now browsing by tag


PayThink #Users are #compromising #most #security #tech

Source: National Cyber Security – Produced By Gregory Evans

It took Bonnie and Clyde three years to rob about a dozen banks, but the scourge of bankers today is a quiet Russian hacking group called, appropriately enough, MoneyTaker, and they don’t need nearly as much drama to abscond with cash.

Using often tailor-made hack attacks that regularly rely on near-undetectable fileless malware, the MoneyTaker gang has, in barely a year and a half, robbed millions from 20 banks so far and counting. What’s worse is that the gang has stolen data that could let it hijack Swift transactions, leading Swift for the first time to issue a report on cyber-vulnerabilities with the banks it works with.

While hackers usually don’t discriminate, they’ve got no problem attacking servers at hospitals, schools and corporations with trade secrets and valuable intellectual property, banks hold a special place in their heart as that is where the money is, as yet another famous Depression-era bank robber once said.

Once a bank’s security is compromised, hackers can pay themselves from the funds on hand, transferring sums large and small to their accounts. However, with information about the global payment systems like Swift that’s also available only at the bank, hackers can do a lot more damage.

Hackers are getting better at “data mining” all the time. According to Kaspersky, Russian hackers operating just a couple of Darknet marketplaces in 2017 were offering this year an astounding 85,000 servers for sale (meaning, the authentication information that will let a hacker take control of the server), some for as little as $6! In 2016 there were “only” 70,000 such servers for sale, meaning that whatever we are doing to keep hackers at bay, it isn’t enough.

Included in those compromised servers are apparently some containing key Swift information, and it’s just a matter of time before the MoneyTaker gang will also use that information for fun and profit.

How are gangs like MoneyTaker getting away with this, especially with servers belonging to banks which are presumably protected by the latest cybersecurity systems? According to a study by the SANS Institute, it’s the “human factor” that is at work: As many as 95% of all attacks on enterprise networks begin with a spear phishing attack in which hackers dispatch their malware hidden inside email attachments. That attack could consist of trojans that pave the way for malware that allows hackers to take over servers, or the newer fileless malware attacks (where an agent installs itself in memory, hijacking servers for the use of hackers).

Cybersecurity systems, as sophisticated as they are, are clearly not doing the job — and maybe they never will, given that in the end the effectiveness of those systems can be overridden by workers inside the organization. The best systems then are the ones that take away from users and employees any opportunity to override security by responding to the phishing messages that get them, and their organizations, into trouble.

Systems like that need to be able to analyze messages and incoming files for malware or threats, and remove them before passing the file or message on to workers.

In addition, the system has to be robust and innovative enough to arrest malware that is passed on in innovative ways with traditional cybersecurity systems, like sandboxes that are perhaps not up to date on phenomena like fileless malware. With thousands of security systems out there, organizations are understandably confused about what systems are the most effective. But in our opinion, the systems that will perform best are the ones that limit opportunities for spearphishers to have their way with employees.

The post PayThink #Users are #compromising #most #security #tech appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Feds Eye #Cybersecurity Risks of #Tech #Providers

Source: National Cyber Security – Produced By Gregory Evans

Financial regulators just named cybersecurity as one of their top concerns going into 2018, with a heap of worry specifically about third-party contractors supporting the financial system.

So for compliance officers looking for yet another reason to move third-party risk management up the priority scale, now you have one.

The alarm was raised last week in the 2017 report of the Financial Stability Oversight Council. (That’s the council of U.S. financial regulators mandated by the Dodd-Frank Act, to help coordinate regulatory policy and anticipate future financial crises.) Financial firms have come to rely on technology service providers so much, the report said, that a poor understanding of their cybersecurity postures could create risk for the financial system overall:

Maintaining confidence in the security practices of third-party service providers has become increasingly important, particularly since financial institutions are often serviced by the same providers. The Council encourages additional collaboration between government and industry on addressing cybersecurity risk related to third-party service providers, including an effort to promote the use of appropriately tailored contracting language.

What’s more, the FSOC even raised the idea of regulating tech providers in a more uniform fashion, so the current patchwork of supervision doesn’t allow cracks in the system that others could exploit:

[T]he authority to supervise third-party service providers continues to vary across financial regulators. The Council supports efforts to synchronize these authorities and enhance third-party service provider information security. The Council recommends that Congress pass legislation that grants examination and enforcement powers … to oversee third-party service providers and encourages coordination among federal and state regulators in the oversight of these providers.

Wow. When a group of Republican regulators tell a Republican Congress that they might need more regulation, you know things are bad.

Will Congress actually respond to these ideas? Probably not, given the floundering leadership in Washington these days. But the fundamental point — that service providers can now pose dire cybersecurity risk to the financial sector and many others — is not news to compliance officers. So let’s ponder a few other points about how to manage third-party risk in useful ways right now.

