Feb 12 2024

Integrating cybersecurity into vehicle design and manufacturing

Category: cyber security,Security Architecturedisc7 @ 10:12 am

In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles.

Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber threats effectively. Additionally, he emphasizes the importance of consumer awareness in ensuring vehicle security.

Can you describe the state of cybersecurity in the automotive industry, especially in the context of electric and connected vehicles?

The automotive industry is experiencing a digital breakthrough transforming how vehicles are designed, manufactured, and used, primarily driven by the introduction and popularity of electric and autonomous vehicles. Technological advancements have been introduced and integrated throughout the vehicle life cycle. This brings numerous benefits like enhanced safety and improved efficiency to the cars we drive daily, but it also brings new and pressing cybersecurity challenges.

Now that our vehicles are becoming increasingly connected to the internet can go through Over-the-Air (OTA) updates, use remote management, contain Advanced Driver Assistance Systems (ADAS), and employ AI, the potential avenues for cyberattacks have expanded for threat actors to exploit in a significant way.

What steps are automakers taking to address cybersecurity challenges in their latest vehicle models?

We use different forms and increasing amounts of software in our vehicles. The first challenge is in the supply chain, not just in terms of who provides the software; the issue penetrates each layer. Automakers need to understand this from a risk management perspective to pinpoint the onset and location of each specific risk. Suppliers must be involved in this process and continue to follow guidelines put in place by the automaker.

The second challenge involves software updating. As technology continues to evolve and more features are added, cybercriminals find new ways to exploit flaws and gaps in systems that we may not have been aware of because of the newness of the technology. Regular software updates must be administered to products to patch holes in systems, improve existing vulnerabilities and improve product performance.

In order to address these challenges, automakers need to conduct an initial risk assessment to understand what kind of threats and the type of threat actors are active within each layer of the product and supply chain in the automotive industry. From the experience gained from the initial risk assessment, a procedure must be put in place to ensure each internal and external employee and supplier knows their role in maintaining security at the company.

The procedure determines which types of threat actors are active within the automotive industry, where they are located, and each threat’s severity. This is complicated because threat actors reside worldwide in large numbers, and each group uses various forms of attacks to various degrees. Automakers use the information collected daily to help protect their assets. Additionally, audits must be conducted regularly to evaluate each supplier and employee to verify the procedures are followed correctly, don’t need to be updated, etc.

Can you explain how vehicle manufacturers integrate cybersecurity into the design and development process?

Once you have a factory line running, the first step to integrate cybersecurity into the manufacturing process is to secure the operation technology (OT) policy by understanding the risk and how to close the gaps. Manufacturers must deal with OT threats, which involve thousands of unique threats coming from the product lines, sensors, and other equipment involved in the manufacturing process, instead of systems like computers.

These threats can be especially dangerous if left ignored because of the simplicity of the equipment used in this stage. Suppose you are a threat actor and you want to damage an automaker. In that case, it is much more difficult to conduct a cyberattack on the cloud or the employees of an automaker. Still, the factory line is easier to attack because it uses equipment that is easier to breach and actions are less detected. This is a very common area for threat actors to target.

What key strategies are you recommending for protecting connected and electric vehicles against cyber threats?

Automotive companies must take a proactive approach to addressing cybersecurity threats instead of being reactive. This allows security teams to avoid threats instead of responding later once the damage has already been done. A few proactive strategies I’d recommend for companies are the following.

  • Conduct a risk assessment to understand and prioritize current and future risks.
  • Develop company-wide security policies and procedures so all employees know their roles in maintaining security.
  • Hold regular security training and awareness programs to educate employees.
  • Implement strong network security measures, including firewalls, detection systems, and encryption, to monitor your network traffic for any anomalies regularly.
  • Regularly backup critical data and store it in secure locations.
  • Develop a comprehensive incident response plan outlining steps to be taken during a cyberattack.
  • Conduct periodic security audits to evaluate the effectiveness of security measures and identify improvement areas.

Cybersecurity is an ongoing process that requires constant vigilance and adaptation – current strategies will likely become outdated and need to be reworked as new threats emerge.

What role do regulatory bodies play in shaping cybersecurity standards for electric and connected vehicles?

Regulatory bodies play a role in shaping cybersecurity standards, but they do not help you secure your products directly – that is up to each individual player in the automotive supply chain. The goal of regulatory bodies is to provide automakers with best practices on steps to take in the event of a cyber hack, what players to communicate with, and how deep to reach depending on the severity of the threat.

Once an automaker is compliant with certain regulatory rules, they will then ask the regulatory bodies to come to conduct an onsite visit, where they conduct an audit for months at a time, trying to hack each layer they can and look for any areas of weakness, to identify what needs to be patched up. This process needs to be repeated until the automaker is fully compliant.

What are the best practices that consumers should be aware of to ensure the cybersecurity of their electric or connected vehicles?

Consumers need to make sure the data collected in the vehicle stays private. For example, if you have an electric vehicle (EV) and you need to charge it, you might visit a public charging station. Not many people know this, but your vehicle data can be easy to hack at public charging stations because you are not only transferring electricity but also data.

To prevent this from happening, vehicle owners need to ask the right questions. Owning an EV is no different than when a homeowner goes to buy a large kitchen appliance, for example. The right questions need to be asked, including – who made it, whether the company has a cybersecurity procedure in place, whether it is currently compliant with regulatory body requirements, etc. Making sure that all software is regularly up to date is also essential. EV users must download official software from trusted brands using a secure network.

Along with automakers, consumers are partially responsible for their own security, which needs to be stressed to the general public more. Without this knowledge, consumers are left highly vulnerable to hacks from cybercriminals.

 InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: auto security, Car Security, Connected cars


Jan 24 2024

SYSTEM HACKING, SCRIPTING, AND OTHER CONTRONYMS IN CYBERSECURITY

Category: cyber security,Hackingdisc7 @ 8:49 am

The cybersecurity field continuously generates new terms and concepts as it evolves with time. It also repurposes words to describe new concepts. There’s a never-ending flow of jargon that some refer to as an alphabet soup of complexity. From  NGAV to XDR, it appears unlikely for cybersecurity to run out of new acronyms and terminologies.

Meanwhile, some popular terms used in cybersecurity can have contradicting meanings. These are the so-called contronyms, which may add some spice to the insipidity of tech terms. Here’s a list of some famous cybersecurity words or phrases many would probably think they are already familiar with but are likely to be surprised to learn about their other meanings. 

HACKING

Most people tend to equate hacking to cybercrime, an attempt to illegally access, damage, or take over a computer system. This is not surprising given that most news articles that mention hacking use the term in its negative connotation, referring to cyber attacks aimed at bypassing access controls or security measures to prevent the unauthorized use of IT resources.

However, hacking can mean something positive or useful. In cybersecurity, system hacking can refer to an authorized effort to break existing security measures to test their effectiveness and spot weaknesses. The term often used for this action is “ethical hacking,” but hacking by itself is neither good nor bad. It’s how it is used that spells the difference.

Hacking in both its malicious and ethical instances follows the same stages. Also, they use similar techniques, from password cracking to phishing, the deployment of rootkits and trojans, exploitation of buffer overflows, privilege escalation, and the use of keyloggers. These steps and techniques are observed in attempts to exploit vulnerabilities and detect security weaknesses so that they can be plugged or resolved.

