Friday, 7 May 2021

Achieving PCI DSS Compliant Firewalls within a Small Business

The most important and integral part of any data security begins with having firewalls installed in the environment. Not just that, installing firewalls is an essential requirement of the Payment Card Industry Data Security Standard (PCI DSS). However, simply installing a firewall on the network perimeter will not make your organization PCI DSS compliant.

PCI DSS draws out specific requirements pertinent to firewalls under requirement 1 and its sub-requirements on how firewalls should be installed, updated, maintained along with other firewall rules. Elaborating more on this, we have explained in this article basic PCI DSS firewall requirements, and the need for small businesses to install firewalls. But before getting into the details of it, let us first understand the meaning of a PCI DSS compliant firewall.

What is a PCI DSS Compliant Firewall?
Firewalls are used to segment or isolate networks and are an essential component to limit cyber threats and protect internal networks from the internet and untrusted networksIn a merchant’s point-of-sale environments (POS), a firewall's purpose to restrict only specific permitted network traffic into and out of the POS network environment.

However, if misconfigured and unmaintained, a firewall could fail to adequately protect
 networks and IT systems that process payment cards. The PCI Security Standards Council have provided requirements and guidance for firewalls to ensure the merchants and service providers, correctly deploy and maintain firewalls.

PCI Firewall Requirements
The PCI DSS firewall requirements cover both technical specifications and physical access controls requirements within PCI DSS requirements 1 & 9.  This includes planning for future updates, reconfiguration, limiting only relevant inbound network traffic, etc. The physical access requirements are more about ensuring that companies limit physical access to the Cardholder Data Environment (CDE). This would include inspecting card reading devices for identifying any tampering of devices, installing monitoring devices, the requirement of unique IDs for authorized access, and visitor logs to name a few. 

To understand the technical requirements, let understand the PCI DSS firewall requirements summarised below for your better understanding.

Ref.

Requirements

Description

1

Protect cardholder data with a firewall.

Firewalls are a key protection mechanism for securing the network and Cardholder Data Environment.

1.1

Establish and implement firewall and router configuration standards.

Ensure establishing firewall and router configuration standards and other documentation to verify that standards are complete and implemented.

1.1.1

Establish a formal process to validate and test all network connections, changes to firewall and router configurations.

Established documented procedures to verify there is a formal process for testing and approving network connections, changes to firewall and router configurations. This would even include interviewing responsible personnel and examining records periodically to verify that, network connections and a sample of actual changes made to firewall and router configurations are approved and tested.

1.1.2

Establish a network diagram to identify all connections between the cardholder data environment and other networks, including any wireless networks

Create network diagrams that describe how networks are configured, and identify the location of all network devices. This prevents the possibility of any area being overlooked and unknowingly left out of the security controls implemented for PCI DSS and vulnerable to compromise

1.1.3

Establish a data flow diagram that shows all cardholder data flows across systems and networks.

Create a data-flow diagram to identify the location of all cardholder data in the environment. This will help you in understanding and tracking the flow of the data in the environment across systems and networks. Further, the data flow must be kept up to date as needed depending on the changes to the environment.

1.1.4

Establish firewalls at each Internet connection between the DMZ and the local network.

The firewall on every Internet connection coming into the network, and between any DMZ and the internal network, allows the organization to monitor and control access. This further minimizes the chances of malicious unauthorized access to the internal network via an unprotected connection.

1.1.5

Create descriptions of groups, roles, and responsibilities for managing network components.

Establish roles and responsibilities for the management of network components. This is to ensure that personnel is aware of their roles and responsibilities pertaining to the security of all network components. This helps facilitates better accountability for the security of the CDE.

1.1.6

Document the security measures implemented and protocols considered unsafe and the business rationale for using all services, protocols, and ports allowed.

 

Implementing documentation of services, protocols, and ports that are necessary for business can prevent a compromise that is otherwise caused due to the unused or insecure service and ports. Further, the use of any necessary protocol and ports should be justified, and the security features that allow these protocols to be used securely should be documented and implemented.