The Business Imperative
First, consider the FSOC’s true worry here. Regulators are one party, acting to protect the interests of a second party: the public, which ultimately supports and pays for the financial system. Regulators do that by imposing standards on third parties (financial firms) — and now regulators are worried about the tech service providers supporting those financial firms.

In other words, the FSOC is really worried about fourth-party risk to the financial system.

This underlines a point I’ve been making for a while: the better your firm is at at managing third-party risk, the more attractive you become as a third party yourself. After all, your third parties are your customer’s fourth parties. Fourth-party risk is where your customers start to get antsy, because they can’t easily see what those risks might pose to them. They don’t have visibility into those distant parties.

And that’s what third-party risk management is all about: making your supply chain more transparent, so you can see those risks more clearly. So any compliance program that can achieve that transparency, and pass that assurance along to your customers, will have a strategic advantage over your rivals.

The compliance community likes to talk a lot about the strategic advantage of a strong compliance program. This is the most urgent example. When your board or CFO start complaining about that budget request for more investment in third-party governance, remind them: “If we can’t govern our third parties and possible cybersecurity risk, eventually we’ll get locked out of courting financial services firms.” That’s why investing in third-party governance is worth it.

Three Practical Challenges
So what bumps will compliance and audit officers hit on the road to better cybersecurity assurance? A few come to mind.

Scoping SOC 2 audits. A SOC 2 audit examines a service provider’s data security controls. A Type I audit determines whether vendor’s controls are designed properly at a certain point in time; a Type II audit examines whether the controls work as designed for a set period of time.

Yes, your big firm can probably squeeze an eager vendor to pay for the SOC 2 audit — but scoping the audit correctly is still your responsibility. If the scope is too narrow, you might miss risks that the vendor has, but weren’t audited; if the scope is too broad, you’ve wasted money on “over-compliance” for risks you won’t face.

I wrote a longer essay about scoping SOC 2 audits earlier this year for Reciprocity Labs, if you want to read more there. Suffice to say, you need to understand your own firm’s cybersecurity risks, and the risks of outsourcing some data functions to a vendor, and the vendor’s own security protocols, to do this well.

Implementation of NIST protocols. NIST has several sets of controls it recommends for cybersecurity. They are an outstanding resource, and should be adopted. The FSOC praised NIST, and urged financial regulators to keep current with new advances in the NIST standards as they evolve.

In the private sector, compliance officers, audit executives, and internal control departments should examine the standards and see how to implement those controls into your own operations — and this is especially true for tech service vendors themselves. NIST 800-171 is the standard government contractors are supposed to use to comply with DFARS, which spells out cybersecurity standards if you want to bid on defense contracts.

I have another essay, and companion white paper, about the NIST standards that I wrote for Rapid7 earlier this year. Companies may have a long want to go for compliance, but the NIST standards are the clear destination.

Preparing for more scrutiny. The Securities and Exchange Commission already pressures companies to disclose cybersecurity concerns as risk factors. Good news: many more companies are. According to a report from Intelligize released last week, the number of firms disclosing cybersecurity as a risk factor went from 426 in 2012 to 1,680 this year.

The bad news: those disclosures usually don’t say much, and they certainly don’t capture the full picture of risk from tech service providers. Hence the SEC is talking about enhanced disclosure of cybersecurity risk, or even required disclosure of cybersecurity incidents. (Imagine filing a Form 8-K to disclose a breach every time you have one.)

Likewise, the Public Company Accounting Oversight Board wants audit firms to step up their scrutiny of your cybersecurity risks. I still struggle to understand what that scrutiny will look like in practice, since cybersecurity breaches rarely lead to a material risk of misstated financial results — but that’s the point, really. Regulators know they need to do more about cybersecurity; they just aren’t quite sure what.

I suspect many of us feel the same way.

The post Feds Eye #Cybersecurity Risks of #Tech #Providers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity: The #Tech #Companies More #Important than the #FANGs.

Source: National Cyber Security – Produced By Gregory Evans

The products and services provided by the behemoths of the tech industry may seem indispensable, and the most fundamental features of the technological environment, however, there are a group of less glamorous firms that arguably are the necessary foundations of the whole industry: cybersecurity firms.

Cybersecurity is defined as the measures taken to ensure protection against unauthorised or criminal use of electronic data.

The world has become acutely aware in recent years that data is the new oil- and reserves are plentiful and exponentially growing. The amount of data in the digital world is growing so rapidly due to trends such as the ‘internet of things’ and ‘bring your own device’ (BYOD); the enormous amount of devices connected to the internet makes data abundant and cybersecurity a constant war ground.

