Tag: Cyber Security

Strengthening Cybersecurity in an Era of Increasing Threats

Leave a comment

Day 2 of Renier Botha’s 10-Day Blog Series on Navigating the Future: The Evolving Role of the CTO

Daily the frequency and sophistication of cyber-attacks are rising at an alarming rate. As businesses become increasingly reliant on digital technologies, the need for robust cybersecurity measures has never been more critical. For Chief Technology Officers (CTOs), safeguarding sensitive data and maintaining trust is a top priority. This blog post explores the latest strategies to strengthen cybersecurity and provides insights from industry leaders along with real-world examples.

The Growing Cybersecurity Threat

Cyber-attacks are evolving rapidly, targeting organizations of all sizes and across various sectors. The cost of cybercrime is expected to reach $10.5 trillion annually by 2025, according to a report by Cybersecurity Ventures. As Satya Nadella, CEO of Microsoft, remarked, “Cybersecurity is the central challenge of the digital age.”

Key Cybersecurity Challenges

  • Advanced Persistent Threats (APTs): These prolonged and targeted cyber-attacks aim to steal data or sabotage systems. APTs are challenging to detect and mitigate due to their sophisticated nature.
  • Ransomware: This malicious software encrypts a victim’s data, demanding a ransom for its release. High-profile ransomware attacks, like the one on Colonial Pipeline, have highlighted the devastating impact of such threats.
  • Phishing and Social Engineering: Cybercriminals use deceptive tactics to trick individuals into divulging sensitive information. Phishing attacks have become more sophisticated, making them harder to identify.

Strategies for Strengthening Cybersecurity

To combat these threats, CTOs must implement comprehensive and proactive cybersecurity strategies. Here are some of the latest approaches:

1. Zero Trust Architecture

Zero Trust is a security model that assumes that threats can come from both outside and inside the network. It operates on the principle of “never trust, always verify.” Every request for access is authenticated, authorized, and encrypted before being granted.

“Zero Trust is the future of security,” says John Kindervag, the creator of the Zero Trust model. Implementing Zero Trust requires segmenting the network, enforcing strict access controls, and continuously monitoring for anomalies.

2. Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to provide multiple forms of verification before accessing systems. This significantly reduces the risk of unauthorized access, even if login credentials are compromised.

For example, Google reported a 99.9% reduction in automated phishing attacks when MFA was implemented. MFA should be used alongside strong password policies and regular user training.

3. Advanced Threat Detection and Response

Leveraging AI and machine learning for threat detection can help identify and respond to cyber threats more quickly and accurately. These technologies analyze vast amounts of data to detect patterns and anomalies that may indicate a cyber-attack.

IBM’s Watson for Cyber Security uses AI to analyze and respond to threats in real-time. By correlating data from various sources, it can identify and mitigate threats faster than traditional methods.

4. Endpoint Protection

With the rise of remote work, securing endpoints (laptops, smartphones, tablets) has become crucial. Endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions help secure devices against malware, ransomware, and other threats.

CrowdStrike’s Falcon platform, for instance, provides real-time endpoint protection, detecting and preventing breaches before they cause damage.

5. Employee Training and Awareness

Human error remains one of the weakest links in cybersecurity. Regular training and awareness programs can help employees recognize and respond to potential threats.

Kevin Mitnick, a renowned cybersecurity expert, states, “Companies spend millions of dollars on firewalls, encryption, and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer, and operate computer systems.”

6. Regular Security Audits and Penetration Testing

Conducting regular security audits and penetration testing helps identify vulnerabilities before cybercriminals can exploit them. This proactive approach ensures that security measures are up to date and effective.

7. Executive Ownership and Board-Level Focus

To ensure cybersecurity is prioritized, executive ownership and adding security as a board agenda point are crucial. This top-down approach emphasizes the importance of cybersecurity across the entire organization.

“Cybersecurity must be a priority at the highest levels of an organization. Leadership commitment is key to creating a culture of security,” says Mary Barra, CEO of General Motors.

Actionable Advice for CTOs:

  • Assign Executive Ownership: Designate a C-suite executive responsible for cybersecurity to ensure accountability and focus.
  • Board Involvement: Regularly update the board on cybersecurity risks, strategies, and progress. Incorporate cybersecurity as a standing agenda item in board meetings.
  • Develop a Cybersecurity Framework: Create a comprehensive cybersecurity framework that aligns with business objectives and regulatory requirements.
  • Encourage Cross-Department Collaboration: Ensure that cybersecurity is integrated across all departments, promoting a unified approach to risk management.

