Category: Detect

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Gift for cyber well being

During the holiday season, it is essential to take extra precautions when it comes to cybersecurity. Cybercriminals may be more active than usual, looking for ways to exploit unsuspecting users. Protect yourself and your loved ones, ensure that you and they are up to date with the latest security software, and be mindful of potential scams.

Furthermore, only visit trusted websites and know the risks before making technological purchases. Cyber security can seem complicated, but anyone can protect themselves from common cyber threats with the correct information. Additionally, be aware of the various scams aimed at senior citizens during the holidays, such as fake holiday deals, phishing emails, fake charities, sweepstakes, or even threats to disconnect a senior's utilities. Taking these extra precautions can help ensure a safe and secure holiday season.

The pandemic has highlighted the need for an intergenerational cyber awareness program to help seniors and their grandchildren stay safe online. Using a grandchild's name for a password may be cute, but it's not always the safest option. Educating them and their grandchildren about the risks and best practices of using technology is essential to promote cyber well-being for seniors. A conversation between generations can be a powerful tool for increasing cyber security and safety. By providing age-appropriate lessons, we can create a strong bond across generations and make sure that everyone can stay safe online

No matter your age, staying informed about cyber security is essential today. Elder fraud is becoming increasingly common, with scams taking different forms, such as fraudulent phone calls, phishing attempts through email and social media, or shopping scams. It is essential for everyone to be aware of the risks associated with the online world and to be responsible digital citizens.

To make this easier, it takes a “cyber village” to help raise savvy cyber citizens. For example, I have been able to explain the importance of cyber to my grandparents. They enjoy using iPad and social media to stay connected and are a great example of how anyone can become a responsible digital citizen.

Be aware of the potential dangers of oversharing online, particularly on social media. Personal details such as your name, family member's name, home address, telephone numbers, and even answers to your secret question when you set passwords should be kept private. Be wary if you're ever contacted online by someone who requests this information. It is best to ignore unsolicited requests for personal information, including Social Security numbers, bank account numbers, and passwords.

Be on the lookout for any suspicious deals, discounts, or coupons that may be sent to you via email. It is essential to be aware of phishing scams, which often involve requests for you to act urgently to take advantage of a deal or prize. Also, be mindful of attachments containing malicious content, as they can infect your computer with a virus. Be vigilant and know how to spot any malicious baits confidently.

A password manager can be your friend: Change the default password if you have a device that will connect to the Internet. A device is not just your phone or laptop; everything from your Internet router, TVs, and home thermostats to Wi-Fi is included. What does a strong password look like? Use a phrase instead of a word. “Passphrases” are easy to remember but difficult to guess. If the field allows, use spaces as special characters for added strength, making the phrase easier to type.

Longer is stronger for passwords. The best passwords are at least ten characters and include some capitalization and punctuation. Typing the passphrase becomes a habit (usually within a few days). Some additional strategies include misspelling, a nursery rhyme, a movie quote, or song lyrics with a twist.

Don't fall for free Wi-Fi: Be smart about where and how you connect to the Internet for banking or other communications involving sensitive personal information. Public Wi-Fi networks and computers at places such as libraries or hotel business centers can be risky if they don't have up-to-date security software. The process starts now with teaching our family, especially older generations, how to interact with new technologies safely

When in doubt, reach out! Beware of scammers, especially during the holidays. A stranger may claim an urgent emergency involving your grandchild and ask for thousands of dollars by declaring a critical emergency involving a child or grandchild, posing as a kidnapper demanding ransom or grandchildren in distress.

Also, no tech support company will call you. If anyone pressures you to buy a computer security product or says, a subscription fee is associated with a call, hang up. If you're concerned about your computer, call your security software company and ask for help. Watch out for copycat websites too.

During the holidays, you'll see an increase in-store sales emails. Be sure to verify the sender's address, hover over links before clicking to see the URL address, and only enter information into websites with URLs that start with “HTTPS.” Also, beware of fake delivery notifications. Once you place an online order that requires shipping, you'll usually receive delivery notifications telling you when your order has shipped and your expected delivery date. However, some of these notifications can be phishing scams that hide behind legitimate business names to get your private information. To avoid falling victim to these scams, make sure you receive tracking information so that you can easily find your items

Have you done your cyber exercises? It's important to remember that passwords should be kept secret, just like your special cookie recipe. Even though these tips may not be new for the holidays, reviewing and applying them to your normal activities is still essential. During the holiday season, when the cousins come to visit or when you make your famous cookie recipe, things can get a little bit busier. So, to ensure that your festive season isn't ruined, here are the top 10 tips to help you stay cyber-secure:

1. I avoid using free Wi-Fi and use a VPN or my mobile phone as a hotspot when going online.
2. I disable auto-connect on my devices and keep track of my laptop, smartphone, tablet, and accessories such as USB drives, especially while on the go.
3.  I don't leave my devices unattended in public places and avoid using the same password for different accounts.
4. I change my passwords regularly and ensure they are at least ten characters long, involve a mix of upper- and lower-case letters plus symbols and numbers, and avoid the obvious. I also change the default passwords on my connected devices, such as Wi-Fi routers and printers.
5.  I never write my passwords down or share them with others, and I avoid clicking on suspicious links or links I'm unsure of.
6. I don't open suspicious emails or attachments and never click on ads that promise free money, prizes, or discounts.
7. I am wary of strange or unexpected messages, even from people I know, and I don't answer personal questions when using a text or voice chat online gaming session.
8. When using social media, I limit the personal information I post and only add people I know.
9. Before I act, I search for information about a proposed offer and never send money or personally identifiable information to unverified people or businesses.
10. I use reputable antivirus software and ensure I regularly update them, and I never share financial account information or allow anyone access to my accounts.

Sources

https://www.safewise.com/faq/senior-safety/senior-internet-protection/#Basic_Online_Safety

https://www.cyber.nj.gov/informational-report/stay-cyber-safe-this-holiday-season

The post Cybersecurity for seniors this holiday season: all generations are a target appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Apple is typically known for its minimal design, user-friendly UI, and hardware. But, the success of their products, especially iPhones, has long relied upon timely cybersecurity updates and their effectiveness. The prolonged support that they promise to their devices, in addition to hardware, also revolves around the OS and security updates.

