About admin

This author has not yet filled in any details.
So far admin has created 43 blog entries.

Tips for a Bulletproof War Room Strategy


The techniques used in real-world combat apply in cybersecurity operations, except that instead of bullets flying downrange, it's packets. When COVID-19 hit the United States, there was no shortage of headlines about the new security challenges caused by the shift to remote work. There is truth in that, but I argue that, rather than creating new problems, what the pandemic did was expose and exacerbate existing security weaknesses. For example, in the rapid shift to remote working, many organizations' most immediate solution was to relax their virtual private network (VPN) and Remote Device Protocol policies to give workers access to applications and data through personal devices and home networks. But this often led to misconfigurations that cyberattackers were fast to exploit. Additionally, although cloud adoption was already on the rise before COVID, many enterprises are now entirely cloud-enabled, making the perimeter increasingly obsolete. Threats are no longer just malicious actors that make their way in; today, they include inside actors, misconfigured services, and shadow workloads containing sensitive enterprise data, accelerating the urgency around gaining visibility in the east-west corridor. And that's not all that's suffered from the increase in remote cross-team communication. IT and security teams were already battling competing priorities, but now they might need to take extra steps to resolve an issue. And worse? Hackers thrive on this kind of chaos. Inherently lazy hackers will exploit a lack of cross-team communication to gain access to the network's most critical resources, often moving under the radar until it's too late. Internally, this not only leads to breaches, potential loss of sensitive data, and millions of dollars' worth of fines and legal liabilities+, but also finger-pointing that exacerbates preexisting cultural silos between teams. Update Your War-Room StrategyFor nearly two decades, I actively served the US Marine Corps, completing three combat tours. After spending the majority of my military career as a network architect and engineer, I approach my cybersecurity work at Viasat with a unique perspective on mitigating high-risk situations. In security, like combat, there is no better way to prepare for the next attack or crisis than getting tightly aligned on war-room strategies. War rooms are designed to bring key decision-makers together and arm them with all the information necessary to make rapid decisions during high-risk situations. The same techniques used in real-world combat apply in cybersecurity operations. The only difference is that instead of bullets flying downrange, it's packets. Instead of nation-states going at it, you have everyday groups of hackers trying to gain access to your network, steal your information, or degrade your service. Any security practitioner will tell you: It's a war zone. Build a Bulletproof War RoomHere are three tips for establishing a bulletproof war room that delivers deep organizational visibility and enables rapid decision-making. 1. Bring the Right People to the RoomIn today's environment, especially in larger companies, employee skill sets are getting more technically diverse with stand-alone teams spanning cloud, network, development, automation, and more. As much as these teams may want to work in their own lane, there is no denying that their work directly affects other groups in the organization. When they send updates or find an exploit that threatens their system, it's not just their system that is impacted. It can produce massive consequences across all areas of the business. 2. Empower Teams to Overcome Decision ParalysisIn combat, one of the biggest mistakes that could cause you to lose your position is indecision. In security, when a breach occurs, teams can't afford to disagree. War rooms are built to enable quick decision-making by empowering need-to-know decision-makers with the authority needed to respond rapidly. An effective war room brings together the right people and the right information so that the right decisions can be quickly made. 3. Plan for Various Scenarios and Risk LevelsIn one instance, a war room could bring together a group of engineers from different disciplines to investigate or troubleshoot something that crosses boundaries into their systems. In another, you can elevate that war room into an actual live incident or bring together a group of senior management to plan out the risk posture for the foreseeable future, whether that's the next quarter, the next year, or maybe for a large upcoming event where they want to plan for attack possibilities. No matter the risk level, war rooms can function as catalysts for aligning on sharp, effective plans, both in offensive and defensive situations. Don't Overlook the BasicsIT and security professionals' jobs became increasingly more difficult in 2020 — they've re-imagined the traditional enterprise network and created new, safe ways of working all while combating deeper cultural silos than ever. In this new reality, one of the biggest mistakes organizations can make is to skip the security basics.   Building a cohesive war room gives IT and security teams new ways to collaborate, work together, share information, and avoid finger-pointing. Reaching out to colleagues can build bridges that help solve these new challenges we're facing together. In the Marines, I saw firsthand the power of what can be accomplished when teams focus and work together. As the Marines advise when facing times of chaos: "Improvise, adapt, and overcome." Lee Chieffalo is Technical Director of Cybersecurity Operations at Viasat. Prior to joining Viasat, he completed three combat tours with the US Marine Corps and actively served for nearly two decades. After spending the majority of his military career as a network architect ... View Full Bio Recommended Reading: More Insights

