Top 3 Cyber Security Facts

All businesses have some sort of weakness or two. There are new trends set to help fight cybercrime, and a few key facts to remember this year.

1. The Internet of Things has magnified vulnerabilities

The growing trend for internet-connected devices is showing no sign of slowing, with everything from TVs to refrigerators getting hooked up to the web. But the Internet of Things is a serious weak point in online defences, with smart devices often not made with even the most basic security features. An estimated 8.4 billion ‘things’ are now connected to the internet worldwide, and while this level of connectivity comes with plenty of benefits, it also brings increased cybersecurity risks.

Many connected ‘things’ – such as security cameras and baby monitors – are left to rely on default passwords that grant hackers easy access. Those that aren’t left on default passwords are often still woefully under-defended and easily accessed by hackers looking to create Botnets and carry out huge spam attacks.

Listed by security provider AVG as one of the top 10 points of entry for hackers to access your network, the Internet of Things is not just a problem in the sense that devices can be used to form attack networks or for hackers to co-opt devices for their computing power, it’s also possible to access private information or simply cause a nuisance.

That means devices like security cameras can be viewed and switched off, posing serious physical security risks as well as digital ones. In January 2017, hackers locked a dozen guests out of their rooms at the lakeside Alpine hotel in Austria after accessing the electronic key system, holding the hotel’s managing director to ransom.

As the mobile office and IoT becomes increasingly prevalent in day-to-day life, the need to find ways to secure the Internet of Things is only going to increase for SMBs and their staff.

2. AI and machine learning can boost cyber defences

Cybercriminals move quickly, and machine learning grants us the ability to predict and accurately identify attacks faster than ever before so that we can keep up. A recent survey by Avast Business found that 46% of respondents were worried about problems with Artificial Intelligence affecting their security, but the reality is that AI and machine learning are fast becoming a crucial tool for cybersecurity.

A prime example of this can be seen in PayPal. To increase its cybersecurity, PayPal now uses ‘deep learning’ AI to spot possible fraudulent activity in customer accounts. Users who might have fallen victim to phishing scams can be protected thanks to detailed, real-time behaviour analysis by artificial intelligence systems. Many other companies are also beginning to implement similar techniques.

The key obstacle stopping widespread acceptance of AI is that, in theory, any computer system can be compromised. Super intelligent machine learning can outrun the criminals, but if they catch up, many fear that the damage that could be done with a hacked super AI could be far worse than anything that has come before. Machine learning can absolutely assist in improving security classifications, recommendations, and reinforcements. Network traffic analysis, intrusion detection, database firewalls, and anti-malware layers can all be strengthened through the use of machine learning – something that can protect a lot of data and save a lot of money.

3. Worms may begin to outrank other forms of malware

Some of the major cybersecurity headlines were the result of WannaCry and Trickbot – a pair of attacks which both used worm functionality to spread malware and cause almost immeasurable damage. This kind of malware tactic can affect a huge number of victims in very little time, which is why an increasing number of malware families are expected to attempt this technique throughout 2019 and beyond.

Worms are much like viruses in that they replicate copies of themselves but differ in their ability to execute and propagate without a host program or human help. They can be defended against using locked down firewalls and other security measures that are nothing out of the ordinary, but without these in place, systems lie open to major corruptions and data loss.

Total defence and security can feel impossible but making sure that the basics are in place will greatly lower the risk of a hack or infection. To help establish this way of thinking, SMBs should develop a security mantra to make sure that their business is prepared to tackle new threats. Simple protections that are often forgotten, such always updating software with the latest patches, installing a reputable anti-virus and keeping it up to date and ensuring employees get regular security training are the most effective way to minimize the risk of worms, trojans and other malicious programs from reaching your businesses’ computers and devices.

Hackers may know your PIN–Stay Away from Birthday

Are you in the 26% of people who use one of these PIN codes to unlock their phones?

You’ve likely seen a list of top 25 passwords that get reused time and time again – “password” is a usual suspect – but what about phone PIN numbers? How unique are the PIN codes that we choose to stop cybercriminals from getting into our phones and their eyes onto our most precious accounts?

People tend to lock their phones with a code, but what if someone knew that code or could possibly work it out? Maybe they could guess it from frequently used PIN numbers? Would they then be able to read your emails, send a WhatsApp or view your Amazon basket?

