Happy Mother’s Day! Serving, surviving, and thriving as a mom with a cyber career appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious when it looks normal, so it’s up to their company to properly train workers in prevention and detection.

Phishing attacks are becoming more sophisticated

Misspellings and poorly formatted text used to be the leading indicators of an email scam, but they’re getting more sophisticated. Today, hackers can spoof email addresses and bots sound like humans. It’s becoming challenging for employees to tell if their emails are real or fake, which puts the company at risk of data breaches.

In March 2023, an artificial intelligence chatbot called GPT-4 received an update that lets users give specific instructions about styles and tasks. Attackers can use it to pose as employees and send convincing messages since it sounds intelligent and has general knowledge of any industry.

Since classic warning signs of phishing attacks aren’t applicable anymore, companies should train all employees on the new, sophisticated methods. As phishing attacks change, so should businesses.

Identify the signs

Your company can take preventive action to secure its employees against attacks. You need to make it difficult for hackers to reach them, and your company must train them on warning signs. While blocking spam senders and reinforcing security systems is up to you, they must know how to identify and report themselves.

You can prevent data breaches if employees know what to watch out for:

• Misspellings: While it’s becoming more common for phishing emails to have the correct spelling, employees still need to look for mistakes. For example, they could look for industry-specific language because everyone in their field should know how to spell those words.
• Irrelevant senders: Workers can identify phishing — even when the email is spoofed to appear as someone they know — by asking themselves if it is relevant. They should flag the email as a potential attack if the sender doesn’t usually reach out to them or is someone in an unrelated department.
• Attachments: Hackers attempt to install malware through links or downloads. Ensure every employee knows they shouldn’t click on them.
• Odd requests: A sophisticated phishing attack has relevant messages and proper language, but it is somewhat vague because it goes to multiple employees at once. For example, they could recognize it if it’s asking them to do something unrelated to their role.

It may be harder for people to detect warning signs as attacks evolve, but you can prepare them for those situations as well as possible. It’s unlikely hackers have access to their specific duties or the inner workings of your company, so you must capitalize on those details.

Sophisticated attacks will sound intelligent and possibly align with their general duties, so everyone must constantly be aware. Training will help employees identify signs, but you need to take more preventive action to ensure you’re covered.

Take preventive action

Basic security measures — like regularly updating passwords and running antivirus software — are fundamental to protecting your company. For example, everyone should change their passwords once every three months at minimum to ensure hackers have limited access even if their phishing attempt is successful.

Training ensures employees are prepared since they’re often highly susceptible to attacks. The cybersecurity team can create phishing simulations to mimic actual threats. For example, they send emails with fake links and track how many people click them. If anyone does, you can retrain them on proper behavior to ensure it doesn’t happen again. With attacks becoming more intelligent, preparing the company for everything is essential.

Know how you’ll respond

You can remain protected even when phishing attacks are successful as long as you have the proper security measures in place. For example, out of the 1,800 emails one company received during an attack, 14 employees clicked the link because they didn’t notice the warning signs. Even though the malware was set to install, almost every device remained unaffected because they were updated and secured. The company detected malicious software on the one that wasn’t secured and fixed the issue within hours.

Training can’t prevent every employee from clicking on malicious links or attachments, so you must have a proper response. You can still prevent attacks at this stage if you and your company’s employees know what comes next.

Updated security software and procedures will protect against sophisticated phishing attacks:

• Reporting: Ensure everyone knows how to report to you so you can react quickly to the potential threat. They must identify the signs they’ve clicked on a malicious attachment.
• Prevention: Software that blocks malware from being downloaded will prevent the attack from being successful.
• Detection: Employees must identify if their hardware is being affected and detection software must alert you of a successful breach.
• Response: You should clean any affected hardware immediately to stop the attack from doing damage.

Sophisticated phishing attacks aren’t avoidable, but you can minimize their effects if you manage your response. It’s likely they won’t recognize the email is malicious if they click the link thinking it’s legitimate, so you must train them on the appropriate identification and detection.

Avoid sophisticated phishing attacks

Training and simulated phishing attempts will help protect your company. Updated passwords and security systems will also make your systems more secure. You can prevent sophisticated attacks targeting employees if employees know how to recognize warning signs and the proper procedures.

The post Preventing sophisticated phishing attacks aimed at employees appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Intro

In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. Emotet and Qakbot, among other high-end stealers and crypters, are known malware threats that use OneNote attachments.