The main antagonist in the cybersecurity realm is ransomware which is a pernicious software emanating from cryptovirology that poses the threat of making a victim’s data public, or permanently blocking access to it, unless a ransom is paid.

Therefore, as more data is created, more ransomware will inevitably be deployed. The ubiquity of ransomware is debilitating for anyone with data and internet access, but it represents a pot of gold for cybersecurity firms – the mercenaries of the technological age.

The Casualties

Everyone reading this will likely be aware of some large organisation that has been attacked by ransomware during 2017. Ransomware victims range from multinational companies such as Equifax and WPP to state institutions such as the NHS.

One of the most malicious attacks that has been seen was this year’s ‘WannaCry’ attack, which impacted 230,000 computers and 10,000 companies throughout 150 countries.

WannaCry infected 47 NHS hospitals, starkly highlighting the callous nature of these attacks. They are not just against multi-billion dollar institutes that are considered to line the pockets of the top 1%, but are also instigated much like actual warfare and terrorism, with no consideration for the innocence or relevance of its victims.

No sector is immune from cyber attacks and over 20% of institutions in financial services, education, entertainment, media, IT and telecoms have all been targeted recently.

One reason for the rapid increase in attacks is that it is becoming increasingly easy to launch a malware attack due to the ability to hire malware. By having the option to hire malware, criminals can launch attacks online with rented viruses which in turn opens up the battlefield to low-skilled, street criminals as well as highly-educated criminals.

The Figures

The opportunities available to cybersecurity firms are plentiful, providing they have the ability to innovate and stay ahead of the malware. The industry is so dynamic as attackers are constantly evolving and producing more vicious, efficient attacks and providing cybersecurity firms can produce the solutions to these attacks: they are indispensable to helpless victims.

The growth that has already been witnessed in this industry is evidence of the huge future potential for growth: the global cybersecurity market was worth $3.5bn in 2004, $64bn in 2011, $138bn in 2017, and is projected to be worth $232bn by 2022.

Furthermore, the US Bureau of Labor Statistics reports that by 2024 there will be an increase in the demand for cybersecurity staff by 36% – double the demand compared to digital workers in other fields.

The vast increase in demand for workers in cybersecurity corroborates the notion that this industry is on track to being one of the most important and lucrative sectors out there.

The Firms

Fortinet is arguably the market leader in cybersecurity and has a very large, diverse product base which enables it to trade with large and small firms. Its reports from 2017 Q1 showed a 20% increase in revenue and an increase in net income of 410% YTD, taking it to $10.7 million. Fortinet’s expected revenue for the entire year is estimated at $1.77bn.

CyberArk Software primarily focuses on protecting internal digital infrastructure, keeping privileged accounts safe, which includes the most sacred and hence potentially dangerous data.

In essence, if an attack manages to breach an initial firewall, CyberArk’s security will keep the crown jewels safe. CyberArk currently has flat earnings but is debt free and has amassed cash assets of $287m.

Furthermore, CyberArk is one of the pioneering companies in the industry and has an impressive client list of 3,200 and does business with 45% of Fortune 100 companies. Additionally, CyberArk acquired Conjur this year ($42m) which will allow it to expand into other areas of security.

Palo Alto Networks focuses on protecting data infrastructure and sells its products and services to 85 of the Fortune 100 companies. This year adjust EPS rose 32.6% to $0.61 and the 3Q revenue report showed a record of $432m, as well as gaining the second highest number of new customers since the business began.

Going Forward

It is clear that the growth potential for cybersecurity is enormous. In fact, some might even say that it is terrifying how dependent society will be on this industry in the near future. People must also not approach cybersecurity in a myopic sense and assume that it only has applications for large firms that have the capital to pay high-price ransoms.

The futuristic phrase of ‘cyberwarfare’ may seem reserved for the cinema screens, however, if hackers sitting in their bedrooms can wreak havoc on some of the biggest institutions in the world, imagine what a government-funded group of experienced, ruthless ‘cyber soldiers’ could do. Less than 10 countries have nuclear capabilities but any country with an internet connection could have access to cyber arms.


Finishing on a more positive note, cybersecurity is currently one of the most highly paid careers in technology with 39% of its employees earning more than £87,000 and 75% earning more than £47,000.

In the past, one would have to risk their lives for almost no remuneration to complete patriotic duty. Now, one can fulfil this moral craving whilst sitting at home, rather than in a dilapidated barracks.

The post Cybersecurity: The #Tech #Companies More #Important than the #FANGs. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Main #cybersecurity #management #challenge? People, but simple #tech can help

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Alissa Johnson doesn’t hesitate when asked whether people or technology is the harder-to-crack cybersecurity management challenge. It’s people, the Xerox Corp. CISO told SearchCIO at Gartner Symposium/ITxpo in Orlando, Fla., earlier this month. “You can tell technology exactly what you want it to do, and it’s […] View full post on | Can You Be Hacked?