That’s why you may still see security updates for older devices that aren’t upgradable to iOS 16 still being released. We’ll talk about a few latest security updates that have recently surfaced because of known and unknown vulnerabilities.

However, as a user, you may like to know how these updates are prioritized and why you should update your devices regularly.

Every vulnerability that has been detected gets ranked by a Common Vulnerability Scoring System (CVSS) and is denoted by a CVE serial number (CVE-Year-XXXXXX) that is used to track its status. For example, the log4j vulnerability, which impacted millions of systems worldwide, was ranked 10 out of 10. The updates are prioritized and released depending on that score. 

iOS 15.7.2 security update

The major security updates of iOS 15.7.2 are discussed below.

AppleAVD (Malicious Video File)

With a CVSS score of 7.8 and regarded as a high risk, AppleAVD vulnerability (CVE-2022-46694) increases the potential risk of a malicious video file writing out-of-bound and executing kernel code. Although user interaction is required for the vulnerability to be efficacious, risky downloaded videos may present issues with privacy and cybersecurity with this. The vulnerability was patched with improved input validation.  

AVEVideoEncoder (Kernel Privileges)

Like AppleAVD, AVEVideoEncoder vulnerability (CVE-2022-42848) also has a 7.8 CVSS score. However, the difference between these two is the AVEVideoEncoder vulnerability is related to an app that can access kernel privileges through user interaction and execute arbitrary code to jeopardize user security. The issue was fixed with improved checks.  

File System (Sandbox Issue)

In cybersecurity, sandbox defines a virtually isolated environment to run, observe, and analyze code. Typically, sandboxing is facilitated to imitate user interaction without involving active users. However, in complex operating systems like iOS, each app is caged in its own sandbox to limit its activity. The File System Vulnerability (CVE-2022-426861) revolves around malicious apps breaking out of the sandbox and executing kernel code. As it doesn’t require user interaction to act maliciously, it has a very high CVSS rating of 8.8. The issue was patched with improved checks. This vulnerability is one of the most critical reasons why you should stay updated with the latest iPhone releases.

Graphics Driver (Malicious Video File, System Termination)

With a medium CVSS rating of 5.5, the CVE-2022-42846 Graphics Driver vulnerability is capable of terminating systems through buffer overflow with malicious video files crafted for that particular purpose. Although user interaction is required, the impact of such attacks has severe implications on user experience and integrity. The issue was patched in the security update 15.7.2 with improved memory handling.

libxml2

libXML2 is generally used for parsing XML documents that transport text files containing structured data. This particular vulnerability with libxml2 (CVE-2022-40304) is assigned a CVSS base score of 7.8 and is capable of corrupting a hash table key—ultimately leading to logic errors—making the programs behave arbitrarily. This issue had occurred due to an integer overflow and was mitigated through improved input validation. 

WebKit (Processing Malicious Web Content)

Websites without security certifications and compliances often contain malicious codes that may lead to cybersecurity issues. As these malicious actors do their best to hide the fact, this particular WebKit issue (CVE-2022-46691) comes with a CVSS score of 8.8 and is considered a direct threat to the security of iPhones and iPads. This was patched in the latest update through improved memory handling.

iOS 16.2 security update

Most of the updates mentioned in the 15.7.2 update are also present in the 16.2 security patch released on 13th December 2022 for devices like the Apple iPhone 14 Plus. We won’t be discussing them again unless there is a major difference present in how the vulnerability was patched.

Accounts (Unauthorized User Access)

The CVE-2022-42843 vulnerability, AKA Accounts, is a 5.5-grade low-level issue that has been patched in the 16.2 security update. The issue mainly revolves around users viewing sensitive information of other users. While it has a high confidentiality impact, it doesn’t particularly affect the integrity of the apps or the database. The issue was fixed through improved data protection measures.

AppleMobileFileIntegrity (Bypass Privacy Preferences)

Privacy is considered paramount for iPhones. Although still a medium risk (5.5) vulnerability, the AppleMobileFileIntegrity issue (CVE-2022-42865) was prioritized in the recent updates due to apps using this to bypass privacy preferences and breach user confidentiality. This issue was fixed by enabling hardened runtime that prevents code injection, process memory tampering, and DLL hijacking.

CoreServices (Removal of Vulnerable Code)

Owing to the close nature of Apple, the CoreServices update (CVE-2022-42859) doesn’t specify any major changes that were made to the codes, but it promises to have removed a piece of vulnerable code that could enable an app to bypass privacy preferences to jeopardize confidentiality. The CVSS score is a medium 5.5 for this update.

GPU Drivers (Disclose Kernel Memory)

An issue with the GPU drivers in the CVE-2022-46702 vulnerability was detected for a malicious app to be able to disclose kernel memory. Kernel memory is strictly local memory loaded in the physical device's RAM. As user interaction is required for the app to act maliciously, a medium 5.5 CVSS score was given. The issue was fixed to better memory handling.

ImageIO (Arbitrary Code Execution)

Mostly related to iCloud, but also seen in iOS itself, ImageIO issue with CVE-2022-46693 was detected to empower malicious files to execute arbitrary code. It was given a high CVSS score of 7.8 due to the arbitrary nature of the vulnerability. However, it requires user interaction, like locating and downloading that file(s). This out-of-bound issue was mitigated through improved input validation.

The bottom line

As you may already have understood, these updates are critical for your device to function securely and keep you safe from identity thefts and literal monetary risks. As these vulnerabilities are often made public for development purposes, malicious criminals often try to target devices that are yet to be updated. Therefore, you shouldn’t wait even a single day to install them.

The post How do the latest iPhone updates address Cybersecurity issues? appeared first on Cybersecurity Insiders.

Cybersecurity is a relatively new discipline in the realm of computing. Once computing became more democratized with PCs connected via local area networks (LAN) and client/server environments, adversaries quickly saw opportunities. The more democratized computing – the more risk and the potential for cyber adversaries.

Dealing with cyber risk and adversaries is now part of a normal business plan. Gone are the days of instilling fear, uncertainty, and doubt (FUD) about the potential of a bad actor. The days of nefarious hackers in hoodies lurking in the shadows are gone.

Businesses of all types and sizes now know that cybersecurity is part of a solid business plan. Security is no longer relegated to a team of really smart experts; security is a business enabler and builder of digital trust.