PATCHING 

In contrast to hacking, patching is often perceived as a positive term. It is mostly known as the application of a software patch to address a vulnerability or add new functions. Software publishers regularly release patches for their software in response to developments in the cyber threat landscape and to provide improvements in their software products.

Negatively, patching refers to the unauthorized modification of a software or system by taking advantage of system vulnerabilities. Cybercriminals can infiltrate or corrupt software pipelines, allowing them to send out malicious software patches to unsuspecting users. This works because many tend to excessively trust their automated software pipelines or they carelessly obtain their software updates from unofficial sources.

SNIFFING 

Among those involved in network administration, sniffing is a legitimate process that entails the tracking and analysis of network traffic. This is done to undertake a troubleshooting task, monitor network performance, or facilitate network security-related actions. It is one of the vital actions in Intrusion Detection Systems (IDS).

However, sniffing can also refer to malicious packet sniffing, wherein an attacker intercepts the packets transmitted through a network. Sniffing allows bad actors to steal login credentials and other sensitive information. It can help them gain access to online accounts or steal crucial data. Sniffing is often used as a form of cyber attack on devices that connect to the internet through public WiFi networks. 

Sniffing in the negative context is not new. It has been used as an attack for decades. Cybersecurity advocates pointed out the threat of sniffing more than a decade ago amid the proliferation of businesses that offer free public WiFi connection without strong security. 

SCRIPTING 

Scripting refers to the writing and deployment of scripts for the automation of repetitive tasks. It is used to automate routine actions, which enables the efficient management of systems. Scripting is also employed in penetration testing to simulate cyber attacks on a system. Similarly, it is used in log analysis and monitoring, day-to-day security operations, forensics and incident response, and cross-platform compatibility testing.

However, scripting can also be malicious, as used by threat actors. Cybercriminals can turn to malicious scripting to automate the execution of files that have been successfully introduced into a system. Successfully deceiving a computer user into downloading a file is not enough for the malicious file to inflict damage. Scripts are necessary to unleash the effects of malicious files and detect security vulnerabilities.

BACKDOOR 

The term backdoor is usually known for its negative implication. Most news and articles refer to backdoors in an unfavorable context. This should not come as a surprise since backdoors are often used by cybercriminals. They serve as a way to bypass normal authentication for any computer-related system, facilitating unauthorized access or the introduction of malicious files to a computer or network.

However, backdoors can be a feature intentionally added to the software. They can be deliberately put in an app to provide an optional means of access in cases when conventional access methods are unavailable. This “necessary” version of a backdoor was in the spotlight some years ago when the US FBI asked Apple to purposely build a backdoor on their iPhones. 

KILL CHAIN

The cyber kill chain is a framework developed by Lockheed Martin as part of its patented Intelligence Driven Defense model for cyber attack identification and prevention. It consists of a series of steps that represent the different stages of a cyber attack, from early reconnaissance to command and control and “actions on objectives.” This model helps organizations visualize and comprehend the different stages of an attack, focusing on critical points in the attack, developing strategies to mitigate threats, and boosting incident response capabilities.

Essentially, the kill chain is a process that is supposed to help organizations prepare for cyber attacks, successfully fend off an assault, and mitigate problems that emerge in the wake of a cyber attack. However, the phrase kill chain, in colloquial use, may refer to a successful cyber attack.

AN EXERCISE IN CYBERSECURITY JARGON COMPLEXITY

It may sound confusing, but contronyms exist everywhere. Interestingly, these words still make sense despite the auto-contradiction. In cybersecurity, contronyms reflect the complexity and flexibility of language, showing how words can change in meaning depending on their context and usage.

Isn’t it counterintuitive for cybersecurity terms to bear contradicting meanings? Possibly. However, what is ultimately important is the understanding that cybersecurity terms are far from straightforward. It is a must to properly get acquainted with them to understand what they really mean, especially with the rise of a plethora of acronyms and jargon introduced by security solution providers. Many of which tend to be marketing-speak or misnomers.

The Language of Cybersecurity

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: CONTRONYMS, The Language of Cybersecurity


Jan 22 2024

AI AND SECURITY: ARE THEY AIDING EACH OTHER OR CREATING MORE ISSUES? EXPLORING THE COMPLEX RELATIONSHIP IN TECHNOLOGY

Category: AI,cyber securitydisc7 @ 12:13 pm

Artificial Intelligence (AI) has arisen as a wildly disruptive technology across many industries. As AI models continue to improve, more industries are sure to be disrupted and affected. One industry that is already feeling the effects of AI is digital security. The use of this new technology has opened up new avenues of protecting data, but it has also caused some concerns about its ethicality and effectiveness when compared with what we will refer to as traditional or established security practices.

This article will touch on the ways that this new tech is affecting already established practices, what new practices are arising, and whether or not they are safe and ethical.

HOW DOES AI AFFECT ALREADY ESTABLISHED SECURITY PRACTICES?

It is a fair statement to make that AI is still a nascent technology. Most experts agree that it is far from reaching its full potential, yet even so, it has still been able to disrupt many industries and practices. In terms of already established security practices, AI is providing operators with the opportunity to analyze huge amounts of data at incredible speed and with impressive accuracy. Identifying patterns and detecting anomalies is easy for AI to do, and incredibly useful for most traditional data security practices. 

Previously these systems would rely solely on human operators to perform the data analyses, which can prove time-consuming and would be prone to errors. Now, with AI help, human operators need only understand the refined data the AI is providing them and act on it.

IN WHAT WAYS CAN AI BE USED TO BOLSTER AND IMPROVE EXISTING SECURITY MEASURES?

AI can be used in several other ways to improve security measures. In terms of access protection, AI-driven facial recognition and other forms of biometric security can easily provide a relatively foolproof access protection solution. Using biometric access can eliminate passwords, which are often a weak link in data security.

AI’s ability to sort through large amounts of data means that it can be very effective in detecting and preventing cyber threats. An AI-supported network security program could, with relatively little oversight, analyze network traffic, identify vulnerabilities, and proactively defend against any incoming attacks. 

THE DIFFICULTIES IN UPDATING EXISTING SECURITY SYSTEMS WITH AI SOLUTIONS

The most pressing difficulty is that some old systems are simply not compatible with AI solutions. Security systems designed and built to be operated solely by humans are often not able to be retrofitted with AI algorithms, which means that any upgrades necessitate a complete, and likely expensive, overhaul of the security systems. 

One industry that has been quick to embrace AI-powered security systems is the online gambling industry. For those who are interested in seeing what AI-driven security can look like, visiting a casino online and investigating its security protocols will give you an idea of what is possible. Having an industry that has been an early adoption of such a disruptive technology can help other industries learn what to do and what not to do. In many cases, online casinos staged entire overhauls of their security suites to incorporate AI solutions, rather than trying to incorporate new tech, with older non-compatible security technology.

Another important factor in the difficulty of incorporating AI systems is that it takes a very large amount of data to properly train an AI algorithm. Thankfully, other companies are doing this work, and it should be possible to buy an already trained AI, fit to purpose. All that remains is trusting that the trainers did their due diligence and that the AI will be effective.

EFFECTIVENESS OF AI-DRIVEN SECURITY SYSTEMS

AI-driven security systems are, for the most part, lauded as being effective. With faster threat detection and response times quicker than humanly possible, the advantage of using AI for data security is clear.

