EXECUTIVE SUMMARY:

Ahead of the U.S. elections, adversaries are weaponizing social media to gain political sway. Russian and Iranian efforts have become increasingly aggressive and transparent. However, China appears to have taken a more carefully calculated and nuanced approach.

China’s seeming disinformation efforts have little to do with positioning one political candidate as preferable to another. Rather, the country’s maneuvers may aim to undermine trust in voting systems, elections and America, in general; amplifying criticism and sowing discord.

Spamouflage

In recent months, the Chinese disinformation network, known as Spamouflage, has pursued “advanced deceptive behavior.” It has quietly launched thousands of accounts across more than 50 domains, and used them to target people across the United States.

The group has been active since 2017, but has recently reinforced its efforts.

Fake profiles

The Spamouflage network’s fake online accounts present fake identities, which sometimes change on a whim. The accounts/profiles have been spotted on X, TikTok and elsewhere.

The fake profiles, including the fake photos, may have been generated through artificial intelligence tools, according to analysts.

Accounts have exhibited certain patterns, using hashtags like #American, while presenting themselves as voters or groups that “love America” but feel alienated by political issues that range from women’s healthcare to Ukraine.

In June, one post on X read “Although I am American, I am extremely opposed to NATO and the behavior of the U.S. government in war. I think soldiers should protect their own country’s people and territory…should not initiate wars on their own…” The text was accompanied by an image showing NATO’s expansion across Europe.

Email security implications

Disinformation campaigns that create (and weaponize) fake profiles, as described above, will have a high degree of success when crafting and distributing phishing emails, as the emails will appear to come from credible sources.

This makes it essential for organizations to implement and for employees to adhere to advanced verification methods that can ensure the veracity of communications.

Advanced email security protocols

Within your organization, if you haven’t done so already, consider implementing the following:

• Multi-factor authentication. Even if credentials are compromised via phishing, MFA can help protect against unauthorized account access.
• Email authentication protocols. Technologies such as SPF, DKIM and DMARC can assist with verifying the legitimacy of email senders and spoofing prevention.
• Advanced threat detection. Advanced threat detection solutions that are powered by AI and machine learning can enhance email traffic security.
• Employee awareness. Remind employees to not only think before they click, but to also think before they link to information – whether in their professional roles or their personal lives.
• Incident response plans. Most organizations have incident response plans. But are they routinely updated? Can they address disinformation and deepfake threats?

Further thoughts

To effectively counter threats, organizations need to pursue a dynamic, multi-dimensional approach. But it’s tough.

To get expert guidance, please visit our website or contact our experts. We’re here to help!

The post Spamouflage’s advanced deceptive behavior reinforces need for stronger email security appeared first on CyberTalk.

By Manuel Rodriguez. With more than 15 years of experience in cyber security, Manuel Rodriguez is currently the Security Engineering Manager for the North of Latin America at Check Point Software Technologies, where he leads a team of high-level professionals whose objective is to help organizations and businesses meet cyber security needs. Manuel joined Check Point in 2015 and initially worked as a Security Engineer, covering Central America, where he participated in the development of important projects for multiple clients in the region. He had previously served in leadership roles for various cyber security solution providers in Colombia.

Technology evolves very quickly. We often see innovations that are groundbreaking and have the potential to change the way we live and do business. Although artificial intelligence is not necessarily new, in November of 2022 ChatGPT was released, giving the general public access to a technology we know as Generative Artificial Intelligence (GenAI). It was in a short time from then to the point where people and organizations realized it could help them gain a competitive advantage.

Over the past year, organizational adoption of GenAI has nearly doubled, showing the growing interest in embracing this kind of technology. This surge isn’t a temporary trend; it is a clear indication of the impact GenAI is already having and that it will continue to have in the coming years across various industry sectors.

The surge in adoption

Recent data reveals that 65% of organizations are now regularly using generative AI, with overall AI adoption jumping to 72% this year. This rapid increase shows the growing recognition of GenAI’s potential to drive innovation and efficiency. One analyst firm predicts that by 2026, over 80% of enterprises will be utilizing GenAI APIs or applications, highlighting the importance that businesses are giving to integrating this technology into their strategic frameworks.

Building trust and addressing concerns

Although adoption is increasing very fast in organizations, the percentage of the workforce with access to this kind of technology still relatively low. In a recent survey by Deloitte, it was found that 46% of organizations provide approved Generative AI access to 20% or less of their workforce. When asked for the reason behind this, the main answer was around risk and reward. Aligned with that, 92% of business leaders see moderate to high-risk concerns with GenAI.

As organizations scale their GenAI deployments, concerns increase around data security, quality, and explainability. Addressing these issues is essential to generate confidence among stakeholders and ensure the responsible use of AI technologies.

Data security

The adoption of Generative AI (GenAI) in organizations comes with various data security risks. One of the primary concerns is the unauthorized use of GenAI tools, which can lead to data integrity issues and potential breaches. Shadow GenAI, where employees use unapproved GenAI applications, can lead to data leaks, privacy issues and compliance violations.

Clearly defining the GenAI policy in the organization and having appropriate visibility and control over the shared information through these applications will help organizations mitigate this risk and maintain compliance with security regulations. Additionally, real-time user coaching and training has proven effective in altering user actions and reducing data risks.

Compliance and regulations

Compliance with data privacy regulations is a critical aspect of GenAI adoption. Non-compliance can lead to significant legal and financial repercussions. Organizations must ensure that their GenAI tools and practices adhere to relevant regulations, such as GDPR, HIPPA, CCPA and others.

Visibility, monitoring and reporting are essential for compliance, as they provide the necessary oversight to ensure that GenAI applications are used appropriately. Unauthorized or improper use of GenAI tools can lead to regulatory breaches, making it imperative to have clear policies and governance structures in place. Intellectual property challenges also arise from generating infringing content, which can further complicate compliance efforts.

To address these challenges, organizations should establish a robust framework for GenAI governance. This includes developing a comprehensive AI ethics policy that defines acceptable use cases and categorizes data usage based on organizational roles and functions. Monitoring systems are essential for detecting unauthorized GenAI activities and ensuring compliance with regulations.

Specific regulations for GenAI

Several specific regulations and guidelines have been developed or are in the works to address the unique challenges posed by GenAI. Some of those are more focused on the development of new AI tools while others as the California GenAI Guidelines focused on purchase and use. Examples include:

EU AI Act: This landmark regulation aims to ensure the safe and trustworthy use of AI, including GenAI. It includes provisions for risk assessments, technical documentation standards, and bans on certain high-risk AI applications.

U.S. Executive Order on AI: Issued in October of 2023, this order focuses on the safe, secure, and trustworthy development and use of AI technologies. It mandates that federal agencies implement robust risk management and governance frameworks for AI.

California GenAI Guidelines: The state of California has issued guidelines for the public sector’s procurement and use of GenAI. These guidelines emphasize the importance of training, risk assessment, and compliance with existing data privacy laws.

Department of Energy GenAI Reference Guide: This guide provides best practices for the responsible development and use of GenAI, reflecting the latest federal guidance and executive orders.

Recommendations

To effectively manage the risks associated with GenAI adoption, organizations should consider the following recommendations:

Establish clear policies and training: Develop and enforce clear policies on the approved use of GenAI. Provide comprehensive training sessions on ethical considerations and data protection to ensure that all employees understand the importance of responsible AI usage.

Continuously reassess strategies: Regularly reassess strategies and practices to keep up with technological advancements. This includes updating security measures, conducting comprehensive risk assessments, and evaluating third-party vendors.

Implement advanced GenAI security solutions: Deploy advanced GenAI solutions to ensure data security while maintaining comprehensive visibility into GenAI usage. Traditional DLP solutions based on keywords and patterns are not enough. GenAI solutions should give proper visibility by understanding the context without the need to define complicated data-types. This approach not only protects sensitive information, but also allows for real-time monitoring and control, ensuring that all GenAI activities are transparent and compliant with organizational and regulatory requirements.

Foster a culture of responsible AI usage: Encourage a culture that prioritizes ethical AI practices. Promote cross-department collaboration between IT, legal, and compliance teams to ensure a unified approach to GenAI governance.

Maintain transparency and compliance: Ensure transparency in AI processes and maintain compliance with data privacy regulations. This involves continuous monitoring and reporting, as well as developing incident response plans that account for AI-specific challenges.

By following these recommendations, organizations can make good use and take advantage of the benefits of GenAI while effectively managing the associated data security and compliance risks.

The post Generative AI adoption: Strategic implications & security concerns appeared first on CyberTalk.

EXECUTIVE SUMMARY:

Earlier today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), distributed a new “Secure by Demand” guide.

The intention is to assist organizations in driving a more secure technology ecosystem by ensuring that cyber security is embedded from the start.

“This guidance is a wake-up call for any company that missed out on the costs and outages caused by Solar Winds, Log4J, Snowflake and CrowdStrike,” says Check Point CISO Pete Nicoletti.

Why the guide

In cyber security, procurement teams tend to grasp the fundamentals of cyber security requirements in relation to tech acquisitions. However, teams often fail to identify whether or not vendors truly embed cyber security into development cycles from day one.

The guide is designed to help organizations discern this type of critical information when evaluating vendors. It provides readers with questions to ask when buying software, considerations to work through regarding product integration and security, along with assessment tools that allow for grading of a product’s maturity against “secure-by-design” principles.

More information

The Secure by Demand guide is a companion piece to the recently released Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle.

While the latter focuses on government enterprises, this guide broadens the scope to encompass a wider range of organizations across various sectors.

Key points to note

• The two guides work in tandem to provide a comprehensive approach to secure software acquisition and supply chain risk management.
• While the software acquisition guide targets government entities, the demand guide offers insights that are applicable to private sector organizations, non-profits and other institutions.

CISA strongly advises organizations to thoroughly review and implement the recommendations from both guides.

Each guide offers practical, actionable steps that can be integrated into existing procurement and risk management frameworks. Yet, that alone is not enough, according to Check Point Expert Pete Nicoletti…

“In addition to implementing this guidance, companies should add supply chain-related security events to their incident response planning and tabletop exercises to ensure they can recover quickly and with less impact. Further, review supplier contracts to ensure that expensive outages caused by them, offer up their cyber insurance, rather than just recovering the license cost,” he notes.

Get the Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem right here.

Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post CISA’s “Secure by Demand” guidance is must-read appeared first on CyberTalk.

