RESILIA – Spearheading the Best Practice crusade for Cyber Resilience
Organizations are spending vast sums protecting their digital assets, still hardly a week goes by without news of a major security breach. Attacks are larger, more complex and targeted. Sought-after digital assets include intellectual property (IP), and customer and financial data. The average financial impact of each breach is increasing and it’s becoming harder to keep these attacks out of the news. The bottom line is the consequences for organizations can be devastating in terms of loss of revenue and reputation.
NSA Cyber Hacking Tools Hacked and Released to the Public
Last week on my radio show, I discussed how some of the most powerful hacking tools created by the NSA’s elite hacking group known as the “Equation Group” have been released in the public by a hacking group calling themselves “The Shadow Brokers”.
Many experts in the InfoSec arena including the security firm Kaspersky stated, “The files posted by The Shadow Brokers and tools used by the Equation group, “share specific and rare characteristics”, so the probability of falsification is “highly unlikely.”
The tools that were release are much more sophisticated than many of the open source and freely available hacking tools that are available on the internet. These tools can easily circumvent the security of many of the major government and corporate networks both in the US and abroad. These tools can also be used to take over firewalls that are used in the largest and most critical environments around the world.
The Shadow Brokers are asking for 1 Million in Bitcoins (around $568 Million Dollars) in an auction to release more hacking tools in the public.
How can this happen you ask?
The main suspect is Russia, and it’s not clear if the hackers broke into the secure NSA computer network or, more likely, an NSA employee left the hacking tools on an unsecured intermediate server during a hacking operation.
In a tweet about the event, Edward Snowden, former NSA employee and whistle blower stated, “NSA’s hackers are told not to leave their hack tools (‘binaries’) on the server after an op,” but later stated, “But people get lazy.”
If Russia is indeed responsible as many security researchers believe, it seems they have taken their cyber-attacks to a new level with the recent occurrence pertaining to the hacked emails and stolen documents from the Democratic Party.
How should the US respond?
Trump invites Russia to meddle in the U.S. presidential race with Clinton’s emails
Trump invites Russia to meddle in the U.S. presidential race with Clinton’s emails
Republican nominee Donald Trump pleaded directly Wednesday with the Russian government to meddle in the U.S. presidential election by finding and releasing tens of thousands of private emails from his Democratic opponent, Hillary Clinton — an extraordinary and perhaps unprecedented maneuver in American politics.
“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said during a news conference at one of his South Florida resorts. He added later, “They probably have them. I’d like to have them released.”
Asked whether Russian espionage into the former secretary of state’s correspondence would concern him, Trump said, “No, it gives me no pause. If they have them, they have them.”
The emails cited by Trump are from Clinton’s time at the State Department, where her use of a private server prompted a federal investigation. The FBI concluded that no prosecution was necessary.
Read More Here
Here’s What We Know About Russia and the DNC Hack
As the Democratic National Convention continues its week-long stay in Philadelphia, accusations of Russian hacking continue to cloud the proceedings. At this point, it seems likely that Russia is responsible. What’s less clear is what that will mean going forward.
It’s been a bad stretch for the Democratic National Committee. Hackers broke into its servers months ago, stealing private emails, opposition research, and campaign correspondence. Last Friday, Wikileaks made nearly 20,000 of those private emails public, revealing embarrassing details of the political machine’s inner workings. DNC official allege that the Russian government is behind the breach. The New York Times reports that US intelligence agencies increasingly share that opinion. According to a number of top cybersecurity researchers, they’re probably right.
Read more Here
Did Russian government hackers leak the DNC emails?
By now, it’s pretty clear that Russian hackers are responsible for breaches of the Democratic National Committee networks that occurred last summer and in April of this year — several forensic security firms have found evidence that traces the breach back to Russia. Now that DNC emails harvested during the breaches are starting to appear on Wikileaks, pundits are speculating that Russia leaked the emails in a bid to land Donald Trump in the Oval Office. But is the email leak also attributable to hackers on Russia’s government payroll?
A new analysis released by security consulting firm ThreatConnect has marshaled more evidence to prove that hackers linked to the Russian government communicated with journalists about the leaked documents.
A hacker set up a website and Twitter account to take credit for the DNC breach soon after it was initially reported, calling himself Guccifer 2.0 (a moniker modeled after a Romanian hacker who is recently pleaded guilty to hacking American political operatives). That claim shed doubt on initial reports from The Washington Post and others that laid the responsibility for the breach squarely at the feet of organizations with ties to the Russian government and its president, Vladimir Putin. But ThreatConnect’s research suggests that Guccifer 2.0 is simply an invention of the Russian government to deflect attention from its involvement in the breach.
Read More Here
7 Steps to a Cyber-Resilient Business
Cyber security is the most prominent risk issue facing company Boards of Directors and executives worldwide. We are inundated almost daily with accounts of major corporate data breaches and compromised networks. Recent high-profile attacks such as the targeting of point-of-sale terminals at Target, Home Depot and Staples, server software at JP Morgan, and employee databases at Sony, demonstrate how vulnerable even the largest and most sophisticated companies can be. In this highly challenging environment, board members and executives are, not surprisingly, unsure of how best to protect themselves.
