Cybersecurity Education Series: What Is Email Fraud?

| October 12, 2018

article image
Since its inception, email has been a favorite target for cyber criminals hoping to steal sensitive data, user credentials, and company funds. In response, organizations have deployed a wide range of email security tools. But despite increased investment in defense, email fraud is still on the rise. Last quarter, the number of email fraud attacks rose 85% year-over-year. One of the most pervasive and effective tactics? Email fraud, also known as Business Email Compromise (BEC).

Spotlight

Secure Digital Solutions

Secure Digital Solutions (SDS) provides information security, data protection and compliance services to corporations and government agencies. SDS performs HIPAA and PCI readiness assessments, FISMA control testing, and compliance remediation. SDS has expertise in developing policy and process documentation, strategic security roadmap planning, executive infosec dashboards and security operations.

OTHER ARTICLES

COVID-19 and Amygdala Hijacking in Cyber Security Scams

Article | April 9, 2020

What races through your mind when you see “Coronavirus” or “COVID-19”? Fear, anxiety, curiosity… these internal reactions can prompt actions that we may not normally take. Recent attacks have been sending out mandatory meeting invites that ask you to log in to accounts. Others have been receiving emails to put themselves on a waiting list for a vaccine or treatment. The heightened emotions we experience when we see emails, or messages like this, may prompt us to give personal information out more willingly than we usually would. Security awareness takes a back seat as emotion takes over. It’s known as amygdala hijacking. Why does this happen to us? The amygdala is a small part of the brain that is largely responsible for generating emotional responses. An amygdala hijack is when something generates an overwhelming and immediate emotional response.Many common cyber security scams use amygdala hijacking to their benefit. We see this used often in phishing, vishing, SMShing, and impersonation attacks. Chris Hadnagy of Social-Engineer, LLC did a case study on amygdala hijacking in social engineering.