EXECUTIVE SUMMARY:

One of the leading cyber security conferences globally, Black Hat USA is where intellect meets innovation. The 2024 event is taking place from August 3^rd – 8^th, at the Mandalay Bay Convention Center in Las Vegas.

The conference is highly regarded for its emphasis on cutting-edge cyber security research, high-caliber presentations, skill development workshops, peer networking opportunities, and for its Business Hall, which showcases innovative cyber security solutions.

Although two other cyber security conferences in Las Vegas will compete for attention next week, Black Hat is widely considered the main draw. Last year, Black Hat USA hosted roughly 20,000 in-person attendees from 127 different countries.

Event information

The Black Hat audience typically includes a mix of cyber security researchers, ethical hackers, cyber security professionals – from system administrators to CISOs – business development professionals, and government security experts.

On the main stage this year, featured speakers include Ann Johnson, the Corporate Vice President and Deputy CISO of Microsoft, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Harry Coker Jr., National Cyber Director for the United States Executive Office of the President.

The Black Hat CISO Summit, on Monday, August 5^th through Tuesday, August 6^th, caters to the needs and interests of CISOs and security executives. This track will address topics ranging from the quantification of cyber risk costs, to supply chain security, to cyber crisis management.

Professionals who are certified through ISC2 can earn 5.5 Continuing Professional Education (CPE) credits for CISO Summit attendance.

Why else Black Hat

• Access to thousands of industry professionals who have similar interests, who can discuss challenges and who can provide new product insights.
• Access to the latest cyber research, which may not yet be widely available, helping your organization prevent potential attacks before they transform into fast-moving, large-scale issues.
• Cyber security strategy development in partnership with experts and vendors.
  • Check Point is offering exclusive 1:1 meetings with the company’s cyber security executives. If you plan to attend the event and would like to book a meeting with a Check Point executive, please click here.
• Community building. Connect with others, collaborate on initiatives and strengthen everyone’s cyber security in the process.

Must-see sessions

If you’re attending the event, plan ahead to make the most of your time. There’s so much to see and do. Looking for a short-list of must-see speaking sessions? Here are a handful of expert-led and highly recommended talks:

• Enhancing Cloud Security: Preventing Zero-Day Attacks with Modernized WAPs: Wednesday, August 7^th, at 11:00am, booth #2936
• How to Train your AI Co-Pilot: Wednesday, August 7^th, at 12:30pm, booth #2936
• Key Factors in Choosing a SASE Solution: Thursday, August 8^th, at 10:45am, booth #2936

Further details

Be ready for anything and bring the best version of yourself – you never know who you’ll meet. They could be your next software developer, corporate manager, business partner, MSSP, or cyber security vendor. Meet us at booth #2936. We can’t wait to see you at Black Hat USA 2024!

For more event information, click here. For additional cutting-edge cyber security insights, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post A preview of the upcoming Black Hat conference… appeared first on CyberTalk.

EXECUTIVE SUMMARY:

Global data breach costs have hit an all-time high, according to IBM’s annual Cost of a Data Breach report. The tech giant collaborated with the Ponemon institute to study more than 600 organizational breaches between March of 2023 and February of 2024.

The breaches affected 17 industries, across 16 countries and regions, and involved leaks of 2,000-113,000 records per breach. Here’s what researchers found…

Essential information

The global average cost of a data breach is $4.88 million, up nearly 10% from last year’s $4.5 million. Key drivers of the year-over-year cost spike included post-breach third-party expenses, along with lost business.

Over 50% of organizations that were interviewed said that they are passing the breach costs on to customers through higher prices for goods and services.

More key findings

• For the 14^th consecutive year, the U.S. has the highest average data breach costs worldwide; nearly $9.4 million.
• In the last year, Canada and Japan both experienced drops in average breach costs.
• Most breaches could be traced back to one of two sources – stolen credentials or a phishing email.
• Seventy percent of organizations noted that breaches led to “significant” or “very significant” levels of disruption.

Deep-dive insights: AI

The report also observed that an increasing number of organizations are adopting artificial intelligence and automation to prevent breaches. Nearly two-thirds of organizations were found to have deployed AI and automation technologies across security operations centers.

The use of AI prevention workflows reduced the average cost of a breach by $2.2 million. Organizations without AI prevention workflows did not experience these cost savings.

Right now, only 20% of organizations report using gen AI security tools. However, those that have implemented them note a net positive effect. GenAI security tools can mitigate the average cost of a breach by more than $167,000, according to the report.

Deep-dive insights: Cloud

Multi-environment cloud breaches were found to cost more than $5 million to contend with, on average. Out of all breach types, they also took the longest time to identify and contain, reflecting the challenge that is identifying data and protecting it.

In regards to cloud-based breaches, commonly stolen data types included personal identifying information (PII) and intellectual property (IP).

As generative AI initiatives draw this data into new programs and processes, cyber security professionals are encouraged to reassess corresponding security and access controls.

The role of staffing issues

A number of organizations that contended with cyber attacks were found to have under-staffed cyber security teams. Staffing shortages are up 26% compared to last year.

Organizations with cyber security staff shortages averaged an additional $1.76 million in breach costs as compared to organizations with minimal or no staffing issues.

Staffing issues may be contributing to the increased use of AI and automation, which again, have been shown to reduce breach costs.

Further information

For more AI and cloud insights, click here. Access the Cost of a Data Breach 2024 report here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post Global data breach costs hit all-time high appeared first on CyberTalk.

Micki Boland is a global cyber security warrior and evangelist with Check Point’s Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology, and innovation. Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and an MBA with a global security concentration from East Carolina University.

In this dynamic and insightful interview, Check Point expert Micki Boland discusses how deepfakes are evolving, why that matters for organizations, and how organizations can take action to protect themselves. Discover on-point analyses that could reshape your decisions, improving cyber security and business outcomes. Don’t miss this.

Can you explain how deepfake technology works? 

Deepfakes involve simulated video, audio, and images to be delivered as content via online news, mobile applications, and through social media platforms. Deepfake videos are created with Generative Adversarial Networks (GAN), a type of Artificial Neural Network that uses Deep Learning to create synthetic content.

GANs sound cool, but technical. Could you break down how they operate?

GAN are a class of machine learning systems that have two neural network models; a generator and discriminator which game each other. Training data in the form of video, still images, and audio is fed to the generator, which then seeks to recreate it. The discriminator then tries to discern the training data from the recreated data produced by the generator.

The two artificial intelligence engines repeatedly game each other, getting iteratively better. The result is convincing, high quality synthetic video, images, or audio. A good example of GAN at work is NVIDIA GAN. Navigate to the website https://thispersondoesnotexist.com/ and you will see a composite image of a human face that was created by the NVIDIA GAN using faces on the internet. Refreshing the internet browser yields a new synthetic image of a human that does not exist.

What are some notable examples of deepfake tech’s misuse?

Most people are not even aware of deepfake technologies, although these have now been infamously utilized to conduct major financial fraud. Politicians have also used the technology against their political adversaries. Early in the war between Russia and Ukraine, Russia created and disseminated a deepfake video of Ukrainian President Volodymyr Zelenskyy advising Ukrainian soldiers to “lay down their arms” and surrender to Russia.

How was the crisis involving the Zelenskyy deepfake video managed?

The deepfake quality was poor and it was immediately identified as a deepfake video attributable to Russia. However, the technology is becoming so convincing and so real that soon it will be impossible for the regular human being to discern GenAI at work. And detection technologies, while have a tremendous amount of funding and support by big technology corporations, are lagging way behind.

What are some lesser-known uses of deepfake technology and what risks do they pose to organizations, if any?

Hollywood is using deepfake technologies in motion picture creation to recreate actor personas. One such example is Bruce Willis, who sold his persona to be used in movies without his acting due to his debilitating health issues. Voicefake technology (another type of deepfake) enabled an autistic college valedictorian to address her class at her graduation.

Yet, deepfakes pose a significant threat. Deepfakes are used to lure people to “click bait” for launching malware (bots, ransomware, malware), and to conduct financial fraud through CEO and CFO impersonation. More recently, deepfakes have been used by nation-state adversaries to infiltrate organizations via impersonation or fake jobs interviews over Zoom.

How are law enforcement agencies addressing the challenges posed by deepfake technology?

Europol has really been a leader in identifying GenAI and deepfake as a major issue. Europol supports the global law enforcement community in the Europol Innovation Lab, which aims to develop innovative solutions for EU Member States’ operational work. Already in Europe, there are laws against deepfake usage for non-consensual pornography and cyber criminal gangs’ use of deepfakes in financial fraud.

What should organizations consider when adopting Generative AI technologies, as these technologies have such incredible power and potential?

Every organization is seeking to adopt GenAI to help improve customer satisfaction, deliver new and innovative services, reduce administrative overhead and costs, scale rapidly, do more with less and do it more efficiently. In consideration of adopting GenAI, organizations should first understand the risks, rewards, and tradeoffs associated with adopting this technology. Additionally, organizations must be concerned with privacy and data protection, as well as potential copyright challenges.

What role do frameworks and guidelines, such as those from NIST and OWASP, play in the responsible adoption of AI technologies?

On January 26^th, 2023, NIST released its forty-two page Artificial Intelligence Risk Management Framework (AI RMF 1.0) and AI Risk Management Playbook (NIST 2023). For any organization, this is a good place to start.

The primary goal of the NIST AI Risk Management Framework is to help organizations create AI-focused risk management programs, leading to the responsible development and adoption of AI platforms and systems.

The NIST AI Risk Management Framework will help any organization align organizational goals for and use cases for AI. Most importantly, this risk management framework is human centered. It includes social responsibility information, sustainability information and helps organizations closely focus on the potential or unintended consequences and impact of AI use.

Another immense help for organizations that wish to further understand risk associated with GenAI Large Language Model adoption is the OWASP Top 10 LLM Risks list. OWASP released version 1.1 on October 16^th, 2023. Through this list, organizations can better understand risks such as inject and data poisoning. These risks are especially critical to know about when bringing an LLM in house.

As organizations adopt GenAI, they need a solid framework through which to assess, monitor, and identify GenAI-centric attacks. MITRE has recently introduced ATLAS, a robust framework developed specifically for artificial intelligence and aligned to the MITRE ATT&CK framework.

For more of Check Point expert Micki Boland’s insights into deepfakes, please see CyberTalk.org’s past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post Deepfake misuse & deepfake detection (before it’s too late) appeared first on CyberTalk.