Tips for a Bulletproof War Room Strategy2021-01-20T10:41:30-05:00

Vulnerability Management Has a Data Problem


Security teams have an abundance of data, but most of it lacks the context necessary to improve remediation outcomes. Today, vulnerability management teams have so much data on hand that processing and analyzing it takes as much time as remediation efforts. This occurs in great part because each of the many tools used for remediating vulnerabilities provides only fragments of the data needed to resolve vulnerabilities. As security teams look to double down on cloud IT, vulnerability management teams are under pressure to streamline and scale remediation processes, which can't happen if they are manually parsing siloed data across dozens of tools. Remediation teams — from the chief information security officer (CISO) on down — need better data, not more of it. The Problem With DataToday's vulnerability management tools collect basic data, such as the number of vulnerabilities detected, assets impacted, or technical severity. This allows security teams to monitor only the most remedial elements of a remediation campaign; these tools rarely provide the level of correlated detail needed to drive better remediation outcomes. More mature teams might use spreadsheets or business intelligence (BI) tools to track metrics such as the number of previous vulnerabilities that have been fixed, those that still exist, and the number of new vulnerabilities identified since the last scan. While that data is helpful, it lacks context and rarely provides a holistic view of the remediation program. For example, it doesn't align a vulnerability's location with the impacted business unit, report the true time required to fix a vulnerability, or provide insight into vulnerability prioritization decisions. This type of granular information is foundational in improving remediation outcomes. The Data We Really NeedSecurity teams need data that helps them prioritize remediation based on business risk as well as information that guides and drives process improvement. Data should help them identify weak spots and refocus remediation efforts for the most at-risk technology impacting the most critical business areas.  For example, if a scanner identifies a SQL injection in line 7 or a patch needed on the Red Hat box, that information doesn't convey the specific product impacted, the owner, or the business criticality for the organization. Does one of those vulnerabilities pose more of a risk to keeping the lights on than the other? Which needs immediate attention if the team can't fix both concurrently? Another consideration is the fluctuating criticality of impacted technology depending on the enterprise's business cycle. For example, many retailers see increased risk during holiday shopping seasons, while grocery chains introduce new products on a monthly basis that can cause priorities to shift across multiple IT and business units. For these situations, teams need better data to facilitate making decisions based on business expectations in real time. Next, the remediation team needs an understanding of how a particular fix could impact operations. While vulnerability management tools track the mean time to remediation, they do so based on weekly scans, which, again, lack important context. Which vulnerabilities reported last week have been fixed? How much effort did each require? Did it take a day? Five minutes? Five days? This data would also be invaluable to CISOs. Historical data showing which platforms take more time to patch than others — and why — can help them identify process inefficiencies, product fallibility, and personnel issues and how best to address them. Why Is This So Hard to Fix?The biggest barrier to improving vulnerability remediation is that the data is siloed in many different systems: vulnerability data in the scanner, business context data in the configuration management database or asset repository, or, worse yet, in people's heads. Additionally, the security team may deploy several vulnerability management tools siloed across different teams — to those who scan for vulnerabilities, threat intelligence teams, IT operations technicians, etc. Compounding the issue is the fact that many data points aren't stored by existing tools. For example, few organizations track the amount of time it takes the DevOps team to find the vulnerability, install the patch, and check that it worked. When they do, it's even rarer that they funnel that information back to the vulnerability management program. Further, some vulnerability management tools ignore the data points that are not stored. So, if a CISO asks how many vulnerabilities were fixed in the last six months, corresponding data is not available in most vulnerability management tools. What Can We Do About It?Now comes the hard part — creating the workflows and processes needed to improve remediation outcomes. First, the vulnerability remediation team must get the business unit owners involved, asking them to identify critical business functions and the relationships between assets. Align the business function with the supporting technology products, then assess the criticality of each asset and tie it back to the vulnerability management program.  Next, security teams should recruit partners from the DevOps and IT operations teams to help coordinate and collaborate on remediation efforts. Those relationships will be key to security's ability to improve remediation processes, as needed, over time.  This kind of collaboration isn't easy, intuitive, or historically mandated, so security team leads must seek ways to bring these players to the table through cross-function strike teams, training, and other hands-on efforts. Discuss what data is needed to move forward, then plan how to collect and utilize that information to develop efficient and proactive vulnerability remediation campaigns. Finally, efficiently collecting, parsing, and analyzing that data is key to maturing vulnerability remediation programs. Whether you use spreadsheets or BI tools, remediation teams must then decide which metrics to track and set reasonable key performance indicators (KPIs). Executing against data-driven goals makes it much easier to stay on track.  This is a heavy lift — believe me, I know. But pain is a great motivator, and for security teams, few things are more painful than a breach that could have been avoided had they patched the exploited system when the patch first came out.  Sound familiar? Tal Morgenstern brings almost 20 years of experience in cybersecurity products development and design to Vulcan Cyber – experience he gained in the Israeli army, building cutting-edge Elbit systems, Israel's largest defense contractor, and during his tenure in various ... View Full Bio Recommended Reading: More Insights

