.org

Why Every Business Needs a Cybersecurity Incident Response TeamCISOMAGon October 21, 2021 at 5:39 am Feedzy

FeedzyRead MoreIn order to get back on track from the ongoing pandemic, organizations have to take into account a completely altered reality, which is very different from what we’ve been taught so far. Many companies have restructured their business continuity plans to stay afloat during this unprecedented time. Many of these measures are not only point-in-time […]
The post Why Every Business Needs a Cybersecurity Incident Response Team appeared first on CISO MAG | Cyber Security Magazine.

In order to get back on track from the ongoing pandemic, organizations have to take into account a completely altered reality, which is very different from what we’ve been taught so far. Many companies have restructured their business continuity plans to stay afloat during this unprecedented time. Many of these measures are not only point-in-time responses to the current crisis but are also expected to continue after COVID-19. With accelerated digitization across businesses, cyberattacks are becoming more sophisticated, precise, and targeted than ever before. To this, add the sheer volume of security alerts and false positives; it’s like searching for a needle in a haystack. The IT team is suffering from burnout, leaving organizations with hulking security risks and corresponding financial risks.

By Satya Machiraju, VP, Information Security, Whatfix

The threat of cybercrime is ever increasing and is having a significant impact on enterprises. To protect against cyberattacks, companies need to get back to the basics of security by design and integrating cybersecurity into their entire system life cycle. Almost every organization nowadays is vulnerable to being breached, whether it is due to its own security weaknesses or the weaknesses of its critical suppliers. Because of this, digital platforms need to be treated as critical infrastructure – a centralized mechanism for detecting and responding to security incidents should be put in place. If data or functionality are lost, it can be crippling, regardless of the threats. Having an incident response plan and disaster recovery plan allows you to minimize risks and prepare for a variety of events.

What is an Incident Response Team?

Incident response teams, also called incident response units, plan for and respond to IT incidents, such as cyberattacks, system failures, and data breaches. Additionally, these teams can develop incident response plans, identify and resolve system vulnerabilities, enforce security policies, and evaluate security best practices.

An organization’s incident response teams should be made up of subject matter experts from various domains/departments with reasonable authority and expertise to respond to an incident as soon as it is noticed. Organizations with an incident response team are able to handle incidents in a structured manner. Documenting and testing an incident response plan allows an organization to respond and recover from an incident faster, with minimal impact on its customers and stakeholders.

Incident Response Team: A Blueprint for Success

An average company generates around 30 GB of security log data that is close to 30,000,000 events per day. Almost all security operations teams find it challenging to separate the “Wheat from the Chaff” and thereby not being able to connect the dots to identify the critical chain of events resulting in breaches going undetected or not responded immediately. This is primarily owing to too many error-prone manual processes, lacking the highly skilled talent to solve all of this, and the inability of a human to crunch or process large chunks of data.

Automating incident response enables the security operations team to let tools or systems address the known issues with known resolutions. This allows them to focus on more critical issues or enhancements of the business. There are various commercial and open-source SOAR (Security Orchestration, Automation and Response) solutions that help the security teams in their journey towards automation.

SOAR is typically a collection of software solutions or tools that allow security teams to streamline security operations in threat and vulnerability management, incident detection and response, and security operations automation. SOAR allows security teams to collect threat-related data from a range of sources and automate the responses to the threat.

Building an Effective Incident Response Plan

In every industry, data breaches have become an inevitable part of doing business. For organizations to minimize damage, while also reducing costs and recovery times, it is important to have incident response plans in place. The use of incident response plans allows organizations to respond quickly and effectively to security incidents. In order to respond quickly to cyber incidents, organizations must develop a proactive and responsive set of capabilities as part of their incident response plans. The basic process could be summarized as follows:

Establish an Incident Response team
Identify your assets and crown jewels
Identify the threat vectors associated with your assets and crown jewels
Implement monitoring capabilities to identify the threats/attempts
Document your threat response guidelines
Document the incident communication processes
Train employees to be vigilant, to alert stakeholders
Test the Incident response plan
Document the learnings
Incorporate the learnings

An incident could have implications from legal, regulatory, privacy, and contractual perspective too. An inadequate or incorrect approach in handling an incident could have serious ramifications in the aforesaid areas. Having a team responsible for incident detection and response helps organizations and the workforce to be able to consult the subject matter experts for any specific suspicious activity thereby ensuring that immediate action is taken. The incident response team can also ensure that the response to suspicious activity or a breach is performed in line with the Incident response plan and would be able to address any situation that is not captured in the plan.

Securing the Digital Workforce

As a result of a mostly or entirely remote workforce, organizations are more susceptible to security breaches and less able to respond to potential security incidents. A remote workforce incident can be effectively handled by identifying the impacts, updating the incident response plan, and communicating the new plan with the incident response team. In light of increasing cyberattacks that threaten business operations and reputation, developing an effective Cyber Incident Response Plan (CIR) becomes essential for organizations to stay on top of the cybersecurity curve.

About the Author

Satya Machiraju is the VP of Information Security at Whatfix. Satya leads Whatfix’s security team by developing and deploying processes and solutions to minimize and mitigate cybersecurity and regulatory compliance risks. Satya is based in India and is passionate about protecting customers’ information, as well as creating a culture of cybersecurity preparedness across Whatfix by putting “security first.”

Satya brings over two decades of experience in cloud security and architecture, global cyber security and enterprise risk management, regulatory compliance consulting, information security strategy consulting, IT governance and project management, vendor and partner risk management, and privacy and regulatory compliance. Prior to Whatfix, Satya was VP/CISO at Qualfon, Senior Director of Information Security at [24]7.ai, and Senior Manager of Information Security at Aditya Birla Minacs Worldwide, Ltd.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Why Every Business Needs a Cybersecurity Incident Response Team appeared first on CISO MAG | Cyber Security Magazine.

In order to get back on track from the ongoing pandemic, organizations have to take into account a completely altered reality, which is very different from what we’ve been taught so far. Many companies have restructured their business continuity plans to stay afloat during this unprecedented time. Many of these measures are not only point-in-time responses to the current crisis but are also expected to continue after COVID-19. With accelerated digitization across businesses, cyberattacks are becoming more sophisticated, precise, and targeted than ever before. To this, add the sheer volume of security alerts and false positives; it’s like searching for a needle in a haystack. The IT team is suffering from burnout, leaving organizations with hulking security risks and corresponding financial risks.

By Satya Machiraju, VP, Information Security, Whatfix

The threat of cybercrime is ever increasing and is having a significant impact on enterprises. To protect against cyberattacks, companies need to get back to the basics of security by design and integrating cybersecurity into their entire system life cycle. Almost every organization nowadays is vulnerable to being breached, whether it is due to its own security weaknesses or the weaknesses of its critical suppliers. Because of this, digital platforms need to be treated as critical infrastructure – a centralized mechanism for detecting and responding to security incidents should be put in place. If data or functionality are lost, it can be crippling, regardless of the threats. Having an incident response plan and disaster recovery plan allows you to minimize risks and prepare for a variety of events.

What is an Incident Response Team?

Incident response teams, also called incident response units, plan for and respond to IT incidents, such as cyberattacks, system failures, and data breaches. Additionally, these teams can develop incident response plans, identify and resolve system vulnerabilities, enforce security policies, and evaluate security best practices.

An organization’s incident response teams should be made up of subject matter experts from various domains/departments with reasonable authority and expertise to respond to an incident as soon as it is noticed. Organizations with an incident response team are able to handle incidents in a structured manner. Documenting and testing an incident response plan allows an organization to respond and recover from an incident faster, with minimal impact on its customers and stakeholders.

Incident Response Team: A Blueprint for Success

An average company generates around 30 GB of security log data that is close to 30,000,000 events per day. Almost all security operations teams find it challenging to separate the “Wheat from the Chaff” and thereby not being able to connect the dots to identify the critical chain of events resulting in breaches going undetected or not responded immediately. This is primarily owing to too many error-prone manual processes, lacking the highly skilled talent to solve all of this, and the inability of a human to crunch or process large chunks of data.

Automating incident response enables the security operations team to let tools or systems address the known issues with known resolutions. This allows them to focus on more critical issues or enhancements of the business. There are various commercial and open-source SOAR (Security Orchestration, Automation and Response) solutions that help the security teams in their journey towards automation.

SOAR is typically a collection of software solutions or tools that allow security teams to streamline security operations in threat and vulnerability management, incident detection and response, and security operations automation. SOAR allows security teams to collect threat-related data from a range of sources and automate the responses to the threat.

