The Threat Of “Default” Tech

There seems to be a never-ending series of cyber-attacks against critical infrastructure in today’s headlines. The simple fact is that attacks are happening all the time. In a significant recent example, what started out as a nuisance-level infection went unresolved going on to become a major data loss. It highlights the continued lack of preparedness by organizations to create response plans and a glaring indicator that endpoint devices and users are often the first point of attack and compromise.

The Example of European Energy Cyberthreats

Despite all the regulatory structure in Europe, the subject of recent discussions was the Luxembourg-based Energy Supplier Encevo, and its European-based subsidiary electricity operator Enovos. In a post-facto review of the situation, the company shared that their customer contact portals were hacked in mid-summer. A malware infection led to escalated access to customer information, something that none of us should be comfortable about being in the hands of nefarious actors. Ransom demands were made. Payments in this case were not made because Enovos worked to restore the systems through a disaster recovery plan and neutralize further infections. The threat actor ALPHV, also known as BlackCat, appears to be the very same threat that attacked the Colonial Pipeline in the US with ransomware back in 2021.

These ransomware threats are built with a purpose: to exploit global targets throughout the energy industry. And not only are there existing unidentified infections out in the wild, but new ransomware is emerging on to the scene faster than many IT teams can handle.

Manage Yourself as a Threat

Top security organizations protect against risks posed from endpoints by managing security through devices, identity, and at the application level. Whether it is a workstation, laptop, mobile device, or application, security protocols force access through secured controls such as Multi-Factor Authentication, confirmed device protections, and application protections.

Outside of those protections, there’s a lot that we can do to protect ourselves when we use our own devices. Security and privacy can be hard to manage, but there are some best practices you should follow.

  1. Do due diligence when researching what settings will keep your device safe
  2. Review applications and settings regularly (at least every six months)
  3. Audit which apps have access to data from other services, including social media, online accounts, or email accounts

Defaults can be Dangerous

Let’s walk down a reasonable, relatable scenario. You get a new phone and don’t have time to read through all the conditions, legal terms, data terms, and all the other fine print that comes with it when you are setting it up. So, you click ‘Yes’ and ‘Accept’ to everything that comes on your screen. Sounds reasonable, each of those things should help quality and experiences. We’ve all done it. Almost no one reads all the terms and conditions, but there’s a terrible assumption here and it’s one of the biggest problems when it comes to smartphones, websites, and apps.

Apps – You have got to be careful about where you get them from. Many popular, even well-reviewed applications have been found to have access to too much information and in some cases, stealing personal data. Banking information, private emails, and other sensitive information are found on your phone, so it makes sense to review the sources to be as trusted as possible. Even then, major well-known companies such as TikTok have faced scrutiny about the levels of data access their application enjoys and the residency of where that identifiable data winds up. Just because an application asks for rights to your camera, location, network information, or whatever doesn’t mean you should automatically grant it.

Permissions – Depending on your phone platform, you can audit what applications are accessing sensitive components on your phone. In addition to a selective trusted app source status, you can review apps considering what they are meant to do in the first place. You are going to want to select access to sensitive components including:

  • Camera
  • Microphone
  • Location
  • Sync contacts
  • Multi-Factor Authentication

Review these items honestly because sometimes you might install an app that accesses more than it needs to function as you intend to use it. That fitness app that seemed like a great idea may be invasive to your private data. Does it really need to know your location all the time? Probably not. And you might not use that app all the time anyway, or ever. It never hurts to review the permissions you grant an app to make sure you aren’t oversharing.

Multifactor Authentication

By now, you should know what this is even if you don’t recognize it by name. Multifactor Authentication (MFA) is the phone-based authentication that many modern security systems have in place to protect access to platforms, web pages, and more. With all the constant threats that we face, simple usernames and passwords are simply not enough to protect even the most simple applications anymore.

Adopt MFA and if given the choice, it’s best to select non-SMS/text methods to validate if possible. MFA applications for your phone feature device-driven authentication features, biometrics, and recovery methods in case of emergency. Whereas simple text messages can be compromised but are better than nothing if it’s unavoidable.

The bottom-line is that our personal devices have become an extension of ourselves, and like any other technology it can be optimized to improve our lives. We live in a volatile world when it comes to the evolving threats faced within cybersecurity. And being aware enough to take these necessary precautions before installing any app onto your phone or tablet can be a difference maker when it comes to staying safe from unseen threats—even if you think your apps seem secure.

This article was originally published in Forbes, please follow me on LinkedIn.

AI Tools: From Minority Report To Mission Possible

Back in 2002, the science fiction film Minority Report once again reignited futuristic imaginations about a world and police state gone too far. At the time, the movie inspired plenty of speculation about the future of our society, how computers would interact with us, and how law enforcement would be carried out proactively based on intent. In the movie, they combined technology with the psychic abilities of the “precogs,” to proactively prevent crimes.

The precogs had the ability to predict when crimes were about to be committed ahead of time, enabling law enforcement to act early. Twenty years later, in a climate of abundant data, almost limitless processing, and at a point in history where law enforcement is frequently discussed, some of these technologies are beginning to look more feasible than ever.

Movie Effects vs. Real World

The movie had a lot of special effects, including a computer with no keyboard and a virtual reality interface that was well ahead of its time. They had multi-touch screens, retina scanners, insect robots, gesture recognition, and jet packs. While we all wait for jet packs, some of the bigger futuristic themes are a current part of everyday life:

  • Autonomous vehicle navigation (like Teslas)
  • Personalized ads in public locations (though on our phones)
  • Predictive crime prevention
  • Natural language AI (similar to OpenAI ChatGP)

If you missed the part where we have already started stopping crime proactively, you cannot be blamed. However, I assure you it is happening, and it is a sign of what is now possible and where we are going.

