Article | December 15, 2020
Just about every single day, somewhere in the world, a company falls victim to cyber attackers, even with millions spent on cybersecurity.
Every company is a target because they have data and there are too many doors, windows and entryways for cyber attackers to get in, whether on-premise or in the cloud. It is not a question of if, but when, the attackers will get in.
Prevention efforts are of course important, but since attackers will get in, equal attention must be on detection going forward. And the focus must be on early detection, otherwise, it will be too late.
My book, Next Level Cybersecurity, is based on intensive reviews of the world’s largest hacks and uncovers the signals of the attackers that companies are either missing or don’t know how to detect early, apart from all of the noise. So, the attackers are slipping by the cybersecurity, staying undetected and stealing data or committing other harm.
In the book I explain the Cyber Attack Chain. It is a simplified model that shows the steps that cyber attackers tend to follow in just about every single hack. There are five steps:
command and control; and
At each step, there will be signals of the attackers’ behavior and activity. But the signals in the intrusion, lateral movement and command and control steps provide the greatest value because they are timely.
The external reconnaissance step is very early and the signals may not materialize into an attack, while detecting signals in the execution step is too late because by this time the data theft or harm will have already occurred.
My research uncovered 15 major signals in the intrusion, lateral movement and command and control steps that should be the focus of detection.
My research of the world’s largest hacks reveals that if the company had detected signals of the attackers early, in the intrusion, lateral movement or command and control steps, they would have been able to stop the hack and prevent the loss or damage.
My book shows how to detect the signals in time, using a seven-step early detection method. One of the key steps in this method is to map relevant signals to the Crown Jewels (crucial data, IP or other assets). It is a great use case for machine learning and AI. There is a lot of noise, so machine learning and AI can help eliminate false positives and expose the attackers’ signals early to stop the hack.
There are two blind spots that just about every single company world-wide faces that cyber attackers will exploit, beginning in 2019, that companies must get on top of.
One blind spot is the cloud. There is a false sense of comfort and lack of attention to detection, thinking the cloud is safer because of the cloud provider’s cybersecurity or because the cloud provider has an out-of-the-box monitoring system. However, if the company fails to identify all Crown Jewels and map all relevant cyber attacker signals for the monitoring, the attackers will get in, remain undetected and steal data or commit other harm in the cloud.
The other blind spot is Internet of Things (IoT). IoT devices (e.g. smart TVs, webcams, routers, sensors, etc.), with 5G on the way, will be ubiquitous in companies world-wide. While IoT devices provide many benefits, they are a weak link in the chain due to poor built-in security and lack of monitoring. Cyber attackers will focus on IoT devices to make the intrusion, then pivot to get to the Crown Jewels. Detecting early signals of cyber attackers trying to exploit IoT devices will be critical.
Companies world-wide need to make cybersecurity a priority, starting in the board room and with the CEO. It all starts at the top. My intensive reviews of the world’s largest hacks reveal in each case a common theme: inadequate or missing CEO and board cybersecurity oversight.
Here are five key questions from my book that the CEO must take the lead on and together with the board ask of the management team to make sure the company will not become the next victim of cyber attackers and suffer significant financial and reputational harm:
Have we identified all of our Crown Jewels and are not missing any?
Do we know where all of the Crown Jewels are located?
Have we identified all of the ways cyber attackers could get to the Crown Jewels?
Have we mapped high probability signals of cyber attackers trying to get to the Crown Jewels with each Crown Jewel?
Are we sifting through all of the noise to detect signals early and reporting to the CEO and the board in a dashboard report for timely oversight?
If your answer is No to any of the questions or you are unsure, you have a gap or blind spot and are at risk, and you must follow up to get to a high confidence Yes answer.
In my book, Next Level Cybersecurity, I provide other key questions to ask and a practical seven-step method to take cybersecurity to the next level to stay one step ahead of the attackers. It is written in plain language for boards, executives and management, so everyone can get on the same page and together mitigate one of the most significant and disruptive risks faced today, cybersecurity.
Article | June 18, 2021
In this modern world of technology, ensuring information security is very important for the smooth running of any organization. Unfortunately, there are many information/cyber security threats, including malware, ransom ware, emotet, denial of service, man in the middle, phishing, SQL injection, and password attacks. Whatever your business is, no doubt, it can collapse your business and your dreams. However, the severity of its after-effects depends upon the type of business you do.