Proactive prevention with a focus on cyber resilience: A “how to” guide
The first and most important step is to take measures to prevent intrusions from occurring in the first place. Just as a proper diet, exercise, hand-washing and regular flu shots are important to minimizing your odds of developing the flu, maintaining standard systems hygiene is critical to protecting your organization from being infiltrated by hackers. In fact, the Center for Internet Security claims that up to 80% of cyber attacks can be prevented by:
- Maintaining an inventory of authorized and unauthorized devices
- Maintaining an inventory of authorized and unauthorized software
- Developing and managing secure configurations for all devices
- Conducting continuous (automated) vulnerability assessment and remediation
- Actively managing and controlling the use of administrative privileges
Unfortunately, blocking four out of five attacks still leaves open the possibility that a substantial number of attacks might succeed. And today, it’s more a matter of when rather than if you will, eventually, be successfully attacked. What happens then?
Even well prepared companies may not know immediately that they have been breached. But those that have prepared for such an event will be much better off than those that have not. Just as conducting fire drills can save lives in the event of a real fire, preparing for the aftermath of a cyber attack can make an enormous difference in how quickly your company gets back on its feet and how well officers and board members do in the limelight after a major breach becomes public.
steps-to-cyber-resilience-final
The good news is that building a cyber-resilience action plan is a step-by-step process that any company willing to commit the time and resources can accomplish. And, after ensuring you have good system hygiene, the next step is to put the right group together to work out the details. This working group should include a cross-functional collection of senior managers (Sales & Marketing, IT, Finance, Legal, Risk, HR, etc.) each of whom is willing to meet regularly to discuss cyber security, monitor evolving threats (as seen from his or her unique perspective in the company), and participate in modeling and analyzing hypothetical attacks.
Once formed, the group can begin to map out the plan by, first, assessing the company’s cyber risk profile. A recent study from Verizon has concluded that 95% of all cyber attacks can be analyzed in terms of nine basic patterns.2 A thorough study of the patterns, facilitated perhaps by the help of an external cyber security expert, can help the group determine the types of attacks their company is most vulnerable to; preventive measures can then be tailored to these patterns.
To go deeper, the team should then develop hypothetical scenarios, based on the most relevant patterns identified above, to help identify in detail possible attack modes, targets, vulnerabilities and impacts. There is no need for, and it is in fact a detriment to require, great precision in this exercise. No one can know for certain, ahead of the event, how much damage a successful data breach will cause in terms of lost revenue, reputational harm, or stock price declines. All that is needed are rough estimates that give enough sense of scale and types of potential harm to enable the team to put together a risk mitigation strategy.
Such a strategy will involve steps to mitigate the damage to the most relevant targets in an attack. For example, if a company determines that its greatest threat is malware installations in point-of-sale software systems, directed by domestic operatives, via vendor access rights, then it might consider investments in end-to-end encryption, Application White Listing (AWL), File Integrity Monitoring (FIM), system access software, vendor access controls and regular reviews of all vendor access logs.
It is important to realize that cyber-attacks cannot be fully mitigated. In these instances, having the right cyber insurance coverage in place can make all the difference in how your company performs in the days, weeks and months following a successful attack. Cyber insurance can provide critical capital and expert assistance when a cyber-security event occurs.
Companies may also want to acquire Directors and Officers (D&O) liability insurance to protect board members company officers against claims of negligence following a breach. In addition, they may want to review their property, casualty and business interruption coverage to ensure that sufficient protection exists in the event of a successful cyber-attack on the company’s infrastructure. Fortunately this type of attack has, to date, been rare. But such attacks are not unheard of, and the potential for them is growing more likely given current geopolitical instabilities, especially for multinationals with exposure in more sensitive countries around the globe.
By taking the steps outlined above, a company can increase its cyber resiliency and be much better positioned to quickly recover from a successful cyber-attack.
Source : https://www.aig.com/knowledge-and-insights/building-a-cyber-resilient-business
Connected Cars: Strategies For Reducing The Ever-Expanding Risk
The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.
As automakers improve the driving experience with digital technology, they also open up new avenues for attack. The good news is that these avenues are too advanced for the average “script kiddie.” They are, however, by no means beyond the abilities of well-funded experts, as many hackers are these days.
In fact, one automaker contracted my firm well before the headline-grabbing Jeep Cherokee hack last summer to conduct an advanced attack on their entire enterprise. Within four weeks, our ten-person team of ethical hackers was able to gain access that would have allowed us to interfere with both corporate and manufacturing networks as well as conduct unauthorized interactions with the vehicles.
This ever-expanding attack surface of connected cars exposes significant risk to drivers’ safety, but it is also a serious threat to private customer and enterprise data. To maintain the public’s confidence, automotive manufacturers must develop proactive solutions that address major issues beyond the vehicle itself.
Read more here.
Cyber Security Agenda for the Next President
The Obama administration has implemented a number of cybersecurity and privacy initiatives aimed at making IT more secure for the federal government and the private sector. Those include the cybersecurity framework, National Strategy for Trusted Identities in Cyberspace, employing encryption and sharing cyberthreat information.
Will the next president carry on the Obama cybersecurity policies or decide to take a different approach? That’s a question to be debated by a panel of experts at Information Security Media Group’s Fraud and Breach Prevention Summit in the Washington area May 17 and 18.
Read more here.
