HTCS Blogs

now browsing by category


Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly

Source: National Cyber Security – Produced By Gregory Evans

Nearly all of the top million most popular domains are inadequately protected from “weaponized” email impersonation by hackers, formerly known as spear phishing, according to a new study released today by San Francisco-based email authentication service provider ValiMail.
One out of every five emails today appears to come from a suspicious sender who’s not authorized to use the sending domain, according to ValiMail’s 2017 Email Fraud Landscape Report. The study also found that only 0.5 percent of the top million domains use adequate authentication strategies to protect against email impersonation, even though most systems support stronger defenses.

Better email authentication defenses could help the typical company save $8.1 million each year in costs related to cybercrime, ValiMail reported.

ValiMail’s findings come on the heels of a report released last week from Google and the University of California-Berkeley that identified phishing as the greatest threat to people’s online identities.

‘Vast Majority’ of Businesses are Vulnerable

DMARC (domain-based message authentication, reporting, and conformance) is an email security system designed to protect against malicious actors sending unauthorized emails that appear to come from legitimate domains. The DMARC system enables administrators to set policies that validate the “From:” content in email headers comes from legitimate senders at those domains.

“Email has been weaponized by hackers as the leading way to infiltrate networks, and the vast majority of businesses are leaving themselves vulnerable by either incorrectly configuring their authentication systems or forgoing protection entirely,” ValiMail co-founder and CEO Alexander García-Tobar said in a statement. “Businesses are asking their employees to complete an impossible task: identifying who is real and who is an impersonator, by closely examining every message in their inboxes. The only sustainable solution is for companies to take control of their email security at the technology level and stop placing the onus on employees to prevent phishing attacks.”

Of organizations that use DMARC to validate their emails, 77 percent have either misconfigured the system or set policies that are too permissive, the ValiMail study found. In fact, only 15 percent to 25 percent of companies in various industries have properly implemented and maintained DMARC protections, the study noted.

‘Alarming Lack of Understanding’

Close to 100,000 phishing email campaigns were reported every month in the early part of this year, according to the Anti-Phishing Working Group, an international coalition of businesses, government organizations, and law-enforcement agencies. Several hundred companies see phishing attacks every few weeks, with businesses in the payment, financial services, and Webmail sectors the most vulnerable, the group said.

The year-long study by Google and the University of California-Berkeley released last week found that phishing poses the top threat against people whose online identities were exposed by Internet data breaches. Google said it has taken several steps in response to boost its authentication systems to defend against phishing.

The new research released today “demonstrates the volume of email fraud threats faced by companies today and highlights the alarming lack of understanding of how to combat these threats,” the Global Cyber Alliance’s Shehzad Mirza said in ValiMail’s statement. “These findings highlight that a lack of email authentication is the most prevalent security vulnerability companies face.”

Late last month, the U.S. Department of Homeland Security issued a directive requiring all federal agencies to begin implementing stronger email security defenses, including DMARC, within 90 days. The move is aimed at preventing federal emails and Web sites from spoofing and impersonation by hackers.

DMARC usage by federal agencies has grown since 2016, although only 38 percent had established adequate record policies as of October, according to the Online Trust Alliance. The ValiMail study noted that DMARC protection is available to most domains.

“Over three-fourths (76 percent) of the world’s email inboxes support DMARC and will enforce domain owners’ authentication policies, if those policies exist,” the report noted.

ValiMail offers its own solution to help enterprises fight the fight to keep email safe. Pricing starts at $30K annually, with the total cost dependent on a number of variables including company size, volume of email, number of domains, and so forth.

The post Email Has Been #Weaponized by #Hackers, Results Can Be #Deadly appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Iranian #national #charged with #hacking #HBO

Source: National Cyber Security – Produced By Gregory Evans

The Department of Justice on Tuesday charged an Iranian national with hacking the computer servers of HBO and seeking to extort the company after stealing episodes and scripts of popular shows, including “Game of Thrones.”

Behzad Mesri, aka “Skote Vashat,” was charged with fraud, aggravated identity theft and interstate transmission of an extortionate communication, among other charges, according to a new unsealed indictment.

According to the U.S. Attorney’s Office in the Southern District of New York, Mesri is not in custody. The FBI released a “wanted” poster of Mesri Tuesday afternoon, and said he speaks Farsi, currently resides in Iran and is a flight risk.