EXECUTIVE SUMMARY:

The financial sector is a leading target for cyber criminals and cyber criminal attacks. Markedly improving the sector’s cyber security and resilience capabilities are a must. While the sector does have a comparatively high level of cyber security maturity, security gaps invariably persist and threaten to subvert systems.

As Check Point CISO Pete Nicoletti has noted, attackers only need to get it right once in order to catalyze strongly negative, systemic consequences that could send shockwaves throughout companies and lives across the globe.

In this article, discover financial sector trends, challenges and recommendations that can transform how you see and respond to the current cyber threat landscape.

Industry trends

• According to a newly emergent report, 65% of financial services sector organizations have endured cyber attacks.
• The median ransom demand is $2 million. Mean recovery costs have soared to roughly $2.6 million – up from $2.2 million in 2023.
• The size of extreme losses has quadrupled since 2017, to $2.5 billion.

The potential for losses is substantial, especially when multiplied in order to account for downstream effects.

Industry challenges

The majority of financial leaders lack confidence in their organization’s cyber security capabilities, according to the latest research.

Eighty-percent of financial service firm leaders say that they’re unable to lead future planning efforts effectively due to concerns regarding their organization’s abilities to thwart a cyber attack.

There is a significant gap between where financial sector institutions want to be with cyber security and where the industry is right now.

Preparing for disruption

Beyond cyber security, financial sector groups need to concern themselves with business continuity in the event of disruption — which is perhaps more likely than not.

“While cyber incidents will occur, the financial sector needs the capacity to deliver critical business services during these disruptions,” writes the International Monetary Fund.

A major disruption – the financial sector equivalent of the Colonial Pipeline attack – could disable infrastructure, erode confidence in the financial system, or lead to bank runs and market selloffs.

To put the idea into sharper relief, in December of 2023, the Central Bank of Lesotho experienced outages after a cyber attack. While the public did not suffer financial losses, the national payment system could not honor inter-bank transactions for some time.

Industry recommendations

Organizations need innovative approaches to cyber security — approaches that prevent the latest and most sophisticated threats. Approaches that fend off disaster from a distance.

At Check Point, our AI-powered, cloud-delivered cyber security architecture addresses everything — networks, endpoints, cloud environments and mobile devices via a unified approach.

We’ve helped thousands of organizations, like yours, mitigate risks and expand business resilience. Learn more here.

For additional financial services insights, please see CyberTalk.org’s past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post Evolving cyber security in the financial services sector appeared first on CyberTalk.

With over two decades of experience in the cyber security industry, I specialize in advising organizations on how to optimize their financial investments through the design of effective and cost-efficient cyber security strategies. Since the year 2000, I’ve had the privilege of collaborating with various channels and enterprises across the Latin American region, serving in multiple roles ranging from Support Engineer to Country Manager. This extensive background has afforded me a unique perspective on the evolving threat landscape and the shifting needs of businesses in the digital world.

The dynamism of technological advancements has transformed cyber security demands, necessitating more proactive approaches to anticipate and prevent threats before they can impact an organization. Understanding this ever-changing landscape is crucial for adapting to emerging security challenges.

In my current role as the Channel Engineering Manager for LATAM at Check Point, I also serve as part of the Cybersecurity Evangelist team under the office of our CTO. I am focused on merging technical skills with strategic decision-making, encouraging organizations to concentrate on growing their business while we ensure security.

The Cyber Security Mesh framework can safeguard businesses from unwieldy and next-generation cyber threats. In this interview, Check Point Security Engineering Manager Angel Salazar Velasquez discusses exactly how that works. Get incredible insights that you didn’t even realize that you were missing. Read through this power-house interview and add another dimension to your organization’s security strategy!

Would you like to provide an overview of the Cyber Security Mesh framework and its significance?

The Cyber Security Mesh framework represents a revolutionary approach to addressing cyber security challenges in increasingly complex and decentralized network environments. Unlike traditional security models that focus on establishing a fixed ‘perimeter’ around an organization’s resources, the Mesh framework places security controls closer to the data, devices, and users requiring protection. This allows for greater flexibility and customization, more effectively adapting to specific security and risk management needs.

For CISOs, adopting the Cyber Security Mesh framework means a substantial improvement in risk management capabilities. It enables more precise allocation of security resources and offers a level of resilience that is difficult to achieve with more traditional approaches. In summary, the Mesh framework provides an agile and scalable structure for addressing emerging threats and adapting to rapid changes in the business and technology environment.

How does the Cyber Security Mesh framework differ from traditional cyber security approaches?

Traditionally, organizations have adopted multiple security solutions from various providers in the hope of building comprehensive defense. The result, however, is a highly fragmented security environment that can lead to a lack of visibility and complex risk management. For CISOs, this situation presents a massive challenge because emerging threats often exploit the gaps between these disparate solutions.

The Cyber Security Mesh framework directly addresses this issue. It is an architecture that allows for better interoperability and visibility by orchestrating different security solutions into a single framework. This not only improves the effectiveness in mitigating threats but also enables more coherent, data-driven risk management. For CISOs, this represents a radical shift, allowing for a more proactive and adaptive approach to cyber security strategy.

Could you talk about the key principles that underly Cyber Security Mesh frameworks and architecture?

Understanding the underlying principles of Cyber Security Mesh is crucial for evaluating its impact on risk management. First, we have the principle of ‘Controlled Decentralization,’ which allows organizations to maintain control over their security policies while distributing implementation and enforcement across multiple security nodes. This facilitates agility without compromising security integrity.

Secondly, there’s the concept of ‘Unified Visibility.’ In an environment where each security solution provides its own set of data and alerts, unifying this information into a single coherent ‘truth’ is invaluable. The Mesh framework allows for this consolidation, ensuring that risk-related decision-making is based on complete and contextual information. These principles, among others, combine to provide a security posture that is much more resilient and adaptable to the changing needs of the threat landscape.

How does the Cyber Security Mesh framework align with or complement Zero Trust?

The convergence of Cyber Security Mesh and the Zero Trust model is a synergy worth exploring. Zero Trust is based on the principle of ‘never trust, always verify,’ meaning that no user or device is granted default access to the network, regardless of its location. Cyber Security Mesh complements this by decentralizing security controls. Instead of having a monolithic security perimeter, controls are applied closer to the resource or user, allowing for more granular and adaptive policies.

This combination enables a much more dynamic approach to mitigating risks. Imagine a scenario where a device is deemed compromised. In an environment that employs both Mesh and Zero Trust, this device would lose its access not only at a global network level but also to specific resources, thereby minimizing the impact of a potential security incident. These additional layers of control and visibility strengthen the organization’s overall security posture, enabling more informed and proactive risk management.

How does the Cyber Security Mesh framework address the need for seamless integration across diverse technologies and platforms?

The Cyber Security Mesh framework is especially relevant today, as it addresses a critical need for seamless integration across various technologies and platforms. In doing so, it achieves Comprehensive security coverage, covering all potential attack vectors, from endpoints to the cloud. This approach also aims for Consolidation, as it integrates multiple security solutions into a single operational framework, simplifying management and improving operational efficiency.

Furthermore, the mesh architecture promotes Collaboration among different security solutions and products. This enables a quick and effective response to any threat, facilitated by real-time threat intelligence that can be rapidly shared among multiple systems. At the end of the day, it’s about optimizing security investment while facing key business challenges, such as breach prevention and secure digital transformation.

Can you discuss the role of AI and Machine Learning within the Cyber Security Mesh framework/architecture?

Artificial Intelligence (AI) and Machine Learning play a crucial role in the Cyber Security Mesh ecosystem. These technologies enable more effective and adaptive monitoring, while providing rapid responses to emerging threats. By leveraging AI, more effective prevention can be achieved, elevating the framework’s capabilities to detect and counter vulnerabilities in real-time.

From an operational standpoint, AI and machine learning add a level of automation that not only improves efficiency but also minimizes the need for manual intervention in routine security tasks. In an environment where risks are constantly evolving, this agility and ability to quickly adapt to new threats are invaluable. These technologies enable coordinated and swift action, enhancing the effectiveness of the Cyber Security Mesh.

What are some of the challenges or difficulties that organizations may see when trying to implement Mesh?

The implementation of a Cyber Security Mesh framework is not without challenges. One of the most notable obstacles is the inherent complexity of this mesh architecture, which can hinder effective security management. Another significant challenge is the technological and knowledge gap that often arises in fragmented security environments. Added to these is the operational cost of integrating and maintaining multiple security solutions in an increasingly diverse and dynamic ecosystem.

However, many of these challenges can be mitigated if robust technology offering centralized management is in place. This approach reduces complexity and closes the gaps, allowing for more efficient and automated operation. Additionally, a centralized system can offer continuous learning as it integrates intelligence from various points into a single platform. In summary, centralized security management and intelligence can be the answer to many of the challenges that CISOs face when implementing the Cyber Security Mesh.

How does the Cyber Security Mesh Framework/Architecture impact the role of traditional security measures, like firewalls and IPS?

Cyber Security Mesh has a significant impact on traditional security measures like firewalls and IPS. In the traditional paradigm, these technologies act as gatekeepers at the entry and exit points of the network. However, with the mesh approach, security is distributed and more closely aligned with the fluid nature of today’s digital environment, where perimeters have ceased to be fixed.

Far from making them obsolete, the Cyber Security Mesh framework allows firewalls and IPS to transform and become more effective. They become components of a broader and more dynamic security strategy, where their intelligence and capabilities are enhanced within the context of a more flexible architecture. This translates into improved visibility, responsiveness, and adaptability to new types of threats. In other words, traditional security measures are not eliminated, but integrated and optimized in a more versatile and robust security ecosystem.

Can you describe real-world examples that show the use/success of the Cyber Security Mesh Architecture?

Absolutely! In a company that had adopted a Cyber Security Mesh architecture, a sophisticated multi-vector attack was detected targeting its employees through various channels: corporate email, Teams, and WhatsApp. The attack included a malicious file that exploited a zero-day vulnerability. The first line of defense, ‘Harmony Email and Collaboration,’ intercepted the file in the corporate email and identified it as dangerous by leveraging its Sandboxing technology and updated the information in its real-time threat intelligence cloud.

When the same malicious file tried to be delivered through Microsoft Teams, the company was already one step ahead. The security architecture implemented also extends to collaboration platforms, so the file was immediately blocked before it could cause harm. Almost simultaneously, another employee received an attack attempt through WhatsApp, which was neutralized by the mobile device security solution, aligned with the same threat intelligence cloud.