Building an Effective Incident Response Plan

In every industry, data breaches have become an inevitable part of doing business. For organizations to minimize damage, while also reducing costs and recovery times, it is important to have incident response plans in place. The use of incident response plans allows organizations to respond quickly and effectively to security incidents. In order to respond quickly to cyber incidents, organizations must develop a proactive and responsive set of capabilities as part of their incident response plans. The basic process could be summarized as follows:

Establish an Incident Response team
Identify your assets and crown jewels
Identify the threat vectors associated with your assets and crown jewels
Implement monitoring capabilities to identify the threats/attempts
Document your threat response guidelines
Document the incident communication processes
Train employees to be vigilant, to alert stakeholders
Test the Incident response plan
Document the learnings
Incorporate the learnings

An incident could have implications from legal, regulatory, privacy, and contractual perspective too. An inadequate or incorrect approach in handling an incident could have serious ramifications in the aforesaid areas. Having a team responsible for incident detection and response helps organizations and the workforce to be able to consult the subject matter experts for any specific suspicious activity thereby ensuring that immediate action is taken. The incident response team can also ensure that the response to suspicious activity or a breach is performed in line with the Incident response plan and would be able to address any situation that is not captured in the plan.

Securing the Digital Workforce

As a result of a mostly or entirely remote workforce, organizations are more susceptible to security breaches and less able to respond to potential security incidents. A remote workforce incident can be effectively handled by identifying the impacts, updating the incident response plan, and communicating the new plan with the incident response team. In light of increasing cyberattacks that threaten business operations and reputation, developing an effective Cyber Incident Response Plan (CIR) becomes essential for organizations to stay on top of the cybersecurity curve.

About the Author

Satya Machiraju is the VP of Information Security at Whatfix. Satya leads Whatfix’s security team by developing and deploying processes and solutions to minimize and mitigate cybersecurity and regulatory compliance risks. Satya is based in India and is passionate about protecting customers’ information, as well as creating a culture of cybersecurity preparedness across Whatfix by putting “security first.”

Satya brings over two decades of experience in cloud security and architecture, global cyber security and enterprise risk management, regulatory compliance consulting, information security strategy consulting, IT governance and project management, vendor and partner risk management, and privacy and regulatory compliance. Prior to Whatfix, Satya was VP/CISO at Qualfon, Senior Director of Information Security at [24]7.ai, and Senior Manager of Information Security at Aditya Birla Minacs Worldwide, Ltd.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Federal Authorities Release Advisory Detailing BlackMatter RansomwareCISOMAGon October 20, 2021 at 3:44 pm Feedzy

FeedzyRead MoreIn tandem with cyberattacks, the emergence of various cybercriminal groups has become rampant in recent times. Several governments across the globe are initiating advanced security measures to cope with evolving threat actor groups. Recently, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI jointly released a cybersecurity advisory about […]
The post Federal Authorities Release Advisory Detailing BlackMatter Ransomware appeared first on CISO MAG | Cyber Security Magazine.

In tandem with cyberattacks, the emergence of various cybercriminal groups has become rampant in recent times. Several governments across the globe are initiating advanced security measures to cope with evolving threat actor groups. Recently, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI jointly released a cybersecurity advisory about the infamous BlackMatter ransomware group, with information on its tactics, techniques, and procedures (TTPs).

BlackMatter Ransomware

Active since July 2021, BlackMatter is a ransomware-as-a-service (Raas) that enables threat actors and cybercriminal affiliates to deploy ransomware on targeted victim’s devices. BlackMatter operators have targeted several critical infrastructures in the U.S. and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero. The group also leveraged embedded and previously compromised credentials to illicitly access the Active Directory (AD) to discover all hosts on the targeted network.

The operators recently compromised and infected NEW’s network systems and demanded a ransom of $5.9 million to restore the affected systems. The attack affected the operations of several grain storage elevators and farming activities, causing severe disruption to the food supply chain.

How to Detect BlackMatter Ransomware

The advisory unveiled two Snort signatures that help detect network activities linked with BlackMatter.

Intrusion Detection System Rule:

alert tcp any any -> any 445 (msg:”BlackMatter remote encryption attempt”; content:”|01 00 00 00 00 00 05 00 01 00|”; content:”|2e 00 52 00 45 00 41 00 44 00 4d 00 45 00 2e 00 74 00|”; distance:100; detection_filter: track by_src, count 4, seconds 1; priority:1; sid:11111111111;)

Inline Intrusion Prevention System Rule:

alert tcp any any -> any 445 (msg:”BlackMatter remote encryption attempt”; content:”|01 00 00 00 00 00 05 00 01 00|”; content:”|2e 00 52 00 45 00 41 00 44 00 4d 00 45 00 2e 00 74 00|”; distance:100; priority:1; sid:10000001;) rate_filter gen_id 1, sig_id 10000001, track by_src, count 4, seconds 1, new_action reject, timeout 86400

Responding to Ransomware Attacks

In case of a ransomware incident, the federal agencies recommended organizations to:

Follow the Ransomware Response Checklist in the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
Scan backups with an antivirus program to check that it is free of malware.
Report incidents immediately to the FBI at a local FBI Field Office, CISA at uscert.cisa.gov/report, or the U.S. Secret Service at a U.S. Secret Service Field Office.
Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the U.K.

Mitigating BlackMatter

The agencies urged security admins and organizations, especially in the critical infrastructure sector, to apply the following mitigation measures and reduce the risk of compromise by BlackMatter ransomware:

Implement the detection signatures identified
Enable multi-factor authentication to all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems
Keep all operating systems and software up to date
Remove unnecessary access to administrative shares
Implement Network Segmentation and Traversal Monitoring
Enforce Backup and Restoration Policies and Procedures

“Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks,” the advisory stated.

The post Federal Authorities Release Advisory Detailing BlackMatter Ransomware appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

In tandem with cyberattacks, the emergence of various cybercriminal groups has become rampant in recent times. Several governments across the globe are initiating advanced security measures to cope with evolving threat actor groups. Recently, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI jointly released a cybersecurity advisory about the infamous BlackMatter ransomware group, with information on its tactics, techniques, and procedures (TTPs).

BlackMatter Ransomware

Active since July 2021, BlackMatter is a ransomware-as-a-service (Raas) that enables threat actors and cybercriminal affiliates to deploy ransomware on targeted victim’s devices. BlackMatter operators have targeted several critical infrastructures in the U.S. and have demanded ransom payments ranging from $80,000 to $15,000,000 in Bitcoin and Monero. The group also leveraged embedded and previously compromised credentials to illicitly access the Active Directory (AD) to discover all hosts on the targeted network.

The operators recently compromised and infected NEW’s network systems and demanded a ransom of $5.9 million to restore the affected systems. The attack affected the operations of several grain storage elevators and farming activities, causing severe disruption to the food supply chain.

How to Detect BlackMatter Ransomware

The advisory unveiled two Snort signatures that help detect network activities linked with BlackMatter.

Intrusion Detection System Rule:

alert tcp any any -> any 445 (msg:”BlackMatter remote encryption attempt”; content:”|01 00 00 00 00 00 05 00 01 00|”; content:”|2e 00 52 00 45 00 41 00 44 00 4d 00 45 00 2e 00 74 00|”; distance:100; detection_filter: track by_src, count 4, seconds 1; priority:1; sid:11111111111;)

Inline Intrusion Prevention System Rule:

alert tcp any any -> any 445 (msg:”BlackMatter remote encryption attempt”; content:”|01 00 00 00 00 00 05 00 01 00|”; content:”|2e 00 52 00 45 00 41 00 44 00 4d 00 45 00 2e 00 74 00|”; distance:100; priority:1; sid:10000001;) rate_filter gen_id 1, sig_id 10000001, track by_src, count 4, seconds 1, new_action reject, timeout 86400

Responding to Ransomware Attacks

In case of a ransomware incident, the federal agencies recommended organizations to:

Follow the Ransomware Response Checklist in the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
Scan backups with an antivirus program to check that it is free of malware.
Report incidents immediately to the FBI at a local FBI Field Office, CISA at uscert.cisa.gov/report, or the U.S. Secret Service at a U.S. Secret Service Field Office.
Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the U.K.

Mitigating BlackMatter

The agencies urged security admins and organizations, especially in the critical infrastructure sector, to apply the following mitigation measures and reduce the risk of compromise by BlackMatter ransomware:

Implement the detection signatures identified
Enable multi-factor authentication to all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems
Keep all operating systems and software up to date
Remove unnecessary access to administrative shares
Implement Network Segmentation and Traversal Monitoring
Enforce Backup and Restoration Policies and Procedures

“Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organizations, including critical infrastructure organizations, to implement the recommendations listed in the Mitigations section of this joint advisory. These mitigations will help organizations reduce the risk of compromise from BlackMatter ransomware attacks,” the advisory stated.