Recent research from the SANS Institute found the top 20 most common mobile phone PIN codes were (and not in order):

0000
1004
1010
1111
1122
1212
1234
1313
2000
2001
2222
4444
3333
4321
5555
6666
6969
7777
8888
9999

They found that an astonishing 26% of all phones are cracked using these codes. There is a good chance that if your phone is stolen or lost, criminals could get into your phone within their first few attempts – even without knowing anything about you.

So why do people – including Kanye West – continue to use simple codes? Well, it might be best to answer this question first: When did you last change the PIN code to unlock your phone?

Most people have now had a smart phone complete with a lock on it for around a decade and it must be said that in 2007, when the first Apple iPhone came out, we were more interested in its features than discussing attack vectors.

Fingerprint readers were a few years off in 2007 and so when we had to enter the code up to 50, maybe even 100 times a day to unlock it, you can start to see why people wanted to get into their phones quickly and easily.

The problem is, even with the introduction of longer codes, Face ID or Touch ID, people rarely change their PINs and settled with a code they use on every device – even though we now rarely unlock our phones with a PIN.

Another method people use to remember PIN codes is to use numbers that mean something to them. However, a threat actor relies on people who tend to have an “it won’t happen to me” attitude, so what if the person wanting to get into your phone knows a little about you? When phones have a 4-digit code, people will often use a year; when a 6-digit code is recommended, people often enter a memorable date to unlock their phone.

This is an extremely dangerous way to secure your most cherished device and allows any cybercriminal with some open-source research skills to trial possible codes to unlock your phone.

How to stay safe

The best countermeasure is to start using a long unique alphanumeric code to unlock your phone; then, as this can be time consuming to unlock your device, turn on Touch ID or Face ID to speed up entry.

It might also be a good idea to mention here that you should also be aware of your surroundings and who might be watching your movements. Far too frequently on public transport have I seen people enter PIN codes, passwords, or even been on the phone shouting out credit card details including the three-digit CVV number on the back!

Finally, after backing up your device, you should add a further layer of security by turning on “Find My iPhone” for iOS or “Find My Device” on Android, which will allow you to wipe your phone remotely should it ever get stolen (anti-theft and remote-wipe features are also included in reputable mobile security solutions). Even though you may never see that device again, at least the criminals won’t be able to get into your device and look through your personal data and information.

5 Steps to get ISO 27000

ISO27000 has little to do with penetration testing. It’s a collection of ISMS (Information Security Management Systems) standards that provide a list of controls which an organization should implement as it enables (or should enable) proper security governance.

It’s more on a conceptual level and provides more a set of rules which can be used to create policies and processes.

The standards can be used for both implementation as well as auditing. Auditors will review if you have correctly implemented all concepts and acredit you with the certificate if it is deemed you have performed a correct implementation. They will request to see the defined policies and will test these against the actual situation. This is almost never technical.

One of the controls (there are several) requires the company to perform regular attack and penetration testing. The auditor will not perform a penetration himself but will request relevant reports. The policies often also define how problems should be tackled or how risks can be accepted or mitigated. The auditor will review the report and request how follow up is performed (and review if this is done correctly)

---

Step 0. Decision

Senior manager(s) need to be behind the decision for ISO 27000 implementation and support it in each and every step.

Step 1. Defining Scope of Implementation

Scope of implementation should be defined as well as the operational and functional boundaries.

Step 2. Documentation

Like ISO 9000, ISO 27000 needs comprehensive documentation in order to address all applicable millstones and administrative, technical, and physical controls/safeguards. These documents will be used to check whether or not the organization meets ISO 27000 requirements.

These documents would be a policy (or set of policies), and its related documented procedures and guidelines to ensure the business is adhering to ISO requirements in an efficient and achievable way.

ISO 27002 standard would be a huge help to prepare such documentation but in is not necessary to select the controls/safeguards from ISO 27002 text.

At least 15 different documents are required for ISO/IEC 27001:2013:

· Scope of ISMS

· Policy

· IS Risk Assessment process

· IS Risk Treatment process

· IS Objectives

· Evidence of the competence of the people doing work on IS

· Other documents deemed necessary by the organization for ISMS

· Operational Planning and Control Documents

· Results of IS Risk Assessments

· Results of IS Risk Treatment

· Documented information as evidence of the monitoring and measurement results

· Internal audit program plus audit results

· Documented information as evidence of top management review

· Evidence of nonconformities identified, actions taken and the results

· Other documentations might be needed: A policy about rules for acceptable use of assets (use policy), access control policy, operating procedures, confidentiality and nondisclosure agreements, secure system principles, information security policy for supplier relationships or vendors, information security incident response procedures, regulations and contractual obligations, associated compliance procedures, and information security continuity plan.