The prosecutors’ office also said they were not aware of any U.S. lawyer for the defendant.

Assistant director in charge of the FBI’s New York field office Bill Sweeney said at a news briefing that Mesri “lurked in the alleyways of the Internet, identified the vulnerabilities of his victim, pickpocketed their information from thousands of miles away and sought a ransom. Today’s charges show that international cybercriminals are never beyond the reach of U.S. laws.”

Mesri, who was a “self-professed expert in computer hacking techniques,” according to the indictment, at one point worked on behalf of the Iranian military to “conduct computer network attacks that targeted military systems, nuclear software systems and Israeli infrastructure.”

The indictment also reveals Mesri defaced hundreds of websites in both the U.S. and globally under his pseudonym Skote Vashat.

Between May and August, Mesri began his hacking and extortion scheme of HBO, working to obtain “unauthorized access to HBO’s computer systems” and “steal proprietary data from those systems.”

Mesri then attempted to extort HBO for $6 million worth of Bitcoin, a form of digital currency.

The confidential and proprietary data belonging to HBO he stole included video files of unaired episodes of “Ballers,” “Barry,” “Room 104,” “Curb Your Enthusiasm,” and “The Deuce,” scripts and plots for “Game of Thrones,” cast and crew contact lists, financial documents, emails belonging to at least one HBO employee, and log in information for HBO social media accounts.

The extortion scheme began in July, the indictment alleges.

“Hi to All losers! Yes it’s true! HBO is hacked! … Beware of heart Attack!!!” an anonymous email sent to HBO personnel on July 23 included in the complaint reads. The email claimed 1.5 terabytes of data was stolen.

The indictment alleges starting around July 30 and continuing to at least August, the defendant leaked portions of the stolen data to the Internet on websites he controlled.

HBO, which is owned by Time Warner, struggled over the summer with numerous high-profile hackings. A group called OurMine hijacked HBO’s main Twitter account, as well as other HBO shows’ accounts.

The post Iranian #national #charged with #hacking #HBO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season

Source: National Cyber Security – Produced By Gregory Evans

It’s time to take advantage of all those holiday specials and spend all your hard-earned bitcoin — er, I mean money — buying gifts for friends, family and, of course, yourself. Many retailers, large and small, online and brick-and-mortar, run holiday promotions as early as September. Gone are the days of waiting until Black Friday or Cyber Monday to take advantage of sales and specials.

The bad guys will be shopping, too — just not for the same items you are. Instead, they will be shopping for your wallet.

It’s true that some cyber Grinches ramp up their malicious activities during the holiday season, perhaps in the form of holiday-specific spam, spear phishing or compromised sites. While increased vigilance is encouraged during this time, there are a number of cybersecurity tips and best practices consumers and retailers should follow throughout the year to help mitigate threats. Having the right controls and awareness in place before the holidays can go a long way during the busy shopping season.

For Retailers: Vigilance Encouraged Throughout the Year

Black Friday and Cyber Monday are heavy shopping days and are likely to remain so for the foreseeable future. However, IBM X-Force research conducted over the past few years revealed that there was no significant uptick in network attacks targeting X-Force-monitored retailers during the traditional holiday shopping period in late November. In fact, last year, the volume of attacks for those two days fell below the daily attack average for retailers.

However, now that the shopping extravaganza lasts for two or more months, it’s possible that this four-day window is too short of a time period to identify notable network attack trends.

So far in 2017, network attacks targeting retail networks were highest in Q2, with June being the most-targeted month. Attacks dropped notably beginning in August and have been steadily declining, with the volume of attacks monitored for October below the monthly average for the year.

Time to celebrate? Not necessarily. In 2016, we observed a notable surge in the volume of attacks targeting retailers in mid to late December. Additionally, malware compromises occurring earlier in the year that have gone undetected can wreak havoc once the busy season commences. In December 2016, a security researcher discovered that nearly 7,000 online stores running Magento shopping cart software were infected with data-stealing skimmer malware capable of logging credit cards and passwords and making them available to attackers as image files for exfiltration.

Furthermore, bad actors do not have to steal anything to wreak havoc on the retail industry. A distributed denial-of-service (DDoS) attack is enough to cost the sector millions. In fact, the average cost of DDoS attack for organizations across all industries rose to over $2.5 million in 2016.