Sinclair Broadcast Group Network Encrypted with Ransomware — Operations Disruptedminu.sirsalewalaon October 20, 2021 at 2:25 pm Feedzy

FeedzyRead MoreIn a span of five months, yet another media company, Sinclair Broadcast Group, has been a victim of a ransomware attack. The threat actors encrypted certain servers and workstations, disrupting the company’s operational networks. The company implemented its incident response plan upon detection to contain the attack. It engaged legal counsel, a cybersecurity forensic firm, […]
The post Sinclair Broadcast Group Network Encrypted with Ransomware — Operations Disrupted appeared first on CISO MAG | Cyber Security Magazine.

In a span of five months, yet another media company, Sinclair Broadcast Group, has been a victim of a ransomware attack. The threat actors encrypted certain servers and workstations, disrupting the company’s operational networks.

The company implemented its incident response plan upon detection to contain the attack. It engaged legal counsel, a cybersecurity forensic firm, and other incident response experts to investigate the security incident.

It also disclosed data theft from the network, the extent of which is unknown. Sinclair stated, “While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.”

Sinclair Broadcast Group, one of the nation’s largest television station operators, announced Monday that it had been hit by a ransomware attack over the weekend that resulted in data theft and network disruption. Happy Monday! pic.twitter.com/nCzWETUI2e

— Nita Cosby (@5_2blue) October 18, 2021

There are no “good” ransomware attacks. These must be met with strong response. Sinclair today. Could be AP, still the gold standard for election results, tomorrow. https://t.co/ETUj1I4wSF

— Juliette Kayyem (@juliettekayyem) October 18, 2021

Purplesec’s 2021 Trends Report talks about the growing threat of ransomware and the exponential rate at which it is multiplying.

Highlights of the report:

The average ransomware payment in 2021 increased by 82% year over year to $570,000.
121 ransomware incidents have been reported in the first half of 2021, up 64% year-over-year.
The largest ransom demand observed so far in 2021 is $100 million.
Ransomware has become a popular form of attack in recent years growing 350% in 2018.
Ransomware detections are on the rise with Ryuk detections increasing by 543% over Q4 2018, and since its introduction in May 2019,
81% of cyber security experts believe there will be more ransomware attacks than ever in 2019.
In 2019 ransomware from phishing emails increased 109% over 2017.
21% of ransomware involved social actions, such as phishing.
New ransomware variants grew 46% in 2019.
68,000 new ransomware Trojans for mobile were detected in 2019.
Ransomware attacks increased 41% in 2019 with 205,000 businesses who lost access to their files.
It’s estimated that a business will fall victim to a ransomware attack every 14 seconds.

The Big Media Incidents

American media company Cox Media Group (CMG) too had experienced a cyberattack in the month of June, in which the malicious threat actor encrypted the network servers and forced the systems to go offline.
Nine Network, a popular name in free-to-air television networks in Australia was a victim of a cyberattack in March 2021. The attack caused disruption of live broadcasts of the channel and its online news website.
A Germany-based large newspaper and magazine publisher; Funke Media Group was in news in the December of 2020 for a ransomware attack. The attack caused operational disruption and numerous editions of the daily newspaper were not published. Per the media reports, the large-scale ransomware attack had encrypted up to 6,000 employee laptops and other endpoints. The entire production network had to be switched off to contain the breach.

The media and entertainment industry runs 24/7 operations and cannot face any downtime. The need to be available online also exposes their network to cyberattacks and security vulnerabilities. A stronger security posture and a well-planned incidence response solution can mitigate the risk and help deter future security incidents.

See also:

Cox Media Group Validates Ransomware Attack that Pulled Down its Broadcasts
Conti Ransomware Attacks on Rise – CISA, FBI, NSA Issue Joint Alert

The post Sinclair Broadcast Group Network Encrypted with Ransomware — Operations Disrupted appeared first on CISO MAG | Cyber Security Magazine.

In a span of five months, yet another media company, Sinclair Broadcast Group, has been a victim of a ransomware attack. The threat actors encrypted certain servers and workstations, disrupting the company’s operational networks.

The company implemented its incident response plan upon detection to contain the attack. It engaged legal counsel, a cybersecurity forensic firm, and other incident response experts to investigate the security incident.

It also disclosed data theft from the network, the extent of which is unknown. Sinclair stated, “While the Company is focused on actively managing this security event, the event has caused – and may continue to cause – disruption to parts of the Company’s business, including certain aspects of its provision of local advertisements by its local broadcast stations on behalf of its customers. The Company is working diligently to restore operations quickly and securely.”

Purplesec’s 2021 Trends Report talks about the growing threat of ransomware and the exponential rate at which it is multiplying.

Highlights of the report:

The average ransomware payment in 2021 increased by 82% year over year to $570,000.
121 ransomware incidents have been reported in the first half of 2021, up 64% year-over-year.
The largest ransom demand observed so far in 2021 is $100 million.
Ransomware has become a popular form of attack in recent years growing 350% in 2018.
Ransomware detections are on the rise with Ryuk detections increasing by 543% over Q4 2018, and since its introduction in May 2019,
81% of cyber security experts believe there will be more ransomware attacks than ever in 2019.
In 2019 ransomware from phishing emails increased 109% over 2017.
21% of ransomware involved social actions, such as phishing.
New ransomware variants grew 46% in 2019.
68,000 new ransomware Trojans for mobile were detected in 2019.
Ransomware attacks increased 41% in 2019 with 205,000 businesses who lost access to their files.
It’s estimated that a business will fall victim to a ransomware attack every 14 seconds.

American media company Cox Media Group (CMG) too had experienced a cyberattack in the month of June, in which the malicious threat actor encrypted the network servers and forced the systems to go offline.
Nine Network, a popular name in free-to-air television networks in Australia was a victim of a cyberattack in March 2021. The attack caused disruption of live broadcasts of the channel and its online news website.
A Germany-based large newspaper and magazine publisher; Funke Media Group was in news in the December of 2020 for a ransomware attack. The attack caused operational disruption and numerous editions of the daily newspaper were not published. Per the media reports, the large-scale ransomware attack had encrypted up to 6,000 employee laptops and other endpoints. The entire production network had to be switched off to contain the breach.

The media and entertainment industry runs 24/7 operations and cannot face any downtime. The need to be available online also exposes their network to cyberattacks and security vulnerabilities. A stronger security posture and a well-planned incidence response solution can mitigate the risk and help deter future security incidents.

See also:

Cox Media Group Validates Ransomware Attack that Pulled Down its Broadcasts
Conti Ransomware Attacks on Rise – CISA, FBI, NSA Issue Joint Alert

Desorden Hacks Acer’s India and Taiwan Servers; 60GB Customer Data StolenCISOMAGon October 20, 2021 at 1:16 pm Feedzy

FeedzyRead MoreComputer manufacturer Acer suffered two security incidents on its servers in Taiwan and India in less than a week. Threat actor group Desorden reportedly announced that it had compromised the Indian servers of Acer, affecting the private information of millions of clients. The group claims to have stolen 60 GB of customers’ information, including corporate and sensitive […]
The post Desorden Hacks Acer’s India and Taiwan Servers; 60GB Customer Data Stolen appeared first on CISO MAG | Cyber Security Magazine.

Computer manufacturer Acer suffered two security incidents on its servers in Taiwan and India in less than a week. Threat actor group Desorden reportedly announced that it had compromised the Indian servers of Acer, affecting the private information of millions of clients. The group claims to have stolen 60 GB of customers’ information, including corporate and sensitive financial information. The compromised data also included login details of Acer retailers and distributors in India.

Users’ Data on Hacker Forum

Desorden group reportedly leaked personal data of more than 10,000 Indian customers on a hacking forum for free as proof of their cyberattack. Leaked customer data could pose severe security issues, as it could be misused to launch various kinds of phishing attacks.

Acer Said ‘No’ to Ransom

While it’s unclear how Desorden obtained access to the servers, Acer stated that it informed the law enforcement authority in India for further investigation. The company also clarified that it would not negotiate or pay any ransom to the attackers.

Also Read: Suffered a Data Breach? Here’s the Immediate Action Plan

“We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has no material impact to our operations and business continuity,” Acer spokesperson Steven Chung said in a media statement.

Not the First Time

In March 2021, Acer sustained a major ransomware attack by the infamous REvil ransomware group. Attackers reportedly demanded over $50 million ransom. The ransomware operators compromised Acer’s network systems and allegedly shared images of stolen files as proof of compromise. The exposed images included the company’s sensitive documents like financial spreadsheets, bank balance statements, and other private communications with the bank.

Are Indian organizations more prone to data breaches?