Researchers are currently developing new tools and analysis strategies to detect and prevent these OneNote attachments from being used as a vehicle for infection. This article highlights this new development and discusses the techniques that malicious actors use to compromise a system.

Attack chain

With the disablement of VBA macros, threat actors have turned to using OneNote attachments as a new way to install malware on an endpoint. OneNote attachments can contain embedded file formats, such as HTML, ISO, and JScripts, which can be exploited by malicious actors. OneNote attachments are particularly appealing to attackers because they are interactive and designed to be added on to and interacted with, rather than just viewed. This makes it easier for malicious actors to include enticing messages and clickable buttons that can lead to infection. As a result, users should exercise caution when interacting with OneNote attachments, even if they appear to be harmless. It is essential to use updated security software and to be aware of the potential risks associated with interactive files.

Email – Social engineering

Like most malware authors, attackers often use email as the first point of contact with victims. They employ social engineering techniques to persuade victims to open the program and execute the code on their workstations.

In a recent phishing attempt, the attacker sent an email that appeared to be from a trustworthy source and requested that the recipient download a OneNote attachment. However, upon opening the attachment, the code was not automatically updated as expected. Instead, the victim was presented with a potentially dangerous prompt.

In this case, as with many OneNote attachments, the malicious actor intends for the user to click on the “Open” button presented in the document, which executes the code. Traditional security tools are not effective in detecting this type of threat.

One tool that can be used for analyzing Microsoft Office documents, including OneNote attachments, is Oletools. The suite includes the command line executable olevba, which can be helpful in detecting and analyzing malicious code.

Upon attempting to execute the tool on the OneNote attachment, an error occurred. As a result, the focus of the analysis shifted towards a dynamic approach. By placing the document in a sandbox, we discovered a chain of scripts that were executed to download and run an executable or DLL file, resulting in more severe infections like ransomware, stealers, and wipers.

Tactics and techniques 

This particular campaign employs encoded JScript data to obscure their code, utilizing the Windows tool screnc.exe. While in encoded form, the Open.jse file is not readable.

After decoding the JScript file, a dropper for a .bat file was uncovered. When executed, the .bat file launches a PowerShell instance, which contacts the IP address 198[.]44[.]140[.]32.

Conclusion

To effectively combat the constantly evolving threat landscape, it is crucial for analysts to stay abreast of the latest attack strategies utilized by malware authors. These approaches can circumvent detection if systems are not appropriately configured to prevent such attachments from bypassing proper sanitization and checks. As such, it is essential for analysts to familiarize themselves with techniques to analyze these attachments. Currently, dynamic analysis is recommended, as placing a sample in a sandbox can provide critical information about the malware, including the C2 servers it connects to, process chain information, and where data is written to on disk and then executed. For more in-depth analysis, analysts should also become familiar with the various file formats typically associated with and embedded within OneNote attachments, such as encoded JSE files, htm documents, and ISOs.

However, the best defense is always prevention. Therefore, security teams must update their systems to detect these types of attachments and educate employees on the dangers of downloading unknown and untrusted attachments.

The post OneNote documents have emerged as a new malware infection vector appeared first on Cybersecurity Insiders.

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.

Requirement 6 of the Payment Card Industry (PCI) Data Security Standard (DSS) v3.2.1 was written before APIs became a big thing in applications, and therefore largely ignores them.

However, the Secure Software Standard  and PCI-Secure-SLC-Standard-v1_1.pdf from PCI have both begun to recognize the importance of covering them.

The Open Web Application Security Project (OWASP) issued a top 10 flaws list specifically for APIs from one of its subgroups, the OWASP API Security Project in 2019. Ultimately if the APIs exist in, or could affect the security of the CDE, they are in scope for an assessment.

API testing transcends traditional firewall, web application firewall, SAST and DAST testing in that it addresses the multiple co-existing sessions and states that an application is dealing with. It uses fuzzing techniques (automated manipulation of data fields such as session identifiers) to validate that those sessions, including their state information and data, are adequately separated from one another.

As an example: consumer-A must not be able to access consumer-B’s session data, nor to piggyback on information from consumer-B’s session to carry consumer-A’s possibly unauthenticated session further into the application or servers. API testing will also ensure that any management tasks (such as new account creation) available through APIs are adequately authenticated, authorized and impervious to hijacking.