As we move to 2023, we will continue to see computing more democratized. With the advent of more edge computing (according to the 2022 AT&T Cybersecurity Insights Report, 75% of organizations are on a journey to the edge, the way we interact with technology is rapidly shifting. We are moving from input/output types of functions to more seamless interactions that deliver outcomes.

With more of a focus on outcomes, security becomes the center of focus in the new democratized era of computing. We are just getting started with ideas for edge computing. And, by association, we are just getting started with what security means.

Here are my predictions for some of the trends and highlights we will see in cybersecurity landscape in the year ahead.

Move to the edge

A new paradigm of computing is upon us. This new era is underpinned by 5G and edge.

Edge is a word we have heard for quite some time, but in general conversation lacks a consistent definition. Vendors and business users alike tend to define edge in accordance with the technology stack being sold or used.

When thinking about edge, consider these three characteristics as a starting point:

• A distributed model of management, intelligence, and networks
• Applications, workloads, and hosting closer to users and assets that are generating or consuming the data – may be on-premise or in the cloud
• Software defined

Edge use cases are largely driven by the world of the internet of things (IoT) that collect and transmit data to make logical and rational decisions to derive an outcome.

In 2023, we should expect to see an accelerated full-scale rollout of edge use cases in areas such as:

• Real-time fraud detection for financial services
• Automated warehousing with near real-time inventory management
• Near real-time visual inspections for uses as varied as manufacturing assembly lines, passport control at border crossing, and available parking spaces

These use cases require connected systems from the network layer through to application monitoring/management, and require each component to be secure in order to derive the desired outcome.

With more democratized computing, security is no longer isolated, it is central to delivering strong business outcomes.

In 2023, expect to see more edge use cases and applications. For successful implementation and with security at the core, expect to see the erosion of decades-old siloes such as networking, IT, app development, and security begin to fade away and enable more cross-functional work and roles.

Read more about the edge ecosystem in the upcoming 2023 AT&T Cybersecurity Insights Report due out January 24, 2023. Check out our previous reports available here for: 2022 and 2021.

Disaggregation of the network

Networks are becoming more intelligent. The idea of disaggregation, the separation into component parts, means that some security tools may be able to become part of the network.

Following the theme of software-defined, disaggregated networks can bring in the security components needed at a specific time. Think about a network infected with malware. In the scenario of a disaggregated network, a new instantiation may be easily and quickly spun up and the propagation of malware across the network avoided.

Admittedly, widespread implementation and adoption of disaggregation will take more than the next 12 months. However, expect to see the start of this game-changing technology in 2023.

Data lifecycle

Edge computing is all about data – collecting, using, and enriching.

From a security perspective, expect to see solutions that focus on the data lifecycle to help organizations make sure that data governance policies are automated and enforced.

As more edge applications are deployed the sheer amount of data will multiply at a rapid scale. Data, at the heart of the edge app, needs to be protected, intact/trusted, and usable.  It is critical to make sure the data lifecycle is managed with the proper data governance policies.

In 2023, expect to have more emphasis and focus placed on data – the collection, management, use, and governance.

Application security

Security is central to a successful business, and in a software-defined world, applications or apps are the connecting point.

Application security is seemingly the last frontier of an ecosystem built with security in mind. In 2001 the Open Web Application Security Project (OWASP) was formed with the goal of identifying the most common web application security vulnerabilities. In the 21 intervening years since the founding of OWASP and their noble work in the field of application security, little has changed. The OWASP Top 10 has not seen radical shifts.

The scant change in the OWASP Top 10 over two decades is indicative of gaps in security strategies and siloed application developers. Moving to an edge compute paradigm, graphical user interface (GUI) based apps give way to headless or non-GUI applets and application programming interfaces (APIs). In fact in 2019 OWASP issued a OWASP top 10 for APIs.

APIs and applets are about computer program to computer program communication. It is critical that the software development lifecycle (SDLC) embrace security as a non-functional requirement. This need may require developers to re-assess software engineering practices and work in more systematic ways.

In 2023, expect application security to be a top priority as organizations move to the edge and understand the importance of security as a central priority for the business – including at the application level.

Threat intelligence

Threat intelligence, the gathering of information about attacks on an organization from a variety of sources, will continue to be an essential component of security.

With edge computing and the expansion of IoT devices, threat intelligence will relay more granular and refined information about the attack surface. Threat intelligence will continue to be delivered as tactical, strategic, and operational. As more machine learning enrichment is available, consumers of threat intelligence will demand more pertinent and personalized reporting.

In 2023, expect to see the need for more relevant and curated threat intelligence feeds designed to combat specific industries or use cases.

Biometric security

Using biometrics to authenticate identity is nothing new, we have been doing this with fingerprints for over 50 years and more recently with facial recognition. In fact, multi-factor authentication (MFA) is frequently framed as something you know – a passcode, something you have – a device, and something you are – a biometric indicator.

We are now seeing celebrities selling their images or digital twins. This means that your favorite actor will continue to be in new movies, at varying ages, indefinitely.

What does this mean for security? Increasingly, we are being asked to authenticate via some sort of biometric. Advancements in digital twins and deepfakes mean there is a need to secure our own physical identities. The abundance of images available of any individual via a quick internet search can yield a treasure trove for an adversary seeking to hack an identity.

In 2023, expect to see more serious discussions regarding digital twins and how to make biometrics more secure.

Cyber/physical

Cybersecurity professionals have secured our cyber world – the electronic bits and bytes that create our computing systems. Increasingly, connected computers are entering a space that was reserved for physical only devices – think internet connected medical devices, internet connected construction devices, and internet connected transportation such as cars, planes, and ships. These previously physical only devices connected to the internet now constitute convergence.

Anything connected to the internet has to be secured and this includes newly converged physical devices that are now considered endpoints.

Making sure that these new style of endpoints are protected from cyber-attacks as well as physical attacks are key.

In 2023, expect to see more solutions focused on protecting the cyber and the physical and expect to see new roles emerge in organizations focused on this new element of security.

Companies born on the edge

Disruption is essential for innovation. As new “born on the edge” companies begin to emerge, the baggage of previous iterations of computing are jettisoned. Just as we saw “born of the web” companies not have to deal with legacy computing systems and infrastructure, “born on the edge” companies will have data and application security embedded from the beginning.