Indian organizations are a primary target of several cybercriminal groups due to India’s emergence as a global IT player and its growth in the digitalization of the public and private sectors. While enterprises in India are enhancing their security defenses, a recent analysis from Trend Micro revealed that nearly 73% of organizations in India are likely to suffer a data breach in the next 12 months. In its latest Cyber Risk Index (CRI) report, Trend Micro revealed that lost IP, critical infrastructure damage, and cost of outsourced experts are the major consequences faced by Indian organizations after a data breach.

The post Desorden Hacks Acer’s India and Taiwan Servers; 60GB Customer Data Stolen appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Computer manufacturer Acer suffered two security incidents on its servers in Taiwan and India in less than a week. Threat actor group Desorden reportedly announced that it had compromised the Indian servers of Acer, affecting the private information of millions of clients. The group claims to have stolen 60 GB of customers’ information, including corporate and sensitive financial information. The compromised data also included login details of Acer retailers and distributors in India.

Users’ Data on Hacker Forum

Desorden group reportedly leaked personal data of more than 10,000 Indian customers on a hacking forum for free as proof of their cyberattack. Leaked customer data could pose severe security issues, as it could be misused to launch various kinds of phishing attacks.

Acer Said ‘No’ to Ransom

While it’s unclear how Desorden obtained access to the servers, Acer stated that it informed the law enforcement authority in India for further investigation. The company also clarified that it would not negotiate or pay any ransom to the attackers.

Also Read: Suffered a Data Breach? Here’s the Immediate Action Plan

“We have recently detected an isolated attack on our local after-sales service system in India. Upon detection, we immediately initiated our security protocols and conducted a full scan of our systems. We are notifying all potentially affected customers in India. The incident has been reported to local law enforcement and the Indian Computer Emergency Response Team and has no material impact to our operations and business continuity,” Acer spokesperson Steven Chung said in a media statement.

Not the First Time

In March 2021, Acer sustained a major ransomware attack by the infamous REvil ransomware group. Attackers reportedly demanded over $50 million ransom. The ransomware operators compromised Acer’s network systems and allegedly shared images of stolen files as proof of compromise. The exposed images included the company’s sensitive documents like financial spreadsheets, bank balance statements, and other private communications with the bank.

Are Indian organizations more prone to data breaches?

Indian organizations are a primary target of several cybercriminal groups due to India’s emergence as a global IT player and its growth in the digitalization of the public and private sectors. While enterprises in India are enhancing their security defenses, a recent analysis from Trend Micro revealed that nearly 73% of organizations in India are likely to suffer a data breach in the next 12 months. In its latest Cyber Risk Index (CRI) report, Trend Micro revealed that lost IP, critical infrastructure damage, and cost of outsourced experts are the major consequences faced by Indian organizations after a data breach.

“#BeingCyberSmart means picking the right battles and reducing the risks in the probable vectors”CISOMAGon October 20, 2021 at 10:28 am Feedzy

FeedzyRead MoreOctober, being the National Cybersecurity Awareness Month, sees a flurry of initiatives across organizations to create awareness among employees for #BeingCyberSmart. The CISA and NCSA initiative, which kicked off in October 2003, is far more relevant and important than in previous years. The onset of increased digitalization means the attack surface has exponentially expanded for […]
The post “#BeingCyberSmart means picking the right battles and reducing the risks in the probable vectors” appeared first on CISO MAG | Cyber Security Magazine.

October, being the National Cybersecurity Awareness Month, sees a flurry of initiatives across organizations to create awareness among employees for #BeingCyberSmart. The CISA and NCSA initiative, which kicked off in October 2003, is far more relevant and important than in previous years. The onset of increased digitalization means the attack surface has exponentially expanded for enterprises, small businesses, and individuals. The new-age working model leaves us increasingly vulnerable to emerging cyberthreats, opening the floodgates to more sophisticated attack techniques.

Minu Sirsalewala, Editorial Consultant, CISO MAG, chatted with Vishak Raman, Director, Security Business, Cisco India and SAARC, on what it takes for organizations for #BeingCyberSmart in this digital-distributed age. Raman also delved into the new age cybersafe techniques like Zero Trust Architecture, current security trends, and new-age cyberthreats.

Raman leads Cisco’s Security business for the India and SAARC region. He brings over 20 years of experience in the Information Security Services space with stints in product management, sales, marketing, and business development.

Prior to Cisco, Raman was the Senior Regional Director (India & SAARC) at FireEye. He was also the Global Head of Content Delivery Network (CDN) & Managed Security Services (MSS) business at Tata Communications for three years. Before joining Tata Communications, Raman was the Senior Regional Director for Fortinet and is credited with having built Fortinet’s Unified Threat Management success story in India and SAARC for 10 years. He was instrumental in setting up the first-of-its-kind Global Technical Assistance Centre in Bangalore to support Fortinet’s customers worldwide. Raman has also worked at WatchGuard, Sify, and HCL Technologies. He has an engineering degree in Computer Science and MBA from IIM – Ahmedabad.

Edited excerpts of the interview follow:

What does #BeingCyberSmart mean for an organization?

#BeingCyberSmart is knowing what to defend and what is the maximum I need to defend. As the budgets are limited, you must bite what you can chew. IoT Security, DDoS, and other large threat vectors have been observed during the pandemic, contributing 70-80% of the attacks. So, being able to prevent the most vulnerable and probable attacks is #BeingCyberSmart.

The four big vectors that need to be closely evaluated are email security to avoid phishing; endpoint security, which is the last line of defense; cloud security, which ensures cloud data is secure; and the most important is securing technology by adding layers of security towards the identity part. #BeingCyberSmart means picking the right battles and reducing the risks in these probable vectors which are email, identity theft, cloud, and endpoint.

Is zero trust approach an answer to better protection or just a buzzword?

Zero trust is not a buzzword; it’s a framework for organizations to put together their security posture. It starts with fundamentals like, what are you trying to protect? It is to simply design a trust framework and to look at the design philosophy for zero trust.

If you look at zero trust, foundationally there are five pillars. What you assume is environmental – be it an SMB customer, a very large enterprise, a government, a critical infrastructure – you start with a baseline assuming that all the environments are hostile and in a state of a paranoid breach. So, when you go into a security posture, you assume that the environment is already hostile and that is the zero trust fundamentals. The second part is no access until the device proves its trust. It means you must challenge the authentication, challenge the identity of that access. If you are connecting from your home, I would make sure that the endpoint is running the right patch, the operating system is running anti-virus and anti-malware endpoint, and it is not a jailbroken device that is coming from a trusted source. Essentially, the second principle is no access until the user on the device is proven as a trusted device. Third, authorize every single transaction and encrypt all the transactional force. There is no non-encrypted traffic that will be going in or out of the setup. While there is a big hype about state-sponsored attacks, Zero trust focuses on data protection and how you classify your confidential data — the fourth pillar. You cannot protect all your crown jewels; you need to classify which needs maximum security because data classification is the foundation. And for the fifth pillar, you must log all the activity and keep a repository of all the transactions.

While these are the foundational principles, the way to classify zero trust is into three large buckets. First, your workplace, which is the on-premise setup, your server, email, etc. For asset identification, you follow a 3W framework — workplace security, workload cloud, and workforce — which is for the endpoints and users — the most vulnerable. Zero trust principles must be applied across the workforce, workload, and workplace framework. It does not stop with the selection of products; you have to look at enabling it with credible threat intelligence.

SMB cyber incidents in India have been peaking. What were the most exploited vulnerabilities?

From an attack surface point of view, phishing was a larger vehicle through which the hacks happened. Phishing, malware, DNS tunneling, DDoS are the four large attack vectors that were looked at by the hackers. Close to about 85% of them experienced malware attacks in the last 12 months, followed by phishing attacks.

DNS tunneling is the biggest vulnerability and is not very well understood by enterprises. DNS basically translates an IP address to a domain name. When you type into google.com it goes to an IP address in the backend, but somebody is resolving that domain name to an IP address. So, the tunneling part is important because any hack or malware implant needs to go and communicate back to a downloader.

Another attack that surged is the denial-of-service (DoS) attack. In a DoS attack, a legitimate connection request is sent to the server but the connection is never completed. Malware attacks (around 85%), phishing attacks (about 70%), DNS tunneling (about 68%), and DDoS attacks (around 64%) are the top four major vectors APJC SMBs have experienced over the last 12 months.

The security hygiene can get ugly if the DNS layer and Active Directory security are not managed or secured. How can organizations avoid being targets of these advanced cyberattacks and vulnerabilities?

You need to have a framework approach. Let’s take an endpoint, when you look at DNS as a protocol, it is stateless. It just makes a connection, there is no information around it. You got to have layers of security. When you look at endpoint protection, first and foremost, you need to have the base of a virtual private network (VPN), where you want to have a connection back to your corporate setup working from home, and ensure a VPN is established.