Even in an API with just 10 methods, there can be more than 1,000 tests that need to be executed to ensure all the OWASP top 10 issues are protected against. Most such testing requires the swagger file (API definition file) to start from, and a selection of differently privileged test userIDs to work with.

API testing will also potentially reveal that some useful logging, and therefore alerting, is not occurring because the API is not generating logs for those events, or the log destination is not integrated with the SIEM. The API may thus need some redesign to make sure all PCI-required events are in fact being recorded (especially when related to access control, account management, and elevated privilege use). PCI DSS v4.0 has expanded the need for logging in certain situations, so ensure tests are performed to validate the logging paradigm for all required paths.

Finally, both internal and externally accessible APIs should be tested because least-privilege for PCI requires that any unauthorized persons be adequately prevented from accessing functions that are not relevant to their job responsibilities.

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Application Programming Interface (API) testing for PCI DSS compliance appeared first on Cybersecurity Insiders.

In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s future.

As senior leaders revisit their growth strategies, it’s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. These will vary across business units, industries, and geographies. In addition, there is a new delivery model for cybersecurity with the pay-as-you-go, and use-what-you need from a cyber talent pool and tools and platform that enable simplification.

It’s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack.

Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat.

Establish Incident Response support before an attack

In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery.

Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential.

Managing vulnerabilities continues to be a struggle for many organizations today. It’s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them.

Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization’s internal and external parties.

A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models.

Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companies can protect their future and safeguard against the costly consequences of a successful cyberattack.

The post Improving your bottom line with cybersecurity top of mind appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The future of finance is being reshaped by blockchain technology. This revolutionary technology has the potential to revolutionize how people and businesses interact with money, from offering greater transparency and better security to faster speeds and lower costs.

In this article, we look at eight key impacts that blockchain technology has had on the future of financial services. From smart contracts to decentralized finance, these developments are set to change the face of finance in the years ahead. Read on for an overview of how blockchain technology will shape our economic landscape soon.

• The potential to revolutionize payments

One of the most significant impacts of blockchain technology on the future of finance is its potential to revolutionize payments. Blockchain-based payment systems enable secure and transparent transactions without the use of third-party intermediaries, reducing transaction fees and time delays.

What this means, from a macro perspective, is that blockchain-based payments have the potential to drastically reduce costs of cross-border transactions, making them more accessible and efficient. Additionally, these systems can improve the accuracy and reliability of payment processing by helping to eliminate fraud and human error in financial operations.

• Improved asset security and management

Blockchain also has the potential to improve asset security and management. One example of this is smart contracts, which enable automated payments based on predetermined conditions. Smart contracts can help to reduce fraud by automatically executing conditions that both parties have agreed upon, reducing the risk of human error or malicious intent.

Moreover, blockchain-based solutions offer improved transparency when it comes to monitoring the ownership and transfer of assets. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

• Streamlined financial processes

The implementation of blockchain technology can also streamline existing financial processes. For instance, complex reconciliation tasks such as matching payments to invoices can be automated, reducing the time and resources needed to complete the task.

In addition, blockchain-based solutions can be used to facilitate the exchange of data between different financial systems, providing an improved overview of a company’s finances. This could help to reduce manual errors and improve decision-making processes by providing a more comprehensive view of financial performance.

• Greater access to banking services

Another major benefit of blockchain technology is its potential to increase access to banking services, especially in developing countries where traditional banking infrastructure remains limited or nonexistent. By eliminating many of the current barriers associated with opening bank accounts, blockchain-based banking solutions have the potential to open new economic opportunities for those who have previously been excluded from participating in the global financial system.

Furthermore, blockchain-based solutions can also be used to provide access to non-traditional banking services such as microfinance and lending. This could prove particularly beneficial for small businesses and entrepreneurs who may not have had access to these types of services in the past.

Overall, blockchain technology has the potential to revolutionize the future of finance by providing increased security, efficiency, and accessibility when it comes to financial transactions. As more companies embrace this technology, we can expect to see further innovation and disruption in the industry moving forward.

• Improved transparency

The adoption of blockchain technology promises improved transparency when it comes to financial transactions. Other than just payment processing, blockchain-based systems can be used to monitor and track assets, ownership, transfers, and more. This helps ensure accuracy in financial transactions while providing an additional layer of security against theft or tampering with documents.

Furthermore, the transparency provided by blockchain technology can help promote trust between parties involved in a financial transaction. The immutability of records on the distributed ledger allows users to verify that information has not been tampered with, leading to greater confidence when engaging in digital transactions.

