Posts Tagged ‘cyberthreat’
Posted by Tom Kendall in Cybersecurity, Network Intelligence, Risk Management, Security Intelligence, Threat Management
This past weekend I watched a documentary on More4 that delved into the Wikileaks scandal. “Wikileaks: Secrets & Lies” went into great detail explaining how Julian Assange served as a middleman in this scandal. Although Julian Assange is viewed as the face and spokesperson for Wikileaks, the documentary showed that Assange would not have had any global status if it weren’t for insiders who are willing to send sensitive information to the organization.
This programme was not broadcasting how a hacker could break into a network and steal information; it uncovered a deeper concern of how an insider can revolt, stealing privileged information from inside the network and causing havoc along the way.
This threat is a concern that should be top of mind for organizations. In a report published by Verizon on Business Data Breaches, they found that 48% of total data breaches were caused by insiders and 48% of breaches involved a misuse of an insider’s privileges.
Although identifying the risk of an insider threat was highlighted, the documentary really drove home the need for better security measures, so these incidents can be prevented or halted as they occur and the people responsible can be identified and punished.
For companies without proper security technology, identifying the “rogue insider” is not an easy task. Wikileaks is an excellent example of why traditional perimeter security defenses, such as firewalls and anti-virus software, are no longer sufficient in the “post-perimeter” world. To prevent these types of incidents, organizations should deploy automated technologies that continuously monitor and correlate user activities across various sources (such as network devices, OS logs and applications). This Total Security Intelligence will allow rapid detection of unusual activities such as a large number of sensitive documents being downloaded from a SharePoint server during off-hours or from a remote access location.
To learn more about how Total Security Intelligence can help combat these insider threats and how organizations are using QRadar as the key component for their IT Security, click here.
Posted by Heather Howland in Cybersecurity, Federal, Security Intelligence, Threat Management
In a post published earlier this week, I invited you to read the latest article written by Chris Poulin for SecurityWeek. In this article, Chris presented his belief that full breach disclosure and better collaboration among security professionals is key to thwarting today’s cyber threats.
In line with this belief, proposed breach legislation is also attempting to make disclosure and collaboration a center point of the nation’s cyber security strategy. According to an article on CNN’s Security Clearance blog, such legislation would “enable the intelligence community to share classified information with the private sector while at the same time addressing the concerns private companies have with providing information about attacks on their systems to the government.”
This addresses weaknesses outlined in an INSA study published this past summer, in which the authors suggested both private industry and public agencies have a responsibility to defend the country against cyber attack. In this proposed law, not only would businesses be required to share information about attacks with the government, the government would also share intelligence with security-cleared organizations. This would open up communication channels in the cyber-intelligence community immensely, creating the type of collaborative environment Poulin describes in his article.
What do you think? Can collaboration between the federal government and private industry help defend the country from a major cyber attack? Does it seem too idealistic to imagine that these sectors can work together? Share your thoughts below!
Posted by Heather Howland in Cybersecurity, Log Management, Security Intelligence, SIEM, Threat Management
“… there are other ways to move from a position of constant and reactive defense to a state of preparedness: sharing our individual experiences. The bad guys are already organized and collaborating effectively on how to compromise our systems; we need to start sharing, and sharing openly.”
How do we beat the bad guys at their game? That’s the question Chris Poulin is asking in this new article for part of his ongoing series at SecurityWeek. The answer? Thinking like your adversary. Well, at least that’s part of it.
In his latest article, “Compromise Full Disclosure: Collective Knowledge Brings Stronger Defense,” Poulin explains how, in order to fight organized cyber attacks, security professionals need to be more organized themselves. This means more collaboration, knowledge sharing and, of course, the adoption of security intelligence. The end goal is to create an environment where breaches and the details of the attack (and not the vulnerability) are shared among professionals so that others can learn from these attack strategies and prevent their own breaches.
Click here to read the full article and share your thoughts about Poulin’s call for more full disclosure.
Posted by John Burnham in Cybersecurity, Security Intelligence, SIEM, Threat Management
Not too long ago, in fact just a few weeks or months back, you couldn’t refresh your browser without a new headline about a breach exposing critical data to attack, leakage, etc. Nowadays, the news is full of other topics, but this does not mean the cyber-threat has been diminished or that these hacks of the week aren’t still occurring. Below is a sampling of the steady stream of security concerns the IBM X-Force has been reporting on:
November 16, 2011: Self Cross Site Scripting Behind Facebook Shock Spam For the past day now Facebook has been the victim of an attack causing pornographic and other shocking photos to show up in people’s newsfeeds. A statement released by Facebook says that the attackers are using a browser vulnerability which allows a sort of self cross site scripting. Facebook states that users are being tricked into copying and pasting malicious JavaScript into their browser address bar. So far Facebook has yet to determine the browser in question that has this vulnerability. If it is this easy to trick users into pasting JavaScript into their browser, then Facebook may only be the first stop. Companies should communicate with their users to help them understand how pasting JavaScript into their browser can compromise their security. Something like a simple fake contest or prize offering may be enough to entice people to do just about anything from their computer. Remind users that such things are often a scam. Read More Here and Here >
November 15, 2011: DoS Vulnerability Announced in ISC DNS
A new vulnerability in BIND 9 is being actively exploited, causing DNS servers to crash all across the Internet. According to a release from ISC, “Affected servers crash after logging an error in query.c with the following message: ‘INSIST(! dns_rdataset_isassociated(sigrdataset))’”. Multiple versions of BIND 9 are reported to be vulnerable, ISC is still investigating specific version numbers at the time of writing. Currently no workaround or patch is available, however it is under development. We will continue to monitor this situation and update things once a patch is available. Read More >
November 15, 2011: Operation Ghost Click
Recently the FBI announced details on a two year investigation resulting in the arrest of 6 individuals involved in a massive cyber-theft ring. This ring is reported to have infected over 4 million computers through means of a brand of malware dubbed DNSChanger. DNSChanger works by pointing a user’s computer to a rogue DNS server. When the user attempts to visit popular websites, the DNS server sends back a bogus address, sending the user to a malicious site instead. The cyber ring used this vast network of machines to manipulate internet advertising, bringing in over $14 million. The FBI has published the blocks of IPs involved with this activity and advised people to ensure they have no traffic destined to them. Read More >
The fact that these breaches and vulnerabilities aren’t getting the coverage they once were has me a little concerned. It’s not that we want to see these fear-inspiring headlines every day, but keeping security top of mind for even the general public means that more people are thinking like we do. You have to stay ahead of the threat to be safe, and that’s what you get with Security Intelligence.