Stopping Crime Proactively

With OpenAI’s ChatGPT creating both excitement and concern, we are amidst an Artificial Intelligence (AI) and Machine Learning (ML) revolution. The potent combination of data, processing power, mobile, and bandwidth technologies practically assured that we would arrive at this point. Financial institutions are one place where already AI and ML are stopping financial crimes in their tracks. As much as we are fascinated by the potential to prevent crimes in the physical world, this is happening in the cyber world. Cyber-crimes can impact thousands over the course of moments, and security professionals have been using data such as logs, external information, public data, behavioral information, and other indicators of normalcy and compromise to detect and predict malicious activities.

An AI Security Force

By using ML, professionals can replay thousands upon thousands of behavioral scenarios and AI can extract human-relatable value from rapid analysis. By leveraging these technologies, companies have managed to reduce cyber incidents drastically, and mitigate the threats before they happen. For example, credit card companies have been able to reduce and practically eliminate fraud by using real-time anti-fraud measures that leverage data such as shopping patterns, shopper location, transaction data, and average purchase price. Along with multi factor authentication, these technologies have had a real impact on credit card fraud, and thus the bottom line of financial institutions.

Similarly, AI and ML also work to drive predictions tied to weaknesses and indicators of malicious intent in network traffic, aided by the rapid, ubiquitous access to seemingly infinite seas of data. These technologies help to foster a better environment by efficiently and continuously finding the proverbial needle in a haystack.

AI is also becoming useful at uncovering previously unknown threats, also known as “zero-day” vulnerabilities before they become fully executed attacks. By using techniques such as user analytics and data behavior analytics, engineers—like precogs—can now actively perceive unusual events that are likely indicators that something unexpected is going on or about to happen.

2023 is the year of AI

By programmatically establishing a security baseline that represents all devices, servers, applications, lateral movement, and access across an entire environment, AI and ML are the precogs of the cyber community. It is another sign of fiction leaping off the pages and movie screens into real life.

For now, consumers only see AI and ML in action superficially, such as suggesting Netflix favorites or new items to add to your online order or asking the Chat GPT generic questions. The speed of innovation, however, has stepped behind the scenes through backdoor API links to these AI tools. These next-generation technologies and unicorns will become much more apparent in 2023 for all to evaluate the tremendous opportunities but also the societal concerns.

This article was originally published in Forbes, please follow me on LinkedIn.

Cybersecurity On The Go: Things We Can All Do While Traveling In 2023

Do you have plans to travel in 2023? Let’s make safety and security one of your new year resolutions in 2023. We all know that traveling can bring about a wealth of enriching experiences and exciting adventures, but it’s important to remember that cybercriminals are waiting to take advantage of those who fail to protect themselves. Cybercriminals have been targeting airports, and the travel industry in general due to the fact people tend to let their guard down when they travel. This posture is doubly compromised when you are the on-point admin for so much of your network. Before you head out the door on vacation or business, there are luckily a few steps you can take to protect yourself from the perils of cybercrime no matter where your wanderlust takes you.

Verifying Wi-Fi Networks Before Connecting

Many of us rely on public Wi-Fi networks when we travel, so it’s essential that we verify each network before connecting. Look for official notifications regarding the network connection and make sure the name is accurate – it should match what is listed in your hotel or cafe’s website, for example. Additionally, be aware of any notifications related to the computer being used on a shared network; if anything appears suspicious, don’t connect!

If you are a system administrator, and you need to do anything remotely administrative, even reading messages, hopefully you either have a VPN in place, a jump box, or another form of technical security in place – Use these now more than ever!

Protect Your Devices from Physical Access by Others

In addition to verifying Wi-Fi networks, it is also important that only you have access to your devices – even if someone in the family asks nicely! Always keep your devices with you and avoid leaving them unattended in public places. Don’t forget to add password protection and encryption to sensitive files as well; this will ensure that any data stored on your device remains secure even if it falls into the wrong hands.

Only You Should Have Access to Your Devices

Another way cybercriminals target travelers is by stealing their devices when they’re not looking. Invest in cable locks and cases that make it difficult for thieves to snatch them away while you’re distracted or asleep in transit.

Arm Yourself with Dual Factor Authentication

Yeah, you NEED this – so if you are an executive or entrepreneur, and your account is somehow exempted in any way from MFA policies, change that immediately. There is not much excuse not to use this powerful tool across all accounts. If enabled, dual and multi-factor authentication requires two pieces of information (such as a username and password) before granting access. This means that even if someone steals your login credentials, they won’t be able to access any accounts without both pieces of information. It’s an extra layer of protection that everyone should take advantage of.

Leave Blueprints

Always have coverage. Even if you don’t have someone on staff, bring in a partner, a trusted advisor, or even someone with a related but indirect role. Help them understand where to get information, reports, where to manage accounts, where projects are at, and any pertinent information including runbooks that might help you either work together or work in your stead if you are delayed or must extend your time away from the office.

Stay Safe on Your Next Adventure: Protecting Yourself from Cybercrime

These are just the basics of protection, but they become much more important once you access things as an IT professional or a system administrator. You are a target and to malicious outsiders, between travel and your role, you are a weak point to target.

Remember. Cybercrime can strike anywhere; specially while traveling domestically and especially abroad! The good news is that there are plenty of simple steps anyone can take—such as verifying Wi-Fi networks before connecting, watching out for suspicious notifications on shared networks, always keep close watch over personal devices, and arming oneself with dual factor authentication—to protect themselves against these digital perils no matter where their travels take them. So go forth bravely – but cautiously – into the great unknown.

This article was originally published in Forbes, please follow me on LinkedIn.