• Increased protection against cyberattacks

One of the biggest advantages of blockchain technology is its ability to improve cybersecurity. Its decentralized structure and cryptographic protocols provide an added level of protection against malicious actors attempting to gain access to sensitive data. Additionally, its distributed ledger ensures that all users have access to a shared version of the database, eliminating any risk of data breaches due to single points of failure.

The enhanced security provided by blockchain technology could prove invaluable in protecting financial information from cybercriminals and reducing the chances of costly data breaches.

• Lower costs for businesses

The implementation of blockchain technology can also help reduce operational costs for businesses. By removing the need for intermediaries such as banks or payment processors when conducting transactions, companies can save on transaction fees and other associated costs. This is particularly beneficial for small businesses who may not have had access to traditional banking services in the past.

In addition, blockchain-based solutions can also be used to streamline processes such as accounting and auditing, reducing the time and money spent on manual processes. This could lead to further cost savings for businesses in the long run.

• Smart contracts

Smart contracts are one of the most promising applications of blockchain technology. These digital agreements enable two or more parties to enter into a contractual agreement without needing a middleman or third party. The contract is then stored on the distributed ledger, ensuring that it cannot be modified or tampered with once it has been agreed upon.

Smart contracts can also be programmed with specific conditions that must be met before they can be executed, making them ideal for use in complex financial transactions where trust between all parties involved is required. This could lead to increased efficiency, cost savings, and less risk of fraud or malicious activities.

Overall, the potential applications of blockchain technology in finance are vast and varied. The technology has the potential to revolutionize the financial industry by providing increased security, transparency, efficiency, and accessibility when it comes to digital transactions. This can prove particularly beneficial for small businesses who may not have had access to traditional banking services in the past. As more companies embrace this technology moving forward, we can expect to see further innovation and disruption in the field of finance.

Conclusion

Overall, blockchain technology has the potential to revolutionize the financial sector by providing increased security, transparency, efficiency and accessibility when it comes to digital transactions. This can lead to reduced costs for businesses, improved cybersecurity measures and smart contracts that enable secure agreements between parties.

As this technology continues to evolve, we can expect to see further innovation and disruption in the field of finance. The benefits of blockchain in finance are clear and significant, so companies should take advantage of its many advantages as soon as possible.

The post The impact of blockchain technology on the future of finance appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Analyzing an organization’s security posture through the prism of a potential intruder’s tactics, techniques, and procedures (TTPs) provides actionable insights into the exploitable attack surface. This visibility is key to stepping up the defenses of the entire digital ecosystem or its layers so that the chance of a data breach is reduced to a minimum. Penetration testing (pentesting) is one of the fundamental mechanisms in this area.

The need to probe the architecture of a network for weak links through offensive methods co-occurred with the emergence of the “perimeter security” philosophy. Whereas pentesting has largely bridged the gap, the effectiveness of this approach is often hampered by a crude understanding of its goals and the working principles of ethical hackers, which skews companies’ expectations and leads to frustration down the line.

The following considerations will give you the big picture in terms of prerequisites for mounting a simulated cyber incursion that yields positive security dividends rather than being a waste of time and resources.

Eliminating confusion with the terminology

Some corporate security teams may find it hard to distinguish a penetration test from related approaches such as red teaming, vulnerability testing, bug bounty programs, as well as emerging breach and attack simulation (BAS) services. They do overlap in quite a few ways, but each has its unique hallmarks.

Essentially, a pentest is a manual process that boils down to mimicking an attacker’s actions. Its purpose is to find the shortest and most effective way into a target network through the perimeter and different tiers of the internal infrastructure. The outcome is a snapshot of the system’s protections at a specific point in time.

In contrast to this, red teaming focuses on exploiting a segment of a network or an information / operational technology (IT/OT) system over an extended period. It is performed more covertly, which is exactly how things go during real-world compromises. This method is an extremely important prerequisite for maintaining OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities.

Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth.

BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network.

By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are.