Auditors will check that above-mentioned documentation are present, up-to-date and fit to ISMS scope which is defined in step 1

Step 3. Realization

By applying Gap Analysis, comparison of actual performance with desired performance and documentation, it is time to make sure that the organization is following all procedures and guidelines. We’d better conduct a pre-assessment in order to make sure that the organization is on the right track. Pre-assessment can be conducted by using pre-assessments forms, gathering of evidences and filling checklists.

Another key to have a successful realization step is to communicate with all employees about the processes in place and the need to adopt them fully and report back on all discrepancies.

Step 4. Internal Audit

An experienced (or certified) internal or external auditor is needed for this step. Some audit tools like forms and checklists are needed for such a job.

Step 5. Certification Audit

ISO (International Organization for Standardization) does not perform certification for ISO 27001. Certification companies like SGS, TÜV Rheinland or BSI can do the audit and issue the certificate for you. The certificates are usually good for 3 years.

CyberSecurity : Demystifying SIEM Rules

Complex and intelligent, any SIEM system may still pose some challenges in the long run, which are hardly identifiable upfront.

In some cases, it’s down to the SIEM system’s correlation rules. Without these rules, the system mutates into a simple security event logger. If these rules are misconfigured, SIEM system may miss an attack or experience performance problems.

The article discusses four potential problems with correlation rules in the context of IBM® Security QRadar® SIEM.

False positives

Almost any correlation rule can create a false positive (any behavior that is identified as malicious but proves to be not). For example, a legitimate remote vulnerability scanner belonging to the company may look to the SIEM system as an aggressive attacker, so consequently QRadar will generate an incident. Within a short period of time, a single rule triggering false positives may create hundreds of alerts. In practice, such rules are often disabled, which increases SIEM vulnerability.

Usually, false positive triggering is inherent to the out-of-the-box QRadar SIEM, therefore its configurations should be fine-tuned either in-house or by SIEM consultants.

Disabled rules

Out-of-the-box QRadar contains about 250 rules. 60% of them get disabled in a default installation because these rules are less likely to be applicable to a customer’s network environment. Sometimes, security administrators switch off rules by mistake, or because they generate a lot of false positives. As a result, while thinking that your SIEM system is a security flagman, in fact, you keep missing threats.

Finally, we shouldn’t ignore the cases when rules are disabled for malicious reasons. Fortunately, such security offences are scarce, since cybercriminals would rather delete event sources.

Insufficient rule customization

For 360° cybersecurity, every security event should be covered by a set of rules that should comply with the company’s security policy and network peculiarities. Suppose your company decided to do without information security consultant and install an out-of-the-box SIEM software. The system’s correlation rules will be too general and won’t cover all the use cases. To ensure efficient threat detection, one should customize correlation mechanisms. This task may be allocated to a specially assigned security administrator or a proficient information security vendor. Not only will they identify actual threats, but also minimize MTTR (mean time to removal). In this case, your money will be well spent.

Long rule execution

One of the performance issues that your SIEM system may face is time-consuming rule execution. The common reason for that is when security administrators don’t use filtering options to drop any irrelevant data from the event pipeline. As a result, the rule will be applied to every event, which will slow down the security system performance. Timing is everything. Long rule execution entails a major risk of some offences not being detected timely. Furthermore, in a chain of correlation rules, a rule that lags behind will negatively affect the overall time of rule execution.

Fine-tuning is the answer

The problems with SIEM correlation rules stated above have a common solution – fine-tuning.

Security software vendors release more and more robust products, promising that their out-of-the-box solutions will cover all your network security needs. Yet, every network is unique. Choose the SIEM system matching most of your requirements, but take a time to choose the right consultant to tailor it.

Receive Latest Cyber Security News Feeds

Hi Folks

To receive automated live cyber security news feeds right to your desktop, simply download a Software called Snarfer then import the OPML file on link below and you will be all set.

Feeds From various Cyber Security Authors

LINK : http://bit.ly/CyberSecurityLiveFeeds