A Christmas Message from Ntirety CEO Emil Sayegh

Dear Ntirety team,

As the holiday season approaches, I want to take a moment to express my sincere gratitude for all your hard work and dedication throughout the year. It has been a challenging year for all of us, but you have risen to the occasion and continued to deliver exceptional results that propelled the company into yet another year of strong growth.

Your efforts have helped to establish Ntirety as the Comprehensive Security leader by adding exciting customers, partners, talent, and new security services into our fold. As a result, Ntirety has been named #20 on MSSP Alert’s Top 250 List for 2022, received ISO 27001 certification, and won three highly coveted Cyber Defense Magazine awards over the course of the last calendar.

I am incredibly proud of each one of you, and I am grateful to have such a talented and dedicated team. You are the heart and soul of Ntirety, and I am truly thankful for everything you do to make our company a success.

As we celebrate the holiday season, I wish you and your loved ones peace, joy, and happiness. I hope that you can spend some quality time with your family and friends, and that you are able to recharge and refresh during this special time of year.

I also want to take this opportunity to wish our partners and customers a happy holiday season. Your trust, collaboration and support are invaluable to us, and we look forward to continuing to work together in 2023.

From all of us at Ntirety, we wish you a Merry Christmas and a Happy New Year! Thank you for everything you do, and we look forward to a bright and successful future together.

Best regards,

Emil Sayegh

Top Cybersecurity Predictions 2023

Society has been predicting the technology of the future since Jules Verne. Remember the Jetsons? Based on the predictions in that show, we should be flying cars to work and enjoying fully automated robot maid service. But for cybersecurity, predicting the future is grounded in realities that are already here. For the casual reader, forecasting the future of cybersecurity for the year ahead might seem like guess work or prognostications, but those in cybersecurity have to proactively anticipate what the “bad guys” may be planning. When it comes to predicting industry trends, a good rule of thumb is that the more reliable a source is then the more accurate the prediction will tend to be. With the benefit of decades in this industry and the available expertise of a thriving cyber security services company, there are countless signals that we use to accurately forecast what is going to happen over the course of the new year.

This last year, one of the biggest security problems I pointed out was the infestation of  bots, and we witnessed their harmful influence emerge in the Game Stop saga and then again over at Twitter where their presence exaggerated the number of accounts that were active and harmed the integrity of what was shared on the platform. We’ll see more bots emerge in the news this year, but new evolving threats are going to be the norm in 2023.

Part trend, part signal, and part experience, here are more cybersecurity predictions to look for in 2023.

1. Big Year of SASE

Get ready for big buzz on SASE – Secure access service edge is a cybersecurity technology on the verge of a massive push. It comes down to organizations seeking simplified solutions, tighter technology stacks, and an achievable alignment between network performance and security as data and users become more diverse, more widely distributed, and more vulnerable than ever. Think of this as secured data that is closer than ever to the edge of the network with a minimal amount of distance to the end user.

2. Zero Trust Adoption

Many sources cite that the industry is still underutilizing the Zero Trust cybersecurity principles.    Updated security platforms and tools are broadly adopting Zero Trust integration and for the most part, this appears to be a cultural and educational matter that will see increasing adoption in the year ahead. While Zero Trust is not the proverbial ‘silver bullet’ of cybersecurity, it is part of the foundation of evolving cybersecurity that strives to authenticate users everywhere possible in a modern cloud infrastructure.

3. Rise in Targeted Ransomware

All you need to do to get the pulse of the ransomware threat today is pull it up as a search term in the news on any given day of the week. Ransomware attacks happen in one of two ways: by opportunistic means, or by targeting someone or something. Targeted attacks are way more sophisticated and specific, and we have seen an increase in reports that indicate custom ransomware has been launched against an organization’s specific technology stack. In the crosshairs have been large organizations that are multi-national, and through the definition of its services cannot endure a prolonged outage. More companies, more municipalities, and more core service businesses must be on the lookout, and ensure they are comprehensively protected by a triad of methods: secure the environment, have a plan to elegantly recover from a breach, and an ongoing assurance plan of security and compliance.

4. Cyber regulations and the Effect on Cyber Insurance

Last year, we discussed the death and rebirth of the Cyber Insurance industry, and it came true in many ways. Cyber insurance companies were taking a ransomware and incident recovery cost beating. To fight back, premiums are beginning to skyrocket, new pre-policy cybersecurity compliance standards will be the industry norm, and conditions across the board are going to change. Many have been keeping a close eye on regulations and activities within the executive branch of the federal government when it comes to the topic of cybersecurity. We expect regulations to emerge this year around the subject of ransomware payments. This means more reporting, cyber insurance ramifications, and new pre-compliance standards will arrive. We will actively work for and hope for good legislation as these initiatives emerge.

5. Space And Airline Hacks

Where is Elon today? There’s an actual Twitter account that tracks and shares the location of his personal jet. One thing is for certain, his efforts at SpaceX continue to make headlines as rockets, satellites, and space missions dazzle the news cycle. It is a tale of a new space age that has computer technology and networking at its core while the whole world is watching, participating, and in some cases, bad actors are looking for the perfect opportunity to strike. With other less capable competitors launching satellites into space, there is a likelihood that this year will contain some kind of a major space tech breach, against a satellite, launch center, a network, communications – in other words, hacking will take on a new horizon, breaking free from Earth and adversely impacting satellite technology or potentially even commercial airplanes.

6. A Major Crypto Event

For all the financial opportunity crypto promised investors and aspires to create, its reputation has taken a beating. And the horror stories about crypto-exchange incidents are overwhelming the industry with negative press. For example, Binance lost $100m in a direct cyberattack. Various tokens have been breached. Then there was the FTX cryptocurrency exchange and hedge fund debacle. The fragility of the space has created uncertainty in its security and another crypto breach could be the final domino that knocks all other dominoes down to undermine the future of crypto currency as a viable financial alternative.

