Mindy Kaling and BJ Novak played love interests on The Office. Like Kelly and Ryan, Kaling and Novak had a very up-and-down real-life connection. Today, the actors/writers are close friends. […]
View full post on National Cyber Security
The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads
Rukmini Rao Last Updated: June 10, 2020 | 18:54 IST
In 2019, network infra assets of 47.9% businesses aged or turned obsolete
Ageing and obsolete devices in technology sector at 59.6%
Redirection of spend towards cloud services is resulting in decreased investment
Various sectors across the globe are slowing and in a staggered fashion opening up after nearly five months of lockdown, perhaps with the only exception of information technology sector, which adapted to a different working model to tide over the crisis. The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads. However, a recent report by NTT Ltd shows the root cause of cybersecurity threat having substantially increased is perhaps the obsolete or ageing devices.
“The assets of 47.9 per cent organisations were ageing or turning obsolete as a weighted average, representing a significant surge from 2017, when this figure was just 13.1 per cent. Both connectivity and security are being compromised by enterprises leaving obsolete devices on the network,” the report said. While the industry average in the use of obsolete and ageing devices is 47.9 per cent, public sector leads the way with 61.7 per cent, and surprisingly close second is the technology sector with 59.6 per cent of devices either ageing or turning obsolete. On an average, an obsolete device has twice as many vulnerabilities per device (42.2 per cent) compared to ageing (26.8 per cent) and current devices (19.4 per cent). Interestingly, the report says that around 2015-16, businesses started investing and deploying new technology and spending on new devices peaked in 2017 when there were 86.9 per cent of organisations with current (latest) devices. Even as adoption of new wireless infrastructure is on the rise, with an average increase of over 13 per cent year-on-year, ageing and obsolete devices create security vulnerabilities and put businesses at risk of cyber attacks with people logging in from co-working spaces and remote work locations.
One of the biggest reasons behind the lower investment in on-premises infrastructure, according to report, is the growth in cloud spend outpacing that in overall IT spend. This is what is leading to lower investments. Cloud adoption and spend were predicted to grow at a faster rate and in the region of 21-25 per cent CAGR until 2023. “The increase in on-premises, ageing and obsolete devices is partially due to a redirection of spend towards Software-as-a-Service (SaaS) and other cloud services, which results in a decrease in investment in on-premises infrastructure. However, we anticipate that there will be a significant increase in people working from home, even after pandemic reduction measures are lifted,” the report said.
Also Read: Coronavirus treatment cost: Tamil Nadu hospitals can’t charge above Rs 15,000 a day
Also Read: Vizag gas leak: Andhra govt forms committee to probe incident; seeks report by June 22
It’s a rule of thumb in cybersecurity that the more sensitive your system, the less you want it to touch the internet. But as the US hunkers down to limit the spread of Covid-19, cybersecurity measures presents a difficult technical challenge to working remotely for employees at critical infrastructure, intelligence agencies, and anywhere else with high-security networks. In some cases, working from home isn’t an option at all.
Companies with especially sensitive data or operations often limit remote connections, segment networks to limit a hacker’s access if they do get in, and sometimes even disconnect their most important machines from the internet altogether. Late last week, the US government’s Cybersecurity and Infrastructure Security Agency issued an advisory to critical infrastructure companies to prepare for remote work scenarios as Covid-19 spreads. That means checking that their virtual private networks are patched, implementing multi-factor authentication, and testing out remote access scenarios.
But cybersecurity consultants who actually work with those high-stakes clients—including electric utilities, oil and gas firms, and manufacturing companies—say that it’s not always so simple. For many of their most critical customers, and even more so for intelligence agencies, remote work and security don’t mix.
“Organizations are realizing that work-from-home would be very difficult to execute,” says Joe Slowik, who previously led the computer emergency response team at the Department of Energy before joining the critical-infrastructure-focused security firm Dragos. “This should be a fairly good wake-up call. You need to figure out a way that if individuals cannot physically access the control system environment for a service that cannot stop, like electricity, water, and wastewater or similar services, you ensure continuous operation—even in the face of an environment where you might be risking your employees’ lives if they continue to commute into the office.”
For many industrial networks, the highest standard of security is an “air gap,” a physical disconnect between the inner sanctum of software connected to physical equipment and the less sensitive, internet-connected IT systems. But very few private-sector firms, with the exception of highly regulated nuclear power utilities, have implemented actual air gaps. Many companies have instead attempted to restrict the connections between their IT networks and their so-called OT or operational technology networks—the industrial control systems where the compromise of digital computers could have dangerous effects, such as giving hackers access to an electric utility’s circuit breakers or a manufacturing floor’s robots.
Those restricted connections create chokepoints for hackers, but also for remote workers. Rendition InfoSec founder and security consultant Jake Williams describes one manufacturing client that carefully separated its IT and OT systems. Only “jump boxes,” servers that bridge the divide between sensitive manufacturing control systems and non-sensitive IT systems, connected them. Those jump boxes run very limited software to prevent them from serving as in-roads for hackers. But they also only support one connection at a time, which means the company’s IT administrators have found themselves vying for access.
“Administrators are bumping each other off as they try to work and log in,” says Williams. “These jump boxes that were built to facilitate secure remote access in emergency situations weren’t built to support this situation where everyone is performing routine maintenance and operations remotely.”
For the most critical of critical infrastructure, however, like power plants and oil refineries, remote work isn’t just leading to technical snafus. It’s often impossible for many staffers, says Chris Sistrunk, a security consultant for FireEye who formerly worked as an electrical engineer for power utility Entergy. “There’s no way to fully remotely run some of those plants,” Sistrunk says. “You don’t work from home. Essential engineers and operators will always be there 24/7.”