By implementing these strategies, organizations can build a robust cybersecurity posture that not only protects their assets but also fosters trust and confidence among stakeholders.

The cybersecurity firm, FireEye, emphasizes the importance of penetration testing: “Penetration testing should be part of any mature cybersecurity program. It provides an opportunity to identify and fix security weaknesses before they can be exploited.”

Real-World Examples

Example 1: Maersk

In 2017, Maersk, a global shipping giant, was hit by the NotPetya ransomware attack, causing over $300 million in damages. The attack disrupted operations across 76 ports worldwide. Maersk responded by rebuilding its entire IT infrastructure, emphasizing the importance of robust backup and disaster recovery plans.

Example 2: Equifax

The 2017 Equifax data breach exposed the personal information of 147 million people. The breach was attributed to unpatched vulnerabilities in their web application. In response, Equifax implemented comprehensive security measures, including a bug bounty program and enhanced patch management processes.

Example 3: Target

In 2013, Target suffered a data breach that compromised 40 million credit and debit card accounts. The breach was traced to network credentials stolen from a third-party vendor. Target has since invested heavily in cybersecurity, adopting advanced threat detection systems and implementing stricter access controls for vendors.

Conclusion

Strengthening cybersecurity in an era of increasing threats requires a multifaceted approach. By adopting strategies such as Zero Trust Architecture, Multi-Factor Authentication, advanced threat detection, and comprehensive employee training, CTOs can protect their organizations from evolving cyber threats.

As Brad Smith, President of Microsoft, aptly puts it, “Cybersecurity is an urgent challenge for everyone. We need to come together to address this and ensure that we create a safer digital world for all.”

Read more blog posts on Cyber and information Security here : https://renierbotha.com/tag/security/

Stay tuned as we continue to explore these critical topics in our 10-day blog series, “Navigating the Future: A 10-Day Blog Series on the Evolving Role of the CTO” by Renier Botha.

Visit www.renierbotha.com for more insights and expert advice.

Be aware of scammers while using email…

Leave a comment

Many businesses have had to adapt to new working practices because of the coronavirus (COVID-19) situation. This has often meant an increase in emails and more frequent calls with suppliers, customers, banks and other organisations.
Scammers have been taking advantage of this. Cases are on the increase where fraudsters are calling businesses pretending to be from their phone or internet provider, their bank or even a retailer. They’ll ask for payments, or for staff to download software that then gives them control of that staff member’s device. Some have even taken control of genuine email addresses and used them to request payments, making it more difficult to spot the signs of a scam.
With this in mind, it’s now even more important to have strong, clear processes in place for keeping data safe.

Can you spot a scam?
Even if you know all the hallmarks and what to look out for, with ever-more sophisticated ways to access your data, scams are getting harder to spot. If a fraudster called or emailed you or a member of staff pretending to be a known supplier, would you know it was a scam?
They might even contact a staff member pretending to be you. For example, how can you tell if this email’s genuine?

Put checks and processes in place
To help you and your staff spot fraudulent attempts, here are some tips on the checks and processes you should have in place. Remember – it’s good to have a healthy level of suspicion.

  • If you get an email out of the blue that asks you to click on a link or attachment, don’t do it – even if the sender seems familiar – and even if it appears to be coming from a known email address. Instead, contact the apparent sender using different details that you already know and trust to verify the request.
  • When someone calls unexpectedly, don’t give them any information like personal details, bank details or pins.
  • Never download any software onto your device if you’re asked to – fraudsters can use this to access your personal information, even your bank account. Instead, call them back on a known number to check they’re genuine.
  • You can also search for a number to see if a listed number you’ve been asked to call is genuine. Have a payment-checking process in place. For example, if you receive a request to update the bank details you have on file or get new bank details for a payment, confirm this by calling that person or organisation using details you already have, and not those provided in the request. You should also do this with requests from anyone within your own organisation.
  • Have security policies in place, such as having strong passwords, using an encrypted VPN (virtual private network) when working from home, and using an extra layer of authentication for email and payment processes (such as a unique code texted to your mobile) – and test these processes often.
  • Make sure you and all your staff, regardless of their role, are made aware of the checks and processes regularly.

Cyber-Security 101 for Business Owners

Leave a comment

Running a business require skill with multiple things happening simultaneously that require your attention. One of those critical things is cyber-security – critical today to have your focus on.

In the digital world today, all businesses have a dependency on the Internet in one way or the other… For SMEs (Small Medium Enterprise) that uses the Internet exclusively as their sales channel the Internet is not only a source of opportunity but the lifeblood of the organisation. An enterprise has the ability, through the Internet, to operate 24×7 with digitally an enabled workforce bringing unprecedented business value.

