Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

BEST PRACTICES: 6 physical security measures every company needs

By Mike James

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times.

Related: Shrinking to human attack vector

Gaining access to your property can provide criminals with the ability not only to steal physical items from your premises, but also to potentially infect computers with malware or access data through your IT infrastructure. Here are six physical security measures that you can put in place to help keep your company secure.

Access controls

Clearly your business needs to have some method of access control …more

GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans

By Cynthia Lopez

The problem with social engineering attacks is that they capitalize on the weakest link on any computer or network system: You! Avoiding social engineering attacks requires you to understand what they are and how they work.

Related: Why diversity needs to be part of security training

Social engineering takes advantage of human psychology to attack using deception and manipulation. Hackers know that humans are:

•Easily distracted. They usually don’t check links that they click on in an e-mail if it’s from somebody they trust. It could be an e-mail that looks like it came from their bank, from an online service they use, or even their boss.

Once they see that level of trust, they may unknowingly hand over their passwords or vital company information because they did not bother to verify the link – or sender – before clicking. For instance, an e-mail may come from paypa1.com instead of paypal.com (the number 1 in place of the letter l).

•Forgetful. Other social engineering attacks do not come via e-mail, but from plain stealing. Many people check their work e-mails and other office-related stuff from their phones. Often, they just save their password. If that device is left in a taxi or other public place, whoever picks up that phone is just a few taps away from learning your company’s secrets. …more

GUEST ESSAY: Australia’s move compelling VPNs to cooperate with law enforcement is all wrong

By Bogdan Patru

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel.

Related: California enacts pioneering privacy law

However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”. On the 6th of December 2018, a law that is a direct attack on internet users’ privacy was agreed to by both the House of Representatives and the Senate.

The amendment forces all companies, even VPN providers, to collect and give away confidential user data if the police demand it. All telecoms companies will have to build tools in order to bypass their own encryption.

If suspicions appear that a crime has been or will be committed by one of their users, the law enforcement agencies are in their right to demand access to user messages and private data.

This Orwellian Thought Police is to be the judge, jury, and executioner in a digital world that shelters our personal lives and secrets. All the things we’d like to keep hidden from others. You know, this revolutionary idea called “privacy” Anyone?

Tech companies all over the world are unsure how this can be achieved without installing backdoors into their own security systems. These vulnerabilities are just like a stack of powder kegs ready to blow up at any moment. This is because anyone with knowledge of their existence could theoretically use those security holes to gain access to the user data. …more

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

By Nimmy Reichenberg

The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed.

Related: Addressing the cyber skills gap

This does not mean the creative staffing solutions do not serve their purpose. Countless organizations have taken steps such as hiring IT professionals and setting up training programs to provide them with cybersecurity skills and tapping into local universities’ graduate pools. Those stopgap efforts have provided some relief but fall well short of filing in the ranks. The greatest challenge lies in hiring experienced security professionals, and those can’t be created overnight.

With no end to the cybersecurity talent shortage in sight, organizations are increasingly turning to automation as a means of “doing more with less”. One category of solutions that is quickly getting traction is Security Orchestration, Automation and Response (SOAR).

Nowhere is the skills shortage more prevalent than inside the SOC (security operations center), …more

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

By Pravin Kothari

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise.

Related podcast. Evidence shows we’re in ‘Golden Age’ of cyber spying

The breach of some 30 computers of South Korea’s Defense Acquisition Program Administration (DAPA), which is part of the Ministry of National Defense, reportedly occurred last October. News reports this week indicate internal documents, including details of arms procurement for the country’s next-generation fighter aircraft, were pilfered from at least 10 of the hacked computers.

The hackers reportedly manipulated server software and succeeded in siphoning records from connected workstations. Though South Korean officials stopped short of blaming North …more

GUEST ESSAY: What your company should know about addressing Kubernetes security

By Gary Duan

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers.

Related podcast: Securing software containers

Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to  deploy, scale, and manage.

As beneficial as Kubernetes is for orchestrating containerized environments, a maturing set of security best practices must be adhered to for enterprises to ensure that their applications and data are as safe as possible from emerging vulnerabilities and exploits.

The most dangerous attacks on container environments will execute a “kill chain” of events – not striking all at once but instead through a sequence of lateral moves within the dynamic container environment to ultimately take over containers, attack Kubernetes services, or gain unauthorized access.

Attackers are shaping their attacks to take advantage of recently discovered vulnerabilities and systems which have not yet been patched or equipped to counter efforts to exploit them. In addition, the discovery of malicious ‘backdoors’ hidden in popular Docker images is another cause for concern.

Three recent examples illustrate this seemingly endless stream of vulnerabilities that attackers can leverage in a containerized environment: the Dirty Cow exploit, the Linux Stack Clash vulnerability, and the even more recently discovered CVE-2018-1002105 vulnerability in Kubernetes. Here’s how each inflicts damage: …more

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

By Mike James

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days.

Related podcast: The re-emergence of SIEMs

In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses. To achieve this for your organization, it is no longer possible just to run reactive cyber security. It is essential that should invest in a proactive approach – that’s why you need to start threat hunting.

Seeking anomalous activity

Threat hunting is the practice of actively seeking out dangers to cyber security by detecting and eliminating new and emerging threats that are able to evade preventative controls such as firewalls and antivirus software.

It consists of actively looking for anomalous activity that has not been identified by existing tools and involves thorough, on-going analysis of data sources such as network traffic and server logs as well as web and email filter traffic.

Businesses that embrace threat hunting are likely to significantly reduce the dwell time of attacks, identify advanced threats that could otherwise be missed, and enhance security controls and processes. Effective threat hunting requires not only the right tools, but an advanced understanding of the latest tactics and techniques used by criminals. So, what do you need to get started? …more