Eliminating the Social Media Cyber Security Blind Spot

Guest article by Anthony Perridge, VP International, ThreatQuotient
More than three billion people around the world use social media each month, with 90% of those users accessing their chosen platforms via mobile devices. While, historically, financial services (FinServ) institutions discouraged the use of social media, it has become a channel that can no longer be ignored.

FinServ institutions are widely recognised as leaders in cybersecurity, employing layers of defence and highly skilled security experts to protect their organisations. But as the attack surface expands with the growing use of social media and external digital platforms, many FinServ security teams are blind to a new wave of digital threats outside the firewall.

Social media is a morass of information flooding the Internet with billions of posts per day that comprise text, images, hashtags and different types of syntax. It is as broad as it is deep and requires an equally broad and deep combination of defences to identify and mitigate the risk it presents.

Understanding prevalent social media threats
Analysis of prevalent social media risks shows the breadth and depth of these types of attacks. A deeper understanding of how bad actors are using social media and digital platforms for malicious purposes is extremely valuable as FinServ institutions strive to strengthen their defence-in-depth architectures and mitigate risk to their institutions, brands, employees and customers.

To gain visibility, reduce risk and automate protection, leaders in the financial industry are expanding their threat models to include these threat vectors. They are embracing a data-driven approach that uses automation and machine learning to keep pace with these persistent and continuously evolving threats, automatically finding fraudulent accounts, spear-phishing attacks, customer scams, exposed personally identifiable information (PII), account takeovers and more.

They are aggregating this data into a central repository so that their threat intelligence teams can trace attacks back to malicious profiles, posts, comments or pages, as well as pivot between these different social media objects for context. Network security teams can block their users from accessing malicious social objects to help prevent attacks, and incident response teams can compare their organisation’s telemetry of incidents with known indicators of compromise to mitigate damage.

Employee education is also a critical component of standard defences. Raising awareness of these threats through regular training and instituting policies to improve social media security hygiene with respect to company and personal accounts goes a long way to preventing these attacks in the first place.

A Checklist for Financial Institutions This checklist that encompasses people, process and technology will go a long way toward helping FinServ security teams better protect their institutions, brands, employees and customers.

1. IDENTIFY the institution’s social media and digital footprint, including accounts for the company, brands, locations, executives and key individuals.
2. OBTAIN “Verified Accounts” for company and brand accounts on social media. This provides assurance to customers that they are interacting with legitimate accounts and prevents impersonators from usurping a “Verified Account.”
3. ENABLE two-factor authentication for social media accounts to deter hijacking and include corporate and brand social media accounts in IT password policy requirements.
4. MONITOR for spoofed and impersonator accounts and, when malicious, arrange for takedown
5. IDENTIFY scams, fraud, money-flipping and more by monitoring for corporate and brand social media pages.
6. MONITOR for signs of corporate and executive social media account hijacking. Early warning indicators are important in protecting the organisation’s brand.
7. DEPLOY employee training and policies on social media security hygiene.
8. INCORPORATE a social media and digital threat feed into a threat intelligence platform as part of an overall defence-in-depth approach. This allows teams to ingest, correlate and take action faster on attacks made against their institution via social media.

Conclusion
FinServ institutions and their customers use many different social networks to communicate and conduct business but are often blind to the risk bad actors present as they increasingly targeting these public, uncontrolled channels to commit financial fraud, damage brands and even pose physical threats.

FinServ security teams need visibility into digital threats outside the firewall and actionable information to reduce risk and automate protection. Those that are most successful have a defence-in-depth architecture that includes intelligence on social and digital threats, context to understand what threats pose the greatest risk, and the ability to build on existing processes and workflows to block more threats and accelerate remediation.

Microsoft Ignite Cyber Security Takeaways

Microsoft's annual flagship 'Ignite' conference is underway, amongst the hundreds of announcements and content covered, there are a number of interesting security-related updates and new releases by Microsoft, highlighted below.