7. Arresting Insider Threats

Cybercrime is hard to prove especially when conducted by an insider, but we can expect more apprehensions and arrest warrants for insiders that wish to do harm from the inside. Human error is one thing, and let’s be frank – it’s one of the primary reasons in the aftermath of many data breaches. Insider threats, as funded by the like of Lap$us, include corporate malice, espionage, social engineering, and other aspects of human access that are difficult to protect against and prepare for. Hackers are aware of these facts and thus in addition to the increased targeting, meaning the stakes have never been higher. In either case, the tools of resolution include more technical and human awareness. You can be certain that companies affected by insider threats will begin to pursue comprehensive security measures that includes forensic data collection, as well as severe punitive measures against malicious actors.  The caveat is the insider culprits must be operating in jurisdictions that are willing to prosecute cybercrime, which is not a trivial matter when dealing with the outsourcing sprawl seen across global tech.

8. Growing Threat in 5G and APIs

On the heels of the mobile and app threat – fluid and exploding data add an increasingly vulnerable component to the future of cybersecurity. 5G mobile networking has added an entirely new high-speed dimension to every existing threat. In addition, automation, and integrations from cloud to app, app to app, from ecosystem to ecosystem, and beyond – they all entail that some type of API is in place and to hackers, that just means something else to pick at and exploit. Building secure software solutions means integrating security across the infrastructure, networking, all the way up to the application in the stack. Between 5G connectivity, weak IoT cybersecurity standards, and an ever-expanding world of API, it won’t be long before unknown cracks result in a massive incident.  This why comprehensive API security is so critical.

9. Big Breaches? Big Fines

It seems like nothing is immune from inflation. The hammer will start to come down harder and more frequently when an organization is breached. Adding to that trend – state privacy laws are about to go into effect, along with new measures of compliance specific to breaches. The rules are becoming stricter so expect that the fines that are on the books to hit pocket books even harder, especially as future fines are expected to grow against anyone that isn’t deemed to have had their house in order prior to a breach.

10. Flight from Point Products

Not so long ago, the trend was to diversify and add feature ‘differentiators’ to add to the protective potential of products. And so, organizations have many brands in house – one brand of EDR, a different brand for A/V, another for firewall, IDS, IPS, DLP, and the list goes on. Well, it turns out that created a lot of places to keep track of and a lot of different things to integrate. Survey after survey indicate that a growing number of companies are looking for simplification in cybersecurity. Less diversity and more native function make the most sense for better operations.

11. Linux Won’t be Immune

Serious security practitioners have never considered Linux to be a zero threat, but the platform has historically benefitted from reduced targeting because purpose-built systems, community-built standards, and overall performance have largely exempted this operating system from widespread threats. If you’ve ever wondered if nothing good can last forever, you can believe it when it comes to Linux. Sooner or later, this one is happening.

12. Onward, State-Sponsored Mayhem

One of the most efficient and effective tools of modern warfare is cyber war. As we witnessed in 2022, there is no break in this action and it is a full-spectrum battlefield of leaked credentials, supply chain attacks, breaches, loss of industrial secrets, and everything that comes with attacking another nation in the world of geopolitical spy games. We can never let our guard down on the global stage when it comes to proactively combatting evolving cyber threats. And the number of nations currently engaged in cyber war against each other has made it the frontlines of national security and can impact a nation’s readiness for an actual shooting war.

Technology predictions are a funny business sometimes, but not in cybersecurity. There’s nothing worse than encountering a cyber situation where you have no idea what is going on – or how to deal with an attack – or finding out your technology team could have prevented these situations with better cybersecurity tools, services, and practices.

That is part of the reason why these predictions for 2023, while not perfect, are so critical for looking ahead. They help us all to mindfully plan our security posture and readiness to counter some of the most nefarious bad actors and criminal minds in cyberspace. These predictions help set the framework for how we can set ourselves up to be prepared for potential threats. This is the call we heed as professionals in the cybersecurity field, and with the cutting-edge and evolving advantages of comprehensive security, we’re well equipped for a new year on the frontlines.

This article was originally published in Forbes, please follow me on LinkedIn.

2022 In Review: An Eventful Cybersecurity Year

Let’s not mince words: 2022 has been a rough and tumble year across the world when it comes to cybersecurity. It kicked off with Russia’s cyber-attacks on the Ukraine and escalated into a full-on kinetic war between the two countries. Many watched in horror as continuous new debacles and emerging threats unfolded throughout the year, Many of us in the cybersecurity profession were called to new challenges, doing battle deep in the trenches to proactively prevent the next big event. Let’s take a look back at the biggest cyberattacks, threats, and data breaches to rock the world in 2022.

A Whole Country Goes Offline

In a stunning example of civic cyberattacks, the rogue cybercrime group, Conti, attacked the core of everyday life in the peaceful and beautiful country of Costa Rica. They demanded millions in ransomware, attacked health systems, and disrupted national businesses, forcing government officials to declare a national emergency. In time, as the attacks continued for months on end, the government declared the incidents acts of war and terrorism. These attacks were too numerous to outline in detail here, but in many cases, operations were forced offline, and the associated business costs were estimated to have cost the country $30 million dollars each day that they continued. After prolonged attacks, the country had to call on help from the United States, Microsoft, and other countries to help deal with the crisis.

These events highlighted the need for cybersecurity to become a national priority and the need for countries to quickly invest in cyber defense and recovery capabilities at the national level.