Read More

Zero Trust – Demystified

Article | July 29, 2020

1. Zero Trust – Demystified Everyone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of a Zero Trust model. 1.1. What is Zero Trust Zero Trust is a philosophy and a related architecture to implement this way of thinking founded by John Kindervag in 2010. What it isn’t, is a particular technology! There are three key components to a Zero Trust model: 1. User / Application authentication – we must authenticate the user or the application (in cases where applications are requesting automated access) irrefutably to ensure that the entity requesting access is indeed that entity 2. Device authentication – just authenticating the user / application is not enough. We must authenticate the device requesting access as well 3. Trust – access is then granted once the user / application and device is irrefutably authenticated. Essentially, the framework dictates that we cannot trust anything inside or outside your perimeters. The zero trust model operates on the principle of 'never trust, always verify’. It effectively assumes that the perimeter is dead and we can no longer operate on the idea of establishing a perimeter and expecting a lower level of security inside the perimeter as everything inside is trusted. This has unfortunately proven true in multiple attacks as attackers simply enter the perimeter through trusted connections via tactics such as phishing attacks. 1.2. Enforcing the control plane In order to adequately implement Zero Trust, one must enforce and leverage distributed policy enforcement as far toward the network edge as possible. This basically means that granular authentication and authorisation controls are enforced as far away from the data as possible which in most cases tends to be the device the user is using to access the data. So in essence, the user and device are both untrusted until both are authenticated after which very granular role based access controls are enforced. In order to achieve the above, a control plane must be implemented that can coordinate and configure access to data. This control plane is technology agnostic. It simply needs to perform the function described above. Requests for access to protected resources are first made through the control plane, where both the device and user must be authenticated and authorised. Fine-grained policy can be applied at this layer, perhaps based on role in the organization, time of day, or type of device. Access to more secure resources can additionally mandate stronger authentication. Once the control plane has decided that the request will be allowed, it dynamically configures the data plane to accept traffic from that client (and that client only). In addition, it can coordinate the details of an encrypted tunnel between the requestor and the resource to prevent traffic from being ‘sniffed on the wire’. 1.3. Components of Zero Trust and the Control Plane Enforcing a Zero Trust model and the associated control plan that instructs the data plane to accept traffic from that client upon authentication requires some key components for the model to operate. The first and most fundamental is micro-segmentation and granular perimeter enforcement based on: Users Their locations Their devices and its security posture Their Behaviour Their Context and other data The above aspects are used to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise. In this case, the micro-segmentation technology essentially becomes the control plane. Per the above section, encryption on the wire is a key component of Zero Trust. For any micro-segmentation technology to be an effective control plane, it must: Enforce traffic encryption between endpoints Authenticate the user and machine based on their identity and not the network segment they are coming from. 1.4. Zero Trust Technologies As stated earlier, Zero Trust is an architecture. Other than micro-segmentation, the following key technologies and processes are required to implement Zero Trust: Multifactor authentication – to enforce strong authentication Identity and Access Management – to irrefutably authenticate the user / application and the device User and network behaviour analytics – to understand the relative behaviours of the user and the network they are coming from and highlight any unusual behaviour compared to a pre-established baseline which may indicate a compromised identity Endpoint security – to ensure that the endpoint itself is clean and will not act as a conduit for an attacker to gain unauthorised access to data Encryption – to prevent ‘sniffing of traffic on the wire’ Scoring – establishing a ‘score’ based on the perimeters above that will then determine whether access can be granted or not Apart from the above key components, the following are needed as well: File system permissions – needed in order to implement role based access controls Auditing and logging – to provide monitoring capabilities in case unauthorised access is achieved Granular role based access controls – to ensure access is on a ‘need to know basis only’ Supporting processes – all of the above needs to be supported by adequate operational procedures, processes and a conducive security framework so that the model operates as intended Mindset and organisational change management – since Zero Trust is a shift in security thinking, a mindset change managed by robust change management is required to ensure the successful implementation of Zero Trust in an organisation. 1.5. Challenges with Zero Trust So Zero Trust sounds pretty awesome, right? So why haven’t organisations adopted it fully? As with any new technology or philosophy, there are always adoption challenges. Zero Trust is no different. At a high level, the key challenges in my experience are: Change resistance – Zero Trust is a fundamental shift in the way security is implemented. As a result, there is resistance from many who are simply used to the traditional perimeter based security model Technology focus as opposed to strategy focus – since Zero Trust is a model that will impact the entire enterprise, it requires careful planning and a strategy to implement this. Many are still approaching security from the angle that if we throw enough technology at it, it will be fine. Unfortunately, this thinking is what will destroy the key principles of Zero Trust Legacy systems and environments – legacy systems and environments that we still need for a variety of reasons were built around the traditional perimeter based security model. Changing them may not be easy and in some cases may stop these systems from operating Time and cost – Zero Trust is an enterprise wide initiative. As such, it requires time and investment, both of which may be scarce in an organisation. 1.6. Suggested Approach to Zero Trust Having discussed some challenges to adopting a Zero Trust model above, let’s focus on an approach that may allow an organisation to implement a Zero Trust model successfully: 1. Take a multi-year and multi-phased approach – Zero Trust takes time to implement. Take your time and phase the project out to spread the investment over a few financial years 2. Determine an overall strategy and start from there – since Zero Trust impacts the entire enterprise, a well-crafted strategy is critical to ensure success. A suggested, phased approach is: a. Cloud environments, new systems and digital transformation are good places to start – these tend to be greenfield and should be more conducive to a new security model b. Ensure zero trust is built into new systems, and upgrades or changes – build Zero Trust by design, not by retrofit. As legacy systems are changed or retired, a Zero Trust model should be part of the new deployment strategy c. Engage a robust change management program – mindset adjustment through good change management 3. Take a risk and business focus – this will allow you to focus on protecting critical information assets and justify the investments based on ROI and risk mitigation 4. Ensure maintenance and management of the new environment – as with everything, ensure your new Zero Trust deployment is well maintained and managed and does not degrade over time. To summarise, Zero Trust is a security philosophy and architecture that will change the way traditional perimeter based security is deployed. A key component of it is the control plane that instructs the data plane to provide access to data. Zero Trust dictates that access can only be granted once the user / application and device are irrefutably authenticated and even then this access is provided on a ‘need to know’ basis only. Micro-segmentation is a key technology component of Zero Trust implementation and this paper has stated other key technology components and processes that are needed to implement Zero Trust adequately. This paper has discussed some of the challenges with implementing Zero Trust which include change resistance as well as legacy systems. The paper then provided an approach to implementing Zero Trust which included taking a phased approach based on a sound strategy underpinned by a risk and business focused approach.

Read More

Guide to Cloud Security Certification: Which Ones Are the Best of the Best?

Article | April 27, 2021

As your organization looks to move to cloud computing, security certification will become more critical. Cloud solutions have unique security considerations that are different from an on-premise solution. IT professionals that are managing these solutions should be well-versed in multi-layered protection, encryption, monitoring, and more. Not only is certification important for your own IT staff, but it should also be part of your recruiting strategy. Experience combined with certifications can be invaluable foclr protecting your cloud environment. You want to ensure that the data you store in the cloud is protected from security threats.

Read More

Work From Home: Cyber Security During Covid-19

Article | April 14, 2020

COVID-19 has significantly affected individuals and organizations globally. Till this time more than 1.7 million people in 210 countries have bore the brunt of this mysterious virus. While this crisis is unparalleled to the past crises that have shaken the world and had lasting impacts on different businesses, economies and societies but the one domain that had remained resilient through all the past crises and is going solid in COVID-19 as well is Cyber security. While most of the sectors globally have been affected, Cybersecurity’s importance to organizations, consumers and home users have not only remained strong but have been increased drastically.

Read More

Spotlight

Secure Digital Solutions

Secure Digital Solutions (SDS) provides information security, data protection and compliance services to corporations and government agencies. SDS performs HIPAA and PCI readiness assessments, FISMA control testing, and compliance remediation. SDS has expertise in developing policy and process documentation, strategic security roadmap planning, executive infosec dashboards and security operations.

Events