A VISUAL GUIDE TO INFORMATION SECURITY

| June 20, 2019

article image
Whether you’re just getting started or you have information security processes truly embedded, find out where you are in the journey and how you can move forward with our free Information Security Infographic.

Spotlight

Syncplicity

Syncplicity is an easy-to-use, enterprise-grade file sync and share solution that is redefining files for the mobile workforce. We give users access to all their files—no matter where they reside— on all their devices, online or offline, with no hassles. With a rich and secure mobile, web and desktop experience, our customers get to collaborate inside and outside their organization easily, while giving IT professionals the security, manageability, and control they need. Rated a market leader by Forrester Research and other leading analyst firms, Syncplicity is uniquely positioned to lead the next wave of innovation in mobile collaboration for the enterprise by delivering: * A consumer-grade user experience on desktops and mobile devices that offers breakthrough innovations specifically for the business user. * Industry-leading policy controls, security integration, and administration features so IT can deploy at scale. * A SaaS deployment model that offers policy-driven control over wh

OTHER ARTICLES

Cybersecurity Must Be Embedded in Every Aspect of Government Technology

Article | March 17, 2020

Cybersecurity has never been more important for every level of our government. The hacking attempts at major federal agencies have raised the profile of nefarious actors who use their highly advanced cyber skills to exploit both security and the vulnerabilities created by human error. Just last month, the Department of Defense confirmed that computer systems controlled by the Defense Information Systems Agency had been hacked, exposing the personal data of about 200,000 people. Additionally, the Department of Justice recently charged four members of the Chinese military for their roles in the 2017 Equifax breach that exposed the information of 145 million Americans. The hackers were accused of exploiting software vulnerability to gain access to Equifax’s computers. They are charged with obtaining log-in credentials that they used to navigate databases and review records.

Read More

Cybersecurity: Five Key Questions The CEO Must Ask

Article | March 17, 2020

Just about every single day, somewhere in the world, a company falls victim to cyber attackers, even with millions spent on cybersecurity. Every company is a target because they have data and there are too many doors, windows and entryways for cyber attackers to get in, whether on-premise or in the cloud. It is not a question of if, but when, the attackers will get in. Prevention efforts are of course important, but since attackers will get in, equal attention must be on detection going forward. And the focus must be on early detection, otherwise, it will be too late. My book, Next Level Cybersecurity, is based on intensive reviews of the world’s largest hacks and uncovers the signals of the attackers that companies are either missing or don’t know how to detect early, apart from all of the noise. So, the attackers are slipping by the cybersecurity, staying undetected and stealing data or committing other harm. In the book I explain the Cyber Attack Chain. It is a simplified model that shows the steps that cyber attackers tend to follow in just about every single hack. There are five steps: external reconnaissance; intrusion; lateral movement; command and control; and execution. At each step, there will be signals of the attackers’ behavior and activity. But the signals in the intrusion, lateral movement and command and control steps provide the greatest value because they are timely. The external reconnaissance step is very early and the signals may not materialize into an attack, while detecting signals in the execution step is too late because by this time the data theft or harm will have already occurred. My research uncovered 15 major signals in the intrusion, lateral movement and command and control steps that should be the focus of detection. My research of the world’s largest hacks reveals that if the company had detected signals of the attackers early, in the intrusion, lateral movement or command and control steps, they would have been able to stop the hack and prevent the loss or damage. My book shows how to detect the signals in time, using a seven-step early detection method. One of the key steps in this method is to map relevant signals to the Crown Jewels (crucial data, IP or other assets). It is a great use case for machine learning and AI. There is a lot of noise, so machine learning and AI can help eliminate false positives and expose the attackers’ signals early to stop the hack. There are two blind spots that just about every single company world-wide faces that cyber attackers will exploit, beginning in 2019, that companies must get on top of. One blind spot is the cloud. There is a false sense of comfort and lack of attention to detection, thinking the cloud is safer because of the cloud provider’s cybersecurity or because the cloud provider has an out-of-the-box monitoring system. However, if the company fails to identify all Crown Jewels and map all relevant cyber attacker signals for the monitoring, the attackers will get in, remain undetected and steal data or commit other harm in the cloud. The other blind spot is Internet of Things (IoT). IoT devices (e.g. smart TVs, webcams, routers, sensors, etc.), with 5G on the way, will be ubiquitous in companies world-wide. While IoT devices provide many benefits, they are a weak link in the chain due to poor built-in security and lack of monitoring. Cyber attackers will focus on IoT devices to make the intrusion, then pivot to get to the Crown Jewels. Detecting early signals of cyber attackers trying to exploit IoT devices will be critical. Companies world-wide need to make cybersecurity a priority, starting in the board room and with the CEO. It all starts at the top. My intensive reviews of the world’s largest hacks reveal in each case a common theme: inadequate or missing CEO and board cybersecurity oversight. Here are five key questions from my book that the CEO must take the lead on and together with the board ask of the management team to make sure the company will not become the next victim of cyber attackers and suffer significant financial and reputational harm: Have we identified all of our Crown Jewels and are not missing any? Do we know where all of the Crown Jewels are located? Have we identified all of the ways cyber attackers could get to the Crown Jewels? Have we mapped high probability signals of cyber attackers trying to get to the Crown Jewels with each Crown Jewel? Are we sifting through all of the noise to detect signals early and reporting to the CEO and the board in a dashboard report for timely oversight? If your answer is No to any of the questions or you are unsure, you have a gap or blind spot and are at risk, and you must follow up to get to a high confidence Yes answer. In my book, Next Level Cybersecurity, I provide other key questions to ask and a practical seven-step method to take cybersecurity to the next level to stay one step ahead of the attackers. It is written in plain language for boards, executives and management, so everyone can get on the same page and together mitigate one of the most significant and disruptive risks faced today, cybersecurity.