Healthcare: A Continued Top Target

A year’s worth of breaches and data thefts left a long list of companies trying to recover in the aftermath. We’ll highlight one industry that was particularly hard hit in 2022: healthcare.

Healthcare providers came under heavy attack throughout the year. Criminals have targeted healthcare organizations for a long time due to the variety of valuable data these organizations usually handle and store. The stakes have escalated in recent years, as these hacks can be lucrative multiple ways for cyber criminals. They can extract lucrative ransoms as well as resell the ill-gotten data to commit financial fraud, making personal information a data goldmine for a breacher.

Subsequently, hackers have become dedicated to infiltrating vulnerabilities in a healthcare network’s security. The list of 2022 security incidents involving healthcare was extensive:

· The Baptist Health System of Texas announced a major breach over the summer, informing the public of a significant loss of sensitive patient data.

· Kaiser Permanente, the largest nonprofit health plan provider in the US, endured a breach and loss of information for almost 70,000 patients.

· Later in the year, another incident emerged where the EHR (Electronic Health Records) system was inappropriately accessed by an employee, further highlighting the risk of internal threats.

· Shields Health Care Group of Massachusetts endured a breach that affected as many as two million patients.

These are services that cannot endure a shutdown in the aftermath of a breach and must continue operations. Disaster-level operations kick in under these circumstances, from tertiary networks to data recovery, to paper-based operations, and more, each organization must find a way to operate until the threat can be assessed and purged in the wake of a breach. A renewed focus on disaster recovery was one of the themes we highlighted throughout the year, and this trend will grow in emphasis for 2023.

Google Became A Security Player With Mandiant

The cloud wars. We all know AWS is king in the market, with Microsoft’s Azure just behind it, and Google’s Cloud Platform (GCP) placing somewhere as a distant third behind that. For some time, Azure has held the unique position of being the cloud solution that is a security platform first. AWS and Google couldn’t really say that until the news of the $5.4 Billion acquisition of Mandiant by Google.

This transaction positions the search and advertising giant in a completely different cloud offering posture. With an evolved and integrated security foundation, GCP can compete on more than price and features and is poised to leverage their differentiating machine learning features to clients throughout the industry.

Cyber Insurance Rates Skyrocketed

If there’s one thing we know, the cost of everything seems to be on the way up and that includes insurance premiums. All the talk about cyber threats and breaches have driven up the cost of becoming cyber insured, especially in the wake of ransomware events. A year ago, it looked like this insurance niche was facing insurmountable troubles and needed to reassess the way it operated. Criminals routinely attacked their way through layers of security, probing for weaknesses and information in their adaptive and advanced tactics, causing insurers to severely deplete their cash reserves.

The Cyber Insurance industry has evolved in a positive direction this year as it tightened up underwriting standards that addressed implementing more appropriate controls, system checks, and monitoring capabilities than ever before. Insurers now routinely question whether organizations have implemented a comprehensive security solution, that includes testing and training their employees on phishing and social engineering, recognizing security incidents, password behaviors, endpoint protection, and more.

Cyber Developments with Russia and the Ukraine

Modern warfare often begins with cyber warfare through various channels including the manipulation of information, attacks on infrastructure services, election influence, and reconnaissance. The kinetic conflict in the Ukraine was predicated upon years of digital misinformation and cyberattacks by their Russian adversaries. These attacks escalated into destructive cyberattacks against core service targets and soon thereafter, troops on the ground arrived for a military invasion.

There are two sides to this story however, as Ukrainian forces have worked to fight back, keeping services online and mounting attacks of their own against Russia by using disruptive attacks against their invaders. The whole conflict is playing out on a digital level like a game of cyber chess. The maelstrom has also enticed gold-hearted hacktivists to join in on the action, leveraging massive DDoS attacks, malware attacks, and more against Russian infrastructure.

Catching the Bad Guys

More than ever, we saw efforts to catch and convict cyber criminals increase throughout the year:

· On March 23, a 22-year-old Russian national named Igor Dekhtyarchuk was indicted in a Texas Federal courtroom for his part in operating a cybercriminal marketplace where compromised data was openly sold to thousands of other cybercriminals. He remains at large and still wanted by the FBI.

· In another case, a group of cybercriminals were indicted under a RICO conspiracy in a Miami Federal courtroom for running an elaborate fraud operation involving tax returns, fake business entities, stolen identities, and more to file and collect tax refunds.

· In September, the popular game publisher Rockstar Games was breached and lost some of its non-public data to forums on the internet.

· A 17-year-old British hacker was later arrested and linked to hacks against Microsoft and Uber.

As discussed throughout the year, it’s time to put the pressure on the bad guys. Reducing cybercrime activity demands stiff repercussions for those doing the crime in the first place.

A MEGA Web DDoS attack

The perpetrators remain at large, and it remains to be seen what their ultimate intent was, but Google endured a massive, distributed denial of service (DDoS) attack in June, which some describe as the largest ever reported. The application-level attack exceeded more than one hour in duration and peaked at a reported 46 million requests per second. It also implemented more than 5,000 origin IP addresses across more than 130 countries.

Benjamin Franklin famously claimed that nothing is certain except death and taxes. But the cyber age compels us to add a third unfortunate inevitability to that list: bigger, faster, and evolving cyber threats. And those that don’t evolve their security posture to be as comprehensive as possible may experience financial, commercial, and regulatory ruin.

This article was originally published in Forbes, please follow me on LinkedIn.