As information security threat has become a hurdle for all organizations, companies must implement an effective information security management system. In 2019 alone, the total number of breaches was 1473. It is increasing every year as businesses are doing digital transformation widely. Phishing is the most damaging and widespread threat to businesses, accounting for 90% of organizations' breaches.
This article lets you understand what ISMS is and how it can be effectively implemented in your organization.
Information Security Management System (ISMS)
According to ISO/IEC 27001, Information Security Management System (ISMS) refers to various procedures, policies, and guidelines to manage and protect organizations' information assets. In addition, the system also comprises various other associated resources and activities frameworks for information security management.
Organizations are jointly responsible for maintaining information security. People responsible for security in an organization ensure that all employees diligently meet all policies, guidelines, and other objectives regarding protecting information. Also, they safeguard all assets of the organization from external cyber threats and attacks.
The goal and objective of the system are to protect the confidentiality, integrity, and availability of assets from all threats and vulnerabilities. Effectively implementing an information security management system in your organization avoids the possibility of leaking personal, sensitive, and confidential data and getting exposed to harmful hands. The step-by-step implementation of ISMS includes the process of designing, implementing, managing, and maintaining it.
Implementing ISMS in Organizations
The standard for establishing and maintaining an information security management system in any organization is ISO 27001. However, as the standard has broad building blocks in designing and implementing ISMS, organizations can shape it according to their requirements.
Effectively implementing ISMS in organizations in compliance with ISO 27001 lets you enjoy significant benefits. However, an in-depth implementation and training process has to be ensured to realize these benefits comprehensively. Therefore, let us look into how an information security management system can be successfully implemented in your organization.
The first step in implementing ISMS is identifying the assets vulnerable to security threats and determining their value to your organization. In this process, devices and various types of data are listed according to their relative importance. Assets can be divided across three dimensions: confidentiality, integrity, and availability. It will allow you to give a rating to your assets according to their sensitivity and importance to the company.
Confidentiality is ensuring that the assets are accessed by authorized persons only.
Integrity means ensuring that the data and information to be secured are complete, correct, and safeguarded thoroughly.
Availability is ensuring that the protected information is available to the authorized persons when they require it.
Policies and Procedures and Approval from the Management
In this step, you will have to create policies and procedures based on the insights you got from the first step. It is said to be the riskiest step as it will enforce new behaviors in your organization. Rules and regulations will be set for all the employees in this step. Therefore, it becomes the riskiest step as people always resist accepting and following the changes. You also should get the management approval once the policies are written.
Risk assessment is an integral part of implementing an Information Security Management System. Risk assessment allows you to provide values to your assets and realize which asset needs utmost care. For example, a competitor, an insider, or a cybercriminal group may want to compromise your information and steal your information. With a simple brainstorming session, you can realize and identify various potential sources of risk and potential damage. A well-documented risk assessment plan and methodology will make the process error-free.
In this step, you will have to implement the risk assessment plan you defined in the previous step. It is a time-consuming process, especially for larger organizations. This process is to get a clear picture of both internal and external dangers that can happen to the information in your organization.
The process of risk treatment also will help you to reduce the risks, which are not acceptable. Additionally, you may have to create a detailed report comprising all the steps you took during the risk assessment and treatment phase in this step.
If you want effectively implement all the policies and procedures, providing training to employees is necessary. To make people perform as expected, educating your personnel about the necessity of implementing an information security management system is crucial. The most common reason for the failure of security management failure is the absence of this program.
Once policies and procedures are written, and necessary training is provided to all employees, you can get into the actual process of implementing it in your organization. Then, as all the employees follow the new set of rules and regulations, you can start evaluating the system's effectiveness.
Monitoring and Auditing
Here you check whether the objectives set were being met or not. If not, you may take corrective and preventive actions. In addition, as part of auditing, you also ensure all employees are following what was being implemented in the information security management system. This is because people may likely follow wrong things without the awareness that they are doing something wrong. In that case, disciplinary actions have to be taken to prevent and correct it. Here you make sure and ensure all the controls are working as you expected.
