Article | April 14, 2020
Security and risk management leaders at organizations around the world are increasingly concerned about cybersecurity threats to their operational technology (OT) networks. A key driver behind this is that cyberthreats, like disruptionware, are increasing in quantity and sophistication all the time. Industrial control system (ICS) networks are categorized as high risk because they are inherently insecure, increasingly so because of expanding integration with the corporate IT network, as well as the rise of remote access for employees and third parties. An example of an IT network within a control system is a PC that’s running HMI or SCADA applications. Because this particular PC wasn’t set up with the initial intention of connecting to IT systems, it typically isn’t managed so can’t access the latest operating system, patches, or antivirus updates. This makes that PC extremely vulnerable to malware attacks. Besides the increased cyberthreat risk, the complexity resulting from IT–OT integration also increases the likelihood of networking and operational issues.
Article | April 14, 2020
On their road to recovery from the pandemic, businesses face unique dilemmas. This includes substantial and entirely necessary investments in digital transformation, however tight budgets are making such endeavors difficult if not impossible. Businesses continue to struggle with pivots like adopting new digital platforms, shifting their corporate model to resolve supply chain disruption and enabling a remote workforce.
The inability for businesses to quickly adopt technologies that support digital transformation processes, including identity-based segmentation, virtual desktop interfaces and full-stack cloud, is hindering their ability to adequately address new threats and even to test new security systems and protocols.
“Now more than ever, it’s imperative to remediate risk exposure and vulnerabilities within an organization’s existing systems—optimally from the get-go,” urges cybersecurity expert Nishant Srivastava, Cyber Security Architect and field expert at Cognizant—an IT Solutions and Services firm for which he's focused on designing and implementing Identity and Access Management (IAM) solutions. “Biggest threats should get highest priority, of course, but the magnitude or even likelihood of a threat should not be the sole consideration. Organizations should also look at other forms of value that new technologies can bring.”
Below Srivastava, a senior-level IAM, governance and cyber risk authority, offers key digital security vulnerabilities businesses need to be mindful of given increased digital dependency amid the pandemic. Heed these best practices to help keep your company—and customers—uncompromised.
Consumer-Facing App Gaps
For consumer-facing web applications, some of the biggest security threats include path traversal, cross-site scripting (XSS), SQL injections and remote command execution. Of course, protecting customer data is an utmost security concern and breaches abound. One of the biggest challenges to address these kind of issues lies with lacking human resources. There is a lack of aptly trained and skilled security staff in even the most sophisticated of regions, which is cultivating a gap in cybersecurity skills across the globe. It goes without saying that employee training and investing in highly-qualified staff are among the best ways to establish, maintain and uphold security levels of consumer facing apps. Rifts, however small, can induce excessive damage and losses.
Online delivery businesses that are aware of security risks would be wise to introduce more secure logins, automatic logouts and random shopper ID verification and are preventing shoppers from swapping devices when ordering. Such measures will help thwart breaches that expose of customer names, credit card information, passwords, email addresses and other personal and sensitive information.
Companies selling goods or services online also should not launch without a secure socket layer (SSL) connection. It will encrypt all data transfer between the company’s back end server and the user's browser. This way, a hacker won’t be able to steal and decode data even if he or she manages to intercept web traffic.
Another useful strategy is to enforce password limitations. Passwords should be as complicated as possible with a combination of symbols, numbers and letters. Investing in a tokenization system is worthwhile because any hacker who accesses the back end system can read and steal sensitive information, which is held in the database as plain text. Some payment providers tokenize cardholder information, which means a token replaces the raw data so the database then holds a token rather than the real data. If someone steals it, they can’t do anything with it because it’s just a token.
Ransomware threats are escalating, which is why those doing business digitally should enforce a multi-layer security strategy that incorporates data loss prevention software, file encryption, personal firewall and anti-malware. This will protect both a company’s infrastructure and its endpoint.
Data backups are key because there’s still a mild chance of a breach even with all of the aforementioned security solutions in place. The easiest and most effective way to minimize cyberattack damage is to copy files to a separate device. This very reliable form of backup makes it possible for people to recommence work as usual with little to no downtime, and all their computer files intact, should an attack occur.
Gmail blocks over 100 million COVID-related phishing emails every day, but more than 240 million are sent. That means less than half sent via Gmail alone are blocked. Experts cite imposing limits on remote desktop protocol (RDP) access, multifactor authentication for VPN access, in-depth remote network connection analysis and IP address whitelisting as some of the best strategies to maintain security. In addition, businesses should secure externally facing apps like supplier portals that use risk-based and multifactor authentication—particularly for apps that would let a cybercriminal divert payments or alter user bank account details.
