Data Loss Prevention Tips

| February 1, 2019

article image
Discussing basic data loss prevention steps. Data loss prevention can be done by doing certain basic things like installing a firewall and anti-virus software, ensuring proper backup of files and images, updating security patches regularly etc. Learn how to prevent data loss, follow simple and easy steps.

Spotlight

SignalSEC

SignalSEC Ltd. is a research company that provides information security services.The main mission of SignalSEC is providing effective vulnerability intelligence services to the customers.

OTHER ARTICLES

Covid-19 cyber security threat to impact businesses

Article | April 1, 2020

With millions of employees having to work from home, companies are having to look at how to keep as many business-critical functions running as possible while at the same time maintaining adequate security. “In the last week alone, we have seen phishing emails go from 25,000 a day to 125,000 – a 500 per cent increase – which means the risk is real," explains Andrew Jackson, CEO of Intercity Technology. "Whilst firewalls included within domestic broadband routers are considered sufficient for personal use and occasional homeworking, they’re not necessarily capable of withstanding prolonged periods of remote working from a large proportion of the workforce, which is why we are seeing more businesses and their employees become the targets of malicious hackers. "Just because employees are now home based doesn’t mean that security and privacy regulations such as GDPR are null and void and therefore, working closely with a trusted IT security partner is vital to help mitigate against any potential risks.

Read More

5 Benefits of Investing in Cyber Security & IT solutions in 2021

Article | June 2, 2021

Cyber Security has quickly evolved from being just an IT problem to a business problem. Recent attacks like those on Travelex and the SolarWinds hack have proved that cyber-attacks can affect the most solid of businesses and create PR nightmares for brands built painstakingly over the years. Investing in cyber security training, cyber security advisory services and the right kind of IT support products, has therefore, become imperative in 2021. Investing in cyber security infrastructure, cyber security certification for employees and IT solutions safeguards businesses from a whole spectrum of security risks, ransomware, spyware, and adware. Ransomware refers to malicious software that bars users from accessing their computer system, whereas adware is a computer virus that is one of the most common methods of infecting a computer system with a virus. Spyware spies on you and your business activities while extracting useful information. Add social engineering, security breaches and compromises to your network security into the mix, and you have a lethal cocktail.

Read More

Zero Trust – Demystified

Article | July 29, 2020

1. Zero Trust – Demystified Everyone seems to be talking about Zero Trust in the security world at the moment. Unfortunately there seems to be multiple definitions of this depending on which vendor you ask. To help others understand what Zero Trust is, this white paper covers the key aspects of a Zero Trust model. 1.1. What is Zero Trust Zero Trust is a philosophy and a related architecture to implement this way of thinking founded by John Kindervag in 2010. What it isn’t, is a particular technology! There are three key components to a Zero Trust model: 1. User / Application authentication – we must authenticate the user or the application (in cases where applications are requesting automated access) irrefutably to ensure that the entity requesting access is indeed that entity 2. Device authentication – just authenticating the user / application is not enough. We must authenticate the device requesting access as well 3. Trust – access is then granted once the user / application and device is irrefutably authenticated. Essentially, the framework dictates that we cannot trust anything inside or outside your perimeters. The zero trust model operates on the principle of 'never trust, always verify’. It effectively assumes that the perimeter is dead and we can no longer operate on the idea of establishing a perimeter and expecting a lower level of security inside the perimeter as everything inside is trusted. This has unfortunately proven true in multiple attacks as attackers simply enter the perimeter through trusted connections via tactics such as phishing attacks. 1.2. Enforcing the control plane In order to adequately implement Zero Trust, one must enforce and leverage distributed policy enforcement as far toward the network edge as possible. This basically means that granular authentication and authorisation controls are enforced as far away from the data as possible which in most cases tends to be the device the user is using to access the data. So in essence, the user and device are both untrusted until both are authenticated after which very granular role based access controls are enforced. In order to achieve the above, a control plane must be implemented that can coordinate and configure access to data. This control plane is technology agnostic. It simply needs to perform the function described above. Requests for access to protected resources are first made through the control plane, where both the device and user must be authenticated and authorised. Fine-grained policy can be applied at this layer, perhaps based on role in the organization, time of day, or type of device. Access to more secure resources can additionally mandate stronger authentication. Once the control plane has decided that the request will be allowed, it dynamically configures the data plane to accept traffic from that client (and that client only). In addition, it can coordinate the details of an encrypted tunnel between the requestor and the resource to prevent traffic from being ‘sniffed on the wire’. 1.3. Components of Zero Trust and the Control Plane Enforcing a Zero Trust model and the associated control plan that instructs the data plane to accept traffic from that client upon authentication requires some key components for the model to operate. The first and most fundamental is micro-segmentation and granular perimeter enforcement based on: Users Their locations Their devices and its security posture Their Behaviour Their Context and other data The above aspects are used to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise. In this case, the micro-segmentation technology essentially becomes the control plane. Per the above section, encryption on the wire is a key component of Zero Trust. For any micro-segmentation technology to be an effective control plane, it must: Enforce traffic encryption between endpoints Authenticate the user and machine based on their identity and not the network segment they are coming from. 1.4. Zero Trust Technologies As stated earlier, Zero Trust is an architecture. Other than micro-segmentation, the following key technologies and processes are required to implement Zero Trust: Multifactor authentication – to enforce strong authentication Identity and Access Management – to irrefutably authenticate the user / application and the device User and network behaviour analytics – to understand the relative behaviours of the user and the network they are coming from and highlight any unusual behaviour compared to a pre-established baseline which may indicate a compromised identity Endpoint security – to ensure that the endpoint itself is clean and will not act as a conduit for an attacker to gain unauthorised access to data Encryption – to prevent ‘sniffing of traffic on the wire’ Scoring – establishing a ‘score’ based on the perimeters above that will then determine whether access can be granted or not Apart from the above key components, the following are needed as well: File system permissions – needed in order to implement role based access controls Auditing and logging – to provide monitoring capabilities in case unauthorised access is achieved Granular role based access controls – to ensure access is on a ‘need to know basis only’ Supporting processes – all of the above needs to be supported by adequate operational procedures, processes and a conducive security framework so that the model operates as intended Mindset and organisational change management – since Zero Trust is a shift in security thinking, a mindset change managed by robust change management is required to ensure the successful implementation of Zero Trust in an organisation. 1.5. Challenges with Zero Trust So Zero Trust sounds pretty awesome, right? So why haven’t organisations adopted it fully? As with any new technology or philosophy, there are always adoption challenges. Zero Trust is no different. At a high level, the key challenges in my experience are: Change resistance – Zero Trust is a fundamental shift in the way security is implemented. As a result, there is resistance from many who are simply used to the traditional perimeter based security model Technology focus as opposed to strategy focus – since Zero Trust is a model that will impact the entire enterprise, it requires careful planning and a strategy to implement this. Many are still approaching security from the angle that if we throw enough technology at it, it will be fine. Unfortunately, this thinking is what will destroy the key principles of Zero Trust Legacy systems and environments – legacy systems and environments that we still need for a variety of reasons were built around the traditional perimeter based security model. Changing them may not be easy and in some cases may stop these systems from operating Time and cost – Zero Trust is an enterprise wide initiative. As such, it requires time and investment, both of which may be scarce in an organisation. 1.6. Suggested Approach to Zero Trust Having discussed some challenges to adopting a Zero Trust model above, let’s focus on an approach that may allow an organisation to implement a Zero Trust model successfully: 1. Take a multi-year and multi-phased approach – Zero Trust takes time to implement. Take your time and phase the project out to spread the investment over a few financial years 2. Determine an overall strategy and start from there – since Zero Trust impacts the entire enterprise, a well-crafted strategy is critical to ensure success. A suggested, phased approach is: a. Cloud environments, new systems and digital transformation are good places to start – these tend to be greenfield and should be more conducive to a new security model b. Ensure zero trust is built into new systems, and upgrades or changes – build Zero Trust by design, not by retrofit. As legacy systems are changed or retired, a Zero Trust model should be part of the new deployment strategy c. Engage a robust change management program – mindset adjustment through good change management 3. Take a risk and business focus – this will allow you to focus on protecting critical information assets and justify the investments based on ROI and risk mitigation 4. Ensure maintenance and management of the new environment – as with everything, ensure your new Zero Trust deployment is well maintained and managed and does not degrade over time. To summarise, Zero Trust is a security philosophy and architecture that will change the way traditional perimeter based security is deployed. A key component of it is the control plane that instructs the data plane to provide access to data. Zero Trust dictates that access can only be granted once the user / application and device are irrefutably authenticated and even then this access is provided on a ‘need to know’ basis only. Micro-segmentation is a key technology component of Zero Trust implementation and this paper has stated other key technology components and processes that are needed to implement Zero Trust adequately. This paper has discussed some of the challenges with implementing Zero Trust which include change resistance as well as legacy systems. The paper then provided an approach to implementing Zero Trust which included taking a phased approach based on a sound strategy underpinned by a risk and business focused approach.