Retailers are encouraged to monitor their networks with increased vigilance during this holiday season. Vulnerable point-of-sale (POS) systems, compromised websites, and targeted spam and phishing campaigns can be costly.

To help keep your security posture strong over this holiday shopping season and all year long, review and implement the recommendations outlined in the IBM report, “Security Trends in the Retail Industry.”

For Consumers: What Cybersecurity Tips Are Missing From Your Repertoire?

Many online consumers have improved their security awareness as media coverage and education opportunities have increased. However, below are a few cybersecurity tips that many consumers likely haven’t thought of.

Assess Convenience Versus Risk

Our digital interactions leave data trails. Finding the right balance between personalization and privacy is the consumer’s responsibility, not just the retailer’s. Many sites have the option to save your card data for future use. While this feature offers convenience to the consumer, the stored data can be stolen via SQL injection attacks or other database compromises — after all, there are billions of leaked records due to misconfigured servers. Always look for the green lock icon in the browser address bar to ensure a secure connection to websites.

Be Wary of Unsuspicious Emails

Criminals have gotten really good at devising phishing lures that are extremely difficult to recognize as fraudulent. Receive an attachment from someone that appears to be in your contact list? Call them to confirm. Order something online? Before clicking the “track package” link in the confirmation email, ensure that it is actually an item you purchased from the correct vendor.

Use Passphrases and Multifactor Authentication

Exercise strong password hygiene by choosing to use a long, easy-to-remember passphrase, such as “ipreferpassphrasesoverpasswords,” instead of complex passwords containing a combination of letters, numbers and special characters. Unfortunately, this is not always an option since many websites now require a password that contains this combination. Use different passphrases for each site. If this seems too daunting, use a password manager. Rather than managing dozens of passphrases on your own, you’ll just have to remember the one key to your digital vault.

Always opt for multifactor authentication when available, and figure out which option is the most secure when choosing a real-time short message service (SMS) text message, an email message or an automated phone call.

Get Creative With Security Questions

When setting up new accounts, opt for security and password reset questions that aren’t public to make it harder for fraudsters to get their hands on your information. For example, don’t use your mother’s maiden name, which could be easily found online. Even answers to opinion-based questions, such as favorite movie, food, etc., can be found on social media. For increased security, lie about your answers or use passphrases as the answers.

Skimmers Abound

By now, you have most likely heard of skimmers being placed on the card readers at gas stations and bank ATMs. A skimmer is a hidden device placed inside the mouth of a payment card reader that is designed to copy your card data for criminals to user later. But what about in-store POS systems? Be on the lookout for suspicious-looking card swiping terminals that could be skimmers, or cash register attendants who seem to swipe your card on two different readers. Maintain this vigilance not only during the holiday season, but all the time, especially if you travel to other countries.

Know Your Card Security Features

Banks and credit card companies have implemented some great security features, such as being able to set limits on the number of times the card can be used within an hour or on the amount that can be spent on one purchase. However, if you’re unaware of these limits for your personal accounts or your phone number is not up to date in your bank profile, you may end up with a declined card.

Cover Your Card

Is the person in line behind you taking a selfie, or is he or she taking a picture of your card as you make a purchase? By obtaining the credit card number, name, expiration date and the card security code or card verification value on the back, an attacker may be able to use the information to make online purchases.

Keep Your Guard Up Year-Round

The holiday season is a great time to take stock of the past year while relaxing and spending time with loved ones, but it’s no time to let your guard down, especially given the increasing sophistication of cybercriminal tactics targeting holiday shoppers and sellers alike. We encourage retailers and consumers to follow best practices not only this holiday season, but also all year long to help mitigate attacks and compromise.

The post Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Here’s How #Taking #Cybersecurity Very #Seriously Enhances Your #Brand

Source: National Cyber Security – Produced By Gregory Evans

It is a scary time to do business. Phishing, hacking, identity theft, ransomware, payment fraud: the list of ways that cyber criminals are attacking individuals, companies and governments seems endless. The U.S. Securities and Exchange Commission (SEC) recently referred to cyber threats as “the greatest threat to our markets right now” and for good reason. While recent global attacks like Wannacry and Petya/GoldenEye dominated headlines due to the sheer size of its reach and impact, thousands more acts of cybercrime are committed every single day — almost 50 percent of which target businesses.