AI has also proven resilient in terms of adapting to new threats. AI has an inherent ability to learn, which means that as new threats are developed and new vulnerabilities emerge, a well-built AI will be able to learn and eventually respond to new threats just as effectively as old ones.

It has been suggested that AI systems must completely replace traditional data security solutions shortly. Part of the reason for this is not just their inherent effectiveness, but there is an anticipation that incoming threats will also be using AI. Better to fight fire with fire.

IS USING AI FOR SECURITY DANGEROUS?

The short answer is no, the long answer is no, but. The main concern when using AI security measures with little human input is that they could generate false positives or false negatives. AI is not infallible, and despite being able to process huge amounts of data, it can still get confused.

It could also be possible for the AI security system to itself be attacked and become a liability. If an attack were to target and inject malicious code into the AI system, it could see a breakdown in its effectiveness which would potentially allow multiple breaches.

The best remedy for both of these concerns is likely to ensure that there is still an alert human component to the security system. By ensuring that well-trained individuals are monitoring the AI systems, the dangers of false positives or attacks on the AI system are reduced greatly.

ARE THERE LEGITIMATE ETHICAL CONCERNS WHEN AI IS USED FOR SECURITY?

Yes. The main ethical concern relating to AI when used for security is that the algorithm could have an inherent bias. This can occur if the data used for the training of the AI is itself biased or incomplete in some way. 

Another important ethical concern is that AI security systems are known to sort through personal data to do their job, and if this data were to be accessed or misused, privacy rights would be compromised.

Many AI systems also have a lack of transparency and accountability, which compounds the problem of the AI algorithm’s potential for bias. If an AI is concluding that a human operator cannot understand the reasoning, the AI system must be held suspect.

CONCLUSION

AI could be a great boon to security systems and is likely an inevitable and necessary upgrade. The inability of human operators to combat AI threats alone seems to suggest its necessity. Coupled with its ability to analyze and sort through mountains of data and adapt to threats as they develop, AI has a bright future in the security industry.

However, AI-driven security systems must be overseen by trained human operators who understand the complexities and weaknesses that AI brings to their systems.

Must Learn AI Security

Artificial Intelligence (AI) Governance and Cyber-Security: A beginner’s handbook on securing and governing AI systems

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: AI security, Artificial Intelligence (AI) Governance, Must Learn AI Security


Dec 28 2023

Chinese Hackers Exploit New Zero-Day In Barracuda’s ESG To Deploy Backdoor

Category: cyber security,Information Security,Zero daydisc7 @ 12:56 pm

Barracuda Email Security Gateway (ESG) Appliance has been discovered with an Arbitrary code Execution vulnerability exploited by a China Nexus threat actor tracked as UNC4841.

Additionally, the vulnerability targeted only a limited number of ESG devices. 

However, Barracuda has deployed a security update to all the active ESGs to address this vulnerability, and has been automatically applied to all the devices, which does not require any action from the user.

The new vulnerability has been assigned to CVE-2023-7102, and the severity is yet to be categorized.

Chinese Hackers Exploit New Zero-Day

This vulnerability exists due to using a third-party library, “Spreadsheet::ParseExcel,” in the Barracuda ESG appliances.

This open-source third-party library is vulnerable to arbitrary code execution that can be exploited by sending a specially crafted Excel email attachment to the affected device.

The Chinese Nexus threat actors have been using this vulnerability to deploy new variants of SEASPY and SALTWATER malware to the affected devices.

However, Barracuda has patched these vulnerabilities accordingly. Moreover, Barracuda stated, “Barracuda has filed CVE-2023-7102 about Barracuda’s use of Spreadsheet::ParseExcel which has been patched”.

Another vulnerability, CVE-2023-7101, affected the same spreadsheet: ParseExcel, and no patches or updates were available.

Nevertheless, both of these vulnerabilities were associated with a previously discovered vulnerability, CVE-2023-2868, that was exploited by the same threat group in May and June 2023.

Furthermore, a complete report about these vulnerabilities, along with additional information, has been published, which provides detailed information about this vulnerability and the previously discovered vulnerabilities.

Indicators Of Compromise

MalwareMD5 HashSHA256File Name(s)File Type
CVE-2023-7102 XLS Document2b172fe3329260611a9022e71acdebca803cb5a7de1fe0067a9eeb220dfc24ca56f3f571a986180e146b6cf387855bddads2.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acddon.xlsxls
CVE-2023-7102 XLS Documente7842edc7868c8c5cf0480dd98bcfe76952c5f45d203d8f1a7532e5b59af8e330 6b5c1c53a30624b6733e0176d8d1acdpersonalbudget.xlsxls
SEASPY7b83e4bd880bb9d7904e8f553c2736e3118fad9e1f03b8b1abe00529c61dc3edf da043b787c9084180d83535b4d177b7wifi-servicex-executable
SALTWATERd493aab1319f10c633f6d223da232a2734494ecb02a1cccadda1c7693c45666e1 fe3928cc83576f8f07380801b07d8bamod_tll.sox-sharedlib

Network IOCs

IP AddressASNLocation
23.224.99.24240065US
23.224.99.24340065US
23.224.99.24440065US
23.224.99.24540065US
23.224.99.24640065US
23.225.35.23440065US
23.225.35.23540065US
23.225.35.23640065US
23.225.35.23740065US
23.225.35.23840065US
107.148.41.146398823US

Tiger Trap: America’s Secret Spy War with China

21st Century Chinese Cyberwarfare

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: 21st Century Chinese Cyberwarfare, cyber security, Tiger trap, zero-day


Dec 13 2023

Which cybersecurity controls are organizations struggling with?

Category: cyber security,Security controlsdisc7 @ 7:58 am

How well are organizations implementing cybersecurity controls within the Minimum Viable Secure Product (MVSP) framework? A recent examination conducted by Bitsight and Google indicates a mix of positive and negative outcomes, highlighting areas where enhancement is needed.

What is MVSP?

Minimum Viable Secure Product (MVSP) is a baseline security checklist for B2B software and business process outsourcing suppliers, consisting of 25 controls across four key areas – Business, Application Design, Application Implementation, and Operational.

For the “Cybersecurity Control Insights: An Analysis of Organizational Performance” study, Bitsight and Google collaborated to create a methodology to measure organizational cybersecurity performance using Bitsight analytics across the MVSP framework.

The study analyzed the cybersecurity performance of nearly 100,000 organizations around the world across nine industries. Bitsight mapped its risk vectors to 16 of the MVSP controls and reported performance in 2023 and over time (most recently March 2023). Google validated the statistical approach employed in this analysis.

Are organizations meeting cybersecurity performance standards?

The study found that while every industry in 2023 has a high Pass rate for 10 of the 16 MVSP controls studied, many organizations are still failing on controls critical to protecting themselves against cyber incidents.

The findings indicate that organizations across all industries have several areas in which they must improve their vulnerability management program to reduce exposure to potential breaches.

Notably, 2023 Computer Software industry Fail rates for Dependency Patching and Time to Fix Vulnerabilities — which map to Bitsight analytics correlating to the likelihood of a breach — did not improve from 2020 rates as much as the macro average, leaving other industries vulnerable to third-party risk given their reliance on computer software.