The shift to remote work after the pandemic hit has given cybercriminals more and more opportunities, directing their focus on the tools people use for work. It’s important that people recognize their vulnerabilities, particularly while they work from home. Among these are hacked videoconference passwords and unprotected videoconference links, which criminals can use to access an organization’s network without authorization. Many people who work from home do not use secured networks, unknowingly and unintentionally. Many are just not aware of the risks.
To avoid online teleconference security issues, meetings should always be encrypted. This means a message can only be read by the recipient intended and that the host must be present before the meeting begins. There should also be waiting rooms for participants. Screen share watermarks, locking a meeting, and use of audio signatures are additional recommendations.
When asked what his best advice would be to tweak security for a workforce that’s predominately working remotely, Nishant says that companies should start by analyzing the basics (like those specified above) against the backdrop of a wide range of ever-escalating and evolving threats. “Employees should use dual-factor authentication and make sure apps, mobile phones and laptops are updated and that available patches and updates are always installed,” he says. “They should certainly be wary of all information requests and verify the source. These even include unexpected calls or emails seemingly from colleagues.”
Srivastava also pointed out that insiders at the CIO Symposium in July 2020 agreed that the pandemic packed years of digital transformation into just a few weeks. The use of third parties emerged as a major security concern to take into account. For instance, some employees abroad were unable to move their computers to their homes, so employers rushed to supply them with new equipment. In the process, some of it was not set up correctly thus compromising security. Companies should have done more to determine out whether individuals were using technology properly, such as if employees were sharing work devices or using their own personal equipment.
On the plus side, the shift toward working from home sped up multi-factor authentication adoption. This is a great opportunity that today’s digitally-driven businesses should take advantage of.
In short, Srivastava advocates taking a zero-trust approach. “It might sound harsh, but this is the idea that you can’t trust devices, people and apps by default,” he says. “Everything needs to be authorized and authenticated. Users should always verify and never trust, and businesses should act as if there has already been a breach and work to shore up weak links in the security chain. Finally, businesses should give access to information and data to as few people as possible—and wholly ensure those who do have access are appropriately trained to recognize when a red flag presents.
By employing all or even some of the advice above, businesses can continue to thrive as the digital transformation age unfolds—and do so more confidently and contently all around.
Article | April 14, 2020
Picture this: a news story detailing a cyberattack in which no data was exfiltrated, thousands (or even millions) of credit card details weren’t stolen, and no data was breached. While this isn’t the type of headline we often see, it recently became a reality in Las Vegas, Nev. On January 7, 2020, news broke that the city of Las Vegas had successfully avoided a cyberattack. While not many details were offered in the city’s public statement, local press reported that the attack did employ an email vector, likely in the form of a direct ransomware attack or phishing attack. The use of the word “devastating” in the public statement led many to believe ransomware was involved. This inference isn’t farfetched—and is likely a correct conclusion—given that cities throughout the U.S. have seen ransomware attacks on critical systems. Attacks that have cost those cities millions of dollars.
Article | April 14, 2020
Over the last year, the education delivery model has changed rapidly. Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area.
A recent spate of attacks suggests that cyber-criminals are taking notice of the seemingly infinite weaknesses in learning centers defenses. But why?
One of the primary reasons is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way.
To avoid falling victim to devastating cyber-attacks which often have dire consequences, we share three lessons universities need to quickly take on board.
Your Research is Valuable to Cyber-Criminals
There is a hefty price tag on some of the research conducted by universities, which makes it particularly attractive to cyber-criminals. The University of Oxford’s Division of Structural Biology was targeted in February by hackers snooping around, potentially in search of information about the vaccine the university has worked on with AstraZeneca. It’s not just gangs of cyber-criminals targeting research facilities, last year Russian state backed hackers were accused by official sources in the US, UK and Canada of trying to steal COVID-19 vaccine and treatment research.
With world-leading research hidden in the networks of universities, its unsurprising that last year over half (54%) of universities surveyed said that they had reported a breach to the ICO (Information Commissioner’s Office). The research conducted by many UK universities makes them an attractive target for financially motivated cyber-criminals and state-sponsored hackers in search of valuable intellectual property.
To add insult to injury, ransomware attackers are doubling their opportunity for pay off by selling off the stolen information to the highest bidder, causing a serious headache for the victims while potentially increasing the value of their pay-out.
Personal Information of Students and Staff Can Easily Fall into the Wrong Hands
Based on tests of UK university defenses, hackers were able to obtain ‘high-value’ data within two hours in every case. In many cases, successful cyber-attacks are followed by not only a ransom note demanding payment for the recovery of frozen or stolen data, but also the added threat of sharing any sensitive stolen information with the public.