Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Best Practices

 

GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

By Yuri Diogenes and Dr. Erdal Ozkaya

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Editor’s note: This is an excerpt from  Cybersecurity – Attack and Defense Strategies, Second Edition, a detailed overview of Cloud Security Posture Management (CSPM) and an assessment of the current threat landscape.

Cybersecurity is the focal point of most cyber strategies because cyber threats are continuously becoming more advanced as more sophisticated exploit tools and techniques become available to threat actors. Due to these threats, organizations are advised to develop cyber strategies that ensure the protection of their cyber infrastructure from these various threats.

In this article, we introduce how you can build effective cyber defense strategies. Please note, the steps given are meant to help you formulate your own cyber defense strategy and can be customized according to your need.

Understand the Business

The more you know about your business, the better you can secure it. It’s really important to know the Goals of your organization, Objectives, the People you work with, the Industry, the current Trends, your Business risks, how to Risk appetite and tolerance the risks, as well your Most valuable assets. Everything we do must be a reflection of the business requirements which is approved by the senior leadership, as it has been manded also in ISO 27001.

GUEST ESSAY: Cyber insurance 101 — for any business operating in today’s digital environment

By Cynthia Lopez Olson

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance.

Related: Bots attack business logic

Cyber insurance, like other forms of business insurance, is a way for companies to transfer some of numerous potential liability hits associated specifically with IT infrastructure and IT activities.

These risks are normally not covered by a general liability policy, which includes coverage only for injuries and property damage. In general, cyber insurance covers things like:

•Legal fees and expenses to deal with a cybersecurity incident

•Regular security audit

•Post-attack public relations

•Breach notifications

•Credit monitoring

•Expenses involved in investigating the attack

•Bounties for cyber criminals

In short, cyber insurance covers many of the expenses that you’d typically face in the wake of cybersecurity event.

GUEST ESSAY: When cyber risks rise in 2020, as they surely will, don’t overlook physical security

By Vidya Muthukrishnan

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism.

Related: Good to know about IoT

Physical security is often a second thought when it comes to information security. Despite this, physical security must be implemented correctly to prevent attackers from gaining physical access and taking whatever they desire.

This could include expensive hardware, or access to sensitive user and/or enterprise security information. All the encryption, firewalls, cryptography, SCADA systems, and other IT security measures would be useless if that were to occur.

Traditional examples of physical security include junction boxes, feeder pillars, and CCTV security cameras. But the challenges of implementing physical security are much more problematic than they were previously. Laptops, USB drives, and smartphones can all store sensitive data that can be stolen or lost. Organizations have the daunting task of trying to safeguard data and equipment that may contain sensitive information about users.

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

By Byron V. Acohido

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI, a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users.

Related: How PKI could secure the Internet of Things

If that sounds too complicated to grasp, take a look at the web address for the home page of this website. Take note of how the URL begins with HTTPS.  The ‘S’ in HTTPS stands for ‘secure.’ Your web browser checked the security certificate for this website, and verified that the certificate was issued by a legitimate certificate authority. That’s PKI in action.

As privacy comes into sharp focus as a priority and challenge for cybersecurity, it’s important to understand this fundamental underlying standard.

Because it functions at the infrastructure level, PKI is not as well known as it should be by senior corporate management, much less the public. However, you can be sure cybercriminals grasp  the nuances about PKI, as they’ve continued to exploit them to invade privacy and steal data.

Here’s the bottom line: PKI is the best we’ve got. As digital transformation accelerates, business leaders and even individual consumers are going to have to familiarize themselves with PKI and proactively participate in preserving it. The good news is that the global cybersecurity community understands how crucial it has become to not just preserve, but also reinforce, PKI. Google, thus far, is leading the way.

BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups — in the field

By Byron V. Acohido

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage.

Related: Can Europe’s GDPR restore data privacy?

And yet today there is a resurgence in demand for encrypted flash drives. What’s happened is this: Digital transformation has raced forward promoting high-velocity software innovation, with only a nod to security. This trend has opened up vast new tiers of attack vectors – and threat actors are taking full advantage.

Security-conscious companies – the ones who are proactively responding, not just to threat actors having a field day, but also to the specter of paying steep fines for violating today’s stricter data privacy regulations – are paying much closer attention to sensitive data circulating out in the field, as well they should.

Highly secure portable drives make perfect sense in  numerous work scenarios; encrypted flash drives, specifically, are part of a global hardware encryption market on track to climb to $296.4 billion by 2020, up 55% as compared to 2015, according to Allied Market Research.

SHARED INTEL: What can be done — today — to keep quantum computing from killing encryption

By Byron V. Acohido

There’s little doubt that the shift to quantum computing  will open new horizons of digital commerce. But it’s also plain as day that the mainstreaming of quantum processing power will profoundly exacerbate cybersecurity exposures.

Related: The ‘post quantum crytpo’ race is on

This isn’t coming as any surprise to IT department heads. In fact, there’s widespread recognition in corporate circles that the planning to address fresh cyber risks associated with quantum computing should have commenced long ago.

That’s the upshot of a survey of 400 large organizations across critical infrastructure industries in the U.S., Germany and Japan. The study, sponsored by DigiCert, Inc., a Lehi,Utah-based supplier of digital certificates, found 71 percent of global organizations already see the emergence of quantum processing power as a material security threat.

Their trepidation is focused on the potential undermining of a core security component of classical computing systems: encryption. In a nutshell, when quantum processing power becomes widely available – whether that be three years or 10 years from now — threat actors will gain the ability to decrypt everything companies have been protecting with classical encryption.

To its credit, the global cybersecurity community is not asleep on this. A major public-private effort is underway to revamp classical cryptography, and ultimately replace it with something called post-quantum-cryptography, or PQC. DigiCert happens to be in the thick of this effort; I recently had a wide-ranging discussion about this with Tim Hollebeek, DigiCert’s industry and standards technical strategist.

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

By Byron V. Acohido

To pay or not to pay? That’s the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced.

Related: How ransomware became such a scourge

The FBI discourages it, as you might have guessed. What’s more, the U.S. Conference of Mayors this summer even passed a resolution declaring paying hackers for a decryption key anathema.

Yet there are valid arguments for what scores of municipalities and businesses caught with their networks frozen by extortionist hackers have been compelled to do: pay the ransom demand. Tech industry consultancy Forrester has even seen fit to issue guidance to help companies figure out whether paying the ransom demand might actually be their best option.

That pay or not to pay debate aside, there’s a more central question raised by the ransomware plague. Company decision makers need to be asking themselves this: just how good is their organization’s business continuity and disaster recovery preparedness?

This issue is in Mickey Bresman’s wheelhouse. Bresman is co-founder and CEO of Semperis, an identity-driven cyber resilience company based in the new World Trade Center in Lower Manhattan. Semperis helps companies running Microsoft Windows-based networks preserve and protect Active Directory, or AD.

AD is the administrative software that directs access to servers and applications across the breadth of Windows in tens of thousands of companies and agencies. As such it variably gets caught in the crossfire of ransomware strikes. It’s here that Semperis is helping companies build resiliency. I had the chance to visit with Bresman at Black Hat 2019. For a full drill down, please give a listen to the accompanying podcast. Here are key takeaways:

An attack scenario

Due to the ubiquitous use of Windows networks, Active Directory functions as the keys to the kingdom all across enterprise networks — in 90 percent of organizations. Hackers recognize this and so AD has become a favorite target. Here’s a scenario … more