“Born on the edge” companies will take advantage of networks, infrastructure, development practices, and organizational benefits available in 2023. These new types of companies, across industries of all types, will spur on innovation and increase competition. As a result, more businesses will advance edge ecosystems and edge applications to deliver business outcomes.

Expect 2023 to be a year of anticipated disruption as “born on the edge” companies boldly emerge.

Looking forward

Out of necessity, we have seen digital transformation initiatives flourish over the past two years. And, in the last year digital transformation has yielded way to operationalizing what was transformed.

In 2022, we have once again been able to convene in person to discuss, debate, and dream of what is next.

Expect 2023 to be a year where we are reminded of the seemingly endless possibilities of the power of ideas translated to computing.

Here’s to an innovative and exciting 2023!

The post 2023 Cybersecurity predictions appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

What is a bug bounty platform?

As mentioned in Wikipedia: “A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities”.

For instance, Company ‘A’ wants to audit/test it’s apps i.e., web & mobile apps for security vulnerabilities & bugs, it will have two options:

1. Self-host bug bounty / responsible disclosure program

2. List bounty program on bug bounty platforms like Hackerone, BugCrowd etc.

How does a bug bounty program work?

Bug bounties help connect ethical hackers and a firm’s remediation team. A single bug bounty platform allows both parties to unite, communicate, and patch bugs quickly. Bug bounty program managers track the program’s progress by recording bounty payouts, number of vulnerabilities discovered and average resolution time.

Before launching a bug bounty program, the firm sets program scope and determines whether it's private or public. Scope defines what systems are available for testing, how they will carry tests out, and how long the program will be open. Bug bounty programs can be either public or private. Private programs allow firms to make an invite-only program. Private programs aren't visible to anyone online.

Mostly programs start as private, with the option to go public when firms decide they ’re ready. Private programs help firms pace their remediation efforts and avoid overwhelming their security teams with a lot of duplicate bug reports.

Public programs can accept submissions from the entire hacker community, allowing all hackers to test a firm's assets. Because public programs are open, they frequently lead to a high number of bug reports (containing a lot of duplicates however).

Payout of each bounty is set based on the vulnerability’s criticality. Bounty prices can range from several hundred dollars to thousands of dollars, and, in some cases, millions.

Bounty programs give a social and professional element that attracts top-league hackers who are looking for community and a challenge. When a hacker discovers a bug, they submit a vulnerability report. This report shows what systems the bug impacts, how developers doing triage can replicate the bug, and its security risk level. These reports are transferred directly to the remediation teams that validates the bug. Upon validation of a bug, the ethical hacker receives payment for their finding.

Why launch a bug bounty program?

Some would say that why firms resort to bounty programs rather than hiring security professionals. Well, the answer is straightforward, some of them have their own security teams, however once we are talking about big firms like Facebook, Google, etc., they launch and develop loads of software, domains & other products continuously. With this huge list of assets, it nearly becomes impossible for the security teams to pen test all the targets.

Therefore, bounty programs may be an economical approach for firms to regularly check large numbers of assets. Plus, bug bounty programs encourage security researchers to contribute ethically to these firms and receive acknowledgment/bounties. That’s why it makes a lot of sense for big firms to use bug bounty programs.

However, for little budget firms, employing a bug bounty program won't be their best choice as they may receive loads of vulnerabilities that they can’t afford to pay for due to their limited resources.

Top bug bounty platforms

HackerOne

In 2012, hackers and security leaders formed HackerOne because of their passion for making the internet safer. As the leader in Attack Resistance Management (ARM), HackerOne closes the security gap between what organizations own and what they can protect. ARM blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats.

HackerOne is used by big multinational companies such as Google, Yahoo, Twitter, PayPal, Starbucks, GitHub, etc. that have huge revenues and are also willing to pay large amounts to hackers.

Bugcrowd

Bugcrowd is another bug bounty platform that is a huge name in the bug bounty industry. Founded in 2011, it is one of the first, and one of the largest platforms.

Various companies trust Bugcrowd for hosting their vulnerability disclosure programs, and Bugcrowd also offers penetration testing services, and attack surface management.

Currently Bugcrowd has over 1400 bug bounty programs. It has come up with a SaaS solution that blends easily into your existing software lifecycle making it quite easy to run a successful bug bounty program.

Synack

Synack is an American technology company based in Redwood City, California. Synack's business includes a vulnerability intelligence platform that automates the discovery of exploitable vulnerabilities for reconnaissance and turns them over to the company's freelance hackers to create vulnerability reports for clients.

So, if you’re looking for not just a bug bounty service but also security guidance and training at the top level, Synack may be your way to go.

Intigriti

Intigriti helps companies protect themselves from cybercrime. It is a community of ethical hackers that provides continuous, realistic security testing to protect customer’s assets and brand.

This interactive platform features real-time reports of current vulnerabilities and commonly identifies crucial vulnerabilities within 48 hours.

Founded in 2016, Intigriti set out to conquer the limitations of traditional security testing. Today, the company is widely recognized for its innovative approach to security testing, impacting both customers’ security awareness and security researcher’s lives.

Immunefi (Focused on Web3):

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Since its founding, Immunefi has become the leading bug bounty platform for Web3 with the world's largest bounties and payouts.

The post Top bug bounty platforms for organizations to improve security appeared first on Cybersecurity Insiders.

What is CRQC?

Widespread interest in quantum computing continues to expand as computer innovators, scientists, and technology industry leaders vie to position themselves at the top of the pack for quantum computing prowess.  As the buzz continues, I’d like to discuss Cryptographically Relevant Quantum Computers (CRQC) in simple terms.

A CRQC uses quantum mechanical phenomena to quickly solve difficult mathematical problems a classical computer cannot or would take years to complete; additionally, if or when a CRQC is achieved, it will have the calculation skill to break today’s public-key cryptography leaving web based digital communications compromised. 

One of the first lessons I learned from a cybersecurity architect is to never do the same thing when it comes to cybersecurity. Cybersecurity practices should continually change according to evolving threat applications and vulnerabilities. Nonetheless, for the last 30 plus years the US has relied on public-key cryptography to secure digital data globally. With the date looming for CRQC to hit the market, the US is now in a race to replace a decades old standard of encryption to protect vital data.

What is Y2Q?