1.1.7

Review firewall and router rules at least every six months

 

Organizations must periodically review firewall and router rules at least every six months to clearly unwanted outdated, or incorrect rules and ensure establishment rule that allows only authorized services and ports that match the documented business justifications.

1.2

Restrict connections between untrusted networks and all system components in the cardholder data environment with firewall and router configurations

Install network protection between the internal, trusted network and any untrusted network that is external and/or out of one's ability to control or manage. This is to limit traffic and prevent any kind of vulnerability and unauthorized access by malicious individuals or software.

1.2.1

Restrict inbound and outbound traffic to only that is necessary for the cardholder data environment, and limit all other traffic.

Examine all inbound and outbound connections and set restrictions of traffic based on the source and/or destination address. This helps filter out unnecessary traffic and prevents malicious individuals from accessing the network via unauthorized IP addresses or from using services, protocols, or ports in an unauthorized manner.

1.2.3

Install perimeter firewalls between all wireless networks and the cardholder data environment and configure these firewalls to filter only the authorized traffic for business purposes.

Firewalls must be installed between all wireless networks and the CDE, which may include, but is not limited to, corporate networks, retail stores, guest networks, warehouse environments, etc. Installing firewalls at the network perimeter works as a filter to limit only authorized traffic. This restricts malicious individuals from gaining unauthorized access to the wireless network and the CDE to compromise account information.

1.3

Prohibit direct public access between the internet and any system components in the cardholder data environment.

 

Firewalls must be installed to manage and control all connections between public systems and internal systems, especially those that store, process or transmit cardholder data. This prevents bypassing and compromise of system components and card data.

1.3.1

 1.3.2

Create a demilitarized zone (DMZ) to limit incoming traffic to system components that only provide publicly accessible authorized services, protocols, and ports.

Implementing DMZ prevents malicious individuals from accessing the organization's internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner.

1.3.3

Implement anti-spoofing measures to detect and prevent fraudulent source IP addresses from entering the network.

Implement anti-spoofing measures to filter forged IP addresses entering the internal network and causing compromise.

1.3.4

Do not allow unauthorized traffic from the cardholder data environment to the internet.

Evaluate all traffic outbound from the cardholder data environment to the internet to ensure that it follows established, authorized rules and restricts traffic to only authorized communications.

1.3.5

Allow only established connections to the network.

Examine the firewall and router configurations to verify that the firewall permits only established connections into the internal network and blocks any inbound connections not associated with a previously established session. This prevents malicious traffic from trying to trick the firewall into allowing the connection.

1.4

Install personal firewall software on all portable computing devices connected to the internet and access the CDE while off the network.

Installing personal firewall software or equivalent functionality on any portable computing device protect devices from Internet-based attacks, that use the device to gain access to the organization's systems and data once the device is reconnected to the network.

1.5

Ensure that security policy and operational procedures for the management of firewalls are documented in use and are known to all parties concerned.

Ensure that the security policies and operational procedures for managing firewalls are documented, in use, and personnel responsible are aware of it. This is to manage and prevent unauthorized access to the network.


Why does a small business need to have PCI Compliant Firewall?
Poor firewall implementation and maintenance is a common factor in cyber attacks and payment card data thefts within small businesses, which is often due to poor IT security understanding and suitable resources by IT and business management. All business connectivity with the internet poses the greatest risk to safeguard with a firewall. PCI DSS requirement all
internet connectivity to be protected with a firewall, which effectively creates a ‘buffer zone’ between the business's IT network or systems, and untrust external networks and systems. Other reasons why firewalls are essential for small business include:

Access Controls
The firewall operates at the network layer, filtering all incoming requests based on IP address and the service being accessed such as web or email or some customised ports. So, installing firewalls to a great extent restricts unauthorized access and prevents entry of any malicious individuals gaining unauthorised access to the network and compromise any data.