But, organizations did have near-100% Pass rates for the following areas:

  • Data handling
  • Incident handling
  • Logging
  • Logical access

They also had high Pass rates for Customer training (contributing to a safer third-party digital ecosystem) and Training (organizations are taking training efforts seriously as human error can have serious consequences).

Organizations across all industries are struggling with controls critical to the health of an organization’s vulnerability management program, Bitsight found.

Eight MVSP controls that are important for vulnerability management – External Testing, Self-assessment, Vulnerability Prevention, Encryption, HTTPS-only, Security Headers, Dependency Patching, Time to Fix Vulnerabilities – have either high 2023 Fail rates, low Pass rates, or both, across all industries.

Finally, there has been a decline in use of security headers, including in the computer software industry.

“We expected CS to outperform in most respects but that is not what we observed. CS’s stagnation — and at times underperformance — may be attributed to many factors, including workforce challenges, rising asset inventories, lacking cybersecurity tools, and more,” the analysts noted.

Keeping up with threats

Business leaders around the world need to understand where their companies’ vulnerabilities lie and how they match up with others to better manage increasingly complex cyber risks and stakeholder demands. By understanding the pass and fail rates of MVSP controls organizations will be better armed with the knowledge to benchmark their security performance and improve their cybersecurity strategies to mitigate and reduce vulnerability.

“It is more important than ever for business leaders to be fully aware of the organization’s application security risk, and how they are performing compared to their peers,” said Chris John Riley, Staff Security Engineer, Google.

“If organizations want to build and maintain a mature security posture in today’s turbulent and fast moving environment, they need leaders that prioritize security management and a culture of constant improvement. Using frameworks like the MVSP, organizations can take the initial necessary steps to develop a strong security culture within their organizations.”

Security Controls Evaluation, Testing, and Assessment Handbook

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: cybersecurity controls


Dec 03 2023

Introduction to Cyber Security

Category: cyber security,Information Securitydisc7 @ 10:41 am

Introducing to Cybersecurity | Cyber Writes ✍

Introduction to Cyber Security: Basic to Advance Techniques

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: Intro to Cyber Security


Aug 18 2023

Cybersecurity Solutions

Category: cyber securitydisc7 @ 11:06 pm

Cybersecurity reduces the risk of cyber attacks and protects against the unauthorized exploitation of systems, networks and technologies.

Cyber risk management is complex and there is no one-size-fits-all solution. IT Governance’s range of cybersecurity products and services can be tailored to suit any organization’s needs and requirements. 

From training, staff awareness programs, security testing, documentation toolkits, standards, software, books and guides, ITG have everything you need to support and enhance your security program.

Training

Toolkits

Books

CISSP training course

InfoSec tools | InfoSec services | InfoSec books | Follow our blog

Tags: Cybersecurity Solutions


Aug 11 2023

8 free cybersecurity documentaries you can watch right now

Category: cyber security,Security Awarenessdisc7 @ 9:18 am
A hacker shares his biggest fears (2021)

A white hat hacker, with over 30 years of experience as a cybersecurity analyst at a major Silicon Valley company, talks about why he turned his back on black hat hacking for the greater good. He talks about the reality of just how vulnerable our systems are – from the very real threat of hackers taking the American power grid or medical facilities offline to how easily accessible our private information is to anyone with Wi-Fi and some time on their hands.

Behind the booming ransomware industry: How hackers hold businesses hostage (2021)

The number of businesses falling victim to ransomware attacks each year is snowballing. Hackers have realized how lucrative these attacks are, with ransoms in the millions regularly being paid out. This documentary examines how hackers make their money and how much a victim can lose. Cyber security experts tell us how cybercriminals carry out the attacks and who is helping them.

Critical digital infrastructure: Why societies are becoming so vulnerable to cyberattacks (2022)

For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021, bringing its whole administration to a standstill. It was a stark illustration of how hackers can knock out entire communities in milliseconds — and how digital technology has become vital for running our societies. DW investigates how a criminal industry makes billions by taking computers hostage — and how governments can use similar methods as a political weapon.

Drones, hackers and mercenaries (2021)

A shadow war is a war that, officially, does not exist. Shadow wars are rising as mercenaries, hackers, and drones take over the role armies once played. States are evading their responsibilities and driving the privatization of violence. War in the grey zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks while those giving orders remain in the shadows.

How cybercrime has become organized warfare (2023)

Millions of Australians have had their data stolen in malicious attacks, costing some businesses tens of millions of dollars in ransom. Four Corners investigates the cyber gangs behind these assaults, cracking open their inner operations and speaking to a hacker who says he targets Australians.

The Dark Web (2019)

Look behind the cheerful veneer of social media, communication apps, and platforms that have made our lives easier and more connected, and you’ll find criminals using the same apps and platforms to run illicit and dangerous activities.

The Digital Threat To Nations (2020)

Singapore aims to be a “Smart Nation” but the more it depends on IT, the more it opens itself to cyber threats. This is the cybersecurity dilemma. Explore global incidents of cyber espionage, disinformation, disruption and pandemics and how they endanger nations.

21st Century Hackers (2021)

In this documentary, learn about white hat hackers, and the U.S. Secret Service’s cybercrime division working to protect us from the risks associated with persistent connectivity.

The rise of cyber conflict as the primary way nations now compete and sabotage each other.

CISSP training course

InfoSec tools | InfoSec services | InfoSec books

Tags: cybersecurity documentaries


Jul 29 2023

is there an underserved market segment in Cyber Security?

Category: cyber securitydisc7 @ 4:53 pm

The cybersecurity industry is constantly changing, and market conditions can shift quickly. To identify potential underserved market segments, it is crucial to regularly conduct updated market research. Staying informed about the latest developments helps businesses recognize new opportunities and areas where cybersecurity solutions are in demand but currently lacking.

There are some areas where there might have been or still are underserved market segments in cybersecurity include:

  1. Small and Medium-sized Enterprises (SMEs): Smaller businesses often lack the resources and expertise to implement robust cybersecurity measures. They may not have access to dedicated cybersecurity teams or the budget to invest in expensive security solutions.
  2. Nonprofit Organizations: Nonprofits, especially smaller ones, may face similar challenges as SMEs when it comes to cybersecurity. They might not have the necessary funds or expertise to adequately protect their data and digital assets.
  3. Individuals and Consumers: With the increasing prevalence of cyber threats targeting individuals, there may be a market segment for user-friendly and affordable cybersecurity solutions tailored to the needs of regular consumers.
  4. Internet of Things (IoT) Devices: As the number of IoT devices continues to grow, there is a potential underserved market for specialized cybersecurity solutions designed to secure these devices and the data they generate.
  5. Cloud Security: With the widespread adoption of cloud computing, ensuring the security of cloud-based data and services has become critical. There may be opportunities for specialized cloud security solutions catering to different industries and use cases.
  6. Critical Infrastructure: Industries such as energy, transportation, and healthcare that rely heavily on interconnected systems and technologies may have specific cybersecurity needs that could be underserved.
  7. Emerging Technologies: As new technologies like artificial intelligence, blockchain, and quantum computing gain traction, there may be a need for cybersecurity solutions that address the unique risks associated with these technologies.
  8. Cybersecurity Workforce Development: With the growing demand for cybersecurity professionals, there may be an underserved market segment for training and educational programs to address the workforce shortage in the industry.