Years to Quantum (Y2Q) refers to the unknown number of years before there is a CRQC. Quantum systems are now being used and select organizations are providing cloud-based access to these systems for testing and research purposes; however, quantum computers currently in use are not CRQC.  From this point forward we will refer to quantum systems that emerge post Y2Q as CRQC.

As quantum computing evolves and the technology for CRQC comes to reality, no single entity can pinpoint a precise date when CRQC will make an impact on the worlds IT infrastructure.  Speculation ranges from five to 25 years and various organizations have developed Y2Q countdown clocks, arbitrarily specifying date ranges up to 2034, as the deadline by which the world must upgrade its IT infrastructure to meet the Y2Q threat.

Conclusion

As the world awaits Y2Q, government entities and cybersecurity managers, along with medical, telecom and bank industries are generating play books/plans and contingencies to defend against CRQC. While CRQC will pose a considerable threat to enterprises in the future, a wide variety of contingencies are emerging to develop advanced CRQC solutions to alleviate the threat.

While the full range of quantum computer applications steadily grows, it is nevertheless clear that America’s continued technological and scientific leadership will be subject to its ability to sustain a competitive advantage in quantum computing information and systems. Critical infrastructure, security protocols, internet banking in addition to military and civilian communications could be threatened.

Is the United States postured to solidify its role as a world leader in its approach to Y2Q?

The post What is YTQ? appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization.

The initial actions to take in the event of a ransomware attack

• Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices.
• Determine what data has been affected and assess the extent of the damage.
• Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it.
• It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments.
• Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack.

Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions.

Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available.

Strategies cybercrooks employ to obtain funds from victims swiftly

Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include:

• Steal and disclose

Cyber extortionists not only encrypt victims' data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim's reputation and make them more likely to give in to the attackers' demands.

• Destroy keys if a negotiation company intervenes

Some ransomware authors have threatened to delete the private keys necessary for decrypting victims' data if they seek the help of a professional third party to negotiate on their behalf.

•  Launch a DDoS attack

Ransomware attackers often threaten to flood the victim's website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster.

• Cause printers to behave abnormally

Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed.

• Use Facebook ads for malicious purposes

Criminals have been known to use advertising to gain attention for their attacks. In one instance, ransomware developers used Facebook ads to shame their victim by highlighting the organization's weak defenses.

• Stir up anxiety among customers

Ransomware authors may send intimidating emails to the customers of major companies whose data was compromised. The emails threaten to leak the recipients' data unless the affected organization pays the ransom. The attackers encourage the recipients to pressure the affected companies to make the payment quickly.

Do not try to handle the situation on your own

Although ransomware is a trend in the world of cyber-attacks, hackers are not always successful in obtaining the ransom. They constantly have to develop new methods to replenish their arsenal of extortion techniques.

To make life as difficult as possible for hackers, the main thing to do is not to try to act alone. There are well-established mechanisms to counter extortionists.

Do seek professional assistance from others, even if it means losing some or all of your data. There are plenty of organizations and resources that can provide professional assistance and guidance. Some potential options include:

• Cybersecurity experts: These professionals can provide specialized expertise and assistance with recovering your data, as well as advice on how to prevent future attacks.
• Computer emergency response teams: Many countries and regions have organizations known as CERTs that assist with responding to and recovering from cyber incidents, including ransomware attacks.
• Ransomware recovery services: Some companies specialize in helping organizations recover from ransomware attacks and can provide a range of services, including data recovery, threat assessment, and ransomware negotiation.
• Law enforcement: In many cases, it may be appropriate to involve law enforcement agencies. They can help with investigations, help recover data, identify and prosecute the attackers.

It is essential to carefully research and evaluate any resources or services you consider using. Seek advice from multiple sources to find the best way out.

Before negotiations

It is generally not recommended to negotiate with ransomware attackers or pay the ransom. Doing so can encourage further ransomware attacks. Paying the ransom not only supports the attackers' criminal activity but also puts your organization at risk of being targeted again.

Keep in mind that there is no guarantee that the attackers will actually provide the decryption key – even if you do pay the ransom. Therefore, it is important to weigh the risks and potential consequences carefully before deciding to pay.

Ransomware attacks and payments are often carried out anonymously, using encrypted communication channels and cryptocurrency. Hackers usually provide an encrypted chat or email service for communication. Try to negotiate additional channels and means of communication with the adversary. Try to establish a line of communication with the attackers that involves mutual trust (as much as possible in this situation.)

If you decide to negotiate with the attackers and pay the ransom, it is important to keep a record of all communications, including any instructions for paying the ransom. This information may be helpful for law enforcement and cybersecurity experts who are investigating the attack.

Ask the attackers to demonstrate the decryption key and show that it actually works by decrypting several random files. This can help you ensure that you are dealing with the actual attackers and not a third party.

Research the attackers and their past behavior. If the attackers have been known to negotiate or provide the decryption key after receiving payment in the past, this may help to increase your confidence in the negotiation and may also give you leverage to negotiate a lower amount.

Tips for negotiating with the attackers

If you have exhausted all other options and have determined that paying the ransom is the only way to recover your data, here are a few tips for negotiating with the hackers:

1. The attackers may try to pressure you by threatening to destroy or leak data, but it is important not to let this influence your decision. Do not show any signs of desperation or urgency. Remain calm and composed all the time.
2. Do not reveal whether or not you have cyber insurance.
3. Do not offer to pay the entire ransom upfront. Instead, consider offering to pay a small portion of the ransom upfront, with the remainder to be paid after the decryption key has been provided and you have successfully decrypted all data.
4. Consider offering to pay the ransom in a cryptocurrency that you already have and is less commonly used or even less easily traced. This can make it more difficult for the attackers to convert the ransom into actual money and may make them more willing to negotiate a lower amount.
5. Consider offering to publicize the attack and the ransom negotiation in order to put pressure on the attackers. This can make it more difficult for the attackers to extort other victims in the future and may make them more willing to negotiate a lower ransom amount.
6. If the attackers have already agreed to negotiate the ransom amount and have lowered the price, you may try to push for a further reduction by continuing to negotiate and offering a lower amount. However, keep in mind that the attackers are likely to have a minimum amount that they are willing to accept, and it may not be possible to push them to lower the price further.