Vulnerability Management Has a Data Problem2021-01-15T10:36:37-05:00

How to Build Cyber Resilience in a Dangerous Atmosphere


Our polarized climate and COVID-19 are putting the nation's cybersecurity in imminent danger, and it's past time to act. Whenever a polarizing event occurs, there are people looking for ways to exploit the situation. Cyber crooks are long known for using large events or important topics to try to phish and scam, infiltrate networks, and establish footholds. And the events that polarized the world's largest economy in 2020 set the perfect stage for advanced persistent threat (APT) groups and other organized cybercriminals to act. It is the ideal combination of all the ingredients you need for successful attacks, not only in the United States but everywhere in the world. Why? Simply put, when large segments of the population are polarized (in fact, tribalized), they are eager to consume the things that help them make sense of their convictions. Opponents' facts and experiences are perceived with bias and even disbelief, which amplifies the impact of things that a person believes "makes sense." Playing to this scenario makes it straightforward for cybercriminals to distribute infected files or share links to malicious websites or downloads. Furthermore, coping with a global health crisis takes a substantial amount of focus, especially with the numbers rising. There isn't a single person who is not affected, directly or indirectly, by COVID-19, who doesn't have it on the brain every day as they worry about the health and safety of loved ones or their income. Finally, the pandemic has fundamentally changed the way we work — now predominantly from home — and the impacts on our networking infrastructure are significant. So many unmonitored devices are now in close vicinity to the entry points on a corporation's network and radically increasing the attack surface for companies around the globe. Important critical infrastructure, such as healthcare and energy systems, must also be considered. Many critical infrastructure systems are under stress, aging, unstable, or experiencing negative side effects from the increased demand. Solving these issues is an enormous task that requires proper management and focus. Cybercriminals Are in it For the Long TermVaccine research is a prime target for cybercriminals, as there is no object more valuable right now. It is the right time for attackers to infiltrate and establish footholds in networks; cyber-defense architectures are weak due to the effects of remote work in general, but also because employees distracted by polarizing topics may forget their cybersecurity awareness and become more vulnerable.  Note that this is not about short-term gain for attackers. Establishing footholds in large numbers of organizations now will enable them to expand inside the infrastructure and prepare even larger attacks later.  In addition, because digitalization is mainly driven by business decisions, cybersecurity is all too often an afterthought. Many businesses are interconnected globally through international supply chains and their products and services are delivered to distant countries. The dependence this places on information technology and its cross-connection between sectors is mostly invisible. Coordination efforts are hampered, and key management resources are unavailable. Two Steps to Build Cyber ResilienceGiven all of these ingredients and the context we're living in, the nation's cybersecurity status appears to be more vulnerable than usual. Therefore, this is a plea to businesses and organizations to bolster their cyber resilience. 1. Embrace the Paradigm ShiftThe first step to achieving cyber resilience is to start with a fundamental paradigm shift: Expect to be breached, and expect it to happen sooner than later. You are not "too small to be of interest," what you do is not "irrelevant for an attacker," it doesn't matter that there is a "bigger fish in the pond to go after." Your business is interconnected to all the others; it will happen to you.  Embrace the shift. Step away from a one-size-fits-all cybersecurity approach. Ask yourself: What parts of the business and which processes are generating substantial value? Which must continue working, even when suffering an attack, to stay in business? Make plans to provide adequate protection — but also for how to stay operational if the digital assets in your critical processes become unavailable. 2. Inventory Your Assets NowKnow your most important assets, and share this information among stakeholders. If your security admin discovers a vulnerability on a server with IP address but doesn't know the value of that asset within your business processes, how can IT security properly communicate the threat? Would a department head fully understand the implications of a remote code execution (RCE) attack on that system?  Do the resilience basics for your important assets (if you don't want to do it for all), put technical controls in place for changes and vulnerabilities, and tie these controls into a security architecture that enables automated information exchange, not only between the systems in your security operation center and its team members but also between all of your stakeholders.  Doing these two things changes your approach to cybersecurity into a forward-looking, resilient posture, even in these polarized times.   A native of Germany, Dirk Schrader brings more than 25 years of delivering IT expertise and product management at a global scale. His work focuses on advancing cyber resilience as a sophisticated new approach to tackle cyberattacks faced by governments and organizations of ... View Full Bio Recommended Reading: More Insights