This comprehensive and coordinated security strategy demonstrates the strength and effectiveness of the Cyber Security Mesh approach, which allows companies to always be one step ahead, even when facing complex and sophisticated multi-vector attacks. The architecture allows different security solutions to collaborate in real-time, offering effective defense against emerging and constantly evolving threats.

The result is solid security that blocks multiple potential entry points before they can be exploited, thus minimizing risk and allowing the company to continue its operations without interruption. This case exemplifies the potential of a well-implemented and consolidated security strategy, capable of addressing the most modern and complex threats.

Is there anything else that you would like to share with the CyberTalk.org audience?

To conclude, the Cyber Security Mesh approach aligns well with the three key business challenges that every CISO faces:

Breach and Data Leak Prevention: The Cyber Security Mesh framework is particularly strong in offering an additional layer of protection, enabling effective prevention against emerging threats and data breaches. This aligns perfectly with our first ‘C’ of being Comprehensive, ensuring security across all attack vectors.

Secure Digital and Cloud Transformation: The flexibility and scalability of the Mesh framework make it ideal for organizations in the process of digital transformation and cloud migration. Here comes our second ‘C’, which is Consolidation. We offer a consolidated architecture that unifies multiple products and technologies, from the network to the cloud, thereby optimizing operational efficiency and making digital transformation more secure.

Security Investment Optimization: Finally, the operational efficiency achieved through a Mesh architecture helps to optimize the security investment. This brings us to our third ‘C’ of Collaboration. The intelligence shared among control points, powered by our ThreatCloud intelligence cloud, enables quick and effective preventive action, maximizing the return on security investment.

In summary, Cyber Security Mesh is not just a technological solution, but a strategic framework that strengthens any CISO’s stance against current business challenges. It ideally complements our vision and the three C’s of Check Point, offering an unbeatable value proposition for truly effective security.

The post Synergy between cyber security Mesh & the CISO role: Adaptability, visibility & control appeared first on CyberTalk.

EXECUTIVE SUMMARY:

In a landmark case, a judge dismissed most of the charges against the SolarWinds software company and its CISO, Timothy Brown.

On July 18^th, U.S. District Judge Paul Engelmayer stated that the majority of government charges against SolarWinds “impermissibly rely on hindsight and speculation.”

The singular SEC allegation that the judge considered credible concerns the failure of controls embedded in SolarWinds products.

For its part, SolarWinds has consistently maintained that the SEC’s allegations were fundamentally flawed, outside of its area of expertise, and a ‘trick’ designed to allow for a rewrite of the law.

Why it matters

For some time, the SEC has pursued new policies intended to hold businesses accountable for cyber security practices; an understandable and reasonable objective.

In this instance, the SEC said that claims made to investors in regards to cyber security practices had been misleading and false – across a three year period.

The SEC’s indictment also mentioned falsified reports on internal controls, incomplete disclosure of the cyber attack, negligence around “red flags” and existing risks, and more.

But what caught the attention of many in the cyber security community was that, in an unprecedented maneuver, the SEC aimed to hold CISO Timothy Brown personally liable.

This case has been closely watched among cyber security professionals and was widely seen as precedent-setting for future potential software supply chain attack events.

Timothy Brown’s clearance

In the end, the court ruling does not hold CISO Timothy Brown personally liable for the breach.

“Holding CISOs personally liable, especially those CISOs that do not hold a position on the executive committee, is deeply flawed and would have set a precedent that would be counterproductive and weaken the security posture of organizations,” says Fred Kwong, Ph.D, vice president and CISO of DeVry University.

Despite the fact that this court ruling may loosen some CISO constraints, “you need to be honest about your security posture,” says Kwong.

The remaining claim against the company, which will be scrutinized further in court, indicates that there is a basis on which to conclude that CISOs do have certain disclosure obligations under the federal securities laws.

Further details

The SolarWinds incident, as its come to be known, has cost SolarWinds tens of millions of dollars. In 2023, the company settled a shareholder lawsuit to the tune of $26 million.

A spokesperson for SolarWinds has stated that the company is “pleased” with Judge Engelmayer’s decision to dismiss most of the SEC’s claims. The company plans to demonstrate why the remaining claim is “factually inaccurate” at the next opportunity.

For expert insights into and analyses of the SolarWinds case, please see CyberTalk.org’s past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The post SEC charges against SolarWinds largely dismissed appeared first on CyberTalk.

With more than 15 years of experience in cyber security, Manuel Rodriguez is currently the Security Engineering Manager for the North of Latin America at Check Point Software Technologies, where he leads a team of high-level professionals whose objective is to help organizations and businesses meet their cyber security needs. Manuel joined Check Point in 2015 and initially worked as a Security Engineer, covering Central America, where he participated in the development of important projects for multiple clients in the region. He had previously served in leadership roles for various cyber security solution providers in Colombia.

In this insightful Cyber Talk interview, Check Point expert Manuel Rodriguez discusses “Platformization”, why cyber security consolidation matters, how platformization advances your security architecture and more. Don’t miss this!

The word “platformization” has been thrown around a lot recently. Can you define the term for our readers?

Initially, a similar term was used in the Fintech industry. Ron Shevlin defined it as a plug and play business model that allows multiple participants to connect to it, interact with each other and exchange value.

Now, this model aligns with the needs of organizations in terms of having a cyber security platform that can offer the most comprehensive protection, with a consolidated operation and easy enablement of collaboration between different security controls in a plug and play model.

In summary, platformization can be defined as the moving from a product-based approach to a platform-based approach in cyber security.

How does platformization differ from the traditional way in which tech companies develop and sell products and services?

In 2001, in a Defense in Depth SANS whitepaper, Todd McGuiness said, “No single security measure can adequately protect a network; there are simply too many methods available to an attacker for this to work.”

This is still true and demonstrates the need to have multiple security solutions for proper protection of different attack vectors.

The problem with this approach is that companies ended up with several technologies from different vendors, all of which work in silos. Although it might seem that these protections are aligned with the security strategy of the company, it generates a very complex environment. It’s very difficult to operate and monitor when lacking collaboration and automation between the different controls.

SIEM and similar products arrived to try to solve the problem of centralized visibility, but in most cases, added a new operative burden because they needed a lot of configurations and lacked automation and intelligence.

The solution to this is a unified platform, where users can add different capabilities, controls and even services, according to their specific needs, making it easy to implement, operate and monitor in a consolidated and collaborative way and in a way that leverages intelligence and automation.

My prediction is that organizations will start to change from a best-of-breed approach to a platform approach, where the selection factors will be more focused on the consolidation, collaboration, and automation aspects of security controls, rather than the specific characteristics of each of the individual controls.

From a B2B consumer perspective, what are the potential benefits of platformization (ex. Easier integration, access to a wider range of services…)?

For consumers, the main benefits of a cyber security platform will be a higher security posture and reduced TCO for cyber security. By reducing complexity and adding automation and collaboration, organizations will increase their abilities to prevent, detect, contain, and respond to cyber security incidents.

The platform also gives flexibility by allowing admins to easily add new security protections that are automatically integrated in the environment.

Are there any potential drawbacks for B2B consumers when companies move towards platform models?

I have heard concerns from some CISOs about putting all or most of their trust in a single security vendor. They have in-mind the recent critical vulnerabilities that affected some of the important players in the industry.

This is why platforms should also be capable of integration through open APIs, permitting organizations to be flexible in their journey to consolidation.

How might platformization change the way that B2B consumers interact with tech companies and their products (ex. Self-service options, subscription models)? What will the impact be like?

Organizations are also looking for new consumption models that are simple and predictable and that will deliver cost-savings. They are looking to be able to pay for what they use and for flexibility if they need to include or change products/services according to specific needs.

What are some of main features of a cyber security platform?

Some of the main features are consolidation, being able to integrate security monitoring and management into a single central solution; automation based on APIs, playbooks and scripts according to best practices; threat prevention, being able to identify and block or automatically contain attacks before they pose a significant risk for an organization…

A key component of consolidation is the use of AI and machine learning, which can process the data, identify the threats and generate the appropriate responses.

In terms of collaboration, the platform should facilitate collaboration between different elements; for example sharing threat intelligence or triggering automatic responses in the different regions of the platform.

In looking at platformization from a cyber security perspective, how can Check Point’s Infinity Platform benefit B2B consumers through platformization principles (ex. Easier integration with existing tools, all tools under one umbrella…etc)?

The Check Point Infinity platform is a comprehensive, consolidated, and collaborative cyber security platform that provides enterprise-grade security across several vectors as data centers, networks, clouds, branch offices, and remote users with unified management.

It is AI-powered, offering a 99.8% catch rate for zero day attacks. It offers consolidated security operations; this means lowering the TCO and increasing security operational efficiency. It offers collaborative security that automatically responds to threats using AI-powered engines, real-time threat intelligence, anomaly detection, automated response and orchestration, and API-based third-party integration. Further, it permits organizations to scale cyber security according to their needs anywhere across hybrid networks, workforces, and clouds.

Consolidation will also improve the security posture through a consistent policy that’s aligned with zero trust principles. Finally, there is also a flexible and predictable ELA model that can simplify the procurement process.

How does the Check Point Infinity Platform integrate with existing security tools and platforms that CISOs might already be using?

Check Point offers a variety of APIs that make it easy to integrate in any orchestration and automation ecosystem. There are also several native integrations with different security products. For example, the XDR/XPR component can integrate with different products, such as firewalls or endpoint solutions from other vendors.

To what extent can CISOs customize and configure the Check Point Infinity Platform to meet their organization’s specific security posture and compliance requirements?

Given the modular plug and play model, CISOs can define what products and services make sense for their specific requirements. If these requirements change over time, then different products can easily be included. The ELA consumption model gives even more flexibility to CISOs, as they can add or remove products and services as needed.

How can platformization (whether through Infinity or other platforms) help businesses achieve long-term goals? Does it provide a competitive advantage in terms of agility, innovation and cost-efficiency?

A proper cyber security platform will improve the security posture of the business, increasing the ability to prevent, detect, contain and respond to cyber security incidents in an effective manner. This means lower TCO with increased protection. It will also allow businesses to quickly adapt to new needs, giving them agility to develop and release new products and services.

Is there anything else that you would like to share with Check Point’s thought leadership audience?

Collaboration between security products and proper intelligence sharing and analysis are fundamental in responding to cyber threats. We’ve seen several security integration projects through platforms, such as SIEMs or SOARs, fail because of the added complexity of generating and configuring the different use cases.