But, don’t be fooled into thinking that you have to be a Fortune 500 corporation to be a target. Cybercrime is an equal opportunity menace. Larger mature companies are hit most often, but smaller scale-ups are hit the hardest, and it takes longer for them to recover. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective. In today’s digital economy, winning and maintaining the trust of your customers is central to business growth, and nothing erodes trust quite like a cyber breach.

Scaling customer trust is a very different animal to scaling customer numbers. In fact, it can work in inverse proportion. When there is rapid customer base growth, it puts more strain on the company’s Trust and Safety resources, which in turn, results in an increase in security breaches and a decrease in customer trust. Don’t allow this to happen. Safely and successfully scale the trust of your customers by adopting these three key measures:

1. Take full control of updating your company’s software.

Imagine that your company is a castle. The walls of the castle can break and crumble in places, allowing intruders easy access. So these walls need to be constantly maintained and patched up. If you give everyone working in the castle responsibility for this maintenance, something is going to go wrong somewhere, sometime. One of your team will fill a hole with sand instead of cement, so you need to take full control of it.

It’s the same in a company. A recent survey conducted by research firm Voke Media found that 27 percent of companies reported a failed audit in the prior 18 months. Eighty one percent of those failures could have been prevented with a patch or configuration change. Twenty six percent of companies reported a breach, of which 79 percent could have been prevented with those two measures. In fact, if more individuals and companies kept their software up to date, the devastation caused by the recent Petya attacks would have been minimal.

By using an enterprise network, this critical function will be managed centrally by one expert rather than by many novices. 

2. Put human error in the firing line.

Even though the walls of your castle may be fully maintained and secure, a worker may unwittingly open a window or door, giving intruders full access.

Ninety five percent of all security incidents involve human error, according to the 2017 IBM Cyber Security Intelligence Index. Examples include staff clicking links to phishing scams or visiting corruptive websites, and network administrators making small errors with big consequences. For example, it was reported recently that North Korean hackers stole U.S.-South Korea war plans. A contractor working at the data center left a cable in place that connected the military intranet (which had compromised antivirus software installed) to the internet, allowing the North Korean hackers to access sensitive information.

Employees can be helped to recognize scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent emails quickly, and keep testing internally to prove the training is working. Your front line must always be cyber-ready.

3. A.B.C. — Always Be Communicating with your customers.

Tell them what you are doing to keep them safe. Customers value transparency, and the more companies are open with both its customers and employees, the further trust will be established. Take Zappos, for example, who promotes transparency in its Zappos Family Core Values by being completely open with its vendors when it comes to internal information. Instead of trying to hide secrets or use private information to establish leverage, Zappos believes in giving vendors complete visibility. The result is more trusting relationships that strengthen the organization at very foundational levels.

The expertise and time required to successfully introduce all or any of these security measures can be immense, and often difficult to provide in-house. As a result, many fast-growing companies are outsourcing Trust and Safety (TnS) Operations to a partner company, allowing them to focus on core competencies. If this is a route you choose to take, be sure to demand the same level of trustworthiness from them, as your customers do from you. And here’s how to do it:

Find a partner who has a proven track record of delivering top quality TnS services.
A premium BPO will routinely outperform its partner’s Net Promoter Scores (NPS) scores and will have the data to prove it. Providing value added, high touch customer experiences results in high customer satisfaction. So not only will you have a high NPS score, you’ll also be able to turn those satisfied customers into your champions. A raw, positive customer referral is infinitely more powerful than any advertising copy.

Many companies are publicly private about its outsourcing practices, so go deeper than a few Google searches when carrying out your research. Conversations with peers and BPO reps will bear more fruit. Ask for examples and personal accounts so you can understand how the agents would react in any situation.

Ask a lot of questions about the training the contact agents receive.

Contact agents will be your front line so it’s important they are prepared for any scenario. Whether it’s risk, user safety or fraud prevention, proper training is critical. Last year, one of my TnS agents saved one of our major partners over $20,000 by foiling an attempted money laundering scam before it even got started. Our in-depth agent training programs were central to this big win.

