now browsing by tag


Cyber Security Watch Position/Security Engineer

Source: National Cyber Security – Produced By Gregory Evans

Job Description

Edgewater Federal Solutions is a small business providing Information Technology (IT) consulting services to the Federal government.   Founded in 2002, Edgewater is headquartered a few miles south of Frederick, Maryland (near Urbana, MD).  Edgewater’s core services are Program Management Support, Business Process Engineering, Cyber Security, and Enterprise Systems Engineering and Operations.  Edgewater is currently seeking a Cyber Security Watch Position/Security Engineer to provide support to the DOE IN office located in Washington, D.C.

Responsibilities/Duties include:

  • Serve as the Cybersecurity Watch Analyst responsible for analyzing information collected from a variety of sources to identify, analyze, and report on events to protect information systems and networks from threats.
  • Perform technical security activities to include:
    • Characterize and analyze security events to identify anomalous and potential threats to systems
    • Analyze identified malicious activity to determine exploitation methods and impacts
    • Triage intrusions, malware, and other cybersecurity threats
    • Document, track and escalate cybersecurity incidents
  • Comment on new ODNI/NIST standards / regulations as applies to client environment
  • Employ best practices when implementing security requirements within an information system.
  • Participate in IC Community Shared Resources Working Group.
  • May serve as a technical team or task leader.
  • Maintains current knowledge of relevant technology as assigned.
  • Respond to cyber incidents as defined in DOE-IN Incident Response and local SOP.
  • Participates in special projects as required.

Required Skills:

  • 12 years of cyber security experience with a Bachelor’s Degree in a technical field.
  • Desired Candidates have CISSP or other security certification.
  • Knowledge of common adversary tactics, techniques, and procedures.
  • Experience working in a SIEM, interpreting IDS alerts, and deriving context from event logs
  • Candidates must have the following experience and knowledge:
    Knowledge of the IC and audit collection policies.
  • Possess effective interpersonal and presentation skills as he/she operates in a client-facing role.
  • Possess the ability to communicate in written and oral form.  Publication or presentation experiences a plus.
  • Experience reporting IT Security events/incidents in the time prescribed based on policies and procedures.
  • Candidate will be a Proactive Self Starter
  • Candidate will Require Little to No Immediate Supervision or Day to Day Tasking
  • Candidate will Possess Excellent Decision Making Skills.
  • Candidate will Demonstrate Flexibility and Possess the Willingness to Support Shift Work if Needed.
  • Candidate will Possess Excellent ability to collaborate as a Team and Possess Excellent Interpersonal Skills.
  • Candidate will Possess Excellent Oral and Written Communication Skills and be able to Interact with Senior Levels of Management.

Preferred To Have/Desired Skills:

  • Possesses experience supporting the Intelligence Community (IC)
  • Experience analyzing host based security events and indicators
  • Experience analyzing network based security events and indicators
  • Experience working in a SOC and supporting incident response
  • Experience with supporting the Joint Worldwide Intelligence System (JWICS).
  • Knowledge of cloud architecture.
  • Knowledge of virtualization capabilities

It has been and continues to be the policy of Edgewater Federal Solutions to provide equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, and/or other status protected by applicable law.

The post Cyber Security Watch Position/Security Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #New Jersey #fills the #cyber info #gap

Source: National Cyber Security – Produced By Gregory Evans

When it comes to sharing information on cybersecurity threats and incident reporting, it’s harder for small businesses to get access to the same intelligence that industry giants share internally and with the Department of Homeland Security.  To address that need, the New Jersey Cybersecurity & Communications Integration Cell was established in 2015 to give the small business community access to unclassified reports and threat profile information.

“The majority of our small- to medium-size businesses do not have a conduit to the federal government or intelligence agencies for information sharing,” New Jersey CTO Dave Weinstein said at the Nov. 15 Capital Cybersecurity Summit.  “They are our primary audience,” along with New Jersey’s main utility providers, he said.