A security platform should solve this complexity problem. It is also important to note that a security platform does not mean buying all products from a single vendor. If it is not solving the consolidation, collaboration problem, it will generate the same siloed effect as previously described.

The post How platformization is transforming cyber security appeared first on CyberTalk.

Noa Zilberman is the Head of Startups for Check Point. Previously, she Co-Founded Odo Security, and served as the company’s Chief Product Officer. Odo offered a cloud-based, clientless secure access service edge technology that delivered secure remote access. In 2020, Check Point acquired the company for $30 million and integrated the technology into its Infinity architecture.

In this outstanding interview, in honor of International Day of Women and Girls in Science (Feb 11^th), Head of Startups for Check Point, Noa Zilberman, discusses her exciting career, women in tech, and how we can broaden opportunities for the next generation of women.

Tell me about your career, including entrepreneurship?

I have always loved mathematics, but I was only exposed to programming and networks (computers) in the army, as part of my service as a network researcher in 8200. After the army, I pursued a double degree in mathematics and computer science, and in the process I also did research projects at the Weizmann Institute and worked as a programmer at Google, and took a six-month trip around the world (recommend!)

What are you doing in your current role at Check Point?

I am establishing a new startup division within Check Point that will support cyber innovation in Israel and around the world.

What do you like about working at Check Point?

There are so many differences in working at a startup compared to a corporation and at first I was a little afraid of the transition, but I was so happy to discover that Check Point is very non-standard in many ways. I was especially surprised by the openness to ideas, innovation and internal organizational initiatives.

A tip that will inspire women in technological fields:

Oh, there are many. I think one of the most important tips is to take risks, because what could happen? The decision to establish a startup was very difficult for me and I would not have been able to accept it without my partners. I’m sure that many women face similar challenges, whether it’s a job change, a salary increase, or some kind of horizontal change – don’t be afraid! Most of the time, the reality will surprise you : )

How do you think that we can encourage a greater number of young women to enter the fields of Science, Technology, Engineering and Mathematics?

I think it is all about exposure – growing up I was one of 2 girls only in my Mathematics & Physics class, and it’s no coincidence that both mine and my friend’s mothers were scientists. I am recently exposed and involved in several different groups and organizations, all aiming at exposing young women to successful women in STEM careers and I really think this is the way to go. The less we talk about inequality and the more we demonstrate women in tech and science careers the more natural it will be for the next generation.

What can corporations and organizations do to assist in promoting women’s participation in STEM careers, if anything?

Host events for young women, send key figures to lecture and do everything you can to keep a gender balance within the work place.

The post Check Point’s Head of Startups on Women in STEM appeared first on CyberTalk.

Nisha Holt is Check Point’s Head of Americas Channel Sales. She joined Check Point in 2020 and served as the Head of National Channel partners. Nisha has been in cyber security for over 20 years with a concentrated focus on helping organizations grow through partnerships, alliances and other varying routes to market.

In this dynamic interview, in honor of International Day of Women and Girls in Science on February 11^th, Head of Americas Channel Sales, Nisha Holt, shares thoughts on working in cyber security, increasing women’s participation in tech and so much more. Don’t miss this!

Our readers would like to get to know you! Can you please tell us a bit about your story and how you grew up?

I was born in Texas to Indian parents who had recently migrated to the US. My time growing up was divided between relentless academic study and, in my teens, running our small family business. When I was accepted to college, my parents informed me that I had three options: engineering, pre-med, or to continue to live with them until they were able to arrange a marriage that was beneficial to them. When I expressed a sincere desire to enter business school, my father asked me “what are YOU going to do in business?” That question, really a statement, and the tone in which it was asked, stayed with me all these years. I enrolled in a pre-med track, majoring in biology, but then at twenty, I decided to pursue my own interests and forge my own path to become what I wanted to be.

Is there a particular story that inspired you to pursue a career in cyber security? We’d love to hear it.

I began my career at a technology company that outsourced sales and marketing activities to IT companies. I was exposed to and trained on myriad technologies, but ultimately honed in on the burgeoning field of cyber security. Cyber security fascinated me then and it still does today. Let’s take the concept of a virus as seen in the natural world. A specifically evolved microscopic bit of DNA is introduced into a specific host body by some sort of mechanism — a cough, a mosquito, a handshake — the virus then begins to replicate and attack the host, while the host counterattacks via T-cells, antibodies, and other mechanisms. Now, let’s compare that to a virus as seen in the cyber world. A specifically engineered bit of code is introduced to a host (a PC, a laptop, a smartphone, a network) via some sort of mechanism — an e-mail, a text, a link, a flash drive — the virus then begins to replicate and attack the host, while the host counterattacks via various forms of cyber security. One form of virus and the mechanisms that defend against them have evolved in the natural world over the millennia, while other forms of virus and the mechanisms that defend against them are purely the result of human ingenuity. Truly fascinating stuff!

Are you working on any exciting new projects now? How do you think that will help people?

I am the chair for Check Point’s Women Leadership Network — F.I.R.E — Females In Roles Everywhere. Our mission is to empower women by educating, energizing, and embracing every single female Check Point employee so that they are more confident in ANY role — their current role, or in any future role. We do this by creating a support ecosystem so members can collaborate, share knowledge, and network. Our goal is to make cyber security more accessible to future female leaders through our four subcommittees: Campaign and Content, Community Outreach and Alliance, Mentorship, and Diversity & Inclusion. We have launched a number of new initiatives and programs around leadership training, mentorship, and personal development that are aimed at helping women at Check Point advance in their career. We’re also working on community programs to help further the conversation outside of Check Point with other women and with the younger generation of school aged children.

The cyber security industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

One, the dangers from cyber attacks are VERY real — ranging from something as simple as having your identity stolen to something as complex as a coordinated attack that disables a power grid. The ultimate goal of cyber security to protect both people and critical assets from these crimes, making cyber security a meaningful pursuit that truly make a difference.

Two, unfortunately, the volume and the intensity of cyber attacks is steadily increasing, making cyber security a field that is more critical than at any other time. Recent research from Check Point Research found that organizations are being attacked an average of 1,130 times per week! Fortunately, the industry is responding to this uptick in cyber attacks with the creation of many exciting, and varied, job opportunities.

Third, there are more women joining the cyber security field now. Today, women still only hold roughly 25% of the positions in cyber security, but that’s up significantly from just 5 years ago. Hopefully, we’ll continue to see that trend accelerating.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

Not at all, so much more needs to be done! It’s encouraging to see that more girls are showing interest in STEM and it’s been shown that they consistently outperform boys in both math and science-related assessments. However, STEM is still often viewed as more pertinent and applicable for boys. A number of surveys and studies have shown that girls that do not have role models in STEM are highly unlikely to see STEM as either a field of study or as a career option. We have to continue to do more to educate, inspire, and empower girls to see themselves in these careers through education and outreach programs.

What are the “myths” that you would like to dispel about working in the cyber security industry? Can you explain what you mean?

The prevalent myths are that you have to be technical (a recent survey shows that 23% of people in cyber started with a non-IT background), male, young, and that you’re either a hacker or a coder that spends all of his time glued to LCD screens awash in graphs and data that require constant analysis. Now, let’s be clear, there are a lot of people in cyber security that fit the aforementioned mold, but there are A LOT more people that don’t fit that mold. The cyber security sector is vast, replete with many different career paths and roles, and in need of people with diverse backgrounds and varied skillsets in order to fill all of the roles that are currently open.

What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why?

Lead by example. In order to inspire and motivate others, you have to be the leader that sets the example by being the hardest-working, most dedicated individual.

Have a vision and turn that vision into an actionable, coherent, and achievable plan that you share with your team. Show them their part in that vision and their path to success so they fully understand the value of their role and the importance of their contribution.

Expect to make mistakes, own them, and understand why you made them. From my experience, that’s the only way to truly learn from them and to prevent the same mistakes going forward.

Inspire and motivate the people on your team to be best they can be. Instill the desire for excellence and create an environment where they desire to do the best job they can. Give credit and accolades to foster positivity and encourage the right mindset.

Learn about a situation first, then provide your recommendations. I’ve seen the following mistake made repeatedly throughout the entirety of my career. A new executive of sales, or marketing, or engineering is hired, and then within days or, in some instances, even prior to their first day, she decides to implement the exact same strategy that led to success at her previous company, with very little knowledge of her new company, and more specifically and importantly, the differences between her previous company and her new company. Success with a specific strategy at company “A” does not in any way guarantee success with the same strategy at company “B”. Every company is unique and therefore different, making it imperative that you understand your company’s individual culture and value proposition, its institutional knowledge, customer base, values, people, core competencies, areas for improvement, processes, and history — both internally and externally. Failure to appreciate the uniqueness of your new company often leads to disastrous consequences both internally and externally.

Lastly, unpack transformative insights, and learn about how to make your organization more agile and secure when you subscribe to the Cybertalk.org newsletter.

The post Wisdom from the women leading the cyber security industry appeared first on CyberTalk.

EXECUTIVE SUMMARY:

Organizations leverage cloud computing to reduce compute costs and to rapidly provision new computing resources for the purpose of supporting evolving business needs. Cloud-based technologies provide opportunities to go-to-market quickly, allowing enterprises to reach stakeholders and customers faster than ever before.

Across the past 10 years, cloud computing has transformed from into a cornerstone of the IT industry, boosting power of virtualization, storage, hosting and other networking services. Nonetheless, the cloud environment is vulnerable to cyber attacks. In 2021, forty percent of organizations reported cloud security breaches.

Below are five cloud security breach examples and lessons that all organizations can benefit from.

5 cloud security breaches (and lessons)

1. Accenture. In August of 2021, Accenture fell prey to a LockBit ransomware attack. The culprits claimed to have stolen 6TB worth of data, for which they requested a ransom of $50 million.

The largest exposed server appeared to contain credentials linked to Accenture customer accounts. One backup database contained nearly 40,000 passwords – the majority of which were in plain text.

“This cloud leak shows that even the most advanced and secure enterprises can expose crucial data and risk serious consequences,” wrote security researcher Chris Vickery.

Lesson learned: Ensure that IT departments and/or cyber security personnel check to ensure correct configuration of AWS cloud servers. Attacks on misconfigured servers can cause extreme reputational, client and financial damage.

2. Kaseya. In July of 2021, IT solutions provider Kaseya identified an attack on their unified remote monitoring and network perimeter security tool. The attackers aimed to steal administrative control for Kaseya services; from managed service providers to downstream customers.