Mac Certified Tech/ IT Operations Support Engineer

Source: National Cyber Security – Produced By Gregory Evans

Mac Certified Tech/ IT Operations Support Engineer

Position Summary
Chegg is looking for a strong Desktop Support Engineer to join its lean but highly visible and productive team. This person will provide day-to-day hands on support to Chegg’s end user desktop and applications. There will be a ton of interaction with all areas of the company, directly with internal customers and various departments, troubleshooting user desktop issues to resolution.

Other areas of responsibility are LAN support, workstation deployments, break/fix, software/hardware upgrades, patch management, Anti-Virus management, workstation security, image management, application installs, user support and training, etc. Ever the collaborative role, there are a number of additional specific processes and services outside the desktop support role that this position may also be involved in. Most notably, this position will also act as first level support to critical systems and applications during normal business hours.

The role reports to our Sr Manager of IT Operations and is located in our Santa Clara, CA headquarters.


Maintain detailed and up-to-date licenses and hardware/software inventory
Deployments and Break/Fix
for workstations, printers, faxes, etc.
IT Equipment and Supplies Procurement
Hardware/Software installs and upgrades
Workstation Patch Management
User Support and Training
Maintain WDS Image Library
Manage IT Department documentation
Perform Preventive Maintenance
LAN Support
Exchange/Outlook Support and Active Directory support
Blackberry / iPhone/ wireless devices deployment and support
Windows 7 Enterprise/ Microsoft Application Support
Avaya IP phone support
VPN Account Setup and Support
- Desktop Security
AntiVirus Management and Support


Education and/or Experience

A Bachelor’s degree in a related field or IT related degree and/or combination of directly related work experience commensurate to 2-5 years experience

Computer / Technical Skills
LAN / WAN experience required
Desktop and Laptop Break/Fix experience
WDS (Windows Deployment Services) experience
Exchange/Outlook 2010, 2013 (Mac 2011) experience
Lenovo IBM Hardware / MacBook and MacBookPro experience required
Desktop Security Best Practices required
Solid and current experience in the following: Windows7 Enterprise, FTP Server, Symantec AntiVirus, DNS/DHCP Administration; Active Directory
Proficient in Microsoft Office (Excel, Word, PowerPoint, Access)
Demonstrated work experience in project and task management proficiency with the ability to prioritize and execute accordingly
Must be able to work varied work hours, ‘On-Call’, including evenings, weekends and holidays

The post Mac Certified Tech/ IT Operations Support Engineer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief

Source: National Cyber Security – Produced By Gregory Evans

The Democratic National Committee is upping its cybersecurity efforts — and it’s getting some help from a former Silicon Valley exec. Back in June, the committee hired Raffi Krikorian — a former top engineer at Uber and Twitter — as chief technology officer. Since his hire, Krikorian has instituted better…

The post Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

UK university hackers read up on secret military tech

Source: National Cyber Security – Produced By Gregory Evans

UK university cyberattacks have doubled in the last two years alone, with hackers found to be focusing on critical information connected to national security. Areas including research pertaining to missiles, scientific developments and medical advances are among the areas that cyber adversaries have shown an acute interest in. This information…

The post UK university hackers read up on secret military tech appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Online radicalisation and cyber attacks to be among the high tech crimes targeted by new facility at the University of Bradford

Source: National Cyber Security – Produced By Gregory Evans

A HIGH tech centre dedicated to cyber security has been opened at the University of Bradford, and one of its first projects it to look at how to deal with online radicalisation. The Cyber Security Interdisciplinary Centre will see students using top technology to research the ever evolving online world…

The post Online radicalisation and cyber attacks to be among the high tech crimes targeted by new facility at the University of Bradford appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Britain asks tech and social media giants to censor militant content

Source: National Cyber Security – Produced By Gregory Evans

Britain’s interior minister will use a visit to Silicon Valley on Tuesday to ask Facebook, Microsoft, Twitter, and YouTube to step up efforts to counter or remove content that incites militants. After four militant attacks in Britain that killed 36 people this year, senior ministers have repeatedly demanded that internet…

The post Britain asks tech and social media giants to censor militant content appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers catfish tech execs on LinkedIn

Hackers catfish tech execs on LinkedInSource: National Cyber Security – Produced By Gregory Evans A friendly woman on the internet can fool even the most security-conscious man — and hackers can take advantage. Since at least April 2016, a number of social media profiles have been created for a photographer named “Mia Ash.” The persona befriended male employees of oil […] View full post on | Can You Be Hacked?