Cloud Security

Connectivity with third parties and cloud service providers can also be controlled through a firewall policy, to safeguard from supply chain threats and protect sensitive data from exposure.

Malware Protection
Firewalls are much more than just filtering network traffic based on IP addresses. 'Next Generation firewalls provide security controls beyond the traditional firewall controls of IP address and port filtering. Such as providing VPNs, web filtering capabilities, anti-malware screening of incoming traffic, and intrusion detection/prevention which is another PCI DSS requirement. 

Application and Database Protection
Some firewalls have web application screening capability and are known as Web Application Firewalls (WAF). A correctly configured WAF provides protection from application-layer threats such as web-based attacks like SQL injections, where an attacker manipulates a web application to expose the back-end database. PCI DSS requirement 6.6 requires installing an automated technical solution that detects and prevents web-based attacks (e.g., a web application firewall) as one of two ways to address vulnerabilities to public-facing web applications.

Monitoring and Responding to Malicious Activity
Firewalls monitor and report suspicious attacks, with the support of a 'Security Information and Event Management' (SIEM) tool, the business is able to detect and quickly respond to cyber-attacks, which is covered by PCI DSS requirement 10.

Conclusion
Smaller businesses are considered easy prey by hackers, due to the tendency of such firms not having sufficiently robust IT security controls in place. Small businesses which process payment cards are specifically targeted by cybercriminals, as they can quickly turnaround stolen credit card data into cash via the dark web. Installing and maintain a firewall is a fundamental and basic IT security pillar that should never be neglected and underestimated in its importance, along with configuring IT systems to be secure, implementing access control, deploying anti-virus, and keeping all software up-to-date. PCI DSS provides a highly descriptive set of security industry good practice IT controls, which if completely adhered to on a continual 24/7/365 basis, is sufficient to protect your business from payment card compromises by cybercriminals.

Author Bio
Narendra Sahoo
(PCI QSA, PCI QPA, CISSP, CISA, and CRISC) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.

Thursday, 6 May 2021

Cybersecurity Is Not A One-Stop-Shop

Cybersecurity is not a One-Stop-Shop
Boris Johnson announced the Government’s roadmap to lift Coronavirus restrictions for both businesses and the general public earlier in February, and since then, this has provided a glimmer of hope for many across the country. However, since the start of the pandemic, the way business is conducted has changed permanently, with many workforces wanting to continue to work remotely as lockdowns and restrictions ease over time. So, as companies relax and rules are eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working.

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable.

The Risk Grows
Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape. As indoor spaces begin to open in the next few months, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats.

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday once the travel ban is lifted, deploying fake travel websites, for example.

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution.

The Importance of a Layered Approach
Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce.

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by

bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material.

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence. This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role
Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Conclusion
Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it's essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

Wednesday, 5 May 2021

The Role of Translation in Cyber Security and Data Privacy


Article by Shiela Pulido

Due to our dependence on the internet for digital transformation, most people suffer from the risks of cyberattacks. It is an even greater concern this year due to the trend of remote working and international business expansions. According to IBM, the cost of cyber hacks in 2020 is about $3.86 million. Thus, understanding how cybersecurity and data privacy plays a priority role in organizations, especially in a multilingual setting.

But, what is the relationship of languages in data privacy, and how can a reliable translation help prevent cyber-attacks?

The Connection of Translation Company to Data Privacy
A lot of people will ask about the clear connection between translations and cybersecurity. In data privacy, conveying important information through effective communications is important. However, with language barriers and complicated jargon in the IT industry, only IT professionals can understand their messages. It is also especially difficult for multilingual people who only know basic translations of the contents.

Oftentimes, a cyber attack or cyber hack happens when people don’t know what’s happening in their gadgets. Malware developers have different ways of attacking their victims, and they make their attempts as difficult to identify as they can. Some of them use spam which is in the form of unsolicited and inappropriate messages. According to the Message Anti-Abuse Working Group, about 88–92% of total email messages in 2010 are spam.