Microsoft Ignite

Microsoft Defender Advanced Threat Protection (ATP)

https://www.microsoft.com/security/blog/2019/11/04/further-enhancing-security-microsoft

Microsoft is extending their endpoint detection and response capability in Microsoft Defender ATP to include MacOS, now in preview. Microsoft is planning to add support for Linux servers.

Application Guard for Office

https://www.microsoft.com/security/blog/2019/11/04/further-enhancing-security-microsoft

Now available in preview, Application Guard for Office provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It utilises Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Azure Security Center

Microsoft is announcing new capabilities to find misconfigurations and threats for containers and SQL in IaaS while providing rich vulnerability assessment for virtual machines. Azure Security Center also provides integration with security alerts from partners and quick fixes for fast remediation.

Azure Sentinel

https://azure.microsoft.com/en-us/services/azure-sentinel

Microsoft is introducing new connectors in Azure Sentinel to help security analysts collect data from a variety of sources, including Zscaler, Barracuda, and Citrix. In addition, Microsoft is releasing new hunting queries and machine learning-based detections to assist analysts in prioritising the most important events.

Insider Risk Management in Microsoft 365

https://www.microsoft.com/en-us/microsoft-365/blog/?p=233542

Microsoft is announcing a new insider risk management solution in Microsoft 365 to help identify and remediate threats stemming from within an organisation. Now in private preview, this new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss.

Microsoft Authenticator

https://www.microsoft.com/en-us/account/authenticator

Microsoft are making Microsoft Authenticator available to customers as part of the Azure Active Directory (Azure AD) free plan. Deploying Multi-Factor Authentication (MFA) reduces the risk of phishing and other identity-based attacks by 99.9%.

New value in Azure AD

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/What-s-new-in-Azure-Active-Directory-at-Microsoft-Ignite-2019/ba-p/827831

Previewing at the end of November, Azure AD Connect cloud provisioning is a new lightweight agent to move identities from disconnected Active Directory (AD) forests to the cloud. Additionally, Microsoft is announcing secure hybrid access partnerships with F5 Networks, Zscaler, Citrix, and Akamai to simplify access to legacy-auth based applications. Microsoft is introducing a re-imagined MyApps portal to help make apps more discoverable for end-users.

Microsoft Information Protection and Governance

https://www.microsoft.com/en-us/microsoft-365/blog/?p=233542

The compliance center in Microsoft 365 now provides the ability to view data classifications categorised by sensitive information types or associated with industry regulations. Machine learning also allows you to use your existing data to train classifiers that are unique to your organisation, such as customer records, HR data, and contracts.

Microsoft Compliance Score

https://nam06.safelinks.protection.outlook.com

Now in public preview, Microsoft Compliance Score helps simplify regulatory complexity and reduce risk. It maps your Microsoft 365 configuration settings to common regulations and standards, providing continuous monitoring and recommended actions to improve your compliance posture. 

Azure Firewall Manager

https://www.microsoft.com/security/blog/2019/11/04/microsoft-announces-new-innovations-in-security-compliance-and-identity-at-ignite/

Now in public preview, Microsoft customers can manage multiple firewall instances from a single pane of glass with Azure Firewall Manager. Microsoft are creating support for new firewall deployment topologies.

Cyber Security Roundup for October 2019

The UK National Cyber Security Centre (NCSC) released its annual review. The report showcases the NCSC successes with its core mission to make the UK the safest place to live and work online. The NCSC is certainly having a positive impact in helping British businesses of all sizes with their cyber defences, and with their excellent 'CyberFirst' initiative, which encourages and supports youngsters into the cybersecurity professional.

NCSC Annual Review 2019

The NCSC reported it had  "handled" 658 attacks on 900 organisations, including schools, airports and emergency services, with many attacks were "from hostile nation-states". The NCSC said cyberattacks from Russia, China, Iran and North Korea pose "strategic national security threats to the UK", and also warned that "large-scale global cybercrime" was a threat to "our social fabric, our way of life and our economic prosperity", despite often being "low in sophistication".