Be prepared to walk away from the negotiation if the attackers are unwilling to compromise or if the terms they offer are unacceptable, even if it entails losing your data.

How to prevent ransomware attacks

It is always good to focus on preventative measures to avoid falling victim to ransomware in the first place. Here are some tips in this regard:

1. Implement a robust cybersecurity policy that includes regular software updates and the use of security software.
2. Educate your employees about the risks of ransomware and how to protect against it, such as not opening attachments or clicking on links from unfamiliar sources.
3. Take care of backups and implement a disaster recovery plan to ensure that you can restore your data if it becomes encrypted.
4. Use strong, unique passwords and employ MFA where possible.
5. Consider purchasing cybersecurity insurance to protect your company against financial losses resulting from a ransomware attack.

The post The dos and don’ts of ransomware negotiations appeared first on Cybersecurity Insiders.

Secured Access Service Edge (SASE) is an evolving cloud-focused architecture that was released by Gartner in 2019. SASE is designed to solve the problem of network performance and limited security visibility for distributed corporate business systems (infrastructure, platforms, and applications) in the cloud or in the corporate data center as well as the distributed workforce. SASE is complex and resource intensive but can be transformative and provide cost savings with the right partners, like AT&T Cybersecurity, to execute this type of strategic initiative. SASE benefits include the networking technology called Software Defined Wide Area Network (SD-WAN) and four security capabilities called the Secure Service Edge (SSE).

SD-WAN

SD-WAN operates on top (overlay) of an existing Internet circuit. Unlike a dedicated/private WAN circuit, SD-WAN can break out Internet destined traffic closer to where the distributed workforce is located. Internal traffic is backhauled through the SD-WAN network to the data center or cloud where the corporate business systems reside.

Components of the Secure Service Edge

Security Services Edge (SSE) incorporates four main security components used to protect business systems and workforce. These capabilities are cloud-based to support distributed systems and workforce. SSE capabilities include the following:

• Zero Trust Network Access (ZTNA) – Provides segmentation of business systems and users through access control policies. Read more on SASE vs. Zero Trust.
• Firewall as a Service (FWaaS) – Centralized security policy enforcement that can be applied across multiple business locations to give security greater visibility into the network traffic and provide consistent policy enforcement across business systems and users. Read more on SASE firewall.
• Secure Web Gateway (SWG) – Centralized web-based policy enforcement that blocks unapproved Internet traffic while protecting the distributed workforce.
• Cloud Access Security Broker (CASB) – Helps security understand where company data is stored (on-premise or in the cloud) and enforce the business data compliance policies.

How SASE security works

The traditional cybersecurity model operated by building security perimeters around the corporate office and data center where the workforce and applications reside. Security controls were located inside a DMZ between the corporate office and data center so that traffic could be efficiently monitored, managed, and inspected.

Today, business systems and users have moved out of the corporate office and data center into a distributed environment. This creates the following risks.

Business systems

• Lack of centralized visibility and control.
• Difficulty tracking and securing sensitive data.
• Additional costs for security solutions.
• Non-compliance with regulatory or industry requirements.
• Swivel-chair tasks between network and security to support the organization.
• Inefficient routing of network traffic.

Users

• Unknown (home/public Wi-Fi) networks accessing the corporate network.
• Employees accessing business systems from unmanaged devices.
• Inconsistent security profiles between office and VPN users.
• Difficult to enforce principle of least privilege.
• New training requirements for users.

SASE addresses these risks by moving security capabilities out of the data center and into the cloud while deploying an SD-WAN network that aligns with the distributed business environment. This approach provides better network performance, greater security visibility, and a better overall user experience.

How can my business benefit from a SASE model?

Companies that match the profile for SASE have distributed business systems (cloud-based infrastructure, platforms, and applications) and workforce. SASE is designed to solve the problem of network performance and limited security visibility into the company’s distributed environment while also providing these additional benefits.

Cost and support benefits

Reduced complexity – Lowering the number of individual solutions in favor of a single system that integrates multiple features together.

Increased scalability and faster deployment – Align with the dynamic needs of the company and its customers as the network and business systems move, expand, and contract to support the organization.

Outsource maintenance and administration overhead – As an extension of the security and IT team, support the continuous business operations and monitoring required.

Consolidated support contracts – Ensure faster response and recovery by consolidating the number of vendors and partners supporting the SASE environment.

Compatibility with existing business systems – Network and security tools should integrate with distributed businesses systems to control access and protect company data anywhere.

Real-time security prevention – Reduce risk at the WAN edge by gaining greater visibility into network traffic, centralizing security controls, and monitoring through the MSSP.

Optimization benefits

Enhanced user experience – The focus of success in SASE is measured by the improved user experience. These are measured in terms of ease of access and the speed and efficiency of using distributed business systems.

Centralized security controls management – Utilizing the cloud-based security features of Secured Service Edge (SSE) to create a centralized security policy that is applied across the entire organization and workforce.

Log collection and forwarding to anywhere – Logs need to be sent to the where the security tools are located (data center, cloud, MSSP, 3rd party) so that security teams can research and detect events and incidents.

Configuration management and backups – Disaster recovery capabilities that are consolidated, can be used to restore business systems quickly, and are maintained by the MSSP.

Integration with existing security controls – Better security through sharing and collaboration between the tools.

Improved performance and resiliency – Efficient routing of network traffic and the ability to redirect traffic on-demand.

Challenges implementing SASE

Because SASE is strategic, it must be treated as a program with multiple projects that are being performed by different groups including 3rd parties and partners. Companies should be aware of the following challenges so they can avoid prolonged delays in deployment and utilize as many security features as possible to protect the business.

• Maintain an up-to-date application inventory and document application traffic flows. This information is critical during the planning and design phase of the program to perform scaling and sizing estimates of the SASE environment.
• Legacy VPNs need to be inventoried and then analyzed to determine if they are absorbed into the SD-WAN network or need to be recreated in the new environment. This must be completed before the legacy systems hosting VPNs can be decommissioned.
• Organizations that do not have standard security policies, network architecture, and design models will extend the deployment timeline by either customizing SD-WAN per site or reconfiguring the site into a standard model.
• During planning, identify integration with existing security and network tools and plan the tool consolidation so there are no gaps with security capabilities that are being replaced.
• Cross-functional teaming within the organization and with partners is a requirement to successfully deploy a SASE environment. Organizations that have silos and waterfall methodologies will generally require significantly more time to complete the same activities.
• Understand the industry compliance and regulations that could impact how the SASE environment is deployed.
• Define which platforms provide which security features. Using the same security capabilities on two different platforms means double the configuration and twice as much time to troubleshoot when things go wrong.
• Over 95% of Internet traffic is encrypted which cannot be inspected by security capabilities without being decrypted. Build and deploy a public key infrastructure (PKI) and Certificate Authority (CA) program to support SSL/TLS inspection.
• Partner with a managed service provider (MSP) to provide 24/7/365 monitoring, support, visibility, and insight into the SASE environment.