Aside from that, phishing is also a known way of attempting to get sensitive information from users through a webpage that looks the same as a trustworthy entity. Due to the uncanny similarity of the sites, the unsuspecting visitors tend to put their bank, credit card, and identity details willingly.

For clarity and convenience, it is essential to have accurate translations for guidelines, procedures, and warnings to bridge communication gaps in cybersecurity. However, you must find an experienced translation company with specialists in diverse technologies and masters the terminologies in the IT industry. It is best to avoid free translation software that is more prone to data piracy and cyberattacks.

Cyberattack Cases Worldwide
To understand the severity of cyber hacking, here are some of the widely known cyberattacks in different parts of the world:

Japan
Even with its title as one of the leading countries with high technology, Japan still wasn’t able to escape cybercrimes. Last 2016, Japan experienced a series of cyberattacks on different companies that led to the leaking of over 12.6 million confidential corporate information. There was also another ransomware named WannaCry that attacked over 500 companies at that time. They even caused great damage to large brands like Honda Motors, which had to shut their operations down for some time.

Denmark
Last 2015, there were some cyberattacks on the staff members of the Danish defence and foreign minister. It was followed by the ransomware that paralyzed the operations of Maersk, Denmark’s transport and logistics giant brand. The multiple threats of cyber attacks in their country also affected their hospitals and energy infrastructures. Due to that, the request for their languages for cybersecurity is continuously increasing up to this year.

Russia
Some people think that Russia is one of the major perpetrators of cyber-attacks around the world. However, they are vulnerable to cybercrimes themselves and have already experienced previous attacks. Some of the targeted organizations in Russia were Rosnet, their largest oil producer, airports, and banks. Wannacry was also able to infiltrate Russia’s Interior Ministry, which was a great threat to their government.

How Translators Help Prevent Cyber Attacks
As mentioned, translators are of great help in preventing cyber attacks. But, how is it possible? Here are some of the best ways to avoid data privacy invasion and malware installations through accurate translations:

Translating User Interface
The user interface is the screen that lets users and computers interact with each other. If the users cannot understand what they’re seeing, it will be difficult for them to identify suspicious ads and pop-ups. Thus, it is ideal to translate the user interface to different languages to cater to the needs of their multilingual users.

For example, if the users entered a website trying to install malicious software to a computer, they should be able to identify what they can click and not. However, most websites and user interfaces (UI) are in English, and not everyone around the world speaks this language. This is why most people tend to click the wrong buttons and accidentally permit the installation of virus-infected files.

This is also the same case when it comes to using mobile applications. Most cyber hackers are using ads and pop-ups to attack users. To confuse people, malware developers don’t only rely on standard keys such as “x” that confuses people on what they should click. They make finding the exit difficult to find to force the users to make a mistake.

In these cases, translating the UI of the website, software, and application to other languages is the ideal solution.

Bridging Communication Gaps between Cybersecurity Experts
Cybersecurity staff may understand the jargon in the IT industry, but it is a different case when they speak different languages. There are numerous cybersecurity centres all around the world and they don’t always understand English. The language barrier interferes with their ability to convey important information about cybersecurity. Due to this, most companies are hiring reliable translators to let the professionals speak confidently about important matters.

Securing Accurate Translations of Important Texts
Most websites post warnings and precautions to help their users avoid malware attacks. However, if they are in a different language, most people will just ignore these warnings. Even if they try to translate the texts through free automated translations, the result could be inaccurate and may cause misunderstandings to users.

A professional translation of these warnings, labels, and precautions can ensure that the website’s messages are properly conveyed to the users. It is especially useful for large entities, organizations, and government institutions.

Protecting Critical Information
Most small to medium enterprises choose translation software because they are relatively cheaper than hiring professional translators. However, the sad truth about that is they’re putting their companies at risk for cyber attacks. This software uses artificial intelligence and machine learning that stores your information as you translate documents. They are free to use the acquired details however they want, and you can’t do anything with it.