Like any opportunity though, this also comes with a level of risk that must be mitigated and continuously governed, not just by the board but also by every member within the team. Some of these risks can have a seriously detrimental impact to the business, ranging from financial and data loss to downtime and reputational damage. It is therefore your duty ensuring your IT network is fully protected and secure to protect your business.

Statistics show that cybercrime is exponentially rising. This is mainly due to enhancements in technology enabling and giving access to inexpensive but sophisticated tools. Used by experienced and inexperienced cyber criminals alike, this is causing havoc across networks resulting in business downtime that costs the economy millions every year.

If your business is not trading for 100 hours, what is the financial and reputational impact? That could be the downtime caused by, for example, a ransomware attack – yes, that’s almost 5 days of no business, costly for any business!

Understanding the threat

Cyber threats take many forms and is an academic subject on it’s own. So where do you start?

First you need to understand the threat before you can take preventative action.

Definition: Cyber security or information technology security are the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation.

A good start is to understand the following cyber threats:

  • Malware
  • Worms
  • Trojans
  • IoT (Internet of Things)
  • Crypto-jacking

Malware

Definition:Malware (a portmanteau for malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network.

During 2nd Q’18, the VPNFilter malware reportedly infected more than half a million small business routers and NAS devices and malware is still one of the top risks for SMEs. With the ability of data exfiltration back to the attackers, businesses are at risk of the loss of sensitive information such as usernames and passwords.

Potentially these attacks can remain hidden and undetected. Businesses can overcome these styles of attacks by employing an advanced threat prevention solution for their endpoints (i.e. user PCs). A layered approach with multiple detection techniques will give businesses full attack chain protection as well as reducing the complexity and costs associated with the deployment of multiple individual solutions.

Worms

Definition:A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.

Recent attacks, including WannaCry and Trickbot, used worm functionality to spread malware. The worm approach tends to make more noise and can be detected faster, but it has the ability to affect a large number of victims very quickly.For businesses, this may mean your entire team can be impacted (spreading to every endpoint in the network) before the attack can be stopped.

Approximately 20% of UK businesses that had been infected with malware had to cease business operations immediately resulting in lost revenue.

Internet of Things (IoT)

Definition:The Internet of things (IoT) is the network of devices such as vehicles, and home appliances that contain electronics, software, actuators, and connectivity.

More devices are able to connect directly to the web, which has a number of benefits, including greater connectivity, meaning better data and analytics. However, various threats and business risks are lurking in the use of these devices, including data loss, data manipulation and unauthorised access to devices leading to access to the network, etc.

To mitigate this threat, devices should have strict authentication, limited access and heavily monitored device-to-device communications. Crucially, these devices will need to be encrypted – a responsibility that is likely to be driven by third-party security providers but should to be enforced by businesses as part of their cyber-security policies and standard operating procedures.

Cryptojacking

Definition:Cryptojacking is defined as the secret use of your computing device to mine cryptocurrency. Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.

With the introduction and rise in popularity and value of crypto currencies, cryptojacking emerged as a cyber-security threat. On the surface, cryptomining may not seem particularly malicious or damaging, however, the costs that it can incur are. If the cryptomining script gets into servers, it can send energy bills through the roof or, if you find it has reached your cloud servers, can hike up usage bills (the biggest commercial concern for IT operations utilising cloud computing). It can also pose a potential threat to your computer hardware from overloading CPUs.

A recent survey, 1 in 3 of all UK businesses were hit by cryptojacking with statistics rising.

Mitigating the risk 

With these few simple and easy steps you can make a good start in protecting your business:

  • Education: At the core of any cyber-security protection plan, there needs to be an education campaign for all in the business. They must understand the gravity of the threat posed – regular training sessions can help here. And this shouldn’t be viewed as a one-off box-ticking exercise then forgotten about. Having rolling, regularly updated training sessions will ensure that staff members are aware of the changing threats and how they can best be avoided.
  • Endpoint protection: Adopt a layered approach to cyber security and deploy endpoint protection that monitor processes in real-time and seek out suspicious patterns, enhancing threat hunting capabilities that eliminate threats (quarantine or delete), and reducing the downtime and impact of attacks.
  • Lead by example: Cyber-security awareness should come from the top down. The time is long gone where cyber-security has been the domain of IT teams. If you are a business stakeholder, you need to lead by example by promoting and practicing a security-first mindset.