Cyber-Terror In The Skies

Before 9/11, airplane hijackings were seen as something out of a Hollywood screenwriter’s imagination. Major movie plots tend to echo the societal themes of the day, in character scenarios and in some cases, technology. There is quite a plethora of cyber-crime themed movies that accurately predicted our future. If we take a moment to stop and notice, nearly everything around us is becoming more digitized than ever – from the navigation and control systems on cars, or the Wi-Fi-enabled temperature sensor in backyard grills. You can’t escape it, so it is little surprise to discover how much technology goes into a modern aircraft. Beyond flight entertainment, Wi-Fi, and LED lights, are intricate sensors, controls, and computing systems that interconnect together to provide the safest, best flights possible. Sadly, in the modern world, the public now lives with a very real awareness about how real the terror of hijacked planes can be. And as time has passed the potential for terror in the skies has taken on a technological twist.

Been Hacking a Long Time

The horrifying possibility of cyber-attacks against commercial flights has haunted the airline industry for a number of years. One of the first incidents to capture public attention was when security researcher Chris Robert was pulled off a domestic flight by the FBI after he claimed that he had briefly seized control of the plane. Another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while in flight, from the ground at the Black Hat cybersecurity conference in Vegas. The cybersecurity researcher said he had exploited weaknesses in satellite equipment to hack into the planes remotely.

f a plane’s technical systems were compromised by nefarious hackers, we would be dealing with a very dangerous threat. And we have had some very close calls. For example, several years ago a malware infection prevented a Spanair flight from takeoff. In that case, the detection occurred before flight was even possible, but the whole scenario highlights a significant risk and a threat that looms as ever present.

Down To Earth

Protection in the air is one thing, protection from potential malicious passengers-turned-hackers is also noteworthy, but what about the protection to other points of the flight industry’s technology chain? Are mission critical IT systems as vulnerable as satellites and onboard computers have proven to be?

Think about this the way a hacker might look at it. When attacking a fort, nobody tries to go through the guarded front gates. They slip in over an unguarded wall or they show up disguised as the gate maintenance team. In other words, hackers find ways to go around perceived obstacles, and all the expensive fortifications or processes to find a vulnerable point of entry.

For example, bugs and malicious software can find their way in during a simple software update. Updating software is a good practice, but the potential for something dangerous to happen during these very specific times is ever-present. Almost like the vulnerable moments when vigilance is down during the changing of the guard. Conditions like this force us to validate versions, baseline systems, and to be aware of how to identify and isolate threats. They force us to monitor for behavior and metrics of compromise. In that way, the security challenges seen relate closely to enterprise security.

The Real World vs Hollywood

Planes like any other interconnected IT system can be hacked, and chances are they will be hacked at some point. The question at this point is not really if but when. Hopefully we can predict and preempt whatever that sober incident turns out to be using intelligent precautions, process, and technologies. And should this terrifying situation ever come to pass, we would also hope that swift recovery is triggered according to well-laid disaster plans. Even if we are not in the airline industry, we should adopt that same mentality for our own mission critical internal IT systems.

Are we sufficiently monitoring and protecting our mission critical systems from cyberthreats throughout the service lifecycle of our own IT infrastructure? If planes can be hacked, no enterprise IT system is safe. The same questions asked about addressing vulnerabilities and disaster recovery preparation should be directed toward every IT system, in every organization.

It is important to recognize that when it comes to commercial flights, the stakes could not be any higher as human lives are on the line. Thankfully, industry leaders and government task forces are dedicated to devising solutions that tackle cyberthreats against the commercial flight industry in a proactive fashion. Hopefully their awareness and due diligence will ensure this remains a theme for Hollywood thrillers and not a possible opportunity for another devastating terror attack that weaponizes commercial airliners.

This article was originally published in Forbes, please follow me on LinkedIn.

The First Battlegrounds For Renewed Privacy

Whether you recognize it or not, we all have technically consented to a lot of data collection. This happens through terms agreed to every time we visit a new website, on our phones, software and service agreements, and legal disclosures. The genie is out of the bottle and there’s no going back. Real privacy fled the coop a long time ago. The decline of privacy started with little events that exploited our desire for convenience to where it stands today, practically nonexistent. It happened the first time any of us shared an email with a retailer or joined a digital savings program. Sharing and storing credit cards and bank account information were right there in that mix – convenient because at some point we gained the ability to order and pay instantly but frightening because critical data about us is right there.

Privacy Used to be Simple

Let us roll back to the beginning of “the web.” It started when the first two computers got interconnected and grew from there. The nature of data at this stage was decentralized. If Person A at Computer A wanted to send something to Person B at Computer B, there was a way to do that, and you had to select what you wanted to share. Exchange of data: complete.

Today, the locus of data has completely changed. Every time you make a call, every time you make a purchase, every time you work out, every time you drive to the park, and almost everything you do is sending information somewhere out there where it is collected. Data has become centralized, and it has been collected by megacompanies, social networks, data brokers, and governments. That same collected data has been repeatedly leaked, as we recently saw in the huge data leak of one billion Chinese citizens records that were allegedly stolen from a police database.

A massive inventory of entrusted data is out there, reminiscent of Big Brother, collected by surveillance, information gathering, and Big Data. Centralized app nodes around the world operate under the influence of extremely powerful organizations, collecting, storing, and analyzing the data of billions of people, including you and me. It is a guarantee that if you’re reading this, somebody can find that information.

New Tech Makes It Worse

The idea isn’t to pick on high tech companies that make use of data, but only to point out that final throes of privacy myths have long expired. You can feel it when you bring up a random conversation somewhere by your device, and later have an advertisement come up related to that conversation. You know that privacy as we conceptualize it doesn’t exist when we look at technologies such as:

· Surveillance and security cameras: Whether completely visible or hiding in plain sight, modern cameras and the networks they run on have AI, orchestration capabilities, and face recognition that can track, monitor, and identify individuals. In many metropolitan areas, there is hardly a spot that isn’t covered by some type of camera. China actively uses them for full-on surveillance, as well as for computing the social credit score of individuals.