Thus, for critical documents, emails, and company and health information, it is ideal to hire a trusted translation company to secure your details. They also use technology with tight security and privacy for the translated contents.

Tuesday, 4 May 2021

The Key to Cybersecurity is an Educated Workforce

The United Kingdom's National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains.

Business Size Doesn’t Matter
Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face.

Human Error
As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business.

Yet, these risks can be mitigated by educating workforces on the modern threat landscape and the existing risks. Teamed with anti-malware solutions and technology, such as VIPRE’s SafeSend, employees can be alerted to double-check their email attachments and recipients, as well as any potentially malicious incoming emails.

Cybersecurity Training
Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity.

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

By working with a successful vendor, such as VIPRE, that has access to the appropriate security solutions and expertise, they can help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organisation.

A Responsible Workforce
Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on.

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them.

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term.

Monday, 3 May 2021

Cyber Security Roundup for May 2021

  

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021.

Think Before You LinkedIn!
Business social media platform LinkedIn is being exploited by nation-state threat actors to target UK citizens.  The UK Security Service MI5 said 10,000 staff from every UK government department and from important UK industries have been lured by fake LinkedIn profiles. MI5 said the faked LinkedIn accounts are created and operation by nation-state spy agencies, with an intent to recruit individuals or gather sensitive information. MI5 released a campaign video called "Think Before You Link" to raise awareness of the threat.

The personal information of 11 million UK Facebook profiles were been found on a hackers website, with the social media giant seemingly dismissing the significance of the data within a statement, "This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019".  However, personal information is rarely historic data that losses significance to the person it is associated with. In this case, the leaked Facebook data included full names, locations, birthdates, email addresses, Facebooks IDs, and even phones numbers. Such personal data is unlikely to have changed for the vast majority of people in the last couple of years, therefore this data is of concern to its owners, and also remains of good value to scammers. You can check if your phone number or email address is part of this Facebook data leak and other data breaches on the Have I Been Pwned websiteFacebook faces a privacy regulation investigation over this data breach.

The Ransomware Scourge
The Institute for Science and Technology 'Ransomware Task Force' (RTF), which is a collaboration of more than 60 stakeholders, finally released its ransomware framework, which comprised of 48 strategies to tackle the ransomware problem. “Ransomware attacks will only continue to grow in size and severity unless there is a coordinated, comprehensive, public-private response,” the 80-page report says. “It will take nothing less than our total collective effort to mitigate the ransomware scourge.” 

The RFT listed its top-five priority strategies, which are:
  1. Co-ordinated, international diplomatic and law enforcement efforts must proactively prioritize ransomware through a comprehensive, resourced strategy, including using a carrot-and-stick approach to direct nation-states away from providing safe havens to ransomware criminals.
  2. The United States should lead by example and execute a sustained, aggressive, whole of government, intelligence-driven anti-ransomware campaign, coordinated by the White House. This must include the establishment of 1) an Interagency Working Group led by the National Security Council in coordination with the nascent National Cyber Director; 2) an internal U.S. Government Joint Ransomware Task Force; and 3) a collaborative, private industry-led informal Ransomware Threat Focus Hub.
  3. Governments should establish Cyber Response and Recovery Funds to support ransomware response and other cybersecurity activities; mandate that organizations report ransom payments; and require organizations to consider alternatives before making payments.
  4. An internationally coordinated effort should develop a clear, accessible, and broadly adopted framework to help organizations prepare for, and respond to, ransomware attacks. In some under-resourced and more critical sectors, incentives (such as fine relief and funding) or regulation may be required to drive adoption.
  5. The cryptocurrency sector that enables ransomware crime should be more closely regulated. Governments should require cryptocurrency exchanges, crypto kiosks, and over-the-counter (OTC) trading “desks” to comply with existing laws, including Know Your Customer (KYC), Anti-Money Laundering (AML), and Combatting Financing of Terrorism (CFT) laws.
The RFT report concludes, “Despite the gravity of their crimes, the majority of ransomware criminals operate with near-impunity, based out of jurisdictions that are unable or unwilling to bring them to justice. “This problem is exacerbated by financial systems that enable attackers to receive funds without being traced.”