Mailing and IT services company Pitney Bowes client operations were severely disrupted by a ransomware outbreak, which affected their postage machines services, Mail360, MIPro, SendPro Online in the UK, 'Your Account' and even the 'Pitney Bowes Supplies' online store became inaccessible. According to Rejeev Gutpa of Cowbell Cyber, "Costs related to this cyber incident could go up rapidly for Pitney Bowes: third-party forensic experts, breach notification, loss of revenue, lawsuits and much more. Cybersecurity insurance can help immediately, especially if the cyber policy is up to date with the number of records to be covered. This is why continuous underwriting of cyber policies can eliminate any insurability gaps”.

Amazon Web Services (AWS) Domain Name System (DNS) was taken offline by DDoS attack for a number of hours on 22nd October, affecting a number of websites. According to reports, a flood of fake traffic disrupted legitimate attempts to resolve DNS requests to connect to Amazon cloud-hosted storage buckets and systems.

Another set of unsecured AWS servers belonging were discovered, this time belonging to UK recruitment firm Sonic Jobs and to another US-based recruitment firm, exposing more than 250,000 CVs of job candidates. Sonic Jobs specialises in the recruitment for retail and restaurant jobs and is used by hotel chains Marriott and InterContinental.

NordVPN revealed a third-party server located in Finland was accessed in March 2018. The hacker had acquired an expired TLS key from the server through an insecure remote access system. The company said it was an isolated incident and no other servers or datacentres were impacted. “The intruder did not find any user activity logs because they do not exist. They did not discover users’ identities, usernames, or passwords because none of our applications sent user-created credentials for authentication” NordVPN said in a statement.

October was a fairly quiet month for Microsoft security patch releases, Microsoft's 'Patch Tuesday' was their smallest security update release this year, and saw only 60 vulnerabilities addressed, 9 of which was rated as critical. Adobe patched 81 vulnerabilities in four of their products, and there was the usual barrage of Cisco patches and Juniper patches on then network appliance front. And Oracle didn't hold back with their patching, releasing security updates addressing a massive 218 vulnerabilities, and 6 WordPress bugs were addressed with new patch releases.

FireEye reported attackers are improving Business Email Compromise (BEC) techniques.  BEC or impersonation, or more commonly known as phishing attacks, rose during the second quarter of 2019 by 25%, with some types of attacks becoming more common and better executed according to the FireEye report. Attackers are increasingly impersonating executives and attempting to involve a company’s supply chain vendors as part of the attack to make it appear as if the malicious email is a legitimate request. 

BLOG

• 10 Security Blunders that should stay in 2019
• Think before you Click
• The Increasing UK Cyber Skills Gap
• Network Security Observability & Visibility: Why they are not the same
• NCSC Cyber Essentials Scheme to be Streamlined
• UK Youngsters seeking to Win the European Cyber Security Challenge
• Cyber Security Roundup for September 2019

NEWS

• Magecart Attack on Ecommerce impacts Sesame Street Online store and many more
• Malware takes down Pitney Bowes systems 
• Google Launches Password Checkup Security Tool
• Cyber Attacks from 'hostile nation-states’ foiled by NCSC
• DDoS Attack sidelines AWS DNS Web Service for Hours
• Imperva Breach caused by Mishandled Database Migration
• Open AWS Buckets expose more than 200K CVs at Two Online Recruitment Firms 
• Adobe leaves Creative Cloud Database Open, 7.5 million users exposed
• NordVPN confirms 2018 Breach
• UniCredit Data Breach impacts 3 Million Italians
• Georgia hit by Massive Cyber-attack
• US hospitals turn away patients as Ransomware Strikes

VULNERABILITIES AND SECURITY UPDATES

• Microsoft Patches 60 Vulnerabilities, including 9 Critical for Windows RDP, Azure App Services, VBScript & ChakraCore
• Adobe Patches 81 Vulnerabilities for Four Products
• Oracle Patches 218 Security Vulnerabilities
• WordPress Patches 6 Bugs
• VMware Patches Critical Bug in Harbour Container Registry for PCF 
• Juniper Networks addresses 84 bugs
• Cisco fixes critical Aironet Access Points flaw, Addresses 29 more bugs
• Cisco Updates address bugs in Security Products 
• Apple Update for iCloud, iTunes and macOS Bugs 