The NJCCIC works to strengthen relationships with the business community “beyond the traditional channels,” which typically don’t provide timely information to smaller firms.  For example, large telecommunications companies like Verizon share information on threats weekly,  Weinstein said, but they don’t make the information available to wider business community.

Over the past 17 months, the cell has published briefs on denial-of-service attacks, ransomware and web application vulnerabilities, along with recommendations for next steps.

Weekly bulletins contain information on threats and malicious activity targeting networks in New Jersey.  Relevant threat alerts and data breach notifications are also sent out via email blasts.

Threat profiles on the NJCCIC website give businesses information on known Android and iOS malware, botnets, exploit kits, point-of-service malware, ransomware and Trojan variants.

States fusion centers are required to share information with the DHS’ National Cybersecurity and Communications Integration Center, but Weinstein said his hope is for other states to adopt New Jersey’s model to share information with their local business communities as well.

As the head of the New Jersey Office of Information Technology, Weinstein is responsible for monitoring networks at 1,400 locations across the state. But his goal is to bring even more “hyperlocal and non-vertically aligned institutions” into the state’s information sharing hub.

“We digest a lot of information on threats on a daily basis that can serve as a valuable collection apparatus for New Jersey, small businesses and the federal government in some cases,” Weinstein said.  “We need to multiply this model across states and other common areas of interest … to standardize the form in which the data is shared.”

The NJCCIC is in the process of exploring how machine learning can help to share actionable cyber threat information.

“Some of those [information sharing] efforts are currently automated, and others are manually intensive,” Weinstein told GCN after the panel.  By eliminating some of “noise” in the cyber threat information, he said, we can “bring it down into something that can actually be analyzed and made sense of.”

The post How #New Jersey #fills the #cyber info #gap appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #security #war games helping #businesses find & #recruit untapped #talent

Source: National Cyber Security – Produced By Gregory Evans

With the cyber security skills gap widening amidst a rise in the overall threat landscape, business are now relying on cyber security war games to find and recruit new cyber warriors whose talents have remained untapped for years.

The Cyber Security Challenge UK Masterclass competition ended on a high earlier this week with 22-year old Mo Rahman emerging as the overall winner, ahead of 41 other talented finalists, some of whom came from abroad to test their skills.

The three-day competition, which involved a team of such finalists breaching a shipping company’s servers and another defending the breach and as well as pin-pointing an insider threat, not only measured their cyber security skills, but also their presentation and leadership skills.

In order to qualify for the event, these cyber warriors had to pass an initial online test conducted by Cyber Security Challenge U.K., followed by competitive one-against-one challenges in real time. All the finalists were then grouped into teams, with each of the teams assigned different purposes.

Even though the competition was held every year since 2010, the organisers made sure that the challenge presented to the finalists this year would be as realistic as possible. The finalists were made to perform forensic analysis, and then to use the results of such analysis to build a case against an insider who was responsible for a breach. They were also made to conduct a live presentation in order to convince fictitious board members.

The purpose of the competition is basically to help industries and businesses hire talented cyber security warriors whose talents would remain hidden but for such competitions. Observers from businesses would not only be able to witness their cyber skills in real time, but also their analytical, communication, and leadership skills, things that are now believed as basic skills that cyber security professionals must possess.

‘This event is designed to mirror challenges faced by leading industry experts, in order to identify the UK’s best talent. Traditional recruitment methods don’t work in the world of cyber-security – often the most talented individuals don’t stand out on paper and events like this allow us to put the best talent in the country in front of many of the leading organisations in the country that are seeking more cyber security skilled workers,’ said Nigel Harrison, acting CEO of Cyber Security Challenge UK.

‘We face a shortage of cyber security professionals, not just here in the UK but worldwide. To address this, we are doing more than ever before to inspire people to pursue a career in cyber security,’ said Caroline Noakes, Minister for Government Resilience and Efficiency.

‘We will continue to work in partnership with organisations like the Cyber Security Challenge UK to make Britain secure, confident and prosperous in the digital world,’ she added.