The UK Government have chipped in £3.68 million of a £10.4 million bill for Redcar and Cleveland Council on the back of a ransomware attack that took the Councils IT systems down in February last year. The ransom was said not to have been paid by the Council, in a statement, LibDem Council leader Mary Lanigan said "No money was handed over to these criminals and we continue to hope that they will eventually be brought to justice.".  


Meanwhile, on the other side of the pond, it was reported that Russian-speaking ransomware gang Babuk had infiltrated Washington D.C. Met Police, and with the gang threatening to disclose confidential information via Twitter, including suspected gang member informants. The REvil ransomware gang are also reported to be demanding a hefty ransom payment from Apple, else 15 unreleased MacBook schematics and gigabytes of stolen personal data would be leaked online. The ransomware gang said it was seeking a $50 million ransom to be paid by 27th April, else the ransom would increase to $100 million.

Millions in the UK Targeted by Malware via a DHL Scam Text Message
Millions of UK citizens received a scam text message (aka smashing) which impersonated DHL in April.  The message said "DHL: Your parcel is arriving, track here <link>". That link would attempt to install spyware called Flubot, malware designed to steal online banking data from Android devices. 

A Vodafone spokesman said, "We believe this current wave of Flubot malware SMS attacks will gain serious traction very quickly, and it's something that needs awareness to stop the spread". 

If you receive any Text Message which includes a web link, "Think before you Click!", and if you have any doubt about message origin, always better to stay safe and delete it, or to report the message to your network provider, by forwarding to 7726.
How Strong is Your Password?
Millions of British people are using their pet's name as an online password, despite it being an easy target for hackers to work out, according to a National Cyber Security Centre (NCSC) survey. The NCSC said 15% of brits use their pets names, while 14% use a family member's name, and 13% pick a notable date. A favourite sports team accounted for 6% of passwords, while a favourite TV show accounted for 5%.  Most concerning is that 6% of people are still using "password" as all, or a part of their password.

"Millions of accounts could be easily breached by criminals using trial-and-error techniques," the NCSC warned. The NCSC urges people to choose random words that cannot be guessed instead. An example they give is "RedPantsTree", which is unlikely to be used anywhere else online.

BLOG

Friday, 30 April 2021

Which is more Important: Vulnerability Scans Or Penetration Tests?

Which Is Better? A Vulnerability Scan Or A Penetration Test?
Vulnerability scanning and penetration tests are two very different ways to test your system for any vulnerabilities. Despite this, they are often confused about the same service, which leads to business owners purchasing one service when they are really in need of the other.

In an effort to help these business owners tell the difference between the two services and understand which is best suited to their needs, SecureTeam, a cybersecurity consultancy, has written this guide to explain vulnerability scans vs. penetration testing.

In a brief summary, a vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities in your system. A penetration test, on the other hand, is a detailed hands-on examination by a cybersecurity professional that tries to detect and exploit weaknesses in your system. Now, let’s look a little deeper at the two services.

What is a Vulnerability Scan?
Vulnerability scans can also be known as vulnerability assessments and are a scan performed by cybersecurity professionals that assess your systems, networks and computers for any cybersecurity weaknesses or vulnerabilities.

Once they have been set up vulnerability scans are typically automated and are used to give a beginning look at any weaknesses in your system that could be exploited. High-quality vulnerability scans can search for over 50,000 vulnerabilities.

Vulnerability scans can be started manually or can be run on a regularly scheduled basis. In addition, vulnerability scans can take anywhere from a few minutes to several hours.

Vulnerability scans are a passive approach to cybersecurity and only report on any vulnerabilities that are detected. It is then up to the business owner to arrange to take care of those vulnerabilities.