Ask what training programs are available, and if they can be tailored to suit your needs. Empathy training for emergency situations and crises help equip agents with the skills needed in case they find themselves in a sensitive or stressful situation. The key to success is the people so choose an organization that invests in recruitment, training and quality.

Be clear about the security measures that you want in place.

By having the security discussion up front, you can find a partner that is flexible enough to provide what you need. Inform yourself about the company’s network security and how they intend to keep your data safe. Ask: Does their security philosophy match yours? Do they have the right tools already in place? What else is needed to keep yours and your customers’ data safe?

Ask about their data recovery and business continuity plans in the case of a breach. With data breaches looming around the corner every day, it’s imperative to know there’s a backup plan should a breach occur.

Make sure your partner can support your growth.

When companies experience rapid growth, it will throw up a lot of challenges on your journey to success, and many of them will be way outside of the sphere of your core competencies. You’ll need to hire in functional expertise, set up complex new systems and processes, and create management structures. In a world where companies grow faster than at any other time in history, most are outsourcing at least some of their core functions, so that they scale up successfully.

Take Airbnb for example, who over the past ten years has seen phenomenal growth. What started as a small company in San Francisco that allowed people to turn their spare bedrooms into vacation rentals, now operates in more than 190 countries worldwide. When Airbnb contracted Voxpro to carry out its TnS operations, it started with six agents. Three years later, the number has grown to 106 given the rapid growth of the business. A great BPO will grow with you.

It’s a scary time to do business, but in the 20 years I have been running companies, I have never experienced a more exciting time to do business. The digital nature of today’s global economy has opened up amazing opportunities to scale your company bigger and faster than at any other point in history. Yes, it also opens up opportunities for cyber criminal opportunists too, but never forget that you are the one in control, not them. By taking a proactive approach to your trust and safety operations you will shut them down, lock them out, and successfully scale the size and the trust of your customer base.


The post Here’s How #Taking #Cybersecurity Very #Seriously Enhances Your #Brand appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #begins and #ends with the #trusted #identity

Source: National Cyber Security – Produced By Gregory Evans

There are nearly two billion usernames and passwords available for sale in the black market, according to a recent joint study carried out by Google Inc. and the University of California. A significant percentage of those login credentials can be used to directly access Google accounts, driving security researchers’ new focus on machine learning methods to keep password authentication processes from slowing down progress within cloud environments.

“As you start adopting cloud services, as we’ve adopted mobile devices, there’s no perimeter anymore for the company,” said David McNeely (pictured), vice president of product strategy at cybersecurity firm Centrify Corp. “Identity makes up the definition and the boundary for the organization.”

McNeely stopped by the set of theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with co-hosts John Furrier (@furrier) and Dave Vellante (@dvellante) at CyberConnect 2017 in New York City. They discussed the weaknesses of current password models, a growing interest in just-in-time permission and the future role of machine learning for enterprise cloud security. (* Disclosure below.)

Password vaults create weaknesses

Flaws in password-protected computer security models have been well-documented. Centrify works with a number of customers who use password vaults or managers, repositories for access credentials that can be “checked out” for a day and used by system administrators to grant them control over every computer in an organization. Often, the passwords are placed in a clipboard file which can be easily accessed by a hacker.

“We been spending a lot more time trying to help customers eliminate the use of passwords, trying to move to stronger authentication,” McNeely said.

Security problems have been exacerbated by models where system administrators are automatically granted persistent access across network. Hack one, hack them all. To address this weakness, Centrify has been developing a just-in-time workflow access request model, where no administrator can enter systems databases until a set of approval protocols have been followed.

“That’s the one that’s a little bit newer that fewer of my customers are using, but most everybody wants to adopt,” McNeely said. “The malware can’t make the request and get the approval of the manager.”

The concern about this approach is that it can slow down enterprise workloads. This is where machine learning could have a major impact by analyzing system entry requests based on patterns of historical access. Behavior-based systems can evaluate more than 60 different factors, such as where the device owned by the requestor is physically located and if that matches an administrator’s profile.

“The whole idea is to try to get computers to make a decision based on behavior,” McNeely said. “It’s going to help us enormously in making more intelligent decisions.”