It’s important to note that while some segments may have been underserved, the cybersecurity industry is competitive, and companies are continually looking for new opportunities. As the threat landscape changes, new niche areas may emerge, and existing underserved segments may receive more attention from cybersecurity companies and entrepreneurs.

Cyber Security Innovation for the Digital Economy

Digital Disruption: Implications and opportunities for Economies, Society, Policy Makers and Business Leaders

InfoSec books | InfoSec tools | InfoSec services

Tags: Cyber Security Innovation, underserved market


Jul 24 2023

Cybersecurity measures SMBs should implement

Category: cyber securitydisc7 @ 8:32 am

Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize.

Company size does not matter to cyber attackers

SMBs often underestimate their appeal as a potential target. They assume they are “little fish” not worth the attackers’ effort and that their data holds little value. But that’s not true: their systems store sensitive information, including employee and customer data and financial information.

What’s more, they are often used to access systems at larger organizations (partners, customers or suppliers) – and as a recent Proofpoint study has shown, cybercriminals frequently target SMBs (especially through regional MSPs) as a means to breach larger agencies and organizations in the public and private sectors.

Unfortunately, SMBs typically allocate only a small fraction of their budget to strengthening their cybersecurity defenses, and are often ill-equipped to effectively combat cyber threats.

One critical factor exacerbating SMBs’ vulnerability is the shortage of dedicated security personnel; bigger organizations can offer bigger salaries to cybersecurity professionals and smaller companies can’t compete on that front.

With limited staff and expertise, SMBs face an uphill battle in defending themselves against sophisticated cyberattacks.

How can SMBs up their cybersecurity game?

But not all hope is lost.

First and foremost, the notion that cybersecurity is solely the responsibility of the IT department must be dispelled; every individual within an organization plays a vital role in minimizing the risk of cyber incidents.

The Verizon 2023 DBIR report outlines three essential cybersecurity controls that will help SMBs with limited IT and cybersecurity expertise thwart general, non-targeted attacks:

  • Security awareness and skills training – Make sure employees have the skills and knowledge to minimize general cybersecurity risks
  • Data recovery – Create data recovery practices that can restore business assets to their original, trusted state in case of attack
  • Access control management – Create processes for creating, assigning, managing and revoking access credentials and privileges for user, administrator and service accounts for enterprise assets and software.

Once essential cyber hygiene is achieved with those and after a company begins moving closer to the larger end of the SMB scale and has more resources available, it’s time to add other security controls:

  • Incident response management – Establish and sustain an incident response program for prompt attack response
  • Application software security – Identify and address vulnerabilities in internally developed, hosted, or acquired software to prevent potential harm to the company
  • Penetration testing – Test the efficacy and resilience of enterprise assets and implemented controls by simulating attackers’ actions

“Now that you’ve already looked at the Controls and prioritized them, you know what you’re most likely to be hit with and you’re working your way through to the end—your ducks are almost all in a row. You have balanced preventive and detective capabilities and are on your way to being able to not only detect when something bad has happened but also respond quickly and appropriately. You have moved from the basics of putting your plan together to implementing a road map,” Verizon’s analysts pointed out.

“A few final things to consider at this point: Are you looking at aligning with a particular compliance framework? Do you track metrics around security in your environment? Do your efforts result in ongoing improvements to your security posture, or do they just provide a point-in-time snapshot that says, ‘I was good at this moment, but then things changed’? There is quite a bit you can do when you use good information about what is happening in your organization to steer your security strategy.”

The Essential Guide to Cybersecurity for SMBs

InfoSec books | InfoSec tools | InfoSec services

Tags: Cybersecurity for SMBs, The Essential Guide to Cybersecurity for SMBs


Jun 08 2023

9 free cybersecurity whitepapers you should read

Category: cyber securitydisc7 @ 1:00 am

In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial.

This list of free cybersecurity whitepapers that don’t require registration covers a wide range of common cyber risks (ransomware, DDoS attacks, social network account hijacking). It explores the possible risks that could originate from new technologies such as generative AI (GenAI) and large language models (LLMs).

MS-ISAC guide to DDoS attacks

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has created a guide to shed light on denial of service (DoS) and distributed denial of service (DDoS) attacks. A DoS attack aims to overwhelm a system and hinder its intended users’ access, while a DDoS attack involves multiple sources working together towards the same goal.

These attacks deplete network, application, or system resources, leading to issues such as network slowdowns, application crashes, and server failures. The MS-ISAC guide examines various techniques employed by cyber threat actors (CTAs) to execute successful DDoS attacks. The guide also provides recommendations for defending against these types of attacks.

The Ultimate Guide to Everything You Need to Know about DDoS Attacks

Ransomware missteps that can cost you

Ransomware has become one of the most concerning types of attacks. To be able to effectively tackle these attacks, IT professionals and managed services providers need to be prepared to respond quickly and appropriately.

The first step towards readiness lies in acquiring a comprehensive understanding of the primary issues and possible pitfalls that can significantly impact the outcome.

This whitepaper from N-able gives insights on one of the most common and disastrous type of attack and what are the frequent mistakes organizations do when trying to limit the damaging effects.

Ransomware Protection Playbook

The five ICS cybersecurity critical controls

To establish a robust and successful security program for industrial control systems (ICS) or operational technology (OT), a combination of five cybersecurity controls can be employed.

This SANS whitepaper points out these controls, empowering organizations to customize and implement them according to their specific environment and risk factors.

Rather than being overly prescriptive, these controls prioritize outcomes, ensuring flexibility and adaptability. Moreover, they are informed by intelligence-driven insights derived from the analysis of recent breaches and cyberattacks in industrial companies worldwide.

NIST Framework for Improving Critical Infrastructure Cybersecurity: Whitepaper

How to identify the cybersecurity skills needed in the technical teams in your organization

To keep an organization safe from information security threats, it is essential to understand cybersecurity skills gaps within your IT and InfoSec teams. To enhance your company’s protection, it is crucial to pinpoint these deficiencies and give importance to skills according to specific job roles.

This whitepaper from Offensive Security concentrates on optimal methods for nurturing internal cybersecurity talent within your technical teams, such as IT, information security, DevOps, or engineering.

Building a Career in Cybersecurity: The Strategy and Skills You Need to Succeed 

Generative AI and ChatGPT enterprise risks

The increasing use of GenAI and LLMs in enterprises has prompted CISOs to assess the associated risks. While GenAI offers numerous benefits in improving various daily tasks, it also introduces security risks that organizations need to address.

This whitepaper from Team8 aims to provide information on these risks and recommended best practices for security teams and CISOs, as well as encourage community involvement and awareness on the subject.

The ChatGpt Revolution – Unlock the Potential of AI: Opportunities, Risks and Ways to Build an Automated Business in the Age of New Digital Media

Redefining browser isolation security

Traditional methods of data security and threat protection are inadequate in the face of evolving applications, users, and devices that extend beyond the corporate perimeter.

Legacy security approaches struggle to adapt to the hybrid work model, leading to visibility issues, conflicting configurations, and increased risks. To address these challenges, organizations need to update their risk mitigation strategies.

Remote browser isolation (RBI) technology offers a promising solution by separating internet browsing from local browsers and devices. However, traditional RBI approaches have limitations such as high costs, performance issues, and security vulnerabilities caused by deployment gaps.

This Cloudflare whitepaper examines the causes and consequences of these challenges, and shows how to approach browser isolation to tackle these common issues.