Vulnerability Scan Reporting
After a vulnerability scan is completed a detailed report will be created. Typically, vulnerability scans create an extensive list of vulnerabilities found that your team can perform further research on. Some cybersecurity consultancies will also offer direction on how to resolve any weaknesses you have.

The reporting can sometimes include false positives where the scan identifies a threat that isn’t actually real. Unfortunately, sifting through the report is the only way to differentiate between the real threats and the false positives. Typically, cybersecurity professionals will rank vulnerabilities found by the scan into groups based on the severity of the risk, allowing you to prioritise high-risk weaknesses first.

Benefits of a Vulnerability Scan
Vulnerability scans have a number of benefits that make them a useful tool for businesses.
  • Vulnerability scans are a very affordable cybersecurity solution
  • Quick to complete and provide a complete look at possible vulnerabilities
  • Can be run automatically on a schedule that works for you
Limitations of a Vulnerability Scan
However, vulnerability scans do have some limitations that might make them inappropriate for a businesses’ requirements.
  • They can provide false positives
  • After the scan is complete you must manually check each vulnerability
  • Vulnerability scans don’t tell you if a weakness is exploitable
What is a Penetration Test?
Penetration testing, also known as ethical hacking, is when a cybersecurity professional simulates a hacker attempting to get into your system through a hands-on attempt to exploit any vulnerabilities in your system. Penetration testers will search for vulnerabilities and then attempt to prove that they can be exploited.

Penetration testing makes use of testing methods like buffer overflow, password cracking and SQL injection in an attempt to compromise and extract data from your network in a way that doesn’t damage it.

Penetration tests are an extremely detailed and effective approach to finding any vulnerabilities in your applications and networks. If you really want to find deep issues in your application or network, you need a penetration test. And if you modify your systems and software over time, a regular penetration test is a great way to ensure continued security.

The main aspect that differentiates penetration testing from vulnerability scanning is the live human element. There is no such thing as an automated penetration test. All penetration tests are conducted by very experienced, very technical, cybersecurity professionals.

Penetration Test Reporting
Usually, penetration test reports are much longer compared to vulnerability scans and contain a high-detailed description of the attacks used and testing methodologies. In addition, penetration test reports often include suggestions on how to remedy the vulnerabilities and weaknesses found.

Benefits of a Penetration Test
Penetration tests have a number of benefits that make them the first choice for many businesses.
  • Manual testing by a cybersecurity professional means results are more accurate
  • Retesting after remediation is often included as standard
  • Rules out any false positives
Limitations of a Penetration Test
Despite their thoroughness, penetration tests do have some limitations to be aware of.
  • They can take far longer to complete (ranging from 1 day up to 3 weeks)
  • They are far more expensive than vulnerability scans, which can be an issue for smaller businesses
Which is Better? A Vulnerability Scan Or A Penetration Test?
Vulnerability scans are a quick and easy way to gain insight into your network security with weekly, monthly or quarterly scans. However, penetration tests are far more thorough and deeply examine your network security. On the other hand, penetration tests are far more expensive. But, you are getting a cybersecurity professional to examine every part of your business in the same way a real-world attacker would.

Both tests should be utilised by businesses to protect their networks and ensure security. However, as the more affordable option vulnerability scans is a tool that can easily be automated and used more frequently. While the more expensive penetration tests are very thorough and can be used less frequently.

Effective cybersecurity is vital for businesses, regardless of size. For further advice on vulnerability scans and penetration testing or to arrange a test for your network, contact a cybersecurity consultant.

Author’s Bio:
Dan Baker is a Content Writer who works with SecureTeam, a cybersecurity consultancy practice based in the UK.

Wednesday, 28 April 2021

Should Doctors Receive a Cybersecurity Education?

Article by Beau Peters

It is no secret that medical professionals of all levels need to maintain a vast amount of knowledge in their brains at all times. After all, having experience and education is crucial to saving lives and helping patients. But should an understanding of cybersecurity be added to their repertoire? If they want to give the best overall care inside and outside of the clinic, then the answer is yes.