The post Cybersecurity #begins and #ends with the #trusted #identity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Security Watch Position/Security Engineer

Source: National Cyber Security – Produced By Gregory Evans

Job Description

Edgewater Federal Solutions is a small business providing Information Technology (IT) consulting services to the Federal government.   Founded in 2002, Edgewater is headquartered a few miles south of Frederick, Maryland (near Urbana, MD).  Edgewater’s core services are Program Management Support, Business Process Engineering, Cyber Security, and Enterprise Systems Engineering and Operations.  Edgewater is currently seeking a Cyber Security Watch Position/Security Engineer to provide support to the DOE IN office located in Washington, D.C.

Responsibilities/Duties include:

  • Serve as the Cybersecurity Watch Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, and report on events to protect information systems and networks from threats.
  • Perform technical security activities to include:
    • Characterize and analyze security events to identify anomalous and potential threats to systems
    • Analyze identified malicious activity to determine exploitation methods and impacts
    • Triage intrusions, malware, and other cybersecurity threats
    • Document, track and escalate cybersecurity incidents
  • Comment on new ODNI/NIST standards / regulations as applies to client environment
  • Employ best practices when implementing security requirements within an information system.
  • Participate in IC Community Shared Resources Working Group.
  • May serve as a technical team or task leader.
  • Maintains current knowledge of relevant technology as assigned.
  • Respond to cyber incidents as defined in DOE-IN Incident Response and local SOP.
  • Participates in special projects as required.

Required Skills:

  • 12 years of cyber security experience with a Bachelor’s Degree in a technical field.
  • Desired Candidates have CISSP or other security certification.
  • Knowledge of common adversary tactics, techniques, and procedures.
  • Experience working in a SIEM, interpreting IDS alerts, and deriving context from event logs
  • Candidates must have the following experience and knowledge:
    Knowledge of the IC and audit collection policies.
  • Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
  • Possess the ability to communicate in written and oral form.  Publication or presentation experiences a plus.
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
  • Candidate will be a Proactive Self Starter
  • Candidate will Require Little to No Immediate Supervision or Day to Day Tasking
  • Candidate will Possess Excellent Decision Making Skills.
  • Candidate will Demonstrate Flexibility and Possess the Willingness to Support Shift Work if Needed.
  • Candidate will Possess Excellent ability to collaborate as a Team and Possess Excellent Interpersonal Skills.
  • Candidate will Possess Excellent Oral and Written Communication Skills and be able to Interact with Senior Levels of Management.

Preferred To Have/Desired Skills:

  • Possesses experience supporting the Intelligence Community (IC)
  • Experience analyzing host based security events and indicators
  • Experience analyzing network based security events and indicators
  • Experience working in a SOC and supporting incident response
  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).
  • Knowledge of cloud architecture.
  • Knowledge of virtualization capabilities

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, and/or other status protected by applicable law.

The post Cyber Security Watch Position/Security Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Information Security Analyst-Level 2

Source: National Cyber Security – Produced By Gregory Evans

Job Description:

Job Description

Job Title: Information Security Analyst Level 2

Division/Department: Information Systems – Security

Job Overview:
The Information Security Specialist Level 2 supports day-to-day Information Technology (IT) security operations and event investigation. S/he is responsible for Security Data Analytics, SOC 2nd Level Support, Threat Intelligence and Security Risk Reporting. The Specialist is involved with employee technology on-boarding, off-boarding, logical access control, and access entitlement review for internal and cloud systems. This role provides IT Security Information and Event Management (SIEM), log management, security incident management, and forensics. This individual serves a key role providing a holistic view of an organization’s IT security preparedness and response to cyber threats.

Essential Responsibilities:
• Responsible for Security Data Analytics, SOC 2nd Level Support, Threat Intelligence and Security Risk Reporting
• Lead Enterprise Vulnerability and Patch Management initiatives that advance business objectives in a manner that matches business appetite for risk
• Improve security awareness regarding evolving threats and common vulnerabilities
• Assist with examination of security controls (i.e., facilitate internal and external audits, compliance reporting, and management attestation)
• Examine operational effectiveness of security controls and design automation when valuable
• Vulnerability Scanning and Penetration Testing, key control testing, Data Leakage Detection and Scanning, and Identity and Access acceptable use monitoring 
• Responsible for employee technology on-boarding, off-boarding, logical access control, and access entitlement review for internal and cloud systems
• Prepare reports for Management regarding risk findings and progress with remediation
• Develop cyber security analytics and threat intelligence using multiple data sources using SIEM
• Provide 2nd level support to Security Operations Center (SOC)
• Configure security tools and sensors to alert on certain risk conditions
• Examine cyber adversary techniques in order to develop defensive methodologies
• Explore the security event alerting and auditing capabilities of various technology (e.g., Microsoft Windows, SQL, Email, Firewalls, IPS, AV, applications, etc.) and establish configuration standards
• Assist Computer Emergency Response Team (CERT) with cyber threat detection and prevention