Browser Isolation Standard Requirements

S1 deload stealer: Exploring the economics of social network account hijacking

Social networks have become an essential part of our lives, but they have also been exploited by criminals. Threat actors have been using legitimate social media accounts to engage in illegal activities, such as extortion and manipulating public opinion for influencing elections.

Financially motivated groups have also employed malvertising and spam campaigns, as well as operated automated content-sharing platforms, to increase revenue or sell compromised accounts to other malicious individuals.

This whitepaper from Bitdefender highlights an ongoing malware distribution campaign that takes advantage of social media by hijacking users’ Facebook and YouTube accounts.

Building a budget for an insider threat program

To gain support from top-level executives when planning to implement a purpose-built insider threat solution, the value of the solution needs to be linked not just to reducing risks but also to providing additional business benefits.

The business case should show how an insider threat program can result in immediate cost savings, allow security resources to be allocated to other important projects in the future, and ultimately promote collaboration, productivity, and innovation.

This Code42 whitepaper provides a strategy for security teams to create a convincing business case.

The case for threat intelligence to defend against advanced persistent threats

Organizations are encountering an increasingly serious challenge posed by advanced persistent threats (APTs). Those responsible for managing business risk recognize that it is impossible to completely prevent such threats. Instead, the focus is on implementing defensive measures and utilizing threat intelligence to improve the chances of detecting attacks and reducing risk to an acceptable level.

Rather than fixating on the inevitability of being hacked, the emphasis is placed on minimizing the occurrence of attacks and efficiently identifying and responding to them, to mitigate their impact on the business.

This Cyberstash whitepaper examines the effectiveness and cost associated with threat intelligence in enhancing the security industry’s defensive capabilities against APTs.

InfoSec tools | InfoSec services | InfoSec books

Tags: cybersecurity whitepapers


May 13 2023

WORST CAR COMPANY AWARD IN TERMS OF DATA SECURITY GOES TO TOYOTA AFTER LEAKING DATA OF MILLIONS OF CUSTOMERS FOR 10 YEARS

Category: cyber securitydisc7 @ 12:30 pm

The Toyota Motor Corporation confirmed on Friday that the car data of 2.15 million customers in Japan, including those of its premium brand Lexus, had been publicly accessible for almost a decade owing to “human error.” The statement was made in response to a report that the Toyota Motor Corporation had published on Friday. The disaster, which impacted virtually all of Toyota’s clientele who had registered for the company’s primary cloud service platforms after 2012, was brought on by a cloud system that had been inadvertently turned to the public rather than the private mode. Customers who had signed up for the T-Connect service, which offers a wide range of services such as AI voice-enabled driving assistance, automatic connection to call centers for vehicle management, and emergency support in the event of a situation such as a car accident or a sudden illness, were impacted as well. The G-Link services for Lexus vehicles were also impacted. According to the corporation, there have been no complaints of harmful usage; nonetheless, information such as car positions and identification numbers of vehicle devices may have been compromised. This is despite the fact that there have been no indications of malicious use.

This incidence comes to light at the same time that Toyota is ramping up its efforts in the areas of vehicle connection and cloud-based data management in order to provide autonomous driving and other functions supported by artificial intelligence. When asked why it took Toyota so long to realize the error, a spokeswoman for the firm said, “There was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public.” In other words, the corporation did not have any mechanisms or activities in place to detect the presence or absence of things that became public.  The problem first surfaced in November of last year and continued through the middle of April of this year.

The Personal Information Protection Commission in Japan was made aware of an occurrence, but in keeping with their standard procedure, the commission has chosen not to divulge any more information at this time. Toyota has implemented safeguards to prevent unauthorized third parties from gaining access to the company’s data and is in the process of conducting an examination into all cloud environments that are administered by Toyota Connected Corp. Following a string of previous large data breaches in Japan, including one in March when mobile provider NTT DoCoMo revealed the data of up to 5.29 million users may have been compromised due to a firm to whom it had outsourced work.

The corporation said that it will be contacting individual consumers about the breach and that it has established a hotline for queries.

The problem comes after Toyota disclosed in October a second data breach affecting T-Connect that affected a far lesser amount of customers.

In April, Toyota revealed that there had been security breaches at its headquarters in Italy, which might have resulted in the exposure of customer information.

 InfoSec tools | InfoSec services | InfoSec books

Tags: Car hackers, Car Security, Secure cars


Apr 28 2023

HOW A EUROPEAN SPACE AGENCY (ESA) SATELLITE GOT HACKED ?

Category: cyber securityDISC @ 1:38 pm

In a presentation that is being called the world’s first ethical satellite hacking exercise, cybersecurity researchers will explain how they took control of a European Space Agency (ESA) satellite this week. The ESA satellite was part of an experiment that was touted as the world’s first ethical satellite hacking exercise. The European Space Agency (ESA) issued a challenge to cybersecurity professionals working in the ecosystem of the space sector, asking them to interfere with the functioning of the OPS-SAT demonstration nanosatellite that the ESA operates. Participants made use of a wide array of ethical hacking approaches in order to seize control of the system that was used to operate the payload’s onboard camera, global positioning system, and attitude control system. Unauthorized access to these systems poses a risk of severe damage to the satellite as well as a loss of command and control over the satellite’s intended purpose. The offensive cybersecurity team at Thales collaborated with the Group’s Information Technology Security Evaluation Facility (ITSEF2) to carry out this one-of-a-kind exercise. The goal of the exercise was to show the need of a high degree of cyber resilience in the very unusual operational environment of space.

Thales, a global defense and aerospace business, was able to successfully take control of a satellite that was being operated by the European Space Agency (ESA) during a test run that the company ran. In order to demonstrate how space systems are susceptible to cyberattacks, the experiment involves breaking into the satellite’s command and control system and sending instructions. Even though the experiments were carried out in a safe and controlled setting, they shed light on the dangers that exist when it comes to the possibility of an evil actor seizing control of a satellite in the real world, which may lead to potentially catastrophic results. Due to the fact that cyber attacks continue to provide a substantial obstacle to space exploration and safety, this event highlights how important it is to ensure the security of space-based infrastructure.

The team of four cybersecurity experts from Thales gained access to the satellite’s onboard system, utilized the conventional access permissions to take control of the satellite’s application environment, and then exploited multiple vulnerabilities in order to install malicious code into the satellite’s systems. This made it feasible to compromise the data that was transmitted back to Earth, in particular by changing the pictures that were collected by the satellite’s camera, as well as to accomplish other goals, such as masking specific geographic regions in the satellite imaging while disguising their operations in order to escape discovery by ESA. The simulation was put on especially for CYSAT in order to assist in determining how a genuine cyberattack may affect civilian networks and the possible fallout from an attack of this kind.

Cybersecurity for Space: Protecting the Final Frontier


InfoSec Threats
 | InfoSec books | InfoSec tools | InfoSec services

Tags: SATELLITE GOT HACKED


Mar 30 2023

What is a blockchain security implication

Category: Blockchain,cyber security,Information SecurityDISC @ 3:14 pm

Table of Contents

What is Blockchain Security?

What Are the Types of Blockchain?

Blockchain Security Challenges

6 Blockchain Security Examples

Blockchain 2035: The Digital DNA of Internet 3.0

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: blockchain security implications


Mar 23 2023

Cybersecurity 101: What is Attack Surface Management?