As technology has evolved and we have moved to a more remote work environment, it is essential that cybersecurity becomes part of training for everyone in a medical organization, from human resources to the doctors themselves. By knowing the threats and understanding the solutions, doctors can protect their patients and provide advice to keep them safe even after they leave the office. Below are some of the many reasons why doctors should receive a cybersecurity education.

Following Privacy Guidelines
These days, technology is being used in the medical community more than it ever has before. Currently, medical devices and tools outnumber actual human doctors by 3 to 1. While this is great for providing patients with around-the-clock support, the downside is that hackers have been breaching medical devices and computers in record numbers. That’s not all. Even though these risks exist, recent studies show that 32 percent of medical employees don’t have any cybersecurity training, including many doctors.

While the increased number of threats should be reason enough for cybersecurity training, there are also guidelines in place that require medical establishments to keep customer records safe. In the US, for example, along with the Health Insurance Portability and Accountability Act (HIPAA), there are the HIPAA security and privacy rules, which state that medical establishments must ensure that patient data is left confidential and that a practice must defend against any known security threat. Without educating the doctors, these guidelines cannot be met.

Cybersecurity education should also be taught because failing to protect your customers is not only right, but failure to do so could be disastrous for your practice. Recent numbers show that the average cost of a medical breach is upwards of seven million dollars, which is money spent on data recovery and fixing vulnerabilities. A medical practice that does not have the type of money to recover after a breach may have to close its doors.

Do No Harm
Just about any form of personal patient information can be used maliciously. Social security numbers and credit card information can be used to take out fake loans, which could result in bankruptcy or worse. Even email addresses can be used to send phishing emails and log into personal accounts.

Doctors who understand cybersecurity threats can also help to avoid more immediate threats that could even occur during surgeries. Hackers often use ransomware to infect and gain control of computers or medical apparatus. Once they do, they can lock the device until the hospital pays a hefty ransom to have the machine turned back on. This has occurred in hospitals in the past, and it can be deadly for patients who need immediate care.

Doctors who are educated on cybersecurity can ensure that their practice has the proper prosecutions in place. This includes updated antivirus software and a firewall on all internet systems to block unwanted traffic. Educated doctors will also recognise the importance of backup servers that can hold patient data and other information in the case that the main network is compromised.

Security and Telehealth
The arrival of COVID-19 required many business and medical offices to transition to a remote workforce which meant that many doctors had to adjust and begin treating non-emergency situations with telehealth platforms. The technology has grown exponentially over the last year, and due to its popularity, it is likely not going away anytime soon. However, while it is convenient and helpful, especially for elderly patients and those in rural areas, telehealth is also a target for hackers.

The issue is that the tech is still not completely understood by patients or doctors, and hackers use that vulnerability to find holes that they get through to steal data, listen in on video calls, and expand to other programs to steal even more data. Doctors who are informed on the risks of telehealth can educate the patients with an email before the telehealth session to tell them what to expect and how to protect their connection.

For instance, guidance should include precautions to use when talking to the doctor in a public place. It is in this environment that hackers can set up fake Wi-Fi accounts that look legitimate and are often advertised as free. However, when the patient connects, they are really connecting directly to the hacker. Doctors can advise them to only use telehealth in their home or to ask the owner of the establishment for the correct network.

Patients should also be told about the danger of phishing emails. Hackers can take advantage of those who frequent telehealth and send fake invites that appear to be from their doctor. There is typically a link in the email, and when clicked, the hacker gets access to their system. Doctors who are aware of the threat of phishing emails can advise patients to only open emails from their office, which should be sent through a secure service that requires a password to access.

While many doctors may feel that they don’t have the time to learn about cybersecurity, the fact is that doing so is more important than ever. Digital care is becoming as important as physical health, and a well-informed doctor can provide their patient's all-around care.