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

• State of Stolen Credentials in the Dark Web from Fortune 500 Companies
• Attackers Improving BEC Skills
• APT 41 using MessageTap malware to gather SMS traffic
• APT 29 The Dukes back in Business
• New ‘Reductor’ Malware Compromises Encrypted TLS Traffic
• FBI alert: Ransomware attacks becoming increasingly Targeted and Costly

HUAWEI NEWS AND THREAT INTELLIGENCE

• Germany will not bar Huawei from its 5G networks

REPORTS

• The NCSC Annual Review 2019

Phishing Attacks remains a popular Money-Spinner for Cyber Criminals

F5 Labs’ latest Phishing and Fraud Report reveals that phishing continues to be one of the most prevalent ways cybercriminals are breaching data and making money in 2019.

Over the years, phishing has grabbed the top spot of every report on breach causes, and this trend isn’t likely to go away anytime soon. The main reason is for cybercriminals it’s easy to execute and it’s incredibly effective: there are no firewalls to bypass or finding a zero-day exploit, or encryption to decipher. The hardest part, especially with the rise in employee training, is coming up with a good trick email pitch to get people to click on.

The F5 Labs Report highlights:

• Phishing was responsible for 21% of breaches in there’s a 50% increase in these attacks during the holiday season (October through January) when online shopping is at its most popular
• The top faked websites used by cybercriminals in 2019 were, in order: Facebook, Autodiscover, Apple, Chase, Office, WhatsApp, Paypal, Amazon, Microsoft, Netflix, iCloud and Office 365
• The majority of phishing websites (54% in July 2019) are encrypted, hiding the malware they contain from traditional intrusion detection systems
• Worse perhaps, 83% of these websites use legitimate certificates, meaning browser certificate warnings won’t work to prevent users from clicking on the websites.

The F5 Labs report also discusses the most prevalent domains phishing sites are hosted on, the validity of certificates and different profiles of a 'phisherman' and how we can understand their behaviours to implement impactful cybersecurity defences.

10 Security Blunders that should stay in 2019

Cyber attacks are inevitable, regardless of the size of a business or the sector it operates in. Cyber criminals will try their luck with any business connected to the internet. But as Andy Pearch, Head of IA Services, CORVID explains, there are steps that businesses can take to keep them as safe as possible from danger. As we stand in the last quarter of 2019, it's time for businesses to address 10 common security mistakes.

1. Assuming a Cyberattack won’t happen
Any business could be attacked. It’s important for businesses to prepare their IT estate for compromise, so in the event of an attack, they’re able to limit the damage that can be done to their operations, finances and reputation. There’s an assumption that cybersecurity is a problem to be dealt with by the IT department but in reality, every user is responsible. The more aware users are of the risks, the more resilient a business can become.

2. Poor Password Management
Passwords aren’t going away any time soon, but there are additional measures that can be taken to avoid them being compromised. Use strong, unique passwords and ensure all users do the same – the NCSC’s guidance encourages using three random words. Additionally, implement two-factor authentication (2FA) on internet-facing systems and all remote access solutions, and for privileged users and requests to sensitive data repositories. For both professional and personal life, making use of a password manager requires remembering only one strong, unique password instead of lots of them.

3. Inadequate Backup
If the IT estate is compromised and data lost, can it be retrieved? Implement a rigorous backup regime to ensure business-critical data can be recovered if the business is attacked. Store this backed up data in multiple secure locations, including an ‘offline’ location where infected systems can’t access it. Regularly test that backups are being done correctly and that data restoration procedures work as intended.

4. Reactive rather than Proactive Strategies
Some attacks bypass firewalls and anti-virus programmes, so businesses need to proactively hunt their systems for signs of compromise that haven’t been picked up by these traditional methods. The longer an adversary sits on a network undetected, the more damage they can do. Email is the single biggest attack vector, so implement the same level of proactive security for the email client too. Firewalls and email security solutions can block known malicious senders and strip certain types of file attachments that are known to be malicious before they have the chance to reach a user's inbox.

5. Generic User Privileges
Users should only be permitted access to the information they need to do their job. Limit the number of privileged user and admin accounts. For IT admins, adopt a least-privilege approach and consider using a privileged access management solution to restrict access throughout the network. The more users who have access to privileged information, the more targets there are for cyber criminals, and the more likely they are to succeed as a result.

Additionally, all accounts should be monitored for unusual activity. If a user is accessing files or drives they have no reason to be interacting with or have never interacted with before, such activity should prompt a review. Keep a record of all accounts each user has access to, and remove their permissions as soon as they leave the company.

6. Poorly Configured and Out of Date Systems
Environments that are not configured securely can enable malicious users to obtain unauthorised access. It’s therefore imperative to ensure the secure configuration of all systems at all times. Regular vulnerability assessments should be scheduled to identify weaknesses in the IT infrastructure that would leave an organisation open to exploitation. The results should be used to define detection and response capabilities and ascertain if an outsourced managed security provider is needed. To avoid allowing malicious access through unpatched vulnerabilities, apply security patches regularly and keep all systems and applications up-to-date.

7. No Remote Working Policy
If users in the business work on the move or from home, it's important to have policies in place that will protect any sensitive corporate or personal data in the event of a mobile device being lost, stolen or compromised. Many corporate mobile devices – laptops, phones and tablets – not only contain locally saved sensitive data but are also connected to the company's internal network through VPNs and workspace browsers, giving attackers a direct route to the heart of a business. To enforce secure remote working practices, employ a suitable and robust enterprise mobile management solution and policy, applying your secure baseline and build to all devices.

8. Inconsistent Monitoring
By not monitoring their systems, businesses could be overlooking opportunities that attackers won’t miss. Continuously monitor all systems and networks to detect changes or activities that could lead to vulnerabilities. Consider setting up a security operations centre (SOC) to monitor and analyse events on computer systems and networks.

9. Creating an Incident Response when it’s too late
There is a simple answer for businesses that don’t have an incident response plan: write one! Make it specific and ensure it accurately reflects the company’s risk appetite, capabilities and business objectives. Being adequately prepared for a security breach will go a long way towards minimising the business impact. This incident response plan should be tested on a regular basis, using a variety of different scenarios, to identify where improvements can be made.

10. Putting Users as the First Line of Defence
Humans make mistakes, and no amount of training will negate that. Most users can’t be trained in complex IT processes, simply because they’re not IT experts. It’s unrealistic and unfair to expect otherwise. Invest in cyber security solutions that remove the burden of being on the frontline of email security defence, allowing users to get on with their day jobs.

Conclusion
These ten cyber security mistakes might be common, but they don’t have to be accepted as the norm. By taking the first step of assuming that all organisations are vulnerable to an attack, businesses can consequently focus on putting cyber security strategies in place that are proactive and consistent and that use technology to keep the business resilient against a backdrop of a constantly evolving cyber landscape.

Think before you Click

From regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss as a result of employee mistakes. And for good reason: with so much communication reliant upon email, human error is now the primary cause of data breaches. Indeed, growing numbers of organisations have introduced a ‘one strike’ policy; accidentally sending an email to the wrong person, or adding an incorrect attachment, has become a sackable offence.

While understandable, to a degree, this is hardly a supportive strategy. Humans make mistakes – and stressed, tired employees will make even more mistakes. Adding the pressure of losing your job, is potentially counterproductive. Employees already spend almost two days of each working week reading, deleting, responding to and creating emails – what they need is a way to avoid mistakes, a chance to check before they send. Andrea Babbs, Head of Sales, VIPRE SafeSend, explains how a simple second check for users will help to keep personal and sensitive data more protected with a layered approach.

Employee Threat
Business reliance on email is creating a very significant cyber security risk – and not simply due to the increasing volume and sophistication of phishing attacks. Email is the number one threat vector in organisations and the cause of nearly all data breaches, as confirmed by the Identity Theft Resource Center. It will come as no surprise to those who have experienced the stress and fear of mistakenly sending an email to the wrong person, or adding the wrong attachment, that the Center’s March 2019 breach report[i] cited employee error as the number one cause of data breach or leakage.

Given the sheer volume of email, mistakes are inevitable. According to McKinsey, the average worker today spends nearly a third
 of their working week on email[ii]. Employees are increasingly trusted with company-sensitive information, assets, and intellectual property. Many are permitted to make financial transactions – often without requiring any further approval. Given the data protection requirements now in place, not only GDPR but also industry specific regulation as well as internal compliance, organisations clearly require robust processes to mitigate the risk of inadvertent data loss.

But is a strategy that simply imposes stringent penalties – including dismissal – on employees for mis-sent emails without providing any form of support going to foster a positive culture? What employees require is a way to better manage email, with a chance for potential mistakes to be flagged before an individual hits send.

Imposing Control
While businesses now recognise that any employee, at any time, is a cyber security threat, few recognise that there is a solution that can add a layer of employee security awareness. Businesses can help employees avoid simple mistakes, such as misaddressed emails, by providing a simple safety check. Essentially, before any email in Microsoft Outlook is sent, the user gets a chance to confirm both the identity of the addressee(s) and, if relevant, any attachments. Certain domains – such as the company and/or parent company – can be added to an allow list, if the business is happy for users to email internally without checking. Or the solution can be deployed on a department by department, even user by user basis. A business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails. Similarly with financial data, even marketing data at certain times – such as in the run up to a highly sensitive new product launch.

In addition to confirming the validity of email addresses and attachment(s), the technology can also check for key words within the email. Each business will have its own requirements – in addition to common terms such as confidential or private, or regular expressions to cover broader terms such as credit card numbers or National Insurance numbers, a company may opt to set key product ingredient names as keywords to prevent data loss. Any emails – including attachments – containing these key words will be flagged, requiring an additional confirmation before they are sent, and providing users a chance to double check whether the data should be shared with the recipient(s).

Reinforcing Good Practice
This simple chance to check before you send provides an essential opportunity to minimise accidental data loss, whilst reinforcing compliance credentials. Accidentally CCing a customer rather than the similarly named colleague will be avoided because the customer’s domain name will not be on the allow list and therefore automatically highlighted. Appending a confidential marketing document to an email, rather than a product list, will be flagged. And with a full audit trail, the IT security team has full visibility of the emailing decisions made by employees.

This is key: rather than an overtly punitive approach, companies can reinforce a security culture, building on education and training with a valuable tool that helps individuals avoid the common email mistakes that are inevitable when people are rushing, tired or stressed. It provides an essential ‘pause’ moment, enabling individuals to feel confident that emails have been sent to the right people and with the right attachments.

Indeed, in addition to providing a vital protection against email mistakes, this approach can also help users spot phishing attacks – such as the email that purports to come from inside the company, but actually has a cleverly disguised similar domain name. If an employee responds to an email from V1PRE, for example, as opposed to VIPRE, thinking it genuinely comes from inside the business, the technology will automatically flag that email when it identifies that it is not an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack.

Conclusion
Accidental data leakage is a significant yet apparently inevitable risk when business communication is so reliant upon email – with serious implications of reputational damage, IP loss, compliance breach and the associated financial costs. When it comes to minimising such errors, user education is important. Email culture is essential. But there is only so much humans can do.

Providing a technology that alerts users when they are potentially about to make a mistake – either by sending an email to the wrong person or sharing potentially sensitive information about the organisation, its customers or employees – not only minimises errors, it helps to create a better email culture. The premise is not to add time or delay in the day to day management of email; it is about fostering an attitude of awareness and care in an area where a mistake is easily made.

By enabling users to make an informed decision about the nature and legitimacy of their email before acting on it, organisations can now mitigate against this high risk area, while reinforcing compliance credentials.

The Increasing UK Cyber Skills Gap

As organisations throughout the UK embrace Cyber Security Awareness Month, Intelligencia Training looks at why businesses are continuing to battle an increasing cyber skills gap.

Following an audit in 2018, the UK government recently announced plans to conduct its second audit into the state of the country’s cyber security workforce. The initial audit published last year found that more than half of UK businesses had a “basic technical cyber security skills gap”.