Category: Cyber Attack,cyber securityDISC @ 9:39 am

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them.

ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge.

Understanding Attack Surface Management

Here are some key terms in ASM:

  • Attack vectors are vulnerabilities or methods threat actors use to gain unauthorized access to a network. These vulnerabilities include vectors such as malware, viruses, email attachments, pop-ups, text messages and social engineering. 
  • An attack surface is the sum of attack vectors that threat actors can potentially use in a cyberattack. In any organization, all internet-connected hardware, software and cloud assets add to the attack surface. 
  • Shadow IT is any software, hardware or computing resource being used on a company’s network without the consent or knowledge of the IT department. Quite often, shadow IT uses open-source software that is easy to exploit. 
  • Attackers use sophisticated computer programs and programming techniques to target vulnerabilities in your attack surface, like shadow IT and weak passwords. These cyber criminals launch attacks to steal sensitive data, like account login credentials and personally identifiable information (PII)

Read the Threat Index

Why is Attack Surface Management Important?

Security teams can use ASM practices and tools to prevent risks in the following ways:

  • Reduce blind spots to get a holistic view of your IT infrastructure and understand which cloud or on-premise assets are exposed to attackers.
  • Eliminate shadow IT to remove unknown open-source software (OSS) or unpatched legacy programs.
  • Minimize human error by building a security-conscious culture where people are more aware of emerging cyber threats. 
  • Prioritize your risk. You can get familiar with attack patterns and techniques that threat actors use.

How Attack Surface Management Works

There are four core processes in attack surface management: 

  1. Asset discovery is the process of automatically and continuously scanning for entry points that threat actors could attack. Assets include computers, IoT devices, databases, shadow IT and third-party SaaS apps. During this step, security teams use the following standards:
    • CVE (Common Vulnerabilities and Exposures): A list of known computer security threats that helps teams track, identify and manage potential risks.
    • CWE (Common Weakness Enumeration): A collection of standardized names and descriptions for common software weaknesses.
  2. Classification and prioritization is the process of assigning a risk score based on the probability of attackers targeting each asset. CVEs refer to actual vulnerabilities, while CWEs focus on the underlying weaknesses that may cause those vulnerabilities. After analysis, teams can categorize the risks and establish a plan of action with milestones to fix the issues.
  3. Remediation is the process of resolving vulnerabilities. You could fix issues with operating system patches, debugging application code or stronger data encryption. The team may also set new security standards and eliminate rogue assets from third-party vendors.
  4. Monitoring is the ongoing process of detecting new vulnerabilities and remediating attack vectors in real-time. The attack surface changes continuously, especially when new assets are deployed (or existing assets are deployed in new ways).  

You can learn more about the four core processes and how attack surface management works on the IBM blog

How to Get a Job in Attack Surface Management

Anyone who works in attack surface management must ensure the security team has the most complete picture of the organization’s attack vectors — so they can identify and combat threats that present a risk to the organization.

Hiring companies look for people with a background and qualifications in information systems or security support. The minimum expectations typically include the following:

  • Strong technical security skills
  • Strong analytical and problem-solving skills
  • Working knowledge of cyber threats, defenses and techniques
  • Working knowledge of operating systems and networking technologies
  • Proficiency in scripting languages, like Perl, Python or Shell Scripting
  • Experience with attack surface management and offensive security identity technologies.

What’s Next in Attack Surface Management?

Cyber Asset Attack Surface Management (CAASM) is an emerging technology that presents a unified view of cyber assets. This powerful technology helps cybersecurity teams understand all the systems and discover security gaps in their environment.

There is no one-size-fits-all ASM tool — security teams must consider their company’s situation and find a solution that fits their needs. 

Some key criteria include the following:

  • Easy-to-use dashboards
  • Extensive reporting features to offer actionable insights
  • Comprehensive automated discovery of digital assets (including unknown assets, like shadow IT)
  • Options for asset tagging and custom addition of new assets
  • Continuous operation with little to no user interaction
  • Collaboration options for security teams and other departments.

With a good ASM solution, your security team can get a real cyber criminal’s perspective into your attack surface. You can find, prioritize and solve security issues quickly and continuously. Ultimately, a diligent attack surface management strategy helps protect your company, employees and customers. 

Side view of young businessman using laptop in office. Male professional sitting at conference table working on laptop computer.

Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Attack Surface, Cyber Threat, Threat Intelligence


Mar 09 2023

Security Professionals Battle Burnout as Threat Landscape Evolves

Category: cyber securityDISC @ 11:14 am

A surge of cybersecurity incidents and a general feeling of work overload is leading to widespread burnout among IT security professionals, two surveys indicated.

A Cynet survey of chief information security officers (CISOs) of small to midsize businesses found nearly two-thirds (65%) said their ability to protect their organization is compromised due to an overwhelming workload–with nearly 100% admitting they needed additional resources.

The stress levels are affecting entire IT security teams, with nearly three-quarters (74%) of CISOs surveyed admitting they have lost team members because of work-related stress issues.

Nearly half (47%) of these CISOs have had more than one team member exit their role over the last 12 months.

Burning Out and Fading Away

Respondents to a Magnet Forensics survey said the rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout. Alert and investigation fatigue are twin contributing factors, the survey revealed.

The study also revealed that the evolving nature of threats is extending response times beyond what they feel is acceptable—43% of respondents said it takes them between one week and more than a month.

Nearly a third of respondents said that identifying the root cause of an incident requires either a “complete overhaul” or “major improvements” in the organization’s threat posture.

“We’re seeing a direct correlation between burnout and the increased activity of cybercriminals who are relying on more complex strategies and bombarding organizations with more attacks,” explained Adam Belsher, CEO of Magnet. “New cybersecurity regulations also impacted our respondents who said they’re now under increased pressure to get answers faster.”

He pointed out that a global talent shortage resulted in hiring challenges, and that digital forensics and incident response practitioners (DFIR) find themselves in a difficult situation.

“They need to respond to more incidents, get answers faster and do so while knowing no reinforcements are on the way,” Belsher noted. “It’s no surprise that they’re burned out.”

George Tubin, director of product marketing for Cynet, added that what stood out most is what a vicious cycle this work-related stress is. Their stress at work spills over into their personal lives, which increases their stress at work—and repeat.

“Because of their workload and stress, these CISOs said they’re missing vacations and private events and they’re also losing their tempers with family and friends. This only exacerbates their stress levels,” he says.

In addition, 80% of them have received complaints about how they handled security tasks and two-thirds said their ability to protect their organizations is compromised due to work overload and stress.

More Cybersecurity Staff Needed to Combat Burnout

The Cynet survey also asked CISOs whether they need more people, and the general consensus is that they could use 30% more staff.

They also said they’ve compromised on hiring decisions because it’s so hard to find good cybersecurity people.

“But, when we asked them what initiatives could help them reduce stress levels, rather than say hire more, more CISOs stated technology consolidation and automation, as well as outsourcing,” Turbin says. “Cybersecurity technology has become so complicated and so expensive that the cure is almost as bad as the disease.”

Belsher noted that each factor contributing to the burnout of DFIR practitioners is out of their hands.

“They can’t control how often cybercriminals attack their organizations or the methods they use,” he said. “Cybercriminals have continued to find new threat vectors and ways to scale the volume of their attacks. That won’t change in 2023.”