SASE is suite of network and security capabilities that help companies adapt with today’s distributed business and workforce environment. It is complex, resource intensive, and takes time to complete a SASE transformation. Creating a strategy and bringing along the right partners, like AT&T Cybersecurity, who have experience planning, building, deploying, and operating SASE environments goes a long way to achieving success. Contact AT&T Cybersecurity to build your SASE roadmap and learn why we are trusted advisors for more than 7,000 organizations worldwide.

The post What is SASE appeared first on Cybersecurity Insiders.

Have you ever heard the saying that the greatest benefit of the cloud is that limitless resources can be spun-up with just a few clicks of the mouse?  If so, you would be best served by forgetting that saying altogether.  Just because cloud resources can be spun-up with a few clicks of the mouse does not mean that they should be.  Rather, prior to launching anything in the cloud, careful consideration and planning are a necessity.  Otherwise, your company or governmental entity might end up in the news for a security blunder that was easily avoidable. 

This blog series will focus on three Amazon Web Services (AWS) security steps that any entity can employ to immediately and dramatically improve their cybersecurity preparedness.  Specifically, we will discuss 1) setting up Identity and Access Management (IAM) properly, 2) avoiding direct Internet access to AWS resources, and 3) encryption for data in transit or at rest.  These steps can be followed for entities that are either new to AWS or existing customers.  Read on to find out if your organization is already following this easy guidance.

Step 1: Use IAM the correct way

According to AWS, IAM enables account administrators to “specify who or what can access services and resources in AWS, centrally manage fine-grained permissions, and analyze access to refine permissions across AWS.”  AWS IAM | Identity and Access Management | Amazon Web Services.  When entities first create an AWS account, the only user that exists is the root user.  This user has the proverbial “keys to the kingdom” and can literally launch cloud environments that would rival Fortune 500 companies in a short amount of time.  In turn, bills commensurate with a Fortune 500 can quickly be accrued, too.  Accordingly, as we will discuss below, protecting the root account is a crucial first step. 

Protect the root account

In addition to creating a sufficiently complex password, multifactor authentication (MFA) must be enabled.  MFA is achieved by using a third-party authentication mechanism.  Since usernames and passwords are stolen with alarming frequency, incorporating login credentials with MFA makes it much more difficult to compromise an account.  This is because the malicious user would need to know a user’s login name, password, and possess the user’s third-party authentication mechanism.  As long as the latter is securely protected, account compromise is nearly impossible (Note: sessions authenticated with MFA can still be compromised via cross-site scripting (XSS) attacks.  As we will learn later, AWS offers a defense against XSS).

AWS supports the following MFA mechanisms: Virtual MFA devices (e.g., Google Authenticator, Twilio Authy, etc.); FIDO security key (i.e., a USB device); and Hardware MFA device (i.e., a physical device that generates random numbers).  IAM – Multi-Factor Authentication (amazon.com).  Conveniently, Virtual MFA can literally be setup in minutes and has no cost associated with it. 

Additionally, if the AWS root account was created with programmatic access keys, they should be deleted immediately.  Even with MFA in place, if these keys fall into the wrong hands, they can be used to launch everything and anything.  These keys are akin to “God mode.”  Something as simple as accidentally posting the keys on a repo like GitHub is all an attacker would need to take over an account.  Hence, it is necessary to delete them and follow the principle of least privilege by divvying up permissions to IAM users, groups, and roles instead.  Let’s discuss how to securely create each of these IAM principals now.

Create IAM users

If all AWS users shared the same login credentials, accountability for individual actions would not be possible.  For example, if ten people have access to the root login account and the account was used to provision Bitcoin mining instances, it would be impossible to determine the culprit. 

Conveniently, AWS provides entities with the ability to provision individual user accounts via the AWS console (users can also be created in the AWS CLI and AWS API).  For each user created, AWS lets you specify what the user is authorized to do with AWS resources on a granular level.  For instance, if a user in the marketing department needs read only access to a specific folder within an S3 bucket, an IAM policy can created to enable this functionality.  By following the principle of least privilege, the user only gets access to what they need to perform their job.  By limiting what a user can do within AWS, it has the effect of reducing the blast radius of the damage that can be caused by a compromised account or disgruntled employee. 

Luckily, AWS has done a lot of the heavy lifting and has already created IAM policies that are unique to job duties.  Account administrators merely need to associate users with the policies that align with their role.  If customization of a policy is required, AWS provides tools that make this process relatively simple as well.  To learn more about creating IAM users, click here: Creating an IAM user in your AWS account – AWS Identity and Access Management (amazon.com). 

However, for business with hundreds or thousands of IAM users, manually associating policies with each user is not feasible.  Especially if job duties frequently change.  Thankfully, AWS has addressed this problem with IAM groups.

Create IAM groups

If employees perform the exact same job duties and need access to the same AWS resources, they should be placed in an IAM Group.  The IAM group has a policy (or policies) associated with it that provides access to specific AWS resources.  Therefore, every IAM user associated with the IAM group has access to the same resources and they are also bound by the same constraints.  Moreover, changes to the policy associated with the group are implemented with immediate effect.  Hence, IAM groups make end user management convenient and efficient.  To learn more about creating IAM groups, click here: Creating IAM user groups – AWS Identity and Access Management (amazon.com).

At this point, you may be wondering how AWS resources like EC2 instances can securely access other AWS resources, or how entities with active directory (AD) can avoid the creation of duplicate AWS user accounts?  The answer to these questions is IAM roles.