Besides VPN, you have to look at the DNS security, because the corporate VPN will go through a SaaS application, direct to a Dropbox. How do you secure that? You add one more layer of cloud security and make sure that you do a split tunneling of VPN, where the VPN connects back to your corporate network for your corporate applications, for SaaS application — it does not have to go to the corporate and then to the cloud. You are doing a split tunneling option, as most of the home connection and endpoint connections are on a shared Wi-Fi with multiple users from the family.

Man-in-the-middle attacks become common, and if there is no encryption between your laptop and Wi-Fi access point, you want to add another layer of security on top of the VPN, which is DNS security. You want to make sure that there is a cloud-based solution that will tell you that the domain is good, bad, and ugly. The third layer you add is your identity. How do you make sure that the user who is accessing the corporate resource is a real person? So, you resort to passwordless authentication, whereby your device and user identity are protected.

This ensures you have the VPN, DNS layer of security, identity access management, and anti-malware solution. Make sure that the endpoint which is connecting back from the home has an anti-malware solution. Security at the endpoint layer has become a lot more important. This is a principle for zero trust for endpoint security.

This is a framework that we have been successfully enabling in India post-pandemic when the lockdown was announced. We enabled half a million endpoints within two weeks of adopting this framework, so people can continue working from home with secure infrastructure.

What about the new-age cyberthreats?

New age attacks are state-funded. They are geopolitical in nature and target supply chains. Supply chain attacks look at your trusted hardware and software. They plant malware or threats into the trusted networking partner. I would rather not break into the company setup; I would look at what was the most popular setup of products and services they use and plant malware on their updates. We are seeing the new-age attacks very clearly towards supply chains. Talos has written a blog on a group called Gamaredon. Cybercrime-as-a-service is being delivered. We mapped all these attacks during 2019 and the pandemic, and then we looked at the highest vulnerable medium. These new-age attacks that have emerged are email, cloud visibility and endpoint. We saw zero trust in action for endpoint security. If you block and have a zero trust approach across all these four domains, you are cyber smart. The key focus areas will be: how to ensure cyber preparedness, how do you look at remote working and access policies, how do you augment your security monitoring capability, how do you look at a trade-off between employee information on privacy and how do you train your people when we were working from office. The first line of defense is humans. So, how do you prepare your remote workforce against social engineering attacks? It is not just about technology.

Let’s take an example of incident response. When there is a breach, how do you respond and look at your roles and responsibilities? How do you report the breach and how do you rework all your playbooks? Playbook works like you are writing a security rulebook, the DOs and DON’Ts, and the steps to follow in case of a breach. How do you conduct cyber drills in a remote environment?

Look at how to audit privileged access for remote workers. How can we enhance the SOC monitoring capability? These are questions beyond technology that need to be evaluated and updated. A practitioner’s view is very different. You will have frameworks, but operationally, it’s more complex than what we think.

About the Interviewer

Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.

More from Minu.

The post “#BeingCyberSmart means picking the right battles and reducing the risks in the probable vectors” appeared first on CISO MAG | Cyber Security Magazine.

October, being the National Cybersecurity Awareness Month, sees a flurry of initiatives across organizations to create awareness among employees for #BeingCyberSmart. The CISA and NCSA initiative, which kicked off in October 2003, is far more relevant and important than in previous years. The onset of increased digitalization means the attack surface has exponentially expanded for enterprises, small businesses, and individuals. The new-age working model leaves us increasingly vulnerable to emerging cyberthreats, opening the floodgates to more sophisticated attack techniques.

Minu Sirsalewala, Editorial Consultant, CISO MAG, chatted with Vishak Raman, Director, Security Business, Cisco India and SAARC, on what it takes for organizations for #BeingCyberSmart in this digital-distributed age. Raman also delved into the new age cybersafe techniques like Zero Trust Architecture, current security trends, and new-age cyberthreats.

Raman leads Cisco’s Security business for the India and SAARC region. He brings over 20 years of experience in the Information Security Services space with stints in product management, sales, marketing, and business development.

Prior to Cisco, Raman was the Senior Regional Director (India & SAARC) at FireEye. He was also the Global Head of Content Delivery Network (CDN) & Managed Security Services (MSS) business at Tata Communications for three years. Before joining Tata Communications, Raman was the Senior Regional Director for Fortinet and is credited with having built Fortinet’s Unified Threat Management success story in India and SAARC for 10 years. He was instrumental in setting up the first-of-its-kind Global Technical Assistance Centre in Bangalore to support Fortinet’s customers worldwide. Raman has also worked at WatchGuard, Sify, and HCL Technologies. He has an engineering degree in Computer Science and MBA from IIM – Ahmedabad.

Edited excerpts of the interview follow:

What does #BeingCyberSmart mean for an organization?

#BeingCyberSmart is knowing what to defend and what is the maximum I need to defend. As the budgets are limited, you must bite what you can chew. IoT Security, DDoS, and other large threat vectors have been observed during the pandemic, contributing 70-80% of the attacks. So, being able to prevent the most vulnerable and probable attacks is #BeingCyberSmart.

The four big vectors that need to be closely evaluated are email security to avoid phishing; endpoint security, which is the last line of defense; cloud security, which ensures cloud data is secure; and the most important is securing technology by adding layers of security towards the identity part. #BeingCyberSmart means picking the right battles and reducing the risks in these probable vectors which are email, identity theft, cloud, and endpoint.

Is zero trust approach an answer to better protection or just a buzzword?

Zero trust is not a buzzword; it’s a framework for organizations to put together their security posture. It starts with fundamentals like, what are you trying to protect? It is to simply design a trust framework and to look at the design philosophy for zero trust.

If you look at zero trust, foundationally there are five pillars. What you assume is environmental – be it an SMB customer, a very large enterprise, a government, a critical infrastructure – you start with a baseline assuming that all the environments are hostile and in a state of a paranoid breach. So, when you go into a security posture, you assume that the environment is already hostile and that is the zero trust fundamentals. The second part is no access until the device proves its trust. It means you must challenge the authentication, challenge the identity of that access. If you are connecting from your home, I would make sure that the endpoint is running the right patch, the operating system is running anti-virus and anti-malware endpoint, and it is not a jailbroken device that is coming from a trusted source. Essentially, the second principle is no access until the user on the device is proven as a trusted device. Third, authorize every single transaction and encrypt all the transactional force. There is no non-encrypted traffic that will be going in or out of the setup. While there is a big hype about state-sponsored attacks, Zero trust focuses on data protection and how you classify your confidential data — the fourth pillar. You cannot protect all your crown jewels; you need to classify which needs maximum security because data classification is the foundation. And for the fifth pillar, you must log all the activity and keep a repository of all the transactions.

While these are the foundational principles, the way to classify zero trust is into three large buckets. First, your workplace, which is the on-premise setup, your server, email, etc. For asset identification, you follow a 3W framework — workplace security, workload cloud, and workforce — which is for the endpoints and users — the most vulnerable. Zero trust principles must be applied across the workforce, workload, and workplace framework. It does not stop with the selection of products; you have to look at enabling it with credible threat intelligence.

SMB cyber incidents in India have been peaking. What were the most exploited vulnerabilities?

From an attack surface point of view, phishing was a larger vehicle through which the hacks happened. Phishing, malware, DNS tunneling, DDoS are the four large attack vectors that were looked at by the hackers. Close to about 85% of them experienced malware attacks in the last 12 months, followed by phishing attacks.

DNS tunneling is the biggest vulnerability and is not very well understood by enterprises. DNS basically translates an IP address to a domain name. When you type into google.com it goes to an IP address in the backend, but somebody is resolving that domain name to an IP address. So, the tunneling part is important because any hack or malware implant needs to go and communicate back to a downloader.

Another attack that surged is the denial-of-service (DoS) attack. In a DoS attack, a legitimate connection request is sent to the server but the connection is never completed. Malware attacks (around 85%), phishing attacks (about 70%), DNS tunneling (about 68%), and DDoS attacks (around 64%) are the top four major vectors APJC SMBs have experienced over the last 12 months.

The security hygiene can get ugly if the DNS layer and Active Directory security are not managed or secured. How can organizations avoid being targets of these advanced cyberattacks and vulnerabilities?

You need to have a framework approach. Let’s take an endpoint, when you look at DNS as a protocol, it is stateless. It just makes a connection, there is no information around it. You got to have layers of security. When you look at endpoint protection, first and foremost, you need to have the base of a virtual private network (VPN), where you want to have a connection back to your corporate setup working from home, and ensure a VPN is established.