That means organizations must adapt to this threat landscape beyond trying to hire themselves out of this problem.

“If we maintain the status quo, burnout will only get worse,” he says. “Automation is essential to scaling the capacity of DFIR teams.”

Turbin agreed, noting a couple of the survey questions asked the respondents to compare the past year with previous years; the results were consistent or have become slightly worse.

“Unless these security leaders can somehow relieve their stress, mainly through simplifying and automating their cybersecurity technology, I expect the situation to get worse before it gets any better,” he said.

He added that CEOs and the board should be concerned about the threat of burnout, especially considering that this stress is leading to a degradation in security outcomes that increased risk for the organization.

“CEOs and board members should proactively reach out to their security leaders to discuss ways to reduce stress and improve the company’s security posture,” he advised.

Belsher pointed out that cybersecurity and IT personnel can’t tackle burnout alone.

“Mental health is a company-wide imperative that executives, HR departments and all people leaders should play an active role in addressing,” he said.

CISO Zoom burnout

7 Steps From Burnout to Happiness

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: cybersecurity burnout


Jan 22 2023

Global Cybersecurity Outlook 2023

Category: cyber security,Information SecurityDISC @ 3:19 pm

#Geopolitical Instability Means a #Cyber “Catastrophe” is Imminent

Routledge Companion to Global Cyber-Security Strategy

The 2023-2028 Outlook for Cybersecurity in China 

Global Cyber Security Labor Shortage and International Business Risk

The Cyber Threat and Globalization : The Impact on U.S. National and International Security

InfoSec books | InfoSec tools | InfoSec services

Tags: Global Cybersecurity Outlook 2023


Jan 12 2023

Microsoft Exchange Vulnerabilities Most Exploited by Hackers Targeting Financial Sector

During the month of November, researchers at the cybersecurity firm LookingGlass examined the most significant vulnerabilities in the financial services industry in the United States.

The company looked at assets with public internet-facing assets from more than 7 million IP addresses in the industry and discovered that a seven-year-old Remote Code Execution vulnerability affecting Microsoft Windows was at the top of the list.

According to CISA, the “Financial Services Sector includes thousands of depository institutions, providers of investment products, insurance companies, other credit and financing organizations, and the providers of the critical financial utilities and services that support these functions.”

Reports stated that the industry employs about 8 million Americans and contributes $1.5 trillion, or 7.4% of the nation’s overall GDP.

Microsoft Exchange Vulnerabilities

Over 900 times in the financial sector have been affected by a critical remote code execution vulnerability identified as (CVE-2015-1635), affecting Microsoft Windows and it has been around for seven years.

If this vulnerability is exploited successfully, a remote attacker may execute arbitrary code with system privileges and result in a buffer overflow.

The next most often exploited vulnerability was (CVE-2021-31206), which affects Microsoft Exchange Servers. Reports say in the month of November, this vulnerability was exploited 700 times in the financial services industry in the United States.

Top list of vulnerabilities in the financial services sector

“Our data holdings attribute roughly 7 million of these to the U.S. financial services sector, which includes insurance companies, rental & leasing companies, and creditors, among other subsectors”, explains LookingGlass researchers.

According to recent reports from the U.S. Department of Treasury, ransomware attacks alone cost U.S. financial institutions close to $1.2 billion in 2021, a nearly 200% increase from the year before. 

The Financial Crimes Enforcement Network (FCEN) of the Treasury identified Russia as the main source of numerous ransomware variants hitting the industry in its study.

Joint Cybersecurity Advisory: Compromise of Microsoft Exchange Server

Tags: Microsoft Exchange Vulnerabilities


Jan 10 2023

Automotive Industry Exposed to Have Major API Vulnerabilities

Category: cyber securityDISC @ 4:42 pm

The impacted automotive giants include BMW, Toyota, Ford, Honda, Mercedes-Benz and many more…

These API vulnerabilities exposed vehicles to information theft, account takeover, remote code execution (RCE), and even hijacking of physical commands such as starting and stopping engines.

Millions of vehicles belonging to 16 different manufacturers had completely exposed API vulnerabilities which could be abused to unlock, start, and track cars while also impacting the privacy of the vehicle owners.

These vulnerabilities were found by security researcher Sam Curry who conducted in-depth research into the security loopholes of the automotive industry along with researchers Neiko RiveraBrett BuerhausMaik RobertIan CarrollJustin Rhinehart, and Shubham Shah

Automotive Industry Exposed to Have Major Vulnerabilities

In a detailed report, Curry laid out vulnerabilities found in the automotive APIs powering several automotive giants including the following:

  • Kia
  • BMW
  • Ford
  • Honda
  • Acura
  • Jaguar
  • Nissan
  • Porsche
  • Toyota
  • Ferrari
  • Spireon
  • Reviver
  • Genesis
  • Hyundai
  • Infiniti
  • SiriusXM
  • Land Rover
  • Rolls Royce
  • Mercedes-Benz

According to researchers, information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping engines of cars were all real possibilities that hackers could access before the security vulnerabilities were fixed by respective manufacturers following responsible disclosure. 

Spireon’s telematics solution faced the most serious of issues which could have been exploited to gain full administrator access to the company’s platform, enabling a threat actor to issue arbitrary commands to about 15.5 million vehicles as well as update device firmware. 

“Using our access, we could access all user accounts, devices (vehicles), and fleets,” Curry said. “Some of the fleets on the website included ambulances, police cruisers, and large trucks. Using the Spireon access, we could send fully arbitrary commands and update device configurations.”

Another vulnerability reported in the researchers’ findings showed that a poorly configured API endpoint for generating one-time passwords for the web portals of BMW and Rolls Royce could allow attackers to take over the accounts of any employee and contractor, thereby gaining access to sensitive customer and vehicle information. 

A poorly implemented SSO functionality in Ferrari’s web applications allowed the researchers to gain unrestricted access to the JavaScript code of several internal applications. The source code contained internal API keys and usage patterns, allowing potential attackers to create and modify users’ or (worse yet) give themselves superuser permissions. The vulnerabilities effectively allowed attackers to take ownership of Ferrari cars.

A misconfiguration in the Mercedes-Benz single sign-on (SSO) system enabled the researchers to gain access to several internal company assets, including private GitHub repositories and internal communication tools.

Attackers could pose as employees, allowing them to access sensitive information, send commands to customer vehicles, perform RCE attacks, and use social engineering to escalate their privileges across the Mercedes-Benz infrastructure.

“There were some car companies where you’d own one, then copy the exact same methodology to another car company and get in with the same vulnerability,” Curry wrote in a blog post.

The researchers found that some flaws existed across the platforms of several companies, including tons of exposed actuators (vehicle component control), debug endpoints, and administrative functions for managing vehicles, purchase contracts, and telematic devices.

This only goes to show that as much of a hurry as these car companies were to install these devices, they completely overlooked the task of securing their online ecosystem. 

Infosec books | InfoSec tools | InfoSec services

Tags: Car Hacker, Car Security, Connected cars


Jan 05 2023

CYBERSECURITY BASICS for small business

Category: cyber securityDISC @ 12:40 pm

DISC InfoSec: A reliable information security solutions tailored to individual business needs and our mantra is securing the business

Infosec books | InfoSec tools | InfoSec services

Tags: CYBERSECURITY BASICS, Cybersecurity Essentials


Next Page »