With the rising cyber threats landscape, the existing cyber security skills gap is not only hurting businesses, the legal community, the media, as well as major industries, but also the country’s critical resources like the police forces, the armed forces as well as the NHS, whose recent encounter with ransomware attacks is well-known.

Recently, an eye-opening research from independent think-tank Reform revealed that only 40 out of 13,500 volunteers working for the UK Police were cyber security experts, and that the force was in dire need of as many as 12,000 volunteers from the civil society to fight the growing menace of cyber crimes which accounted for nearly half of all crimes.

The research paper also recommended the setting up of a new digital academy by the Home Office to offer cyber security training to as many as 1,700 police officers and staff every year. It also urged the Home Office to use administrative savings from accelerating the Government’s automation agenda to set up a £450 million a year capital grant for the forces, and also to use the £175 million Police Transformation Fund to implement a transformational technology.


The post Cyber #security #war games helping #businesses find & #recruit untapped #talent appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why #micro SMEs are still not taking #cyber security seriously #enough

Why #micro SMEs are still not taking #cyber security seriously #enoughSource: National Cyber Security – Produced By Gregory Evans A recent survey of 2,000 UK businesses looking at digital transformation showed the number of businesses with formal strategies had doubled over the last year to 63%. However, businesses with less than 50 employees lagged behind with 64% not having a formal plan, compared to 91% […] View full post on | Can You Be Hacked?

‘Cyber is the New #Black’: #Cyber Expert Points to #Diplomacy to #Solve Global #Cybersecurity Issues

Source: National Cyber Security – Produced By Gregory Evans

With growing threats not only in the physical world but also in today’s nebular cyber world, Christopher Painter ’80 argued that “cyber is the new black,” meaning that “everyone cares about cyber” now.

Painter, who has been at the forefront of cyber issues for the last 25 years, addressed growing security concerns and the role of modern cyber-diplomacy at the 2017 Bartels World Affairs Fellowship Lecture this Wednesday.

Painter, the “weary warrior” of cyber warfare for his entire career, started his career as a prosecutor dealing with cyber cases and served as the U.S. State Department’s first coordinator for cyber issues from 2011 until July this year.

While studying at Cornell in 1979, Painter used punched cards for computer programming and played hundreds of sessions of BakéGyamon, an anime computer game, for his work study. Back then, Painter reflected, “the internet … existed in very basic form. The world wide web certainly didn’t exist.”

But technology has come far since; today, “we are all dependant [on the internet] for financial transactions, social transactions and to communicate really for everything,” Painter said.

However, though this rapid technological innovation has largely “been a tremendous force for good,” it does not come without its dangers.

“[The internet] has been the target of criminals, malicious state actors, terrorists and others,” Painter said.

Therefore, it is essential to find the balance, so that we are “not trading security for openness … but having all these things together,” Painter said.

“Back then, people looked at computer hackers as Robin Hood’s,” Painter said, because the common citizen’s information was not stolen, nor were they personally threatened.

This is no longer the case for the common citizen today.

In 2000, Painter was involved in a case that seemed to be a sophisticated, dangerous attack because it was on a global scale, but in reality, it was a fourteen-year-old Canadian boy, called the “MafiaBoy,” hacking computers.

His acts, Painter said, “had really a disproportionate effect and demonstrates the asymmetric nature of the technical threat.”

On a more serious note, Painter discussed the time North Korea hacked into Sony to pull back the distribution of an image, in which the country was “not only hacking into a system but was meant to curtail freedom of expression rights,” he said.

Taking this a step further, Painter highlighted a major concern regarding cybersecurity: “the fear of a debilitating attack against our infrastructure,” he said, pointing to possible examples of taking down the water system and the power system.

Painter said plainly, “It would have long-term, terrible consequences” as “not just a cyber but as a physical event.”

Therefore, “we have to be cognisant of these threats going forward,” he said.