Besides VPN, you have to look at the DNS security, because the corporate VPN will go through a SaaS application, direct to a Dropbox. How do you secure that? You add one more layer of cloud security and make sure that you do a split tunneling of VPN, where the VPN connects back to your corporate network for your corporate applications, for SaaS application — it does not have to go to the corporate and then to the cloud. You are doing a split tunneling option, as most of the home connection and endpoint connections are on a shared Wi-Fi with multiple users from the family.

Man-in-the-middle attacks become common, and if there is no encryption between your laptop and Wi-Fi access point, you want to add another layer of security on top of the VPN, which is DNS security. You want to make sure that there is a cloud-based solution that will tell you that the domain is good, bad, and ugly. The third layer you add is your identity. How do you make sure that the user who is accessing the corporate resource is a real person? So, you resort to passwordless authentication, whereby your device and user identity are protected.

This ensures you have the VPN, DNS layer of security, identity access management, and anti-malware solution. Make sure that the endpoint which is connecting back from the home has an anti-malware solution. Security at the endpoint layer has become a lot more important. This is a principle for zero trust for endpoint security.

This is a framework that we have been successfully enabling in India post-pandemic when the lockdown was announced. We enabled half a million endpoints within two weeks of adopting this framework, so people can continue working from home with secure infrastructure.

What about the new-age cyberthreats?

New age attacks are state-funded. They are geopolitical in nature and target supply chains. Supply chain attacks look at your trusted hardware and software. They plant malware or threats into the trusted networking partner. I would rather not break into the company setup; I would look at what was the most popular setup of products and services they use and plant malware on their updates. We are seeing the new-age attacks very clearly towards supply chains. Talos has written a blog on a group called Gamaredon. Cybercrime-as-a-service is being delivered. We mapped all these attacks during 2019 and the pandemic, and then we looked at the highest vulnerable medium. These new-age attacks that have emerged are email, cloud visibility and endpoint. We saw zero trust in action for endpoint security. If you block and have a zero trust approach across all these four domains, you are cyber smart. The key focus areas will be: how to ensure cyber preparedness, how do you look at remote working and access policies, how do you augment your security monitoring capability, how do you look at a trade-off between employee information on privacy and how do you train your people when we were working from office. The first line of defense is humans. So, how do you prepare your remote workforce against social engineering attacks? It is not just about technology.

Let’s take an example of incident response. When there is a breach, how do you respond and look at your roles and responsibilities? How do you report the breach and how do you rework all your playbooks? Playbook works like you are writing a security rulebook, the DOs and DON’Ts, and the steps to follow in case of a breach. How do you conduct cyber drills in a remote environment?

Look at how to audit privileged access for remote workers. How can we enhance the SOC monitoring capability? These are questions beyond technology that need to be evaluated and updated. A practitioner’s view is very different. You will have frameworks, but operationally, it’s more complex than what we think.

About the Interviewer

Minu Sirsalewala is an Editorial Consultant at CISO MAG. She writes news features and interviews.

More from Minu.

Cybersecurity Awareness Month 2021: Here’s What the Experts Have to SayCISOMAGon October 19, 2021 at 9:30 am Feedzy

FeedzyRead MoreLike every year, CISA and the National Cyber Security Alliance (NCSA) are hosting the National Cybersecurity Awareness Month 2021 in the U.S. to raise awareness on the importance of cybersecurity and alert stakeholders of the internet about multiple security threats such as phishing, cryptocurrency mining, BEC, ransomware, and much more. This year, CISA continues using […]
The post Cybersecurity Awareness Month 2021: Here’s What the Experts Have to Say appeared first on CISO MAG | Cyber Security Magazine.

Like every year, CISA and the National Cyber Security Alliance (NCSA) are hosting the National Cybersecurity Awareness Month 2021 in the U.S. to raise awareness on the importance of cybersecurity and alert stakeholders of the internet about multiple security threats such as phishing, cryptocurrency mining, BEC, ransomware, and much more.

This year, CISA continues using its overarching theme: “Do Your Part. #BeCyberSmart.” While it is important to campaign for Cybersecurity Awareness Month in October, every individual needs to commit to sharing knowledge to reduce cyberthreats and value cybersecurity throughout the year.

Brian Pereira and Pooja Tikekar from CISO MAG sought insight from some of the industry experts on ways to fight phishing attacks, improve the cybersecurity posture, and be cyber aware. Here’s what they have to say:

Implement accurate data backup.

“The resurgence of ransomware attacks in India has posed a great threat on various organizations, compelling them to re-evaluate and renew their data protection strategies. We believe the first step towards building resilient infrastructure is educating stakeholders and implementing accurate data backup and protection solutions/techniques. Further, devising an effective contingency strategy to mitigate the impact of the threats is equally important.”

The attitude of being tied to certain qualifications must change.

“When it comes to specialized security education – it’s clear there remain limitations in terms of the quality and volume of what is accessible. A huge number of those that have taught themselves are still denied access to positions in the field of cybersecurity due to their lack of diploma or because they do not have the right credentials. The reality is, when it comes to ethical hackers at least, many of them are in fact self-taught. This attitude of being tied to certain qualifications must change if a wider pool of available talent is to be tapped into. By adopting new methods of identifying competencies, both within an organization and externally, the door is open to make the most of existing, but often underutilized skills. In doing so, the industry, as a whole, is better equipped to address the cyber challenge of tomorrow.”

You won’t find yourself getting stagnant in cyber!

“If someone is thinking about a career in cyber, it’s a field with some really terrific sources of information available across the Internet. Cybersecurity has built up quite a respected community across Twitter in particular and you can regularly get involved in a thread regarding the latest events in the world of security and learn from others how they got into their careers. I strongly believe that cyber tends to be something you need to enjoy. It’s an engaging role; you’re constantly evolving and learning no matter what aspect of it you decide to study and work in. You won’t find yourself getting stagnant in cyber! Coming from a technical past is an obvious way into cyber but there are roles for those in finance, legal, compliance, logistics, auditing, and other security fields. It’s far more diverse than many realize.”

It is essential employees feel comfortable reaching out to the information security teams.

“Organizations are spending more than ever on cybersecurity. The increase in adoption of Next-generation firewalls or utilizing Firewall as a Service (FWaaS) has helped fortify the digital parameters and has forced hackers to alter their attack methods. The bad actors are finding it much easier to infiltrate networks through phishing attacks. The FBI reported a 110% increase in phishing attacks in 2020 compared to a year before. The Verizon Data Breach Investigation Report (DBIR) associated 43% of breaches in 2020 involved phishing. Phishing remains the most significant threat in 2021. The truth is that most sophisticated anti-phishing tools are not 100% effective. A considerable number of phishing emails always manage to pass through the checkpoints. More needs to be done to fight this type of attack. The annual security awareness training and periodic phishing campaigns are no longer enough. Creating a security-focused culture, frequent interactive cybersecurity exercises and games, security ambassador programs, lunch and learn events, etc., helps spread awareness. Additionally, it is essential that employees feel comfortable reaching out to the information security teams for any anomaly they have noticed without feeling embarrassed if the alert turns out to be False-Positive.”

Phishing messages can be tricky to avoid.

“Phishing emails can come in many forms, whether it be impersonating someone you know, an urgent request from your bank, or a fake audit notification from the IRS during tax season. Many phishing emails look like they are coming from a legitimate sender, but if you view the actual sender email address rather than the alias, you’ll see that is far from legitimate. These phishing messages can be tricky to avoid, but if it feels a bit “off,” or doesn’t seem quite right, then follow your instincts and find a safe way to verify the email. If you don’t know the sender, don’t click on the link.

Be especially wary if you’re asked to provide any personal information, like your social security number or password, in an email. Most companies will not send you an email asking for such sensitive information. Check for slight variations in spelling or format in the domain name that you may miss at first glance. If you are unsure or don’t know the sender, verify by reaching out through an alternate method (not by hitting reply).”

The Internet is a physical thing. It’s not magic.

“Companies need to expand their definition of cybersecurity to include all the nested dependencies in their digital supply chain. We often focus on endpoint protection: phishing, ransomware, DDOS. But there are other more systematic ways for a knowledgeable attacker to make your day miserable. The Internet is a physical thing. It’s not magic. Your data is being routed over physical fiber optic cables and through machines sitting in real data centers and peering exchanges. Those physical parts of your supply chain get way less attention than they should. Just ask any customer of AT&T, when a domestic terrorist took out a telco hub in Tennessee in 2000 or Facebook when some BGP configuration errors shut down 3 of the largest social media platforms for the entire world. Having a truly resilient digital infrastructure involves actively investigating and understanding the supply chain for services you may take for granted.”

Opt for an ongoing training mechanism that is engaging and interactive.