In those scenarios, Dragos’ Slowik says, companies have to instead try to limit the biological exposure of their most critical operations teams to prevent them from being quarantined—which is often easier said than done, given that they’re free to mingle with potentially infected people during their off-hours. “It’s a real touchy subject,” says Slowik. “You need them available at the office, and you can only restrict them to a certain extent—because we’re not China–so how does that balance out?”
Glenn Gerstell, who spent much of the last five years pounding a steady drumbeat warning of a global cyber pandemic, has left his job as general counsel at the U.S. National Security Agency. His last day was Jan. 31.
Gerstell will be a senior adviser at the Center for Strategic & International Studies in Washington, D.C., beginning this month. The center, a nonpartisan think tank on global challenges, was not immediately able to provide a start date.
Gerstell took the National Security Agency’s general counsel job in 2015 after working 40 years at Milbank, Tweed, Hadley & McCloy, where he served as managing partner of the firm’s Washington, D.C., Singapore and Hong Kong offices.
At the spy agency, he oversaw about 100 attorneys who “functioned in a manner comparable to corporate in-house counsel,” according to an online description of his office structure. He reported to the U.S. Department of Defense general counsel.
Asked for comment, the agency Monday referred Corporate Counsel to a speech Gerstell made Jan. 15 to an American Bar Association committee. In the speech, he said, “It is almost impossible to overstate the gap between the rate at which the cybersecurity threat is getting worse relative to our ability to effectively address it. The simple fact of the matter is that no nation has yet found an effective solution to stop foreign malevolent cyberactivity.”
The speech discussed three key points that challenge national security:
Technology is less susceptible to or contained by national boundaries, with other countries, especially China, having the potential to surpass U.S. advances.
Cross-border cyberactivity makes “it harder to hold a foreign nation-state accountable for domestic damage. All of this introduces extraordinary complexity into international relations and national security arrangements.”
The balance between the federal government and the private sector in the area of technology is undergoing rapid, significant change, with the private sector in the lead. “The extent to which this puts effective power in the hands of the private sector and the extent to which the private sector is permitted or required to share that information with the government will be a defining public policy question of the next decade.”
Citing his upcoming departure, Gerstell concluded his speech by praising the men and women at the spy agency.
“Having had the privilege of assisting on the front lines in national security efforts,” he said, “I am confident that we have intellectual ability, moral integrity, skills and dedicated professionals across the intelligence community and defense establishments. In short, I have no doubt that we are capable of addressing these challenges. But it will require a broad and integrated effort to do so, and I know that the lawyers in the national security sector… can and should be in the vanguard in addressing these challenges.”
The speech was a calmer version of a lengthy opinion article Gerstell wrote for the New York Times last September in which he warned that “the unprecedented scale and pace of technological change will outstrip our ability to effectively adapt to it.”
He went on to write, “The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges … The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time.”
The article cited the “extraordinary economic and political power” that technology puts in the hands of the private sector, and its “potential for a pernicious effect on the very legitimacy and thus stability of our governmental and societal structures.”
Gerstell served on the President’s National Infrastructure Advisory Council, which reports to the president and the secretary of Homeland Security on security threats to the nation’s infrastructure, as well as on the District of Columbia Homeland Security Commission.
A graduate of New York University and Columbia University School of Law, he previously served as an adjunct law professor at the Georgetown University School of Law and New York Law School.
When he retired from Milbank in 2015, Gerstell said of his new national security job, “There is a tremendous level of technical expertise here. At this agency, everyone is mission-driven; they truly want to be here. They probably could be making lots more money working at Facebook or Microsoft, but they’re here because they believe they are doing something important—and they are.”
Source: National Cyber Security – Produced By Gregory Evans Milestone Boulevard is closed at Nine Mile Road for drainage work that is part of the Nine Mile widening project. Crews have demolished a section of the roadway. After digging a trench that is about 4-feet deep, 30-inch pipes will be put in place. The roadway […]
View full post on AmIHackerProof.com
TLDR: The Ultimate Microsoft Access Mastery Bundle collects the best training in the world’s top database management tool for only $29.99.
What’s the most popular Microsoft Office app? While it’s tough to make that call with certainty, it’s hard to imagine Microsoft Word doesn’t lead that pack. Ask for other Office features that get lots of use and you’ll likely hear plenty of votes cast for Excel, Outlook, or PowerPoint.
One app you don’t hear cited nearly as often is Microsoft Access. But in an age where data is king, you may be shocked at the everyday utility of the industry-leading information management tool.
The Ultimate Microsoft Access Mastery Bundle ($29.99, over 90 percent off from TNW Deals) can help open your eyes to the power of databases and what they can mean to your daily workflow as well as your professional future.
With 224 lectures covering over 50 hours of training, this bundle pulls together all the best recent Access 2019, 2016 and 2013 training, offering up a fully-rounded view of how to get the most out of this sneaky, powerful software.
Filled with exercises and testing, this training delves into everything you need to know, from creating and maintaining Access databases; to using Access tables, relationships and keys; to task automation and customization; to producing advanced reports that dig deep into your data.
Regularly $594, this coursework can turn you an advanced Access user for just $29.99.
Software not included. Prices are subject to change.
You can’t beat free! Get $70+ worth of premium Mac apps for free today!
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify |
Bob Stevens, VP of Americas at Lookout, and Cyber Work podcast host Chris Sienko, discuss election cybersecurity strategies, tips and ramifications for 2020.
– View the transcript, additional episodes and promotional offers: https://www.infosecinstitute.com/podcast
– Join us in the fight against cybercrime: https://www.infosecinstitute.com
About the Cyber Work Podcast
Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.