These threats transcend individual hackers to entire nations, with different states having different visions for the future of technology.

Whereas much of the Western world is open about sharing information, Russia and China are among the countries that “want absolute sovereignty in cyberspace,” Painter said.

“The internet is not run by states — not run by government,” Painter said.

Although governments have influence over the internet to some extent, the private sector is involved, too, as Painter explained, so it is an international issue that different groups of people have to confront together.

Painter believes international law should apply to cyberspace as it does to the physical world. There are a set of norms many countries agree to, such as the idea that a nation should not attack infrastructures meant for the public good.

“You have to get countries around the world to embrace this to really make these norms stick,” he said.

So, how do we deal with the issue of cybersecurity?

Painter said, “It all comes down to the role of diplomacy — in all of this, the role of building alliances and shaping the environment and showing international cooperation is really paramount.”

The post ‘Cyber is the New #Black’: #Cyber Expert Points to #Diplomacy to #Solve Global #Cybersecurity Issues appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach

Source: National Cyber Security – Produced By Gregory Evans

Hackers who attacked the now defunct website of second hand goods store Cash Converters may have access to the account details of thousands of customers.

Usernames, passwords, delivery addresses and potentially partial credit card numbers are among the data believed to have been stolen.

The culprits are said to be holding the information to ransom while the firm works with law enforcement authorities to investigate the incident.

It is not known exactly how many customers were impacted in the hack or when it happened.


Cash Converters operates high street stores where customers can trade items like jewellery and electronics for money.

The affected website, which was put out of action in September 2017 and replaced with an updated version, lets people purchase these products online.

As well as cash trade ins, the company offers small financial loans to its customers.

The data breech is only believed to affect customers of the Perth-founded firm who are based in the UK.

In a breach notification email sent to customers, a Cash Converters spokesman said: ‘Please be reassured that, alongside the relevant authorities, we are investigating this as a matter of urgency and priority.

‘We are also actively implementing measures to ensure that this cannot happen again.

‘Although some details relating to the cybersecurity breach remain confidential while Cash Converters works with the relevant authorities, we will continue to provide as much detail as possible as it becomes available.

‘The current webshop site was independently and thoroughly security tested as part of its development process.

‘We have no reason to believe it has any vulnerability, however additional testing is being completed to get assurance of this.

‘Our customers truly are at the heart of everything we do and we are both disappointed and saddened that you have been affected.

‘We apologise for this situation.’

Cash Converts reportedly received an email from hackers who claiming to have gained access to the data.

They threatened to release the data if they were not paid, which means anyone who used the old site before September 22 could be at risk.

Customers have been to advised to change their passwords and the firm has forced a reset for all UK webshop users.

Speaking about the breach, Jon Topper, CEO of UK webhosting firm The Scale Factory, said: ‘When migrating away from old solutions it’s important to bear in mind that old digital assets will still be running and available online until such time as they are fully decommissioned.

‘As a result they should still be treated as ‘live” which means maintaining a good security posture around them, keeping up with patching and so forth.

‘In their customer notification, Cash Converters were quick to point out that the old site was operated by a third party, possibly intending to deflect responsibility for this breach.

‘This definitely won’t fly under General Data Protection Regulation regulations coming into force next year.

‘Companies running server infrastructure that handles customer data should be engaging with experts to review their security posture ahead of that, in order to avoid being slapped with a large fine.’

The post Cash #Converters is #HACKED: Cyber #criminals hold UK #customer #credit card numbers, addresses and #passwords to #ransom after major #security breach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

ISPs can #play unique #role in #cyber security, says BT #CEO

Source: National Cyber Security – Produced By Gregory Evans

Internet service providers are perfectly positioned to make a significant contribution to cyber security for everyone, BT’s Gavin Patterson believes

Internet providers must do more to work collectively with businesses and governments to protect citizens from the growing threat of cyber crime, according to Gavin Patterson, chief executive of the BT Group.