Register for IBM X-Force Threat Reports to get access to the latest information concerning cyber-threats and security trends. Learn more about protecting your organization from a breach with this white paper, “5 Practical Steps to Protecting Your Organization Against Breach.”
Posted by Heather Howland in Cybersecurity, Threat Management
In April 2010, Tom Turner published this post on the business aspects of cyber security risks, and how the more than just the CSO needs to find a seat at the security table. While he references older data, I think this post is still very timely- especially considering that the frequency of attacks seems to be increasing every day, and companies are still struggling to come to terms with what a breach costs both them and their customers (in dollars, and reputation). Even more importantly, as the government is considering enacting legislation that will require breaches to be disclosed, all the stakeholders in a company need to be in agreement as to how they will respond when a breach inevitably does occur.
Read on to see why Tom thinks cyber security needs to move ”from being the sole responsibility of the IT department to a focus on risk management & business intelligence, organization wide integration and streamlined automation across the entire organization…” and how he thinks that can be accomplished.
***
Clearly, CIO’s, CSO’s and CISO’s are concerned about cyber security, but are there other C-Level executives who should be concerned? According to a new report from Internet Security Alliance (ISI) and American National Standards Institute (ANSI) entitled “The Financial Management of Cyber Risk: An Implementation Framework for CFO’s“, CFO’s need to play a leading role in defending their company against cyber attacks as well.
Why? One reason is that American businesses lost more than $1 trillion dollars in intellectual property in 2008 and 2009 due to cyber attacks and the severity and frequency of these attacks is only getting worse – and this number doesn’t include the cost of losing customers and the negative impacts on share value. Yet, despite the threat and potential for loss, only 5% of US companies have a CFO directly involved in protecting their organization from cyber attacks.
In most cases, cyber security is handled by the information technology (IT) department who must then attempt to work across a number of departments in order to secure the organization’s entire network. This creates a significant challenge for IT directors, as they’re often resource constrained departments struggle to keep pace with downsizing and reduced budgets while facing an exponentially growing threat. In addition, this leaves organizations needlessly vulnerable, a notion supported by Verizon’s 2008 Data Breach Investigations Report that shows that 87% of breaches could have been avoided through reasonable security controls. At the same time PricewaterhouseCoopers’ “The Global Information Security Survey” shows that organizations that follow best practices have zero downtime and zero financial impact from cyber attacks.
The report goes into great detail on how to begin the process of engaging the CFO and implementing an organization-wide approach to cyber security: I’ll leave you to discover that on your own. I do, however, want to touch on one of the key issues regarding changing the dynamics within the organization so that cyber security moves from being the sole responsibility of the IT department to a focus on risk management & business intelligence, organization wide integration and streamlinedautomation across the entire organization, or the Intelligent Integrated Automated model.
We know that the IIA (integrated, intelligent and automated) model works because more than 1,000 organizations world-wide have adopted it. We know that it dramatically improves an organization’s security posture because it helps security professionals prevent, defend against, respond to, remediate and analyze policy violations, intrusions & exploits. We also know that IIA both delivers the tools that the IT department needs to protect the organization’s assets while allowing stakeholders to gain access to information that is important to them so that they can make a decision.
The primary barrier to changing the dynamics in the organization and begin to work toward total security intelligence (operationalizing security management into your business or organization) is that the business case is difficult to make to, what technology experts are calling, digital immigrants – ie. those who don’t speak technology as a primary language – and this barrier can be even more difficult in organizations where compliance mandates – ie. PCI, FISMA, etc. – do not force the issue. IIA makes the business case for you as it helps non-technology executives understand what to do before an attack, during an attack and after an attack – and then shows them how it gets implemented & scaled and how it can take a complex network that generates over 2 billion logs a day and reduces that down to 25 high priority offenses that can be remediated.
In order to get the IIA message through to digital immigrants, cyber security professionals need to be able to break down the risks and potential losses that the company could incur due to a cyber attack and show what proactive measures are currently in place, what steps are in place if an attack does occur and what to do in a post-exploit environment.
Maybe the best message to engage other non-technology C-Level executives in the cyber security conversation is that it is not just about compliance, it’s about protecting the company financially from the growing risk of cyber attacks by putting in place the best people, superior technology and a template to ensure best practices are followed, as PricewaterhouseCoopers’ report shows, to work to achieve zero downtime and zero financial impact from cyber attacks.
The latest on Cyber Security