The attack itself disrupted the organization’s SaaS servers and affected on premise VSA solutions used by Kaseya customers across nearly a dozen countries. After Kaseya alerted customers about the attack, it then rolled out the Kaseya VSA detection tool, which enabled business users to analyze VSA services and to screen endpoints for indicators of vulnerability.

Lessons learned: From this attack, organizations observed the importance of maintaining updated backups in easily retrievable, air-gapped repositories that remain segregated from organizational networks. Businesses are also reminded to manage patches, implement multi-factor authentication, and follow principles of zero trust.

3. Cognyte. In May of 2021, the cyber analytics firm Cognyte left a database unsecured without authentication protocols. In turn, hackers managed to expose 5 billion records. Information such as names, email addresses, passwords, and vulnerability data points within their system were leaked. Information was even indexed by search engines.

Lessons learned: The company managed to secure the data within four days, but the incident highlighted how persistent cyber attackers can effectively exploit the smallest of flaws. In this instance, the importance of cyber attack prevention cannot be overstated. Prevent as many attacks as possible through a combination of policies, tools, education and vigilance.

4. Facebook. In April of 2021, Facebook reported a breach affecting hundreds of millions of user records, which were publicly exposed on Amazon’s cloud computing service. Although Facebook confirmed that it identified and resolved the issue immediately, the attack managed to impact founder Mark Zuckerberg.

In precipitating the incident, two third-party Facebook app development companies posted the records in plain sight. The database exposed contained private information that social engineers could use in targeted attacks or within hacking attempts.

Lessons learned: In resolving this issue, Facebook reached out to Amazon, which took down the exposed servers. “…If you’re still opening AWS buckets [to the public], you’re not paying attention,” says business advisor Corey Quinn.

5. Raychat. In February of 2021, Raychat, an online chat application, survived a large-scale cyber attack. A cloud database configuration breach gave hackers free access to 267 million usernames, emails, passwords, metadata and encrypted chats. Shortly thereafter, a targeted bot attack erased the entirety of the company’s data.

According to reports, a MongoDB misconfiguration left the data openly available. The attack highlighted how NoSQL databases can function as easy targets for bot threat actors.

Organizations need to ensure that databases are secure. NoSQL databases in particular represent targets for malicious actors who wish to steal or wipe content, unless given a ransom payment. In Raychat’s case, a README ransom note appeared, demanding roughly $700 USD.

Lesson learned: Database security requires a range of tools controls and measures that can protect the database itself, the actual data embedded within, its database management system and the assorted applications that access it. End-to-end compliance technologies and cybersecurity penetration tests can help.

In closing

Cloud computing increases operational efficiency and simplicity, provided that security measures are in place. Is your cloud secure enough?

Be sure to avoid AWS security breaches and other common stumbling points. For more cloud security insights, please see CyberTalk.org’s past coverage. Also, be sure to check out our Cloud Security Buyer’s Guide.

The post Top 5 cloud security breaches (and lessons) appeared first on CyberTalk.

Keely Wilkins is an Evangelist with the Office of the CTO as well as a Pre-Sales Security Engineer in Virginia. She has worked in the technology industry for nearly thirty years, holds an MS of Cybersecurity and a variety of certifications. Keely is currently studying toward a Master of Legal Studies specializing in Cybersecurity Law and Policy.  She endeavors to find balance among transparency, predictability, and security.

In this article, Keely discusses recent changes in the cyber insurance market and how adopting a prevention-first security strategy may give you stronger footing in negotiating insurance rates and coverage. This article is part three of a three part series. Be sure to read part one, and part two.

What changes are happening within the cyber insurance market?

The items that have caught my attention include insurers declaring cyber to be uninsurable, their leaders advocating for technical training for brokers, stricter controls on cyber policies, and the issuance of a catastrophe bond for cyber risk. It has been a stressful time for cyber insurers, but they are turning a corner.

The insurance industry is not quick to change course. Its response to everything is calculated as it is meant to provide a measure of financial stability during brief periods of instability. Cyber risk is unlike other risk types; it must be managed differently. I am excited about the changes taking place in the cyber insurance market and the acknowledgement that security is the appropriate instrument to alleviate cyber risk.

“Today’s insurers have a role that goes beyond pure risk transfer, helping clients adapt to the changing risk landscape and raising their protection levels. The net result should be fewer – or less significant – cyber events for companies and fewer claims for insurers.” – Allianz Risk Barometer Report 2023

What does it mean to rebalance cyber risk in favor of security?

In simple terms, it means committing to reduce cyber risk with security before transferring the risk to insurance.  I have started calling it “secure before you insure”.

There is a graphic in the WEF report: Global Cybersecurity Outlook 2023 that offers insight into the gap between investing in security vs. insurance.  The question posed is “Has your organization submitted a claim using your cyber insurance policy in the past two years?”. For organizations with 1,000-100,000 employees, nearly 60% had successfully filed a claim.  “Successfully” means the insurance company paid the claim. This likely resulted in stricter controls being mandated moving forward.  Approximately 20% of respondents declined to answer.

If those organizations shifted their focus to a prevention-first security strategy, they would suffer fewer breaches and file fewer claims.

How can an organization start the process of reducing their cyber risk?

A security workshop (gap analysis) is the first step. The objective of this analysis is to ensure that the appropriate security controls are deployed, the code is current, the systems are patched, and the configurations are correct. This level of assessment also helps leadership identify opportunities for cost savings that will not hinder the effectiveness of the security posture.  One example of this is the consolidation of vendors. Not only does it limit the number of contracts to be managed, the disparate training needed for the security team, and the time lost in trying to manage multiple dashboards, it may also save $290K per breach. In the IBM Cost of a Data Breach Report 2022, it was stated that having a complex security environment adds $290K in costs per breach.

The gap analysis report should provide a prioritized list of changes to be made. That list typically includes patch management, code upgrades, configuration corrections, micro-segmentation, identity management, and graduates into larger requirements that take time and budget to rectify.

Once the gap analysis is digested, an action plan should be developed to put time, budget, and resources to each item to be addressed.

This process should be repeated annually to measure progress and assess evolving needs.

Does reducing cyber risk help lower insurance premiums?

I am not an insurance broker, so I cannot answer that definitively.  Logically, if the insurance company is covering a lower level of risk because of the commitment to strengthen the security posture via preventative methods, I expect the cost would be lower. #secureB4Uinsure

The post Cyber risk: Secure before you insure appeared first on CyberTalk.

EXECUTIVE SUMMARY:

Despite CISOs’ formidable training efforts on behalf of teams, a commonly overlooked phenomenon is the human tendency to freeze amidst a crisis. Building your incident response operations around this ingrained aspect of psychology can help prevent your teams from seizing up during intense and urgent situations.

In the event of an intrusion or ransomware attack, how exactly will your security team respond? Will they take an aggressive approach, pass the potato, or involuntarily experience fear-based paralysis?

While CISOs commonly contend that their staff has the expertise and training required to fight off a cyber attack, there’s still a chance that staff will freeze up when the pressure is on.

Fight, flight, freeze

Director of Human Science at Immersive Labs, Bec McKeown, says that “You may have a crisis playbook and crisis policies, and you may assume those are the first things you’ll reach for during an incident. But that’s not always the case because the way [in which] your brain works isn’t just fight or flight. It’s fight, flight or freeze.”

According to Chief Information Security Officers, freezing during a high-stakes moment isn’t so unusual. But when a security staff member or team freezes, rather than acts, it can give hackers an edge, enabling them to inflict further damage or export additional data. At the end of the day, it can also culminate in higher regulatory penalties and loss of business.

Preventing freeze

Given the very real possibility of a ‘freeze’ reaction and its negative repercussions, analysts and long-time CISOs suggest that security leaders spend time implementing new practices that can reduce the chances of occurrence. In addition, CISOs should know how to identify and dissolve the freeze response if it does occur during a security incident.

In-depth insights

Any person or team can experience what is known as ‘cognitive narrowing,’ where they are so focused on the present situation that they cannot contextualize the event. In short, cognitive narrowing prevents people from thinking in the way that they usually do, creating the ‘freeze’ response. It’s just part of human nature.

Cyber security leader Neil Harper, who now serves as a board director with ISACA, observed a team freeze in response to a ransomware attack. Says Harper, “They literally did not know what to do, even though they had some experience with [incident response] walkthroughs…They were in panic mode.”

In some instances, teams that freeze are afraid that their actions will come across as overreactions. In other cases, teams are paralyzed by the fear of being blamed. In yet other situations, no team members have had real-world cyber event experience, meaning that no one feels sufficiently confident to lead an attack response.

Actionable takeaways

Prevent the freeze effect. Here’s how:

1. Examine your drills and add components that can better enable teams to prepare for real cyber attacks. As you team moves through drills, bring up new things that aren’t normally in your playbook. For example, ahead of time, discretely request for an employee to deliberately make a wrong move during the drill. This will help your team work through an unexpected or deteriorating situation.

2. Try out a countdown clock during drills. This forces teams to make progress against adversaries under intense pressure – the kind of pressure that they would feel during a real cyber security incident. While it might feel like an uncomfortable exercise, it builds muscle memory that can help incident responders swiftly squash an actual cyber attack.

3. Consider involving enterprise executives in cyber security drills, as they too are liable to experience the ‘freeze’ phenomenon during an incident. For example, you may see your CFO withhold financial information that is needed as an incident unfolds.

4. If possible, you may want to hire cyber security staff members who have experience working through breaches and hacks. Alternatively, consider a contract with an outside incident response team that does this type of work on a routine basis.

5. Further, consider creating channels that would allow for security employees to suggest creative solutions to problems during a live incident. Employees should feel comfortable enough to suggest solutions under even the most stressful of security situations.

For more cyber security insights, please see CyberTalk.org’s past coverage. Lastly, unpack transformative insights, and learn about how to make your organization more agile and secure when you subscribe to the Cybertalk.org newsletter.

The post Must-know ways to overcome the much-dreaded ‘freeze’ response appeared first on CyberTalk.

EXECUTIVE SUMMARY:

Digitize to survive and thrive? Digital transformations account for 40% of all business technology spending, and the digital transformation era is expected continue well into 2023. As enterprises become digital-at-scale, building on strategies and investments to meet new demands, drive growth and enhance customer experiences, businesses may wish to appraise how digital transformations are executed and advanced.