Create IAM roles

AWS resources like EC2 instances or Lambda functions can assume an IAM role with predetermined permissions to access, create, update, or terminate other AWS resources.  Likewise, users federated with a Web Identity Provider (e.g., Facebook, Google, etc.), corporate Active Directory, or another AWS account can assume an IAM role with the same functionality.  Like IAM policies associated with users and groups, an IAM role affords the same level of granular control regarding what an AWS resource or federated user can and cannot do. 

Thus, for AWS resources assuming a role, the security implications associated with hardcoding an IAM user’s credentials in an application can be avoided.  Furthermore, entities with AD or other Web Identity Providers will not require their users to create separate AWS login credentials.  To learn more about IAM roles, click here: IAM roles – AWS Identity and Access Management (amazon.com). 

Now that you know the basics and most important aspects of AWS IAM (in this author’s opinion), the next blog in the series will move on to the next step associated with securing your AWS account – limiting direct Internet access to your resources.

The post Three easy steps to dramatically improve your AWS security posture: Step 1, set up IAM properly appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices. 

So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below. 

1. Compliance with regulations

There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards.

It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place.

2. Protecting enterprise assets

Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data. 

3. Protecting consumer data

Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people.

The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data. 

Thorough and effective cybersecurity awareness training will reduce the chances of employee error leading to customer data being breached. When customer data is safe and protected, it establishes trust between the consumer and the business, and protects both from the liabilities that enterprises with weak security practices are subject to.

4. Establishing skill sets

In addition to protecting both the consumers and the business at large, cybersecurity awareness training can instill knowledge in employees that they will carry with them outside of work hours and use to their benefit, possibly even spreading it to their friends and family. Employees who learn how to detect and mitigate threats such as phishing, ransomware, spoofing, and deepfakes will be able to prevent those types of attacks not only on the company or its customers, but on their own personal data. They may even be more computer-literate in general and more receptive to technological advances that bring about change within the company, rather than being resistant and hesitant to learn. 

5. Constantly changing landscape

Even a company with a highly trained workforce must still make cybersecurity awareness training a priority going forward. The world of computers and data security is constantly shifting and growing, and threats adapt along with it. It is vital to refresh employees’ training and update it to account for significant changes that come about on a frequent basis. No cybersecurity training is effective if it is treated as a “one-and-done” affair, because no training can predict and guard against future advances on both the company’s end and the attackers’ end. 

Conclusion

At the end of the day, a company must be responsible for protecting its own data as well as any data that consumers choose to share with it. All employees have the potential to put this data in danger, so all employees need to undergo cybersecurity awareness training to mitigate that risk. A training program combined with other effective security measures will make sure that employees are prepared to recognize risks, guard against threats, and recognize and react to attacks if and when they do occur. Cybersecurity awareness training programs come in many flavors to meet the varying needs of businesses everywhere, and it is not only advisable but crucial to establish some kind of training for employees.

The post Five reasons why Cybersecurity training is important in 2023 appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

War, economic instability, external threats, and global politics affect the energy sector of a country or region. In addition, cyberattacks on critical infrastructure can cripple the strained energy market.

Europe is facing a severe energy crisis, and European governments are getting prepared for this winter by managing the demands and keeping energy reserves. The EU (European Union) also accelerated the work to improve critical infrastructure defence and resilience. This energy crisis is the outcome of Russia’s war in Ukraine (attacks on pipelines to disrupt the supply chain) and strict Russian policies towards European countries.

Cyberattacks on the energy sector

In addition to the physical challenges, the growing cyberattacks on the energy sector could worsen the energy crisis. According to Energy Security Sentinel, thirteen cyberattacks targeted energy infrastructure this year, making it the highest number of annual attacks over the last six years. Oil and electricity were the most vulnerable infrastructure, followed by gas and shipping.

The cyberattacks don’t only target critical European infrastructure. In 2021, the Colonial Pipeline in the United States was affected by the ransomware attack, which caused authorities to declare a regional emergency in 17 states and Washington, D.C.

The same year, Saudi Aramco – Saudi Arabia’s state oil giant, came under cyberattack. In that case, the hackers asked for $50m extortion money.

Why is the energy sector is a target for cyberattacks?

The energy sector is a lucrative target for financially motivated cybercriminals; they know the companies tend to be financially sound and can pay the heavy ransom to keep their operations running.

The economic activities of a country also rely on the energy sector; thus, a disruption can cause substantial damage. For example, a six-hour winter black-out in France could result in damages totalling over €1.5 billion ($.1.7 billion). It motivates state-sponsored hackers to target the opponent’s critical infrastructure to achieve political outcomes.

Despite the critical nature of the industry, the energy infrastructure is particularly vulnerable for three primary reasons:

• Large attack surface
• Lack of skilled professionals
• Digitalization and integration

Large attack surface

Attack surface refers to all the possible entry points into any system. The energy sector has a broad attack surface. Their attack surface includes distribution networks, supply chains, partners, powerlines, smart meters and so on. Generally, organizations don’t have the capability to monitor or tag their assets, which increases the risk and can leave unprotected doors of entry.

Lack of skilled professionals

People working in critical infrastructure are typically not equipped with the skills required to protect the infrastructure from cyberattacks. Even organizations investing in security products and solutions face the human resource problem, which makes them vulnerable.

Interestingly, the public and private sectors are joining forces to overcome the skilled professional supply problem. ENCS in Europe shares information and knowledge and is owned by grid operators. Similarly, the US House of Representatives passed a bill named “Industrial Control Systems Cybersecurity Training Act”, intending to give free ICS training to IT professionals.

Digitalization and integration

Though digitalization and IT integration facilitate critical infrastructure management and operations, they introduce several security risks. IT/OT convergence arguably raises security risks, such as unauthorized system changes and logic could put human life in danger. The security risk can be minimized by actively monitoring the systems, managing patching carefully and having skilled people protecting the network.

What to do?

The inevitable nature of digitalization could introduce more risks, and cyberattacks could become more frequent and organized. This in turn could worsen the energy crisis. Thus, leaders in the energy sector must build their systems to be cyber resilient and implement a business continuity plan.

Energy organizations must also consider a security by design approach while initiating any energy project, and they must also include cybersecurity leaders and experts on the project.

To achieve economic stability, protecting the energy sector from cyberattacks is vital. This requires organizations and governments to work closely in protecting the energy sector.

The post Cyberattacks could worsen the global energy crisis appeared first on Cybersecurity Insiders.