“BT focuses on cyber security in a number of critical ways,” he told the FT Cyber Security Summit Europe in London. “As both a network operator and internet service provider [ISP], we are trusted to help repel cyber threats on behalf of the UK.”

With more than 2,500 dedicated security professionals operating from 15 security operations centres around the world, BT’s “global reach and depth of expertise” provides a “unique insight” into the cyber threat landscape, he said.

Based on these insights, Patterson said the cyber threat is changing and is no longer mainly about espionage and hacktivism.

Although a growing number of countries are beginning to include cyber techniques in their modern warfare arsenal and hacktivism remains a significant risk, the threat has moved on, said Patterson. “Cyber crime is now more pervasive and insidious, with a deeper impact on businesses and society.”

At the same time, said Patterson, more people than ever are connected to the internet, while the number of connected devices is projected to grow from nearly 27 billion in 2017 to 125 billion by 2030 as the internet of things (IoT) takes off, creating more points of vulnerability for criminals to exploit.

“As our head of security put it to me recently, ‘any criminal with a brain is now a cyber criminal’,” he said. “They are after the new commodity of our age, which is data.

“Stealing our data is to steal our most valuable asset, and we are seeing this happen at a faster pace and with greater sophistication than ever before.”

According to Patterson, BT’s security team detects 100,000 unique malware samples and protect the company’s network against more than 4,000 cyber attacks every day.

The attacks fall broadly into the categories of cyber theft for financial gain, phishing attacks, business email compromise (BEC), denial of service attacks and cyber extortion, he said.

Cyber-enabled fraud

Patterson said half of all reported fraud is cyber-enabled, according to the National Fraud Intelligence Bureau, and in the past 12 months, BT has identified and closed more than 5,000 phishing sites aimed at stealing personal details to commit crimes.

“CEOs, too, are at risk with the rise of whaling [or BEC], where phishing techniques are deliberately targeted at board level to impersonate and abuse their authority,” he said.

Distributed denial of service (DDoS) attacks are a popular form of cyber vandalism where the “brute force” of thousands of computers can be used to take down websites, said Patterson.

“The financial and reputational impact of such attacks on retailers, banks, airlines and utilities can be devastating,” he said, adding that DDoS attacks are a daily occurrence for BT’s customer-facing websites, with its security team mitigating an average of about 50 serious DDoS incidents every day.

BT has seen these attacks grow in frequency and size in recent years, with attacks currently up to 650Gbps, which is an increase of more than 60 times in the past 10 years.

Cyber extortion exploits businesses’ reliance on technology and data to hold them to ransom, said Patterson. “With ransomware available for purchase on the dark web for as little as $50, criminals can enter this rapidly growing market with ease, which means more high-profile attacks are likely,” he said.

“Perhaps the most worrying aspect of the WannaCry attack is its relatively unsophisticated nature. It exploited a known vulnerability, and a patch was readily available, which is a stark reminder to all of us to get the basics right – update antivirus software, install patches, invest in cyber security training for staff, and remind them to be very wary of opening suspicious emails or links.”

WannaCry also exposed the human cost of large-scale cyber crime, said Patterson. “These are not merely technical issues – people’s live are sometimes at risk,” he said.

“The attack on Britain’s healthcare system resulted in cancelled operations, missed appointments and delayed diagnoses. It is therefore a public policy imperative that this kind of disruption is prevented in the future.”

In terms of what can be done to improve the response to escalating cyber threats, Patterson said the problem cannot be solved just by investing in the latest technology.

“What is also needed is a truly comprehensive approach,” he said. “For businesses, cyber security must feature at the very top of the boardroom agenda. It is critical for companies to have a robust cyber security strategy and policies that are kept constantly under review and continually put to the test.”

Patterson also recommended organisations to continually educate their staff on cyber security to turn employees into the greatest asset in the fight to protect data, prepare for the unexpected by testing responses to cyber incidents, conduct penetration testing and run red teaming exercises.