O-ISM3 BASED HIGHLY MATURE ISMS MANAGEMENT

Leave a comment

SPHERE invests in knowledge training…

This course is specifically designed to improve your skills as an information security manager. Using O-ISM3 as a framework, you will master process management, and you will be able to:

  • Prioritize security efforts using business significant criteria
  • Communicate the value that Information Security Department brings to the organization
  • Design, implement and use information security metrics proven in the field, enabling short cycle continuous improvement
  • Simplify ISO27001 compliance
  • Complement ITIL security
  • Manage outsourced security services with SLA’s
  • Implement TOGAF and SABSA architectures.

O-ISM3 is an information security management maturity standard published by The Open Group, a leader in the development of open, vendor-neutral IT standards and certifications.

SPHERE, and other organizations like the Swiss Armed Forces, the National Bank of Panama and Bankia use O-ISM3. Our student, Pedro Valcárcel, a professional with 15 years’ experience in security said about the course: “This course opened my eyes. I wish I had taken it sooner”

Trainer Profile
Vicente Aceituno is the Senior Information Security Manager of SPHERE. He is leader of the standard Open Information Security Management Maturity Model; he has broad experience in outsourcing of security services and research. His focus is information security outsourcing, management and related fields like metrics and certification of ISMS.

Mark your calendar

London Course – Monday 12th to Wednesday 14th December 2016

What you will learn:

  • Deep understanding of complex security and management concepts
  • Alignment of security objectives with an organization’s mission
  • Classifying and setting requirements for information systems that satisfy security objectives
  • Communication of the value of information security
  • Access control management concepts
  • Implementation of security processes
  • Process management activities
  • Design, implementation and use of information security metrics
  • Understanding of the relationship between metrics, management practices, capability and maturity
  • Techniques for visualization of security metrics
  • Understanding of distribution of responsibilities concepts
  • ISM3-RA Risk Assessment
  • Management of Outsourced Security processes.

Course Outline

Day 1 – 9:00 – 17:00

  • Concepts: You will gain a deeper understanding of complex security concepts.
  • Assets & Goals: You will be able to set security objectives aligned with your organization’s mission, and you will be able to communicate what is the value that the information security department brings to the organization.
  • Security Objectives: You will be able to set requirements for information systems that satisfy security objectives.
  • Access Control: You will gain an understanding of the management ramifications of access control.
  • Classification of Systems: You will be able to prioritize efforts using business significant criteria for systems classification.
  • Activities & Deliverables: You will gain an understanding of the relationship between activity and achievement of goals.
  • Bottom-up Process Implementation: You will learn how to apply O-ISM3 to processes under your own responsibility.
  • Top-down Security Program: You will learn how to apply O-ISM3 when you have support from top IT management.

Day 2 – 9:00 – 17:00

  • General Processes: You will familiarize yourself with auxiliary but essential processes.
  • Strategic Processes: You will familiarize yourself with processes related to goals definition and provision of resources.
  • Tactical Processes: You will familiarize yourself with processes related to continuous improvement and resource distribution.
  • Operational Processes: You will familiarize yourself with technical hands-on processes.
  • Management Practices: You will learn the basics about process management activities.
  • Metrics: You will learn in detail how to design, implement and use information security metrics.
  • Maturity: You will become familiar with the relationship between metrics, management practices, capability and maturity.
  • Reports, Dashboards & Visualization: You will learn how to make the best of metrics, enabling interpretation and communication.

Day 3 – 9:00 – 17:00

  • Security Organization: You will understand how the distribution of responsibilities make processes tick, and how to avoid related risks.
  • Security Modelling: You will gain a working knowledge of advanced security models.
  • O-ISM3-RA: You will learn to perform a simple yet meaningful Risk Assessment.
  • ISO27001: You will learn how to make O-ISM3 help you with ISO27001 compliance.
  • IT Architecture: You will learn how to use O-ISM3 effectively with SABSA and TOGAF.
  • ITIL & SLA’s: You will learn how to complement ITIL with O-ISM3, and how to design SLA in order to manage outsourced security processes.
  • Certification: You will peek at O-ISM3’s certification process.
  • Techniques & References: You will learn general security techniques in order to treat security threats.
  • Recapitulation: You will look back at the last three days highlighting the most important ideas and concepts.

Who should attend
This course is designed for security professionals who are or have the goal to acquire management level responsibilities in their organizations.

Student/Instructor ratio
The maximum number of students is 10.

Book now
Contact security@sphere.services for details.

https://www.systemspoweringhealthcare.com/the-news/first-article/