How to Build Cyber Resilience in a Dangerous Atmosphere2020-12-31T10:33:43-05:00

Defending the COVID-19 Vaccine Supply Chain


We must treat this supply chain like a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system. I've sat in front of computer screens for over 15 years in the intelligence community and private sector, facing off against foreign adversaries that I'll never get to look in the eye. But one thing I know to be true of an adversary is that no opportunity is missed — nor is any crisis off-limits. During the past decade, cyber warfare has taken on many forms, from attempting to influence politics to disrupting critical infrastructure and targeting national defenses — and now, there is plenty of evidence that the historic race toward a cure for the novel coronavirus is being targeted by state-sponsored adversaries. The COVID-19 vaccine supply chain is already under siege, and the more components of the supply chain that are activated, the more organizations that don't normally think about cybersecurity issues at this scale will find themselves at the epicenter of adversaries' interest. It's critical that we treat this supply chain as a piece of our nation's critical infrastructure, just like the electrical grid or air traffic control system. You may be thinking, 'Why would a nation-state attempt to disrupt this supply chain? Every country needs a vaccine.' Well, state-sponsored attacks serve geopolitical objectives — objectives that have evolved from collecting information about weapons, troops, and spies to the aggressive pursuit of economic interests and tech supremacy. These objectives are often carried out through cyber espionage, collecting information to provide host nations with a competitive edge — or, in the case of COVID-19, to help them achieve a first-to-market vaccine advantage. Why does that matter? Because it would influence the next day of the global economy. Also, it would inadvertently dictate who the global suppliers of the COVID-19 vaccine are, and which nations get access to it — and which do not. Since the pandemic's onset, pharmaceutical companies, medical manufacturers, and suppliers of ingredients used in COVID-19 vaccine research trials have been subject to cyberattacks — and that's not all. My team at IBM Security X-Force uncovered in October 2020 a global phishing campaign targeting the COVID-19 cold chain, a component of a vaccine supply chain charged with ensuring that vaccines are stored and transported in temperature-controlled environments to guarantee their safe preservation. We also uncovered earlier this summer more than 40 companies worldwide being targeted in a precision operation aimed at compromising a global COVID-19 supply chain in efforts to gain competitive insight on national strategies and resources to support COVID-19 response efforts. While governments take steps that further underscore the need for mobilization to safeguard the COVID-19 vaccine supply chain, it's essential that organizations and defenders take proactive measures to defend the race for a cure. Just recently, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued a report raising awareness on security risks within the COVID-19 supply chain. It's critical that organizations that are part of this supply chain assess their third-party ecosystem and the risks introduced by their partners, and have actionable