Constantly evolving threat

But although all these initiatives are important, they are not enough on their own to stem the rising tide of cyber crime because criminals are constantly evolving the sophistication of their attacks, he said.

“We need all companies, and ISPs in particular, to work more closely with governments to help neutralise cyber crime,” said Patterson.

“This includes tackling how to improve sharing of information about emerging threats and how to prevent cyber criminals getting access to their victims.”

Sharing threat information enables the development of a collective capability to intercept attacks before the hit, said Patterson, adding that BT is making good progress in this regard.

“We proactively reach out to firms impacted by cyber events to offer our knowledge, expertise and support,” he said. “We also support the UK government’s Cybersecurity Information Sharing Partnership [Cisp – now under the auspices of the NCSC] and work with Interpol to exchange threat information.

“As for preventing access to victims, this is a matter of how active ISPs are intercepting malicious software and web content. As custodians of people’s data, as an industry, we are responsible for being a part of the solution.

“We cannot expect to eradicate online crime entirely, but we can step up our collective efforts to curb cyber criminals’ success rates significantly. If ISPs work together, in conjunction with government, we can take further steps to target online criminal activity at source.

“This requires careful consideration, but through collaboration and consensus, I am confident we can win the battle against the cyber crime threat, and BT stands ready to rise to that challenge.”

The post ISPs can #play unique #role in #cyber security, says BT #CEO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues

Source: National Cyber Security – Produced By Gregory Evans

To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

Google has warned app developers not to use its Accessibility Services – designed for users with disabilities – for other purposes that may create security issues, adding that it will remove such apps from its Play Store. To better help users with disabilities, Android has a set of Accessibility Services that developers can use to improve their applications.

“Google is most likely cracking down on Accessibility Services use due to security reasons. While applications like LastPass use the available APIs to identify password fields in other apps, this level of access can be used maliciously,” tech portal Android Police reported on Monday.

Google has sent an email to developers, stating that “unless developers can describe how the app properly uses the Accessibility Services to help users who are disabled, it will need to remove all requests for accessibility services or it will be taken off of the Play Store”, 9to5Google reported.

Apps like LastPass, Universal Copy, Clipboard Actions, Cerberus, Tasker and Network Monitor Mini use Accessibility Services.
The new directive could have major ramifications for several apps, especially those intended for customisation or power users.

“All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts,” Google said.

The post Google to #remove #apps found #violating #Accessibility Services, creating #cyber security #issues appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Risk #assessment: The #first step in #improving #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Despite the proliferation of high profile cyber-attacks over the last 18 months, many organisations are still too disorganised in their approach to security. While it is no longer feasible to guarantee 100% protection against a breach, businesses are setting themselves up for a fall by failing to adequately understand and prepare for the risks facing them.

PwC’s 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world, found that more than a quarter (28%) don’t know how many cyber-attacks they have suffered in total, and a third also don’t know how they occurred. While some security incidents are the result of high level attackers using advanced techniques to disguise their activity, the vast majority of cases are caused by common security failings and could be easily prevented with better governance and process control.

Perhaps the most important step an organisation can take to improve its security is to undertake a thorough IT risk assessment. This is crucial to understanding where the biggest vulnerabilities within the organisation are, as well as what potential external threats it may be facing. Any company attempting to create an IT security strategy without this knowledge will simply be throwing money at the problem. This approach will certainly miss the basic mistakes in IT management that enable attacks and lead to accidental breaches.

A comprehensive risk assessment needs to not only take into account the internal processes at the company, but also a variety of third parties including suppliers and contractors, as well as the role of an increasingly mobile workforce. With this in mind, a thorough assessment is no small task, and usually takes a great deal of planning and preparation to execute.

Choosing a risk framework

As a result of the complexity involved, most companies usually turn to one of the various pre-existing risk assessment frameworks that have been developed over the last few decades as the IT industry has matured. While these frameworks are extremely useful resources, companies should not rely on them to entirely shape their strategy. We still see too many organisations taking a premade framework and going through it as a tick-box exercise. No two businesses are the same, so assessment frameworks can only ever be a general guide and starting place.