Read More

Here’s What Universities Need to Know About Cyber-Attacks

Article | June 1, 2021

Over the last year, the education delivery model has changed rapidly. Universities have learnt to operate entirely remotely and now that learning may resume in person, a hybrid education model will likely continue. The transition from physical to online models happened so quickly that it left many IT networks exposed to serious harm from outside forces. With a hybrid model, there is likely a widening attack surface area. A recent spate of attacks suggests that cyber-criminals are taking notice of the seemingly infinite weaknesses in learning centers defenses. But why? One of the primary reasons is that universities operate large corporate-sized networks, but without the budgets to match. Add to that, teachers and students aren’t given training to use and connect their technology in a safe way. To avoid falling victim to devastating cyber-attacks which often have dire consequences, we share three lessons universities need to quickly take on board. Your Research is Valuable to Cyber-Criminals There is a hefty price tag on some of the research conducted by universities, which makes it particularly attractive to cyber-criminals. The University of Oxford’s Division of Structural Biology was targeted in February by hackers snooping around, potentially in search of information about the vaccine the university has worked on with AstraZeneca. It’s not just gangs of cyber-criminals targeting research facilities, last year Russian state backed hackers were accused by official sources in the US, UK and Canada of trying to steal COVID-19 vaccine and treatment research. With world-leading research hidden in the networks of universities, its unsurprising that last year over half (54%) of universities surveyed said that they had reported a breach to the ICO (Information Commissioner’s Office). The research conducted by many UK universities makes them an attractive target for financially motivated cyber-criminals and state-sponsored hackers in search of valuable intellectual property. To add insult to injury, ransomware attackers are doubling their opportunity for pay off by selling off the stolen information to the highest bidder, causing a serious headache for the victims while potentially increasing the value of their pay-out. Personal Information of Students and Staff Can Easily Fall into the Wrong Hands Based on tests of UK university defenses, hackers were able to obtain ‘high-value’ data within two hours in every case. In many cases, successful cyber-attacks are followed by not only a ransom note demanding payment for the recovery of frozen or stolen data, but also the added threat of sharing any sensitive stolen information with the public.

Read More

Spotlight

SignalSEC

SignalSEC Ltd. is a research company that provides information security services.The main mission of SignalSEC is providing effective vulnerability intelligence services to the customers.

Events