incident response plans in place to prevent, react to, and recover from a cyber event. The Chain Is Only as Strong as Its Weakest LinkA vaccine's supply chain doesn't stop with the scientists, pharmaceutical companies, and manufacturers developing it. The chain encompasses suppliers, distributors, and storage facilities; it includes the research centers overseeing clinical trials; and it includes those tasked with building the equipment to administer the vaccine or creating the appropriate packaging and technologies required to store it or transport it. And, of course, the hospitals and medical centers that will administer the medicine are at the end of that supply chain. Imagine a supply chain management company, one that manages the vaccine's deployment, experiencing a ransomware attack, rendering its logistic systems inoperable. Or a freight transportation company tasked with transporting the vaccine suffering a destructive attack. These are not outlandish scenarios. These industries have been at the target of both nation-state adversaries and financially motivated cybercriminals in the past — I know this because my team has seen them and responded to them. We've already seen adversaries attempt to compromise organizations supplying the vaccine's cold chain — we mustn't let them succeed. A Collective Response Is Mission-CriticalIn all the years I've been briefing government officials and intelligence agencies about national security threats, both cyber and physical, I've learned there are two vital components to defending diverse targets of international significance. First: preparedness to collectively respond. And second: intelligence sharing. The same must apply to the COVID-19 vaccine supply chain. A collective response to help this ecosystem of organizations prepare for cyber threats is mission critical. This is why my team created early on a task force dedicated specifically to tracking down COVID-19 threats against organizations that are keeping the vaccine supply chain moving — a task force charged with finding the threats, before the threats reach their targets. We've been feeding this threat intelligence into the COVID-19 threat-sharing enclave that IBM, at the onset of the pandemic, made accessible to any organization in need of more eyes on cyber threats. But this undertaking is far larger than a single team's resources. Warding off threats to a vaccine's supply chain and its various disparate parts requires a collective approach to threat intelligence sharing. Why? Because threat sharing enables a coordinated defense strategy — and in the case of the COVID-19 vaccine supply chain, the collective experience and visibility of threat sharing will reduce risk, making it harder for adversaries to find a way in. We in cybersecurity say that "it takes a village." Information sharing is that village. We all have roles to play in the timely and successful delivery of a COVID-19 vaccine, and for the cross-sector threat intelligence community that role is clear: defend one of the most important supply chains of the century. Nick Rossmann leads the threat intelligence teams that support clients and incident response at IBM. Prior to IBM, he held various roles in the private and public sectors, such as FireEye, where he managed its threat intelligence production, as well as  the US ... View Full Bio Recommended Reading: More Insights