Read More

We Need to Improve Cybersecurity Standards in Space

Article | March 17, 2020

Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months. These new satellites have the potential to revolutionise many aspects of everyday life – from bringing internet access to remote corners of the globe to monitoring the environment and improving global navigation systems. Amid all the fanfare, a critical danger has flown under the radar: the lack of cybersecurity standards and regulations for commercial satellites, in the US and internationally. As a scholar who studies cyber conflict, I’m keenly aware that this, coupled with satellites’ complex supply chains and layers of stakeholders, leaves them highly vulnerable to cyberattacks.

Read More

New Ransomware hitting Industrial Control Systems like a nuclear bomb

Article | March 17, 2020

Researchers at security firms including Sentinel One and Drago’s have been mystified by a piece of code named Ekans or Snake, over the last month. Drago’s publically released its full report on Ekans Ransomware that has recently inflicted Industrial Control Systems and these are some of the most high-value systems that bridge the gap between digital and physical systems. In the history of hacking, only a few times a piece of malicious code has been marked attempting to intrude Industrial Control Systems. Ekans is supposed to be the first Ransomware with real primitive capability against the Industrial Control Systems, software, and hardware used in everything from oil refineries to power grids. Researchers say this ransomware holds the capability to attack ICS by Honeywell and GE as well.

Read More

Spotlight

Syncplicity

Syncplicity is an easy-to-use, enterprise-grade file sync and share solution that is redefining files for the mobile workforce. We give users access to all their files—no matter where they reside— on all their devices, online or offline, with no hassles. With a rich and secure mobile, web and desktop experience, our customers get to collaborate inside and outside their organization easily, while giving IT professionals the security, manageability, and control they need. Rated a market leader by Forrester Research and other leading analyst firms, Syncplicity is uniquely positioned to lead the next wave of innovation in mobile collaboration for the enterprise by delivering: * A consumer-grade user experience on desktops and mobile devices that offers breakthrough innovations specifically for the business user. * Industry-leading policy controls, security integration, and administration features so IT can deploy at scale. * A SaaS deployment model that offers policy-driven control over wh

Events