· Emerging IoT devices: Things like the Apple AirTag are justifiably concerning. These extremely affordable, tiny tracking devices can affix to, or be hidden in many places. As long as there’s someone with an iPhone nearby, the range on AirTags is practically infinite.

· Retailer facial recognition technologies: Targeted marketing works better when the target is as specific as your identity. All of your shopping trends, income, and related data have extreme value when focused on your likeness.

· Stingray cell phone trackers: These have been around for a while in the hands of law enforcement and other government agencies. These devices make it possible to track any person down, regardless of their personal settings and behavior.

Hopefully, you get the idea that there is no shortage of devices and systems out there that are interconnected and are gathering, distributing, and analyzing information about you. You can find these privacy invaders in your smartphone, your automobile, at the store, on the road or street, on your television, and so on.

What We Wanted and What We Got

In many cases, this collection is perfectly fine, as long as the data is protected. Data loss is a major concern that affects us all. Data abuse however is an equally concerning matter. Using data, organizations have the power to manipulate human behavior.

Law enforcement, governments, and corporations have all faced public scrutiny about the balance of personal information that exists under their operations. Consent and awareness are not always given by the individual, and that has many people focused to gain back a semblance of privacy.

We Deserve Better

People have experienced breach fatigue, and they wish to address their personal safety. According to the latest data breach report by IBM and the Ponemon Institute, the cost of a data breach $4.24 million, which includes fines and remediation. The scary fact is just 60% of companies that are hit with a breach survive after six months.

Governments, and companies are responding to this awareness as they have realized they played on the edge for too long. For example, Apple recently introduced tracking permissions pop-up options on their iPhone products. Facebook continues its efforts to protect personal data through tighter user-based control options. Changes in Facebook advertising audience options promise to emphasize privacy concerns. And data protection rules continue to take hold, inspired by and ushered in by the granddaddy European GDPR measures.

Awareness of the data privacy invasion is becoming more real by the day. Entailing costly remediation activities and reputational damage, a data breach isn’t just a concern for cybersecurity officers anymore.

A data breach has become an existential issue for the whole business that concerns CEOs, CFOs, boards, and investors.

This article was originally published in Forbes, please follow me on LinkedIn.

Cyberattacks On U.S. Airport Websites Signal Growing Threat To Critical Infrastructure

The transportation industry appears to be waking up to a renewed specter of threats following a series of distributed denial-of-service (DDoS) attacks that temporarily took down several U.S. airport websites. These sorts of targeted hacks on critical infrastructure often precede necessary and crucial advancements in the application of cybersecurity best practices. While strong security measures have always been an objective, the airline industry now looks to emphasize backup plans, threat exercises, and visibility as a response to the system outages caused by these types of attacks. The October outages for Los Angeles International Airport (LAX), Chicago O’Hare (ORD), and Atlanta Hartsfield-Jackson International appear to be part of ongoing pro-Russian cyberattacks escalation of a recent campaign protesting the U.S. government’s support for Ukraine in its war with Russia. Unfortunately, the general media have minimized the urgency these threats truly pose. There are a lot more on the way.

Major Incidents Come in Chains

Cyber-attacks on airport systems, websites, and the entire transportation ecosystem could be just a taste of something larger than ever thought possible. These most recent attacks appear to be inconvenient disruptions on the surface, but once you understand how the ecosystem of attackers operate, you cannot eliminate the possibility that today’s technology inconvenience is a Phase 1 component of a grander attack.

As a matter of methodology, hackers will test the perimeter of any means. That includes human chain events and every matter of technical circumvention possible. Any weakness that can be detected and exploited to map, obtain data, or distract will be gathered, strategized on, scaled up, and delivered. What compounds the problem is that in the sub-culture of hacking, most hackers will share their findings on the dark web with the hacker community, even if their interests do not fully align.

A Little Bit of Disruption, But a Major Amount of Fail

Halfway through 2021, a small group of hackers launched an attack on the Colonial Pipeline. This pipeline network connects the United States with refined petroleum products and gasoline for delivery throughout most parts of the east coast; when it shut down its main lines (which could be compromised by cyberattacks), nearly half our country’s fuel supply became disrupted. Drivers drained supplies in gas stations across the southeastern United States, airlines had to reroute flights around impacted airports, traders were rocked by unexpected price volatility, and logistics companies tried to desperately locate new sources rapidly enough to prevent things from becoming even worse.

The Colonial Pipeline hack is a sobering reminder that we all live in dangerous times. Attacks against transportation, fuel supply, and major utilities are urgent matters that prescribe awareness, preparation, and a shift toward pre-emptive thinking that begs the question: What’s next?

When the Worst is First

In order to put ourselves into a pre-emptive mindset, we must think of the worst possible scenario first. In the airline industry, air traffic controls are one of the most vulnerable and critical types of systems that could face a crippling attack. From there, the targets could be commercial airplanes themselves. The next 9/11-style hijacking could conceivably be a cyber-takeover of passenger liners.

Over the last several years, security researchers have demonstrated the vulnerabilities of in-flight systems with ethical hackers being able to take over a commercial plane’s engine operations. Several of these reports indicate that a dependence on legacy technologies served as an exploitable weakness, with some ethical hackers even successfully hacking a plane from the ground through various communication systems. As experienced in the Colonial Pipeline incident, a small, seemingly innocuous event can be all that is needed to cripple an entire portion of the country. Considering how catastrophic the aftermath of one of these attacks has proven it can be, a proactive response for preventing a cyber incident should be a top priority.