The final step in the process of implementing an information security management system is management review. In this step, you work with the senior management to understand your ISMS is achieving the goals. You also utilize this step to set future goals in terms of your security strategy.
Once the implementation and review are completed successfully, the organization can apply for certification to ensure the best information security management practices.
Organizations benefit from implementing and certifying their information security management system. The organization has defined and implemented a management system by building awareness, training employees, applying the proper security measures, and executing a systematic approach to information security management. Thus implementation has the following benefits:
Minimized risk of information loss.
The increased trust of customers in the company as the company is ISO/IEC 27001 certified.
Developed competencies and awareness about information security among all employees
The organization meets various regulatory requirements.
Frequently Asked questions
What are the three principles of information security?
Confidentiality, integrity, and availability (CIA) are the three main principles and objectives of information security. These are the fundamental principles and the heart of information security.
How does information security management work?
Information security management works on five pillars. The five pillars are assessment, detection, reaction, documentation, and prevention. Effective implementation of these pillars determines the success of the information security management in your company.
What are the challenges in information security management?
Challenges in information security management in your company can be the following:
You can’t identify your most critical data
Policies aren’t in place for protecting sensitive information.
Employees aren’t trained in company policies.
Technology isn’t implemented for your policies.
You can’t limit vendor access to sensitive information.
Article | November 25, 2020
On their road to recovery from the pandemic, businesses face unique dilemmas. This includes substantial and entirely necessary investments in digital transformation, however tight budgets are making such endeavors difficult if not impossible. Businesses continue to struggle with pivots like adopting new digital platforms, shifting their corporate model to resolve supply chain disruption and enabling a remote workforce.
The inability for businesses to quickly adopt technologies that support digital transformation processes, including identity-based segmentation, virtual desktop interfaces and full-stack cloud, is hindering their ability to adequately address new threats and even to test new security systems and protocols.
“Now more than ever, it’s imperative to remediate risk exposure and vulnerabilities within an organization’s existing systems—optimally from the get-go,” urges cybersecurity expert Nishant Srivastava, Cyber Security Architect and field expert at Cognizant—an IT Solutions and Services firm for which he's focused on designing and implementing Identity and Access Management (IAM) solutions. “Biggest threats should get highest priority, of course, but the magnitude or even likelihood of a threat should not be the sole consideration. Organizations should also look at other forms of value that new technologies can bring.”
Below Srivastava, a senior-level IAM, governance and cyber risk authority, offers key digital security vulnerabilities businesses need to be mindful of given increased digital dependency amid the pandemic. Heed these best practices to help keep your company—and customers—uncompromised.
Consumer-Facing App Gaps
For consumer-facing web applications, some of the biggest security threats include path traversal, cross-site scripting (XSS), SQL injections and remote command execution. Of course, protecting customer data is an utmost security concern and breaches abound. One of the biggest challenges to address these kind of issues lies with lacking human resources. There is a lack of aptly trained and skilled security staff in even the most sophisticated of regions, which is cultivating a gap in cybersecurity skills across the globe. It goes without saying that employee training and investing in highly-qualified staff are among the best ways to establish, maintain and uphold security levels of consumer facing apps. Rifts, however small, can induce excessive damage and losses.
Online delivery businesses that are aware of security risks would be wise to introduce more secure logins, automatic logouts and random shopper ID verification and are preventing shoppers from swapping devices when ordering. Such measures will help thwart breaches that expose of customer names, credit card information, passwords, email addresses and other personal and sensitive information.
Companies selling goods or services online also should not launch without a secure socket layer (SSL) connection. It will encrypt all data transfer between the company’s back end server and the user's browser. This way, a hacker won’t be able to steal and decode data even if he or she manages to intercept web traffic.
Another useful strategy is to enforce password limitations. Passwords should be as complicated as possible with a combination of symbols, numbers and letters. Investing in a tokenization system is worthwhile because any hacker who accesses the back end system can read and steal sensitive information, which is held in the database as plain text. Some payment providers tokenize cardholder information, which means a token replaces the raw data so the database then holds a token rather than the real data. If someone steals it, they can’t do anything with it because it’s just a token.