Defending the COVID-19 Vaccine Supply Chain2020-12-29T10:35:24-05:00

Quarterbacking Vulnerability Remediation


It's time that security got out of the armchair and out on the field. Traditional vulnerability remediation occurs in silos — the security team detects vulnerabilities, prioritizes which ones need to get fixed first, and punts the list over the cubicle wall for the IT operations team to handle. But that approach is no longer tenable. The rate and pace at which vulnerabilities occur requires the strategic alignment of IT functions across the enterprise. Since the security team "owns" vulnerability management, it should be accountable for creating and maintaining that alignment. Rather than approaching vulnerability remediation as a game of "hot potato," they must play a much longer game and drive the process. Security teams need to assume the role of a quarterback — one who's gunning for a touchdown. Be the QuarterbackVulnerability management is no one's favorite job, but it's essential in reaching long-term security goals for the enterprise. Infrastructure is assaulted daily by both complex vulnerabilities that take months to fix — like Boothole and Zerologon — as well as thousands of seemingly mundane vulnerabilities that, in the context of where and how they pop up in the environment, can introduce the same amount of risk as a critical vulnerability with a CVSS of 10. Leadership is key in motivating stakeholders to adopt a remediate-or-bust mindset. Gartner estimates that security professionals will be aware of 99% of vulnerabilities exploited by the end of 2020 at the time of compromise; Ponemon found unpatched systems were the root cause of 60% of data breaches in 2019. With a deluge of new vulnerabilities being reported each year and dramatic shifts in enterprise IT, such as the abrupt, COVID-related shift to remote work — a concerted effort to remediate vulnerabilities is one of the most effective actions a company can take to reduce the chance of a breach. But vulnerability management isn't a well-oiled machine. As the team lead or project manager, the security team must oversee the entire remediation process, even when the ball's not in their hands. Whether a vulnerability is simple or complex, it's often complicated by the internal politics playing out across IT operations, DevOps, security, and other distinct IT functions. The only way to scale remediation processes is for security to quarterback remediation plays and see the process through. Detection and prioritization are worth very little if remediation occurs at too slow a pace to neutralize the threats posed to the enterprise by vulnerabilities. Long-standing silos won't go away overnight, and IT teams won't reorganize around vulnerability remediation. But they don't need to if security ensures the various stakeholders involved in a given remediation campaign are doing their part. Choose the PlayAs the quarterback, security teams identify the nature of the vulnerability, the business assets most at risk, the potential impact on the enterprise, and the patch, configuration change, or workaround that will resolve the breach. Armed with this knowledge, they pull in the right players from other IT functions, align on the necessary fix, and coordinate the remediation campaign, efficiently and effectively. When security and IT teams align on a remediation strategy, the shared context and agreement on execution provides the foundation needed to remediate vulnerabilities at scale. Even if the fix goes wrong, problems get resolved faster when the lines of communication are open.  Fixing complex vulnerabilities often requires multiple coordinated elements. The Boothole vulnerability is an excellent example of this: Boothole's sheer pervasiveness makes it incredibly difficult to patch in enterprise settings. It's a cross-platform vulnerability that requires both hardware and software fixes — including firmware and OS updates — that must be performed in precise order. Security, DevOps, and IT teams must work together to minimize its business impact and avoid compromise. As the quarterback, the security team needs to think and act like a team captain: What's the best approach? Should you monitor network traffic? Write a PowerShell detection script? Are Linux systems also affected? Who can help and how? Most importantly, how do we keep everyone on point? Because every vulnerability is unique, it's critical to build a team around the infrastructure stack affected by the vulnerability — this may include third-party vendors, app developers, Web developers, network engineers, the IT operations team, and more. Rather than defending the field against emergency breaches, security practitioners can assemble cross-functional teams that drive ongoing remediation efforts toward the ultimate goalpost: reducing risk across the enterprise. But there are very few quarterbacks who can execute that game-winning drive without help from above; they receive assistance from an offensive coordinator who can see the entire field of play from a vantage point outside of the fray. This is critical to the quarterback's success. Likewise, a vulnerability remediation coordinator, such as a CISO who requires visibility into the entire remediation process, can oversee the remediation campaign from scan to fix. A good coordinator will see many aspects of the campaign that are outside the quarterback's purview. Move the Ball Down the FieldJust as a quarterback doesn't leave the field when the ball leaves his hand, security sees the remediation play through to completion. As they become more experienced and comfortable executing remediation plays, they'll learn how to make the best use of their players to move the ball down the field faster, improving how the team executes each remediation play. Because that's what the best quarterbacks do. Tal Morgenstern brings almost 20 years of experience in cybersecurity products development and design to Vulcan Cyber – experience he gained in the Israeli army, building cutting-edge Elbit systems, Israel's largest defense contractor, and during his tenure in various ... View Full Bio Recommended Reading: More Insights