Choosing a penetration testing team worth its salt

Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of the game:

• Background and expertise. The portfolio of completed projects speaks volumes about ethical hackers’ qualifications. Pay attention to customer feedback and whether the team has a track record of running pentests for similar-sized companies that represent the same industry as yours.
• Established procedures. Learn how your data will be transmitted, stored, and for how long it will be retained. Also, find out how detailed the pentest report is and whether it covers a sufficient scope of vulnerability information along with severity scores and remediation steps for you to draw the right conclusions. A sample report can give you a better idea of how comprehensive the feedback and takeaways are going to be.
• Toolkit. Make sure the team leverages a broad spectrum of cross-platform penetration testing software that spans network protocol analyzers, password-cracking solutions, vulnerability scanners, and for forensic analysis. A few examples are Wireshark, Burp Suite, John the Ripper, and Metasploit.
• Awards and certifications. Some of the industry certifications recognized across the board include Certified Ethical Hacker (CEH), Certified Mobile and Web Application Penetration Tester (CMWAPT), GIAC Certified Penetration Tester (GPEN), and Offensive Security Certified Professional (OSCP).

The caveat is that some of these factors are difficult to formalize. Reputation isn’t an exact science, nor is expertise based on past projects. Certifications alone don’t mean a lot without the context of a skill set honed in real-life security audits. Furthermore, it’s challenging to gauge someone’s proficiency in using popular pentesting tools. When combined, though, the above criteria can point you in the right direction with the choice.

The “in-house vs third-party” dilemma

Can an organization conduct penetration tests on its own or rely solely on the services of a third-party organization? The key problem with pentests performed by a company’s security crew is that their view of the supervised infrastructure might be blurred. This is a side effect of being engaged in the same routine tasks for a long time. The cybersecurity talent gap is another stumbling block as some organizations simply lack qualified specialists capable of doing penetration tests efficiently.

To get around these obstacles, it is recommended to involve external pentesters periodically. In addition to ensuring an unbiased assessment and leaving no room for conflict of interest, third-party professionals are often better equipped for penetration testing because that’s their main focus. Employees can play a role in this process by collaborating with the contractors, which will extend their security horizons and polish their skills going forward.

Penetration testing: how long and how often?

The duration of a pentest usually ranges from three weeks to a month, depending on the objectives and size of the target network. Even if the attack surface is relatively small, it may be necessary to spend extra time on a thorough analysis of potential entry points.

Oddly enough, the process of preparing a contract between a customer and a security services provider can be more time-consuming than the pentest itself. In practice, various approvals can last from two to four months. The larger the client company, the more bureaucratic hurdles need to be tackled. When working with startups, the project approval stage tends to be much shorter.

Ideally, penetration tests should be conducted whenever the target application undergoes updates or a significant change is introduced to the IT environment. When it comes to a broad assessment of a company’s security posture, continuous pentesting is redundant – it typically suffices to perform such analysis two or three times a year.

Pentest report, a goldmine of data for timely decisions

The takeaways from a penetration test should include not only the list of vulnerabilities and misconfigurations found in the system but also recommendations on the ways to fix them. Contrary to some companies’ expectations, these tend to be fairly general tips since a detailed roadmap for resolving all the problems requires a deeper dive into the customer’s business model and internal procedures, which is rarely the case.

The executive summary outlines the scope of testing, discovered risks, and potential business impact. Because this part is primarily geared toward management and stakeholders, it has to be easy for non-technical folks to comprehend. This is a foundation for making informed strategic decisions quickly enough to close security gaps before attackers get a chance to exploit them.

The description of each vulnerability unearthed during the exercise must be coupled with an evaluation of its likelihood and potential impact according to a severity scoring system such as CVSS. Most importantly, a quality report has to provide a clear-cut answer to the question “What to do?”, not just “What’s not right?”. This translates to remediation advice where multiple hands-on options are suggested to handle a specific security flaw. Unlike the executive summary, this part is intended for IT people within the organization, so it gets into a good deal of technical detail.

The bottom line

Ethical hackers follow the path of a potential intruder – from the perimeter entry point to specific assets within the digital infrastructure. Not only does this strategy unveil security gaps, but it also shines a light on the ways to resolve them.

Unfortunately, few organizations take this route to assess their security postures proactively. Most do it for the sake of a checklist, often to comply with regulatory requirements. Some don’t bother until a real-world breach happens. This mindset needs to change.

Of course, there are alternative methods to keep abreast of a network’s security condition. Security Information and Events Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and vulnerability scanners are a few examples. The industry is also increasingly embracing AI and machine learning models to enhance the accuracy of threat detection and analysis.

Still, penetration testing maintains a status quo in the cybersecurity ecosystem. That’s because no automatic tool can think like an attacker, and human touch makes any protection vector more meaningful to corporate decision makers.

The post Looking at a penetration test through the eyes of a target appeared first on Cybersecurity Insiders.