“Cyberattacks and their level of sophistication are steadily on the rise. Stakeholders are constantly evaluating technologies to implement and maintain cybersecurity defenses that further need to be optimized due to the COVID situation. As per Global Workforce Analytics, approximately 30% of the workforce is expected to work remotely by the end of 2021, which, in turn, has accelerated the use of potentially vulnerable services like VPNs and unpatched Windows machines. Furthermore, the lack of privacy at home is amplifying the threat layer.

These technologies might provide the much-needed defense, but since human errors contribute to almost 95% of all data breaches, Security Awareness Training becomes a critical element that can’t be ignored.

Along with creating state-of-the-art security software using automation, machine learning, and advanced threat intelligence, an organization needs to opt for an ongoing training mechanism that is engaging, interactive and covers multiple topics like phishing, ransomware, BEC, and physical security. This can be the best way to equip employees with the knowledge to spot and effectively respond to cyberthreats.”

Automate and centralize security processes.

“Cybersecurity Awareness Month serves as a timely reminder for companies to reevaluate their cybersecurity posture after a tumultuous year of cyberattacks across industries.

The dramatic spike in ransomware and supply chain attacks illustrates that every company, regardless of vertical, is a software company and security will only continue to rise in importance when it comes to ensuring the continued operations of the business.

To protect valuable information and prevent breaches, enterprises must invest in multi-faceted platforms that centralize and automate detection, response, and investigation protocols. Security teams need full visibility into IT environments and the ability to respond in real-time to limit the consequences should a cyberattack occur.

By automating and centralizing security processes, organizations can reduce the chance of human error while achieving infinitely smoother execution of security-related tasks and ultimately ensuring that highly-sensitive personal information is kept safe and secure.”

Implement zero-trust for APIs.

“Modern organizations are sharing data over APIs to digitally transform and rapidly bring new services to market. APIs are connecting with internal and external services, transferring sensitive data with users and partners across the hybrid cloud. Consequently, organizations are facing increased cyber risks and a growing attack surface. Legacy identity and access management (IAM) tools cannot protect and secure identities working in modern applications, much less multi-cloud infrastructures.

Gartner predicts that APIs will be the most frequent attack vector by 2022. Implementing zero-trust for APIs to protect against known and emerging threats like broken object-level authorization or broken authentication means building a strong application identity along with a strong user identity, as well as protecting sensitive data with fine-grained authorization. Properly assessing and mitigating risks at the API level can also allow organizations to enhance the user experience with transactional Authentication/ Authorization and fine-grained consent management.

Cybersecurity Awareness Month shines a light on the changing state of cybersecurity. Prioritizing cybersecurity and adopting these modern capabilities is no longer optional as digital transformation accelerates.”

Move away from obsolete authentication methods.

“The amount of large-scale cybersecurity breaches we’ve witnessed in the last year highlights just how creative cybercriminals will get to steal sensitive data and sell it on the dark web. The number of reported identity theft cases more than doubled from 2019 to 2020, while the number of reported data breaches escalated 38% from the first to the second half of 2021. With traditional online verification tools such as knowledge-based authentication and passwords, organizations will continue to place consumers’ personal information at risk of being compromised.

Cybersecurity Awareness Month encourages security leaders and executive decision-makers to modernize their security practices in order to adapt to the increased sophistication of fraudsters. In today’s cybersecurity climate, organizations must move away from outdated, obsolete authentication methods and implement more advanced identity verification solutions, like face-based biometric authentication, that confirm online users are truly who they claim to be. This month is also important for educating consumers on how to safeguard their digital identity and manage personal data consent rights online. These best practices are crucial to keep data away from the hands of malicious actors.”

Implement a unified cloud security platform.

“From cloud misconfigurations exposing massive amounts of sensitive data online to ransomware attacks severely impacting critical infrastructure, this past year has underlined the inherent lack of proactive security across organizations of all sizes. As we move toward a new era of hybrid operations post-pandemic, the sophistication and frequency of cyberattacks will only continue to increase at an exponentially higher rate. Organizations must be prepared to face the evolving threat landscape to protect their employees, corporate infrastructure, and sensitive data.

International Cybersecurity Awareness Month serves as a reminder for enterprises to make security a strategic imperative. A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources while following a Zero Trust framework to prevent unauthorized network access. Additionally, enforcing comprehensive cybersecurity training for all employees, hiring security experts, and continuously monitoring and enhancing cybersecurity postures will ensure organizations are properly equipped to defend their modern operations.”

Companies are still not prioritizing cybersecurity.

“Cybersecurity Awareness Month serves as a great reminder for enterprises to recognize the importance of securing their organizations against today’s top security threats. This year has been a hotbed for cybersecurity hacks and breaches, with increased attacks on our government and critical infrastructure entities like we have seen with the Colonial Pipeline, Solarwinds, JBS, the attacks on California and Florida water systems, and many others.

Though attacks continue to rise in numbers and impact, companies are still not prioritizing cybersecurity. A report earlier this year found that just 7% of security leaders report directly to the CEO, revealing an inability for security leaders to influence real change within an organization. In order for organizations to achieve the necessary organizational visibility and influence to effectively build a security program and mitigate increasing threats, security leaders such as CISOs and CIOs must report directly to the CEO. This structure allows the CISO to directly communicate potential risks to the organization, mitigate potential risks and influence each function in the organization to create greater security awareness.”

The post Cybersecurity Awareness Month 2021: Here’s What the Experts Have to Say appeared first on CISO MAG | Cyber Security Magazine.

1Implement accurate data backup.



“The resurgence of ransomware attacks in India has posed a great threat on various organizations, compelling them to re-evaluate and renew their data protection strategies. We believe the first step towards building resilient infrastructure is educating stakeholders and implementing accurate data backup and protection solutions/techniques. Further, devising an effective contingency strategy to mitigate the impact of the threats is equally important.”

2The attitude of being tied to certain qualifications must change.



“When it comes to specialized security education – it’s clear there remain limitations in terms of the quality and volume of what is accessible. A huge number of those that have taught themselves are still denied access to positions in the field of cybersecurity due to their lack of diploma or because they do not have the right credentials. The reality is, when it comes to ethical hackers at least, many of them are in fact self-taught. This attitude of being tied to certain qualifications must change if a wider pool of available talent is to be tapped into. By adopting new methods of identifying competencies, both within an organization and externally, the door is open to make the most of existing, but often underutilized skills. In doing so, the industry, as a whole, is better equipped to address the cyber challenge of tomorrow.”

3You won’t find yourself getting stagnant in cyber!



“If someone is thinking about a career in cyber, it’s a field with some really terrific sources of information available across the Internet. Cybersecurity has built up quite a respected community across Twitter in particular and you can regularly get involved in a thread regarding the latest events in the world of security and learn from others how they got into their careers. I strongly believe that cyber tends to be something you need to enjoy. It’s an engaging role; you’re constantly evolving and learning no matter what aspect of it you decide to study and work in. You won’t find yourself getting stagnant in cyber! Coming from a technical past is an obvious way into cyber but there are roles for those in finance, legal, compliance, logistics, auditing, and other security fields. It’s far more diverse than many realize.”

4It is essential employees feel comfortable reaching out to the information security teams.



“Organizations are spending more than ever on cybersecurity. The increase in adoption of Next-generation firewalls or utilizing Firewall as a Service (FWaaS) has helped fortify the digital parameters and has forced hackers to alter their attack methods. The bad actors are finding it much easier to infiltrate networks through phishing attacks. The FBI reported a 110% increase in phishing attacks in 2020 compared to a year before. The Verizon Data Breach Investigation Report (DBIR) associated 43% of breaches in 2020 involved phishing. Phishing remains the most significant threat in 2021. The truth is that most sophisticated anti-phishing tools are not 100% effective. A considerable number of phishing emails always manage to pass through the checkpoints. More needs to be done to fight this type of attack. The annual security awareness training and periodic phishing campaigns are no longer enough. Creating a security-focused culture, frequent interactive cybersecurity exercises and games, security ambassador programs, lunch and learn events, etc., helps spread awareness. Additionally, it is essential that employees feel comfortable reaching out to the information security teams for any anomaly they have noticed without feeling embarrassed if the alert turns out to be False-Positive.”

5Phishing messages can be tricky to avoid.



“Phishing emails can come in many forms, whether it be impersonating someone you know, an urgent request from your bank, or a fake audit notification from the IRS during tax season. Many phishing emails look like they are coming from a legitimate sender, but if you view the actual sender email address rather than the alias, you’ll see that is far from legitimate. These phishing messages can be tricky to avoid, but if it feels a bit “off,” or doesn’t seem quite right, then follow your instincts and find a safe way to verify the email. If you don’t know the sender, don’t click on the link.
Be especially wary if you’re asked to provide any personal information, like your social security number or password, in an email. Most companies will not send you an email asking for such sensitive information. Check for slight variations in spelling or format in the domain name that you may miss at first glance. If you are unsure or don’t know the sender, verify by reaching out through an alternate method (not by hitting reply).”