Instead, companies need to base their assessment around their own unique structure and risk profile, incorporating elements of existing frameworks where they are appropriate. Encouragingly, 53% of respondents in PwC’s survey stated that spending on their information security budget was based exclusively around risk.

Perhaps the most popular choice of risk assessment frameworks are those created by NIST, the National Institute of Standards and Technology. The NIST 800-53 and NIST Cybersecurity Framework (CSF) are regularly used by governmental agencies and educational institutions as well as private enterprises.

Exploring NIST and ISO

The earlier framework NIST 800-53 was designed to support compliance with the U.S. Federal Information Processing Standards (FIPS). This special publication provides organisational officials with evidence about the effectiveness of implemented controls, indications of quality of risk management processes used and information regarding the strengths and weaknesses of information systems.

The CSF was designed to help organisations of all sizes and any degree of cyber security sophistication apply best practice of risk management. The framework is comprised of three components: framework profile, framework core and framework implementation tiers.

NIST’s roots with the US Commerce Department make it fairly US-centric, but the CSF also incorporates globally recognised standards, making it useful for risk assessment around the world. It is also designed to be flexible and can be used alongside other cybersecurity risk management processes, such as the ISO (International Organisation for Standardization) standards.

Indeed, the ISO/IEC 27000-series, jointly published by the ISO and the International Electrotechnical Commission (IEC), is another of the most well-known and widely used frameworks. Like NIST, the ISO frameworks are flexible enough to fit most organisational sizes and structures. The frameworks can be useful in dissuading an organisation from the tick box compliance mindset, as they encourage organisations to assess their own information security risks and implement controls according to their needs. The ISO series also promotes a continuous feedback approach to address changes in the threat landscape or within the company and implement iterative improvements.

Other strong framework choices to consider include OCTAVE, which has a broader, simpler approach that easy to integrate, and COBIT, an operational framework with a focus on uptime that is well-suited to manufacturing firms and others where uptime is important.

Taking risk assessment to the top

Whichever combination of frameworks the company decides to incorporate for its risk assessment, it is essential to relate the process back to the organisation’s unique operational structure and business objectives. One of the most important activities in preparing a comprehensive assessment is to conduct in-depth interviews with senior management, IT administrators and other stakeholders across the organisation. This will help to develop a much more realistic understanding of the organisation’s potential threats, likelihood of compromise and the impact of the loss, as well as relating everything back to its business priorities.

It is also essential that the risk assessment is understood and supported at the highest level of the organisation. PwC’s survey found that only 44% of boards are actively participating in their security strategy. Without buy-in from the board and other senior leaders, a risk assessment is likely to end up being little more than a series of recommendations that are never actually implemented. By aligning popular industry assessment frameworks with their business objectives, organisations can conduct an assessment that not only highlights potential threats, but goes on to implement real changes that improve its security posture.

The post Risk #assessment: The #first step in #improving #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Improving #Cyber Security with #Analytics and #Automation

Source: National Cyber Security – Produced By Gregory Evans

While cyber security grows more complex by the day, some aspects of it are all too clear. The number of threats to large organisations have spiked in recent years, as have the number of bad actors who create them. It is now evident that no company is safe. However, the majority of organisations across the globe are still ill-prepared to handle a sophisticated modern cyber attack. Cyber security professionals are now turning to analytics and automation to try and deal with the problem.

Today, IT is up against advanced persistent threats (APTs). The intention of an APT attack is to steal data rather than to cause damage to the network or organisation. Many of these attacks are being spearheaded by vast hordes of automated bots rather than human hackers.

Simply put, IT personnel are no match for such intensive, sustained attacks. Not only are humans incapable of keeping up with the sheer volume of incoming threats, but their ability to make quick decisions to manually address such an attack is inherently inefficient.  As a result, data breaches are already becoming increasingly commonplace. In 2016 alone, half a billion personal records were stolen or lost.