Ransomware threats are escalating, which is why those doing business digitally should enforce a multi-layer security strategy that incorporates data loss prevention software, file encryption, personal firewall and anti-malware. This will protect both a company’s infrastructure and its endpoint.
Data backups are key because there’s still a mild chance of a breach even with all of the aforementioned security solutions in place. The easiest and most effective way to minimize cyberattack damage is to copy files to a separate device. This very reliable form of backup makes it possible for people to recommence work as usual with little to no downtime, and all their computer files intact, should an attack occur.
Gmail blocks over 100 million COVID-related phishing emails every day, but more than 240 million are sent. That means less than half sent via Gmail alone are blocked. Experts cite imposing limits on remote desktop protocol (RDP) access, multifactor authentication for VPN access, in-depth remote network connection analysis and IP address whitelisting as some of the best strategies to maintain security. In addition, businesses should secure externally facing apps like supplier portals that use risk-based and multifactor authentication—particularly for apps that would let a cybercriminal divert payments or alter user bank account details.
The shift to remote work after the pandemic hit has given cybercriminals more and more opportunities, directing their focus on the tools people use for work. It’s important that people recognize their vulnerabilities, particularly while they work from home. Among these are hacked videoconference passwords and unprotected videoconference links, which criminals can use to access an organization’s network without authorization. Many people who work from home do not use secured networks, unknowingly and unintentionally. Many are just not aware of the risks.
To avoid online teleconference security issues, meetings should always be encrypted. This means a message can only be read by the recipient intended and that the host must be present before the meeting begins. There should also be waiting rooms for participants. Screen share watermarks, locking a meeting, and use of audio signatures are additional recommendations.
When asked what his best advice would be to tweak security for a workforce that’s predominately working remotely, Nishant says that companies should start by analyzing the basics (like those specified above) against the backdrop of a wide range of ever-escalating and evolving threats. “Employees should use dual-factor authentication and make sure apps, mobile phones and laptops are updated and that available patches and updates are always installed,” he says. “They should certainly be wary of all information requests and verify the source. These even include unexpected calls or emails seemingly from colleagues.”
Srivastava also pointed out that insiders at the CIO Symposium in July 2020 agreed that the pandemic packed years of digital transformation into just a few weeks. The use of third parties emerged as a major security concern to take into account. For instance, some employees abroad were unable to move their computers to their homes, so employers rushed to supply them with new equipment. In the process, some of it was not set up correctly thus compromising security. Companies should have done more to determine out whether individuals were using technology properly, such as if employees were sharing work devices or using their own personal equipment.
On the plus side, the shift toward working from home sped up multi-factor authentication adoption. This is a great opportunity that today’s digitally-driven businesses should take advantage of.
In short, Srivastava advocates taking a zero-trust approach. “It might sound harsh, but this is the idea that you can’t trust devices, people and apps by default,” he says. “Everything needs to be authorized and authenticated. Users should always verify and never trust, and businesses should act as if there has already been a breach and work to shore up weak links in the security chain. Finally, businesses should give access to information and data to as few people as possible—and wholly ensure those who do have access are appropriately trained to recognize when a red flag presents.
By employing all or even some of the advice above, businesses can continue to thrive as the digital transformation age unfolds—and do so more confidently and contently all around.
Article | February 22, 2020
This week was filled with wide-scale calamity. Hundreds of millions of PCs have components whose firmware is vulnerable to hacking which is to say, pretty much all of them. It's a problem that's been known about for years, but doesn't seem to get any better. Likewise, Bluetooth implementation mistakes in seven SoC—system on chips—have exposed at least 480 internet-of-things devices to a range of attacks. IoT manufacturers will often outsource components, so a mistake in one SoC can impact a wide range of connected doodads. The most troubling part, though, is that medical devices like pacemakers and blood glucose monitors are among the affected tech. YouTube Gaming, meanwhile, wants to take Twitch's crown as the king of videogame streaming. But its most-viewed channels are almost all scams and cheats, a moderation challenge that it'll have to take more seriously if it wants the legitimacy it's spending big money to attain. In another corner of Alphabet's world, hundreds of Chrome extensions were caught siphoning data from people who installed them, part of a sprawling adware scheme.