Additional Responsibilities:
• Recurring reporting to IT Management demonstrating operational effectiveness of security controls
• As assigned by Manager

Specific Knowledge, Skills and Abilities: 
• General knowledge of information technology including Microsoft Windows, Linux, office automation (e.g., Microsoft Word, Microsoft Excel, Microsoft Outlook, etc.), email, databases.
• Understanding of networking concepts and technologies including Routing, Switching, NAT, OSI Model, etc. 
• Knowledge of common information security concepts such as anti-virus, logical access control, firewalls, intrusion prevention, least privilege, separation of duties, etc.
• High level of analytical and problem-solving abilities
• Aptitude to learn new technology product and concepts
• Ability to manage multiple projects and multiple deadlines in an organized fashion
• Interest to learn scripting languages, macros, programs, and regular expressions
• Understanding of basic data analysis and management concepts
• Ability to communicate clear call to action verbally and in written form
• Desire to learn new products and techniques to safeguard information systems and data
• Ability to work independently to advance daily duties as well as collaboratively with multiple teams to advance projects
• Experience with Splunk, analytic development, data mining, data visualization, or machine learning is also helpful.
• Experience with Data Warehouse and Business Intelligence (BI) tools desired but not required
• Ability to author technical and management risk reports

Preferred Education, Experience and Licenses:
• Minimum Education Required: Associate Degree in Information Assurance, Computer Science, Mathematics, or Business Administration or related field or equivalent job-related experience.
• Education Desired: Bachelor’s Degree in Security Management, Information Assurance, Computer Science, Mathematics, or Engineering or related field
• ISC2 CISSP or ISACA CISM/CISA professional certification preferred
• 5+ years of experience in IT or in role that requires regular use of Information Technology and Data Management.
• 2 years of experience with Security Information and Event Management (SIEM) products (e.g., Splunk, ArcSight, LogLogic, etc.) preferred
• Experience in Retail desired, but not required

B-H Photo-Video-Pro Audio is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.

The post Information Security Analyst-Level 2 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #New Jersey #fills the #cyber info #gap

Source: National Cyber Security – Produced By Gregory Evans

When it comes to sharing information on cybersecurity threats and incident reporting, it’s harder for small businesses to get access to the same intelligence that industry giants share internally and with the Department of Homeland Security.  To address that need, the New Jersey Cybersecurity & Communications Integration Cell was established in 2015 to give the small business community access to unclassified reports and threat profile information.

“The majority of our small- to medium-size businesses do not have a conduit to the federal government or intelligence agencies for information sharing,” New Jersey CTO Dave Weinstein said at the Nov. 15 Capital Cybersecurity Summit.  “They are our primary audience,” along with New Jersey’s main utility providers, he said.

The NJCCIC works to strengthen relationships with the business community “beyond the traditional channels,” which typically don’t provide timely information to smaller firms.  For example, large telecommunications companies like Verizon share information on threats weekly,  Weinstein said, but they don’t make the information available to wider business community.

Over the past 17 months, the cell has published briefs on denial-of-service attacks, ransomware and web application vulnerabilities, along with recommendations for next steps.

Weekly bulletins contain information on threats and malicious activity targeting networks in New Jersey.  Relevant threat alerts and data breach notifications are also sent out via email blasts.

Threat profiles on the NJCCIC website give businesses information on known Android and iOS malware, botnets, exploit kits, point-of-service malware, ransomware and Trojan variants.

States fusion centers are required to share information with the DHS’ National Cybersecurity and Communications Integration Center, but Weinstein said his hope is for other states to adopt New Jersey’s model to share information with their local business communities as well.

As the head of the New Jersey Office of Information Technology, Weinstein is responsible for monitoring networks at 1,400 locations across the state. But his goal is to bring even more “hyperlocal and non-vertically aligned institutions” into the state’s information sharing hub.