The emergence of The Internet of Things (IoT) only serves to further increase the demand for improved cyber security as millions more devices come online each year.  Writing for The New York Times, Zeynep Tufekci (self described “Techno-sociologist”), highlighted the sorts of risks we may see emerge as more products and appliances come with in-built connectivity.

“Connecting everyday objects introduces new risks if done at mass scale. Take a ‘smart’ refrigerator for example. If a single fridge malfunctions, it’s a hassle. However, if the fridge’s computer is connected to its motor, a software bug or hack could “brick” millions of them all at once — turning them into plastic pantries with heavy doors,” she said.

Could analytics and automation rescue cyber security from these mounting challenges?

A different approach to cyber security

Traditional approaches to addressing cyber attacks employ “threat signatures” based on patterns of previous attacks. But such techniques are of little help when it comes to preventing new types of attacks as James Packer, Cyber Security Professional and Founder of the London Chapter of ISC2, explained:

“Threat signatures are a very effective mechanism to identify and protect against 99% of attacks. The limitations of using signature based detection however comes with the remaining 1%; zero-day exploits. Threat signatures are created using existing knowledge of how particular attacks are executed. With zero-day exploits, this knowledge is absent i.e. they exploit newly discovered vulnerabilities in unknown ways. When sole reliance is placed on having an awareness of a type of an attack, without this awareness, detection and prevention controls are entirely ineffective,” he said.

A promising solution that is currently being explored is to use analytics to predict and screen novel threats and then deploy automated systems to take corrective actions. While we are still a long way off the emergence of fully automated cyber security systems, James pointed to the clear signs of progress in this field.

“Security operations centres (SOCs) across the globe are increasingly tuning technology in line with possible attack scenarios to automate and streamline the incident response process. Furthermore, advanced analytics enables better decision making in security. Using machine learning to analyse attack trends can highlight particular areas of weakness that may have been previously unrecognisable.

“With too much data being produced for humans to interpret, training computers to understand patterns aids in detecting attacks such as “low-and-slow” attacks – those which are both subtle and prolonged,” he said.

The same software and modeling approaches used to identify credit card fraud (a form of anomaly detection) is now being applied to behaviors in cybersecurity attacks. Unlike threat signatures, these tools offer some protection against newly-emerging threats.

Currently, the major limitation of such tools is the investment required in terms of capital and resources. It is an expensive process to build tools which are tailored to the environment they protect. Furthermore, the vendors which are making these products are still in their infancy.

“Most of the major providers such as Tenable and FireEye were founded in the mid 00’s which is young in terms of software houses. This is reflected in their offerings – they lack full-feature sets that link the products to the business processes that they support,” said James.

Mass consolidation, mergers, and acquisitions are likely to improve the state of the security tooling market over the coming years.

“We have already seen big companies snapping up boutique products and ingesting them into their own portfolios. Microsoft’s acquisition of Hexadite and Cisco’s acquisition of CloudLock are two notable examples,” said James.

The future cyber security landscape

Of course, technology will never be a panacea for cyber security problems. Even though automated actions can be undertaken, in most cases organisations will want to investigate problems identified by analytics before taking corrective action. The investigation requires research, testing, and possibly even interviews for internal threats – all of which involve human experts.

The most effective cyber security environments will inevitably be complex hybrids of human and machine intelligence. Interactions between analytics-driven alerts, automated actions and human inputs will be crucial for effective security.

“It is human attackers that gave rise to the need to have human defenders; until the point in time comes when a machine can truly think like a human, I believe there will always be the need for human interaction. And when the day that machines can think like a human does come, I think we will have much greater concerns than job losses!” said James.

Organisations in both public and private sectors are now using analytics and, to a lesser degree, automation to improve their security systems. While there may be some doubt about when such technologies will fully mature,  their necessity becomes clearer with every major cyber attack.

The post Improving #Cyber Security with #Analytics and #Automation appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures