Category: Uncategorized

Of course, spear phishing isn’t new, but the targets and tactics are evolving, and most users who might have known to not give away their banks account numbers at home may be handing over sensitive information in an enterprise setting due to lack of training and awareness.

Administrative assistants, accountants, salesmen, IT managers, and pretty much everyone else in an enterprise hold a great deal of company knowledge that criminals can use to ultimately unlock a company’s secrets.

But beyond simply explaining the threat to them, ask your staff to take a step back to see what information a cyber criminal can easily dig up. This may sound completely narcissistic to them, but I recommend you ask them to “Google” themselves from time to time in order to see what pops up in search results. The idea is to familiarize one’s self with what is public knowledge — so you aren’t caught off guard when it’s used to gain your trust.

Even though you aren’t likely to be considered a “whale” by Las Vegas casino standards, you and your staff need to understand that your position within a large organization probably makes you a pretty big fish in the eyes of a cyber criminal. And in order to help combat against these attempts, your best bet is to try and see what a hacker can see on the Internet so it can’t be used against you

Link: http://www.enterpriseefficiency.com/author.asp?section_id=1076&doc_id=265441&f_src=enterpriseefficiency_iwkfeed

An intelligence-driven security model, on the other hand, leverages Big Data analytics for pervasive monitoring, threat information sharing and intelligent controls and is designed to allow for more rapid detection of attacks and shortening an attacker’s dwell time within a breached enterprise. He said, “The ongoing expansion of the attack surface and the escalation in the threat environment require urgent action, there must be a sense of urgency to understand the security implications in everything we do so that we develop and implement the right security model.”

Create a transformational security strategy – Practitioners must look critically at their budgets and design a plan that transitions the existing infrastructure to an intelligence-driven approach that incorporate Big Data capabilities.

He went on to explain government’s key role of acting as a central repository to exchange pertinent security information about current threats and attacks as well as to set the tone for cooperation internationally.

The security vendors were called upon to help close the technology and skills gap for defending against attacks that has been created as a result of the growing attack surface and the escalating threat environment.

In closing he offered that these approaches can help enable the industry to manage cyber security risk to acceptable levels so that all societies around the world can reap the benefits and meet the goal of a more trusted digital world.

Link: http://www.informationweek.in/security/13-06-05/rsa_s_art_coviello_points_to_big_data_approach_to_combat_cyber_security_challenges.aspx

This is where predictive analytics come in — the same technology that an online retailer might use to better target product offers to customers based on recent buying behavior, for example. Consider a salesperson that might have the right to download an entire customer database, but if he does it at 2 a.m. on a Sunday morning from his home office, this might raise a few questions. By identifying patterns or anomalies from “normal” — and serving them up in graphical profiles — security staff have a never before seen, real-time view into potential risk.

Here’s the key point: with this new approach, risk is assessed from live data, not anticipated scenarios that have been coded into the system, alerting security staff to actions already defined as “bad.” Real-time, predictive analytics lets companies truly understand where their greatest risks lie by harnessing existing company data to sound alarms before a loss – when the risk around an individual or resource spikes.

By having a way to analyze risk associated with user access on a continuous basis, companies can truly understands who someone is, what they should access, what they are doing with that access and what patterns of behavior might represent threats. With this insight, companies will also have a better understanding of where their next breach could take place, and whether that threat is internal or external.

Link: http://www.wired.com/insights/2013/06/understanding-risk-in-real-time-where-will-your-next-breach-will-come-from/

Everybody owns [infrastructure] when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong

Building on the MSS relationship not only allows Foxtel to be more proactive in maintaining its security posture, but supports interactions with executives who are less concerned with technical minutiae but think of IT security in terms of business risk.

Analysis of internal cost-recovery claims is a great way to marry IT-security activity to potential business change: once the IT staff know which business units are paying for what systems and services, it’s much easier to know how any potential security issue will affect which parts of the business. Everybody owns it when they don’t want you to touch it, but nobody owns it when it’s their bum on the line if things go wrong.”

Shaw has often found it’s easier for an internal security organisation to get leverage with other business units by handballing the bad news to the MSS: “it’s always effective bringing in external parties to talk to your executives,” he laughed. “Your executives are not going to give you budget unless you can marry together the value from MSS, actionable intelligence – unless you can demonstrate the value to the business and where the business is trying to go.

Link: http://www.cso.com.au/article/462775/auscert_2013_visibility_critical_when_selling_it_security_execs_says_foxtel_cso/

For this, we turn to Galligan’s afternoon panel on cyber crime, where she was accompanied by attorneys in private practice, a law professor, the head of a computer forensics firm, and the chief of the Manhattan District Attorney’s investigations division.

First, as Ed Stroz, of the investigative firm Stroz Friedberg, explained, it’s important to recognize that you could be attacked by different categories of attackers, including state-sponsored actors, organized criminal groups, individual hackers or “hacktivists,” and company insiders. “What happens with the FBI is right now, approximately 60 percent of the time, we are going out and telling a company that they have been intruded upon,” says Galligan. Well, either they’re getting the information from another FBI investigation, “or we’re getting it from our partners in the government,” Galligan says, which includes all 16 of the U.S. intelligence agencies.

Whether you call them or they call you, Galligan and her FBI team are going to hope your company has already contemplated the possibility of a cyber attack, that you have a response plan, and that your general counsel is involved in it.

“Because we say over and over—and I have seen it over and over—that unless the general counsels and/or your outside counsel are involved in these issues from the beginning, are part of your plan, it becomes very, very difficult for the government to help you,” Galligan says,

The bureau also pointed out to the banks that a DDoS can serve as an opportunity for criminal actors to “come in and commit crime in your system.”

“It’s a discussion where we say, ‘We recognize you need to make a business decision,” she says, “and that business decision is going to be a very complicated one.’

“You have to really figure out what exactly you’re going to be willing to do,” says DeVore & DeMarco partner Joseph DeMarco, who specialized in cyber crime as an assistant U.S.

Link: http://www.law.com/corporatecounsel/PubArticleCC.jsp?id=1202601094171&Telling_the_FBI_Your_Company_Has_Been_Hacked

Internet Explorer has been in the press over the years for the number of vulnerabilities that it once had, but nowadays, Java is a prime target for red teams because Java is meant to run on 3 million devices – providing what’s called a large ‘attack surface’.

Attacking the software is getting harder these days, but there’s one component of an organization’s computer system that is always potentially vulnerable – and that’s the people who use the computers. Another technique is to send infected memory sticks to staff, who often plug them in to see what’s on them, and, again, the malware strikes!

Red team members can now use social media to find the names of staff as well as details of their experience, so that e-mails and phone calls from the red team can sound quite legitimate.

The other part of the solution is education of staff so that they don’t insert memory sticks or click on attachments from unknown sources.

The red team could, perhaps, get a piece of malware onto someone’s tablet, which then gets connected to network, which then starts opening security doors all the way to the mainframe.

But most organizations can learn from the types of vulnerability red teams exploit, and take steps to ensure that they are not at risk from them.

Link: http://it.toolbox.com/blogs/mainframe-world/welcome-to-the-red-team-56048