How can you, as a leader, lead differently? What new approaches does your organization need to adopt in order to ensure that you aren’t missing opportunities, that you’re get the most out of your transformations, and to ensure that your tech and capabilities will compete with or outperform those of competitors? In the following article, discover 10 secrets for successful digital transformations.

10 key elements: Successful digital transformations

Digital transformations can be more difficult to execute than traditional change efforts. These practical guidelines can help improve overall outcomes.

1. Alignment of digital programs with enterprise strategy. Technology implementation decisions should be calibrated against larger strategic business needs and priorities. By aligning IT initiatives with broader business goals, an organization can be more agile, efficient, resilient and innovative than it would be otherwise. Work with senior business leaders to establish a shared digital transformation vision.

2. Establish a technology roadmap. The cutting-edge tools can be enticing, but may not help your organization achieve strategic objectives, or address functional needs. A technology roadmap enables an organization to integrate short-term goals with longer-term objectives and plans and helps leaders determine how a new IT tool, process or technology contributes to progress along the roadmap.

If your organization has yet to develop a technology roadmap, there are hundreds of templates available online. Templates typically cover everything from computing requirements, to testing, to integrations. Consider updating your roadmap every 3-6 months or as needed.

3. Effective use of dashboards to monitor value. Dashboards represent an element of a well-executed metrics management strategy. Businesses that leverage dashboards effectively are more likely to succeed in digital transformations, according to the MIT Center for Information Systems Research. Dashboards provide enterprises with a comprehensive view of how new infrastructure or tools are impacting the organization.

Although some businesses may see hesitancy around deploying dashboards, the cultural shift can ultimately lead to increased accuracy, transparency, improved risk management, better alignment around achievement of objectives, and greater visibility into how a given technology investment has or hasn’t affected business growth.

4. Invite your existing IT talent to take on larger challenges. High IQ individuals have the capacity for and the interest in learning new skills and in innovating around new services and programs. Aggressively invest in your employees in order to free up technology resources (by automating manual tasks), improve processes and technologies, avoid turnover costs, and to polish your organization’s reputation.

5. Develop a strategic partner ecosystem. Partners play diverse roles in facilitating an organization’s innovation, growth and goal attainment. Account for the partners that you have in your ecosystem, make sure that any partner programs or contracts are not hindering your transformation initiatives and consider including entirely new partner types if current partners cannot help you achieve new goals.

6. Vet both product and the company. Identify providers that offer high-quality products and that maintain a track record of proven performance. An efficient vendor vetting process can assist your business in ensuring the reliable delivery of goods and services, can assist your company in mitigating third-party cyber security risks, and can help your organization deal with complex international laws, regulations and protocols.

7. Collaboration through digital mediums. The coronavirus pandemic forced businesses to shutter their offices, to do away with business travel, and to instead rely on Zoom or similar applications for business development deals.

While video conferencing will never be able to replace a handshake or a quiet side conversation post-meeting, according to a Bloomberg survey of companies in the U.S, Europe and Asia, 84% intend to spend less on travel post-pandemic as compared to pre-pandemic.

Over time, video conferencing can save companies millions in foregone travel expenses, and can increase returns on information technology investments.

8. Invest in cloud experimentation. In some businesses, teams have moved away from provisioning cloud services due to business impediments related to finance and knowledge/skills needed to implement cloud effectively. At least one innovative enterprise has created a program allowing employees to request ‘seed’ resources for cloud investments. In turn, this has led to the creation of new tools that have replaced manual efforts, enabling employees to focus on more valuable, higher-level tasks.

9. Leverage cyber security as a transformation enabler. Build confidence in your programs by accounting for cyber security risk. Anticipate security risk while laying the groundwork for new programs. Incorporate and embed security measures into the tools of transformation. Savvy business professionals recognize that bolting cyber security on at the end of a project can increase costs, and can lead to unnecessary product and revenue risk.

10. Make space for continuous improvement. A complete digital transformation is a long process that can require substantial capital investment. When starting a digital transformation initiative, ensure that the resources exist to sustain the technology and any personnel shifts that you are putting into place.

Conclusion

As your digital transformation initiatives meet milestones and achieve intended outcomes, remember to communicate the success to your peers, the C-suite and other relevant parties. Successful completion of a digital transformation journey will build trust, potentially lead to new opportunities and rewards, and of course, advance an organizations’ broader digital journey.

Did you like this article? You may also be interested in The Trendiest Buzzword in Cyber Security Right Now.

Lastly, unpack transformative insights, and learn about how to make your organization more agile and secure when you subscribe to the Cybertalk.org newsletter.

The post 10 secrets for successful digital transformations appeared first on CyberTalk.

By George Mack, Content Marketing Manager, Check Point.

Did you know that 91% of all cyber attacks begin with a phishing email?

Email phishing scams are becoming increasingly common, and for good reason. Phishing emails manipulate our emotions by using techniques such as urgency, fear, and anxiety.

Humans can fall for these deceitful tricks, but machines cannot. Thus, humans are often the weakest link when it comes to cyber security.

Phishing scams involve sending malicious emails to unsuspecting victims in an attempt to steal personal information or money. The emails often appear to be from legitimate sources, such as banks or other financial institutions, and they often contain links to malicious websites or attachments that can install malware on the victim’s computer.

The scammer’s goal is to trick the victim into providing sensitive information, such as passwords or credit card numbers, or to get the victim to transfer money to the scammer’s account. It is important to be aware of email phishing scams and to take steps to protect yourself from becoming a victim.

In this article, we will review six examples of common email phishing scams and how to identify them.

Example #1: Deceptive phishing

Deceptive phishing is the most common type of email phishing scam. This occurs when scammers impersonate a real organization to steal the victim’s personal details or account credentials.

Deceptive phishing employs a variety of techniques, such as:

• Modifying brand logos – there are email filters that can spot when threat actors steal an organization’s logo and incorporate it into their email or phishing page. The filter does this by scanning the logo’s HTML code. However, threat actors evade this by altering the HTML attributes.
• Incorporating legitimate URLs – To evade detection, attackers can incorporate legitimate links and contact information.
• Disguising malicious code in clean code – When creating a phishing landing page, threat actors will copy legitimate CSS and JavaScript of a real login page, while injecting malicious code, to steal user credentials.

Below is an example of a phishing email pretending to come from the NSA, with a target audience of anyone who has a mobile Apple device.

Example #2: Spear phishing

Spear phishing attacks are emails sent to a single individual, but they’re crafted with exceptional attention to detail – including details such as the individual’s address, date of birth, names of family members and friends, and more. Threat actors often acquire this information from social media or other directories.

Cyber criminals usually use spear phishing attacks to target individuals in an organization.

Below is an example of a spear phishing email that mentions specific details, such as the employee’s boss and the fact that the target is traveling to a convention in New York – a detail which could have been retrieved from social media.

Example #3: Whaling

While an ordinary phishing attack involves blasting emails to a large number of individuals, whaling attacks are targeted at high-ranking individuals. The difference between a whaling and spear phishing attack is that spear phishing attacks typically go after individuals with a lower profile.

Whaling attacks commonly go after CEOs or pretend to be the CEO to deceive other high-ranking members of a company, like the CFO, CISO, or head of PR.

In 2016, Snapchat fell victim to a whaling attack when a high-ranking member of the company was deceived by an email pretending to come from the CEO. The employee revealed employee payroll information, and as a result, the company reported the event to the FBI and provided their employees with free identity theft insurance for two years.

Example #4: Man-in-the-Middle Attack

A man-in-the-middle email attack deceives two people into thinking they’re sending each other emails, when in reality, they’re not. The hacker is in the middle, emailing bait to the victims to deceive them into sharing sensitive information or potentially installing malware.

Here’s an example of a phishing attack that used a man-in-the-middle technique to bypass MFA.

“Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into. When the user entered a password into the proxy site, the proxy site sent it to the real server and then relayed the real server’s response back to the user. Once the authentication was completed, the threat actor stole the session cookie that the legitimate site sent, so the user doesn’t need to be reauthenticated at every new page visited. The campaign began with a phishing email with an HTML attachment leading to the proxy server,” stated Ars Technica.

Example #5: Clone phishing

A clone phishing attack uses an existing or previously distributed email containing attachments or links – in order to gain the target’s trust. In the cloned email, these elements are replaced with malicious elements such as ransomware, viruses, or spyware.

Example #6: Domain spoofing

Domain spoofing, or DNS spoofing, occurs when threat actors impersonate a real business or company with a fake website or email to trick people into divulging sensitive information.

For example, the domain may appear to be legitimate, but on closer inspection, the hacker uses Unicode instead of ASCII. Users who click on the link land on a phishing website.

In conclusion, email phishing attacks are serious threats to individuals and organizations alike. It is important to be aware of the risks and to take preventive steps to protect yourself, such as remaining aware of suspicious emails and links, not clicking on unknown links, and using strong passwords. It is also important to be aware of the latest phishing techniques and to be vigilant in monitoring any suspicious activity on your accounts. By taking these precautions, individuals and organizations can protect themselves from the vast majority of cyber attacks.

Would you like more in-depth phishing analyses? Join us at the most exciting and inspiring cyber security industry event of the year, CPX 360.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter. 

The post 6 examples of email phishing scams (& how to identify them) appeared first on CyberTalk.

EXECUTIVE SUMMARY:

People and technology are more interconnected than ever before, and with that, we’ve seen an acute need for cyber security. Data breaches have reached unprecedented levels and seem to have no end in sight. Private business data, employee data, and consumer data are now scattered about the dark web; for sale or liable to be used for unscrupulous and unintended purposes.

In 2022, the global cost of cyber crime reached $8.4 trillion. In 2023, that number is expected to surpass the 11 trillion dollar mark. Adequate cyber security is indispensable for the continued advancement of the global economy and for continuous individual well-being. Focusing on breach prevention is essential.

Because of cyber security’s far-reaching implications, cyber security will be an important growth area across the next decade. If you are a retail investor, that’s why investing in a cyber security fund might make sense for you. While individual stocks can be volatile, investing in a basket of cyber security ETFs could provide stability. Cyber security ETFs represent an efficient and effective way to get investment portfolio exposure to this booming sector.

What is a cyber security ETF?  

Exchange-traded funds (ETFs) are investment products that track a sector, commodity or index. An ETF consists of an assortment of investments, such as stocks, bonds and commodities. A cyber security ETF will include stocks belonging to companies within the cyber security industry.