Quarterbacking Vulnerability Remediation2020-12-24T10:36:08-05:00

Prepare to Fight Upcoming Cyber-Threat Innovations


Cybercriminals are preparing to use computing performance innovations to launch new types of attacks. The pandemic and the ensuing increase in remote work has given rise to new attack vectors and schemes. One thing 2020 underscored is the opportunistic nature of bad actors. They will grab onto anything they think can help them pull off a cyberattack, even things like phishing campaigns using emails purporting to be from the Centers for Disease Control and Prevention (CDC) — and, more recently, preying on election fears. And what we know is this will continue to evolve moving forward. Bad actors will look for new opportunities, including using many of the innovations in computing performance.  For instance, connected smart devices using 5G at the network edge contain incredible intelligence and power. If cybercriminals used that intelligence and power for attacks, they could create a new wave of attacks that could severely drain the compute resources of legacy security systems. Unfortunately, other types of attacks are cresting the horizon that will target developments in computing performance and innovation in telecommunications, specifically for cybercriminal gain. These new attack types will enable adversaries to cover new territory and present defenders with the difficult job of getting ahead of the cybercriminal curve well in advance. Three such areas where we expect to see increasing attacks include cryptomining, space, and quantum computing.  Advanced Cryptomining Will Gain TractionFor the past few years, cryptomining has steadily become a strategy for cybercriminals looking for a safe and reliable way to earn ill-gotten gain. It's a rather complicated process by which someone uses a computer's processing resources to verify blockchain transactions. If cybercriminals want to scale future attacks using machine learning and artificial intelligence (AI) capabilities — and they do — processing power is important. Eventually, by compromising edge devices for their processing power, cybercriminals will be able to process massive amounts of data and learn more about how and when edge devices are used. It could also make cryptomining more effective. When infected PCs are being hijacked for their compute resources, IT security teams can often identify it quickly because CPU usage directly impacts the end user's workstation experience. However, compromising secondary devices would be much less noticeable. Spreading Attacks From SpaceCybercriminals find enticing targets in the connectivity of satellite systems and telecommunications. As new communication systems scale and begin to rely more on networks of satellite-based systems, cybercriminals could target this convergence. Consequently, attackers could compromise satellite base stations and then spread that malware through satellite-based networks. This would give attackers the ability to potentially target millions of connected users at scale or inflict distributed denial-of-service (DDoS) attacks that could impede vital communications. The federal government sees this as a credible threat and has started preparing for it, building up cybersecurity personnel and technical capabilities as systems become increasingly vulnerable. The Quantum ThreatQuantum computing is another upcoming challenge. It could create a new cyber-risk when it eventually becomes capable of challenging the effectiveness of data encryption. The massive compute power of quantum computers could render asymmetric encryption algorithms obsolete. Consequently, organizations will need to shift to quantum-resistant computing algorithms using the principle of crypto agility to protect data integrity. A viable quantum computer is still a ways off, but no one knows exactly when it will arrive. According to NIST, the first quantum computer that could pose a threat to the algorithms currently used to produce encryption could be built by 2030. Organizations need to start preparing now, because you can be certain that the bad actors aren't waiting. And although the average cybercriminal will not have access to quantum computers, nation-states will. Therefore, the threat could be sooner and more realistic than many perceive. Prepare for Battle2020 has been an unprecedented year for cyber threats. We've seen cyber attackers in full force, taking advantage of every opportunity and every attack vector possible. Unfortunately, 2021 shows no signs of slowing down; the types of threats and the types of vulnerabilities will continue to evolve in step with new technologies. Threat intelligence is central to defending against these threat vectors, providing vital information in real time. Visibility will also be critical, particularly at this time when a significant amount of traffic is encrypted and many users are outside the typical network scenario. Examining encrypted traffic puts an enormous strain on a security device, and not all systems are up for the challenge at speed and scale. You may miss critical threats entering your network if you're not prepared. Another piece of the security armor is automated threat detection so that your team can address attacks immediately, not months later. Start preparing now for the emerging new attack methods, using the tools and strategies that will empower your team to defeat the negative aspects of innovations in computing performance. Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio Recommended Reading: More Insights

Prepare to Fight Upcoming Cyber-Threat Innovations2020-12-23T10:40:31-05:00

Penetration Testing: A Road Map for Improving Outcomes


As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.

Penetration Testing: A Road Map for Improving Outcomes2020-12-11T10:35:36-05:00

Penetration Testing: A Road Map for Improving Outcomes


As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.

Penetration Testing: A Road Map for Improving Outcomes2020-12-11T10:35:36-05:00
Go to Top