These findings didn’t come as a surprise, as Intelligencia, whose qualifications consist of the UK’s highest levels of vocational training available in intelligence and the only cyber security awareness programme with an official UK Government regulated qualification attached, explain that many organisations are overlooking the key weakness in their security infrastructure; their staff.

With IT infrastructure becoming more robust and cyber threats from social engineering and spear phishing increasing, cyber security should be just as much the responsibility of the wider workforce, as it is those in IT and network security. Even more so when you consider that over 90% of successful cyber breaches are facilitated by human error and a lack of general cyber security awareness.

One report found that between April and June 2019, UK businesses faced an average of 146,000 attempted cyber-attacks.

So how do we counter the threat?

Intelligencia highlight that social engineering and phishing are responsible for over 85% of human error breaches and that businesses need to educate the wider workforce – the prime target for cyber criminals - to identify and prevent such attacks.

The specialist training provider further explains that while some have taken action on increasing cyber security awareness, the assessments and training used are commonly ineffective.

Many organisations fail to recognise the true sophistication of professional attacks and monitor awareness levels through generic assessments, such as mass phishing tests based on click-rate, and limit training to more traditional programmes, which often become outdated the moment a learner completes the course.

Learning and development shouldn’t end on course completion and providing staff with a sustainable solution to cyber security awareness in an ever-evolving landscape is key. New threats evolve daily and it is essential that awareness is sustained to minimise the risk of a breach.

About Intelligencia 'Cyber Stars' Training:Intelligencia Training are cyber security specialists that operate within both the public and private sectors. They continue to deliver the leading Cyber Stars Initiative to a wide-range of high profile organisations to support them in increasing cyber security resilience.

For further information on the Cyber Stars Initiative, visit www.intelligenciatraining.com/cyber-stars or contact info@intelligenciatraining.com.

Network Security Observability & Visibility: Why they are not the same

Guest article by Sean Everson, Chief Technology Officer at Certes Networks

In today’s increasingly complex cyber landscape, it is now more important than ever for organisations to be able to analyse contextual data in order to make informed decisions regarding their network security policy. This is not possible without network observability. Organisations can now see inside the whole network architecture to explore problems as they happen. Observability is a property of the network system and should not be confused with visibility which provides limited metrics for troubleshooting.

With observability, organisations can make the whole state of the network observable and those limitations no longer exist. Observability provides the contextual data operators need to analyse and gain new and deeper insights into the network. This enables teams to proactively make more informed decisions to improve network performance and to strengthen their overall security posture because context is now available to troubleshoot incidents and make policy changes in real-time.

Unfortunately, observability is often miscommunicated and misunderstood, as visibility is repackaged by some vendors and sold as observability, when the two are not the same. Visibility and monitoring have an important role to play but observability is different. Visibility and the metrics it provides limits troubleshooting, whereas observability provides rich contextual data to gain deeper insights and understanding based on the raw data collected from the network or system.

With research showing that the average lifecycle of a data breach is 279 days, it is clear that organisations are slowly putting observability into practice and adopting ‘observability as a culture’. In the case of some well-known breaches, however, the timescales were much longer than that. The Marriott International breach, which was discovered in November 2018, saw hackers freely access the network since 2014. During this time, no unusual activity was detected and no alerts of the hacker’s access were raised.

Additionally, in the British Airways data breach in 2018, data was compromised over a two-week period, affecting 500,000 customers. This resulted in the Information Commissioner's Office (ICO) announcing that it intended to fine British Airways £183.39M for infringements of the General Data Protection Regulation (GDPR).

These two examples alone demonstrate how essential it is for organisations to begin to value the ability to understand their systems and behaviour by making their network observable.

Understanding Observability
Simply defined, observability is a measure of how well something is working internally, concluded from what occurs externally. Observability is creating applications with the idea that someone is going to observe them with the aim of strengthening and making system access decisions. The right combination of contextual data can be used to gain a deeper understanding of network policy deployment and every application that tries to communicate across the network. With an observability capability, attackers will therefore have a hard time attempting to make lateral ‘east-west’ movements or remaining hidden in the data centre or across the WAN. In turn, observability can provide a global view of the network environment and visual proof that the security strategy is effective and working.