Cyber security ETF selection: Insights

In choosing a cyber security ETF, consider the following:

• Consider exploring a fund’s Morningstar Category and actual holdings for a clear understanding of exactly what you’re potentially buying. ETFs that appear similar on the surface may actually be quite different from one another.
• Costs matter. The best index funds and ETFs often retain the lowest expenses. A low expense ratio commonly translates to higher performance levels over time.
• Ask yourself the following three questions ahead of selecting a cyber security ETF: ‘What exposure does this ETF have?’ ‘How effectively does this cyber security ETF deliver this exposure?’ and ‘What does accessing this ETF look like?’
• Investigate whether or not there are extended lengths of time during which the ETF outperforms or underperforms an index. This could provide either positive or negative signals, depending on the root causes of results.
• See if there is a reasonable trading volume.
• Also be sure to review a fund’s track record. Has the ETF succeeded in gathering assets? In the event that an ETF has fewer than $20 million under management, it may eventually be closed by its sponsor.

Cyber security ETF examples

1. First Trust NASDAQ Cybersecurity ETF. This ETF consists of 35 different cyber security company stocks. The fund retains nearly $5.6 billion in assets under management, and represents the largest pure-play ETF in this segment of the tech sector.

The First Trust cyber security offering is one of the longest-tenured ETFs globally, with an inception date in 2015. Since the fund’s creation, shares of the fund have more than doubled.

2. Global X Cybersecurity ETF. A comparatively new fund, the Global X cyber security ETF was launched in 2019. The fund quickly attracted over $1.1 billion in investor funds, and has shown better performance than the First Trust NASDAQ fund.

3. ETFMG Prime Cyber Security ETF. This ETF has amassed $1.9 billion in assets and consists of 62 different stocks. This translates to less portfolio concentration of top brands in the industry, and a greater focus on smaller companies and international investments.

4. iShares Cybersecurity and Tech ETF. This ETF is composed of 52 different cyber security stocks and includes stocks belonging to other tech companies that participate in the cyber security space. Beyond that, this ETF includes cloud computing firms that are in security-adjacent areas.

In summary

As part of a long-term investment strategy, selecting top cyber security ETFs can be a smart choice. They can serve as the basis of a well-diversified portfolio.

A quick reminder: All investors should perform their own diligence, assess their own risk tolerance, invest responsibly, and ensure that investments align with financial goals. This article is not an endorsement of any specific investment strategies or cyber security ETFs.

Excited about the future of cyber security? Join us at the most exciting and inspiring cyber security industry event of the year, CPX 360.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter. 

The post How to choose a cyber security ETF (2023) appeared first on CyberTalk.

By Mazhar Hamayun, cyber security engineer and member of the Office of the CTO at Check Point.

What is cyber extortion?

When we talk about cyber threats, one term is in the news more often than others: Cyber extortion. Cyber extortion is a broad term that refers to situations where a malicious actor or malicious group coerces an organization or individual into paying money or providing sensitive business/public safety information. Cyber extortion can take many forms, including online spying, harassment or other threats to public safety systems.

In contrast, ransomware is a more specific cyber threat. With ransomware, malicious actors try to gain access to a victim’s computer or network resources, encrypt all the data and make a system unusable for any business means. Once everything is encrypted, the attackers demand a ransom payment in exchange for the decryption keys, which will allow the victim of this attack to reclaim access to data and files.

Difference between cyber extortion and ransomware

There are several differences between ransomware and cyber extortion.

Cyber extortion usually targets individuals or small businesses. The intent is to steal money from individuals by gaining access to pictures, business data or other critical data. Having access to this private data enables the criminal to gain monetarily by requesting a direct monetary transfer or through gift cards. Once the financial transaction is complete, the victim may be granted access to their private data. Unfortunately, the criminal may have already copied and/or distributed the data in spite of payment.

Ransomware attacks often target large businesses, hospitals, and other organizations that have something beyond money to lose.

Another key difference between ransomware and cyber extortion is the way in which the ransom payment is processed. Most of the time, ransom payments are made through anonymous payment systems like cryptocurrencies. Cyber extortion usually involves a direct money transfer from individuals, such as via gift cards.

Exploring the scope of the attack vector

To further understand the full scope of cyber extortion, how it spreads, and the creation of an attack that is used by a criminal to transact payment, there are several methodologies to consider. Here’s how it often works:

Messaging Apps

In today’s world, we are moving rapidly toward increased mobile device and app adoption. The introduction of different chat applications (ex. i-message, WhatsApp, signal, telegram, Facebook messenger and several others) make it easy for malicious actors to send an initial message with a payload to create an infection. Once the recipient receives an infected link or file, the attacker gains access to a victim’s system. With the mobile or endpoint compromised, the attacker can steal sensitive information and threaten the victim with the release of their questionable or sensitive information, if they do not pay the ransom. In the next step, the attacker instructs the victim to make payments by sharing the gift cards for big name brands or via a money transfer from Western Union. The victim must then turn over the money within an extremely tight time-frame.

Extortion via email

Sometimes cyber extortion communication occurs via email. Once a victim’s system is compromised and their personal family pictures or other sensitive information is compromised, the attacker threatens to release the data on social media if the requested payment is not made. In a few cases, it has been reported that malicious actors share a proof of hack by showing victims some pictures or screenshots of documents.

Phone extortion

In this type of attack scheme, an attacker or malicious actor usually threatens the victim by calling from a blocked or spoofed phone number. They demand payment soon, and say that otherwise, sensitive information will be released publicly.

 How to deal with cyber extortion

When it comes to dealing with cyber extortion, it can be difficult and complicated for an individual or organization. There is also risk when paying a ransom payment. After payment, in the eyes of the hacker/s, the victim is confirmed as willing to pay. For a victim or potential victim, avoiding future attacks then becomes more difficult.

There are some important steps that an organization can adopt to deal with cyber extortion. These include…

Separation of business and personal devices

It’s always a best practice to keep separate devices and accounts for business and personal uses to ensure that breach of one didn’t impact other. Ensure that employees do so.

It’s key to ensure that people do not use business email accounts to sign up for social media or third-party shopping applications. Doing so can increase the possibility of phishing attacks that damage your business.

Implement robust security measures

For any individual or business, it’s very important to reduce the risk of becoming a victim. In cyber extortion prevention, it is important to implement strong security controls and to adopt the use of strong passwords, and multi-factor authentication. Be sure to use only licensed software and keep all software up-to-date with all patches released by the software vendor. It is also important to have multiple layers of security by having a firewall at home and on the office network, using endpoint security and by using mobile security solutions, which are capable of securing the systems. A traditional anti-virus is insufficient to prevent the latest and emerging threats. Security solutions must be robust. They must include behavioral analysis and also secure web surfing and email communications.

Cyber incident response plan

For any individual or business, it is very important to have a plan in place to deal with any such cyber attack. The plan should include having backups of important business/personal data and a procedure through which to restore important data for business continuity purposes. This plan should also include a way to communicate with staff and different stakeholders and a way to provide a secure and updated status.

Law enforcement notification

If an organization falls victim to cyber extortion, it is very important to notify local law enforcement and relevant authorities. This can help in dealing with damage control and sometimes provides an extra support to mitigate the ongoing attack and to secure the systems.

Laws to deal with cyber extortion

In the United States, cyber extortion is covered under Article 873. More information can be found here. In the USA, the FBI also maintains a special wing that will investigate cyber criminal acts and cyber acts that threaten national security. More details can be found here.

Conclusion

In conclusion, based on available data and resources, cyber extortion is a very serious threat to business of all sizes and individuals in daily life.

By understanding the threats and different cyber extortion attacks, as well as controls that can be implemented to prevent and mitigate the impact, organizations can protect themselves and their customers from damages done by these attacks.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter. 

The post What is cyber extortion? appeared first on CyberTalk.

EXECUTIVE SUMMARY:

On Sunday, Italy’s National Cybersecurity Agency (ACN) revealed that computer servers in the country had been targets in a global ransomware attack. According to the General Director of Italy’s National Cybersecurity Agency, Roberto Baldoni, the attack occurred on a massive scale, affecting thousands of computer servers.

However, the number of infected machines represents merely a fraction of the tens of thousands of servers that could have been affected. Upon learning of Italy’s challenges, cyber security agencies in France, Canada and other countries published advisories that urged organizations to immediately patch vulnerable software.

Italy server hack

The attack relied on exploitation of a specific software vulnerability. While a patch does exist for the vulnerability, some organizations had clearly not applied it.

Following the attack, Euro News reports that millions of customers were left without internet and that ATM machines did not function properly.

However, the internet issue may not have actually been related to the ransomware event. It’s unclear at this time.

Expert analysis

“What is interesting here is the speed at which they [hackers] attacked the machines,” wrote Patrice Auffret, founder and CEO of Onyphe SAS, a French cyber security firm that scanned the internet for traces of the attackers’ malicious code.

“The time was chosen wisely – system administrators and security teams are nearly out for the weekend.” Attackers likely wanted to complete their attack during the weekend for maximum impact, said Auffret.

Vulnerability information

The disruptions represented the latest example of cyber attackers leveraging old vulnerabilities in popular and widely distributed software. The attackers likely studied this particular vulnerability far in advance of the attack to assess the extent to which they would or wouldn’t gain in exploiting it.

This particular vulnerability allows attackers to remotely encrypt data. This prevents a user from accessing the information until a ransom is paid.

Italian national newspaper Corriere della Sera reported that the cyber attackers involved in this incident demanded 2 Bitcoin, the rough equivalent of €42,000.

New EU legislation

Since the start of the coronavirus pandemic, ransomware attacks have proliferated. To keep up with new threats, the EU has issued new rules that take effect this year. For instance, operators of essential services “will have to take appropriate security measures and notify relevant national authorities of serious incidents.”

Further fallout

Is this latest ransomware attack related to the one that took place last week, and that disrupted derivatives trading globally? It remains to be determined. The attack last week was attributed to the Russia-linked LockBit ransomware group.

“No evidence has emerged pointing to aggression by a state or hostile state-like entity,” stated the Italian government. While the attack did not look highly sophisticated, according to analysts, it seems to have been directed towards Western countries.

For information about ransomware prevention, click here. Further, join us at the most exciting and inspiring cyber security industry event of the year, CPX 360.

Lastly, to receive cutting-edge cyber security news, best practices and resources in your inbox each week, please sign up for the CyberTalk.org newsletter. 

The post Italy says ransomware hackers targeting server vulnerability appeared first on CyberTalk.