Readiness and response capabilities are the prerequisites to any critical infrastructure security strategy. All these components are measurable in accordance with the sequencing, severity, and impact of a ‘minor’ attack. In the wake of major incidents, we can trace the chain of events to a finite point of reconnaissance that was ultimately used to conduct the broader attack.

These industries need continued, perpetual modernization. We should never hear about legacy technologies being a technical obstacle to the health and security of systems that drive needed and required services. Flexible, rapidly updatable technology is a must, but by the same token, great care must be put into the integrity of the update process and the validation of critical systems.

A Proactive Future

To ensure the integrity of their business-critical assets and services, organizations need a thorough understanding of the technology that powers them. This includes seeing all sides objectively in an incident as well being able monitor for potential threats and cyberattacks from anywhere at any time.

Responding to the rapidly changing security landscape, organizations must now move from a mature level of cybersecurity towards an advanced and adaptable proactive posture. To do so will require adopting foundational capabilities that focus on risks that matter and incorporating customers into a resilience management that emphasizes next generation processes and technologies. While an advanced security posture is not a small feat due to the massive cyber talent shortages and evolving sophistication of cyberattacks, it is achievable when partnerships are properly leveraged.

This article was originally published in Forbes, please follow me on LinkedIn.

Social Engineering: Low Tech, High Threat

Social media often is a fun diversion and has long served as an outlet for people to share information about themselves. When it comes to security, there are some real dangers with our relaxed posture on social media that we really should be paying attention to. What we and our employees do and share in these arenas can certainly affect the security of our personal and work lives. Organizations need to further orient themselves to the problems of social engineering threats and protect against attacks that can come from this continuously present information channel. They also need to educate employees about the dangers of social engineering emanating from oversharing of information on personal social channels.

Chances are you are keen to the basic sort of social engineering attack. Consider social media as a subset target of social engineering attacks where things like phishing, smishing, and unexpected phone calls are all part of the spectrum of threats. Last year, a data breach at the Ritz in London that evolved into vishing (voice phishing) attacks on high net-worth hotel guests demonstrated how conniving cybercriminals have become in this social engineering scam. Some of these attacks can get very sophisticated and convincing, but it always comes back to manipulation of the human mind. Information is one of the core prized assets of any organization (the same could be said about an individual). Therefore, the goal of these social attacks is to create mental lapses that cause security mistakes and disclose sensitive information by gaining trust and then using that trust to launch another attack. Social engineering attacks alone are not very damaging on their own, but they are always combined with another form of subterfuge to do the dirty work.

Fun and Games Until Somebody Loses

Think about this scenario: it may seem like a fun game to share your birthday or submit answers to a quiz you see in your social media channel, but that is exactly the kind of innocence that social attacks prey upon. Answers collected from a scam like this could open the door to an impersonator on a phone call, password recovery, or give a hacker a leg up on things to use to crack secure passwords. Data is everything.

Social engineering attacks are a component of practically every modern cyberattack today. Most recently, Samsung, Microsoft, Nvidia, The Ritz, and Morgan Stanley joined a long list of major profile companies that have been breached by means of social engineering. Billions have been lost through countless combinations of:

· Credential stealing

· Purchasing and exchanging cookies and credentials in public forums

· Targeting privileged employees including support, executive, and technical staff

· Privilege escalation

· Phishing in emails, links, and pages

· Impersonation

· Fake messages and pop-ups

Social as a Gateway

Social engineering attacks are constructed on facets of human behavior and response. The most successful attacks count on near scientific understanding of what happens when fear is used as a tool, or a false urgency is introduced – these are moments where rash decisions are made. We are all human and we are all therefore, targets.The organization must decide what protections it can leverage to detect and minimize harm to sensitive data.

The most recent social engineering tactics have moved beyond conventional tactics. To look at one example, in the recent Lapsus$ incidents the breach was extremely non-technical – in some cases insiders were contacted and convinced to simply turn over privileged credentials for small sums of money. Whether it was just for kicks, financial exchange, or some false sense of anti-corporate justice, the undermining of protections and privilege is more than what many companies can handle. While this group appears to be facing a dismantling at the moment, a bigger issue is whether the success of these campaigns will inspire other groups to continue using similar tactics.

The Prevention Key is Multi-Layered

If preventing social engineering attacks sounds dire, especially knowing the human element will always be the most fallible component and that most attacks are commonly spearheaded with social, that position is difficult to deny. These threats however are only part of the cybersecurity and information security spectrum and by combining technical controls and monitoring with continuous security awareness, these threats can be effectively mitigated. By building a multi-layer protection system around sensitive information and privileged accounts, the most common attacks can be prevented. Employee training is critical, and it should not occur just once a year. It should be a continuous program of not only security education, but also ethical phishing tests to understand the soft spots in your organization.

In addition to a solid base of updated security practices, organizations are looking to address potential oversights. For example, in Zero Trust, details matter, and you trust no one. You validate everything and everyone, everywhere. Encrypt everything, everywhere. That is one strong approach. You can further use security software and appliances that have anti-phishing, sandbox, and additional prevention capabilities. Many organizations have started to pay attention to data access design in everything from SharePoint to messaging systems. This can help prevent information leakage.

Alert, Alert, Protect

The specter of social engineering threats is extensive and difficult to protect against. Attackers can come from anywhere, in combinations of traditional mail, email, links, phone calls, SMS messages, social media pages, and more. This is one of the reasons why the benefits of a comprehensive security strategy are so critical. With robust monitoring and alerting in place, anomalous behavior, privilege escalation, unknown sources, and sign-in discrepancies are the sort of triggers that can alert the organization and stop a chain of events that often begins with simple social engineering. The practice of comprehensive security also ensures that an organization can efficiently (and safely) return to normal in the event of a major security incident.

This article was originally published in Forbes, please follow me on LinkedIn.