Unfortunately, it’s not uncommon for infiltrations to go undetected in networks for days, weeks or months. This means infiltrations are going undetected for longer and networks systems are more increasingly vulnerable. To effectively do this, all roles need to see inside the entire architecture. And, when this capability is built in, it is observability that enables greater insight into the overall reliability, impact and success of systems, their workload and their behaviour.

Conclusion
Research shows that companies who are able to detect and contain a breach in less than 200 days spend £1 million less on the total cost of a breach. That’s a figure no organisation can - or should - ignore. Organisations need a cyber security solution that can be measured and traced. Observability provides the contextual data so organisations can take measurable steps towards controlling system access of the network environment. With this type of observable analysis, organisations can gain deeper insights into how to enhance their security policy and detect unwanted access as it occurs.

Sean Everson, Certes Networks CTO

NCSC Cyber Essentials Scheme to be Streamlined

The UK National Cyber Security Centre (NCSC) CyberEssentials Scheme is to be streamlined from 1^st April 2020, with IASME named as sole partner.

It will become easier for UK businesses to protect themselves from the most common cyber-attacks as the UK government-backed cybersecurity scheme is streamlined.

• The Cyber Essentials Scheme is supported by the UK government to help businesses guard against the most common cyber threats.
• Over 30,000 UK businesses have gained Cyber Essentials certification since its launch in 2014 and this number is growing year on year.
• Naming IASME as the sole Cyber Essentials partner will streamline and grow the Scheme and ensure it keeps pace with the changing nature of the cybersecurity threat.

Cyber Essentials Scheme launched in 2014

Since its launch in 2014 the Cyber Essentials Scheme has helped to protect over 30,000 UK businesses from the most common cyber-threats. NCSC and IASME are committed to growing the Scheme, recognising its role in helping to make the UK one of the safest places to live and do business online.

The Cyber Essentials Scheme was developed to protect organisations against low-level “commodity threats”. It focuses on the five most important technical security controls that businesses should have in place to prevent malicious attacks. These controls were identified by the government as those that, if they had been in place, would have stopped the majority of the successful cyber-attacks over the last few years.

The success of Cyber Essentials Scheme means that it remains at the heart of the UK Government’s National Cyber Security Strategy, but an extensive consultation process highlighted the need to evolve the Scheme.

Since its launch, Cyber Essentials has been delivered through multiple Accreditation Bodies and their respective Certification Bodies. In order to simplify the customer experience and improve consistency, the NCSC have appointed a single Cyber Essentials partner to take over running the Scheme from 1^st April 2020. This will make the Scheme easier to run on a day to day basis and streamline the development process to ensure Cyber Essentials remains relevant. From now until 1^st April 2020 the Scheme will be  very much business as usual with organisations able to gain accreditation from all five Accreditation Bodies.

The current Certification Bodies have been instrumental in the success of the Cyber Essentials Scheme. Existing Certification Bodies will be encouraged to apply to the new Cyber Essentials Partner to continue to provide Cyber Essentials as part of the revised scheme. The Scheme also welcomes new Certification Bodies or anyone from the cyber security industry interested in promoting the Scheme.

IASME Chief Executive, Dr Emma Philpott, MBE, said: “We are extremely excited about the prospect of working in partnership with the NCSC to develop and grow the Cyber Essentials scheme. We have seen such a positive effect already over the last 5 years where Cyber Essentials has increased the basic levels of security across all sectors. We are so pleased that we can be part of the future developments, working closely with the excellent Certification Bodies, trade bodies, police and other key stakeholders, to ensure further growth of the scheme.”

Anne W, NCSC Head of Commercial Assurance Services, added: “The NCSC is looking forward to working in partnership with the IASME team to ensure that the scheme continues to evolve and meet the cyber security challenges of tomorrow; a scheme that puts cyber security within reach of the vast majority of UK organisations.”