“We digest a lot of information on threats on a daily basis that can serve as a valuable collection apparatus for New Jersey, small businesses and the federal government in some cases,” Weinstein said.  “We need to multiply this model across states and other common areas of interest … to standardize the form in which the data is shared.”

The NJCCIC is in the process of exploring how machine learning can help to share actionable cyber threat information.

“Some of those [information sharing] efforts are currently automated, and others are manually intensive,” Weinstein told GCN after the panel.  By eliminating some of “noise” in the cyber threat information, he said, we can “bring it down into something that can actually be analyzed and made sense of.”

The post How #New Jersey #fills the #cyber info #gap appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #security #war games helping #businesses find & #recruit untapped #talent

Source: National Cyber Security – Produced By Gregory Evans

With the cyber security skills gap widening amidst a rise in the overall threat landscape, business are now relying on cyber security war games to find and recruit new cyber warriors whose talents have remained untapped for years.

The Cyber Security Challenge UK Masterclass competition ended on a high earlier this week with 22-year old Mo Rahman emerging as the overall winner, ahead of 41 other talented finalists, some of whom came from abroad to test their skills.

The three-day competition, which involved a team of such finalists breaching a shipping company’s servers and another defending the breach and as well as pin-pointing an insider threat, not only measured their cyber security skills, but also their presentation and leadership skills.

In order to qualify for the event, these cyber warriors had to pass an initial online test conducted by Cyber Security Challenge U.K., followed by competitive one-against-one challenges in real time. All the finalists were then grouped into teams, with each of the teams assigned different purposes.

Even though the competition was held every year since 2010, the organisers made sure that the challenge presented to the finalists this year would be as realistic as possible. The finalists were made to perform forensic analysis, and then to use the results of such analysis to build a case against an insider who was responsible for a breach. They were also made to conduct a live presentation in order to convince fictitious board members.

The purpose of the competition is basically to help industries and businesses hire talented cyber security warriors whose talents would remain hidden but for such competitions. Observers from businesses would not only be able to witness their cyber skills in real time, but also their analytical, communication, and leadership skills, things that are now believed as basic skills that cyber security professionals must possess.

‘This event is designed to mirror challenges faced by leading industry experts, in order to identify the UK’s best talent. Traditional recruitment methods don’t work in the world of cyber-security – often the most talented individuals don’t stand out on paper and events like this allow us to put the best talent in the country in front of many of the leading organisations in the country that are seeking more cyber security skilled workers,’ said Nigel Harrison, acting CEO of Cyber Security Challenge UK.

‘We face a shortage of cyber security professionals, not just here in the UK but worldwide. To address this, we are doing more than ever before to inspire people to pursue a career in cyber security,’ said Caroline Noakes, Minister for Government Resilience and Efficiency.

‘We will continue to work in partnership with organisations like the Cyber Security Challenge UK to make Britain secure, confident and prosperous in the digital world,’ she added.

With the rising cyber threats landscape, the existing cyber security skills gap is not only hurting businesses, the legal community, the media, as well as major industries, but also the country’s critical resources like the police forces, the armed forces as well as the NHS, whose recent encounter with ransomware attacks is well-known.

Recently, an eye-opening research from independent think-tank Reform revealed that only 40 out of 13,500 volunteers working for the UK Police were cyber security experts, and that the force was in dire need of as many as 12,000 volunteers from the civil society to fight the growing menace of cyber crimes which accounted for nearly half of all crimes.

The research paper also recommended the setting up of a new digital academy by the Home Office to offer cyber security training to as many as 1,700 police officers and staff every year. It also urged the Home Office to use administrative savings from accelerating the Government’s automation agenda to set up a £450 million a year capital grant for the forces, and also to use the £175 million Police Transformation Fund to implement a transformational technology.


The post Cyber #security #war games helping #businesses find & #recruit untapped #talent appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why #micro SMEs are still not taking #cyber security seriously #enough

Why #micro SMEs are still not taking #cyber security seriously #enoughSource: National Cyber Security – Produced By Gregory Evans A recent survey of 2,000 UK businesses looking at digital transformation showed the number of businesses with formal strategies had doubled over the last year to 63%. However, businesses with less than 50 employees lagged behind with 64% not having a formal plan, compared to 91% […] View full post on | Can You Be Hacked?