6The Internet is a physical thing. It’s not magic.



“Companies need to expand their definition of cybersecurity to include all the nested dependencies in their digital supply chain. We often focus on endpoint protection: phishing, ransomware, DDOS. But there are other more systematic ways for a knowledgeable attacker to make your day miserable. The Internet is a physical thing. It’s not magic. Your data is being routed over physical fiber optic cables and through machines sitting in real data centers and peering exchanges. Those physical parts of your supply chain get way less attention than they should. Just ask any customer of AT&T, when a domestic terrorist took out a telco hub in Tennessee in 2000 or Facebook when some BGP configuration errors shut down 3 of the largest social media platforms for the entire world. Having a truly resilient digital infrastructure involves actively investigating and understanding the supply chain for services you may take for granted.”

7Opt for an ongoing training mechanism that is engaging and interactive.



“Cyberattacks and their level of sophistication are steadily on the rise. Stakeholders are constantly evaluating technologies to implement and maintain cybersecurity defenses that further need to be optimized due to the COVID situation. As per Global Workforce Analytics, approximately 30% of the workforce is expected to work remotely by the end of 2021, which, in turn, has accelerated the use of potentially vulnerable services like VPNs and unpatched Windows machines. Furthermore, the lack of privacy at home is amplifying the threat layer.
These technologies might provide the much-needed defense, but since human errors contribute to almost 95% of all data breaches, Security Awareness Training becomes a critical element that can’t be ignored.
Along with creating state-of-the-art security software using automation, machine learning, and advanced threat intelligence, an organization needs to opt for an ongoing training mechanism that is engaging, interactive and covers multiple topics like phishing, ransomware, BEC, and physical security. This can be the best way to equip employees with the knowledge to spot and effectively respond to cyberthreats.”

8 Automate and centralize security processes.



“Cybersecurity Awareness Month serves as a timely reminder for companies to reevaluate their cybersecurity posture after a tumultuous year of cyberattacks across industries.
The dramatic spike in ransomware and supply chain attacks illustrates that every company, regardless of vertical, is a software company and security will only continue to rise in importance when it comes to ensuring the continued operations of the business.
To protect valuable information and prevent breaches, enterprises must invest in multi-faceted platforms that centralize and automate detection, response, and investigation protocols. Security teams need full visibility into IT environments and the ability to respond in real-time to limit the consequences should a cyberattack occur.
By automating and centralizing security processes, organizations can reduce the chance of human error while achieving infinitely smoother execution of security-related tasks and ultimately ensuring that highly-sensitive personal information is kept safe and secure.”

9Implement zero-trust for APIs.



“Modern organizations are sharing data over APIs to digitally transform and rapidly bring new services to market. APIs are connecting with internal and external services, transferring sensitive data with users and partners across the hybrid cloud. Consequently, organizations are facing increased cyber risks and a growing attack surface. Legacy identity and access management (IAM) tools cannot protect and secure identities working in modern applications, much less multi-cloud infrastructures.
Gartner predicts that APIs will be the most frequent attack vector by 2022. Implementing zero-trust for APIs to protect against known and emerging threats like broken object-level authorization or broken authentication means building a strong application identity along with a strong user identity, as well as protecting sensitive data with fine-grained authorization. Properly assessing and mitigating risks at the API level can also allow organizations to enhance the user experience with transactional Authentication/ Authorization and fine-grained consent management.
Cybersecurity Awareness Month shines a light on the changing state of cybersecurity. Prioritizing cybersecurity and adopting these modern capabilities is no longer optional as digital transformation accelerates.”

10Move away from obsolete authentication methods.



“The amount of large-scale cybersecurity breaches we’ve witnessed in the last year highlights just how creative cybercriminals will get to steal sensitive data and sell it on the dark web. The number of reported identity theft cases more than doubled from 2019 to 2020, while the number of reported data breaches escalated 38% from the first to the second half of 2021. With traditional online verification tools such as knowledge-based authentication and passwords, organizations will continue to place consumers’ personal information at risk of being compromised.
Cybersecurity Awareness Month encourages security leaders and executive decision-makers to modernize their security practices in order to adapt to the increased sophistication of fraudsters. In today’s cybersecurity climate, organizations must move away from outdated, obsolete authentication methods and implement more advanced identity verification solutions, like face-based biometric authentication, that confirm online users are truly who they claim to be. This month is also important for educating consumers on how to safeguard their digital identity and manage personal data consent rights online. These best practices are crucial to keep data away from the hands of malicious actors.”

11Implement a unified cloud security platform.



“From cloud misconfigurations exposing massive amounts of sensitive data online to ransomware attacks severely impacting critical infrastructure, this past year has underlined the inherent lack of proactive security across organizations of all sizes. As we move toward a new era of hybrid operations post-pandemic, the sophistication and frequency of cyberattacks will only continue to increase at an exponentially higher rate. Organizations must be prepared to face the evolving threat landscape to protect their employees, corporate infrastructure, and sensitive data.
International Cybersecurity Awareness Month serves as a reminder for enterprises to make security a strategic imperative. A vigilant security posture starts with implementing a unified cloud security platform, like secure access service edge (SASE) and security service edge (SSE), that replaces various disjointed point products and extends consistent security to all sanctioned cloud resources while following a Zero Trust framework to prevent unauthorized network access. Additionally, enforcing comprehensive cybersecurity training for all employees, hiring security experts, and continuously monitoring and enhancing cybersecurity postures will ensure organizations are properly equipped to defend their modern operations.”

12Companies are still not prioritizing cybersecurity.



“Cybersecurity Awareness Month serves as a great reminder for enterprises to recognize the importance of securing their organizations against today’s top security threats. This year has been a hotbed for cybersecurity hacks and breaches, with increased attacks on our government and critical infrastructure entities like we have seen with the Colonial Pipeline, Solarwinds, JBS, the attacks on California and Florida water systems, and many others.
Though attacks continue to rise in numbers and impact, companies are still not prioritizing cybersecurity. A report earlier this year found that just 7% of security leaders report directly to the CEO, revealing an inability for security leaders to influence real change within an organization. In order for organizations to achieve the necessary organizational visibility and influence to effectively build a security program and mitigate increasing threats, security leaders such as CISOs and CIOs must report directly to the CEO. This structure allows the CISO to directly communicate potential risks to the organization, mitigate potential risks and influence each function in the organization to create greater security awareness.”

How to Build a Career in Ethical Hacking in 2021 and BeyondCISOMAGon October 19, 2021 at 5:30 am Feedzy

FeedzyRead MoreEthical hacking is emerging as a viable career path for IT and security professionals in 2021. The alarming rate of cyber incidents has pushed private organizations and government agencies to strengthen their defenses against malicious hackers in recent years. According to a Ponemon Institute study, the cost of data breaches jumped from $3.86 million to […]
The post How to Build a Career in Ethical Hacking in 2021 and Beyond appeared first on CISO MAG | Cyber Security Magazine.

Ethical hacking is emerging as a viable career path for IT and security professionals in 2021. The alarming rate of cyber incidents has pushed private organizations and government agencies to strengthen their defenses against malicious hackers in recent years. According to a Ponemon Institute study, the cost of data breaches jumped from $3.86 million to $4.24 million in 2021.

The pandemic-induced remote work also adds to the high incidents of cyberattacks, augmenting the need for cyber experts to take stock of the situation. Additionally, the need for skilled cybersecurity specialists to combat cybercrime has paved the way for numerous ethical hacking jobs.

This article sheds light on the career scope and opportunities for ethical hackers in 2021 and discusses the skills one needs to acquire to start their ethical hacking journey,

Before we discuss the skill sets and requirements for an ethical hacker, let’s briefly understand ethical hacking concepts.

Understanding Ethical Hacking and Ethical Hackers

Ethical hacking is an authorized attempt to intrude an organization’s network and systems to identify potential threats before cybercriminals do. Ethical hackers perform penetration testing to discover the anomalies and vulnerabilities that could disrupt the operations. They think and act like black hat hackers in order to find the bugs and patch the flaws without malicious intent.

Cyberattacks can cost organizations millions. Therefore, many firms are investing in cybersecurity practices and experts. Hence, the time is ripe for IT, security, and even networking professionals who want to delve into cybersecurity and build a rewarding career.

So, if you have limited knowledge of ethical hacking and wish to kickstart your career as an ethical hacker, this guide can help broaden your horizon. This article highlights the skillsets and requirements you need to have to become an ethical hacker.

Why Should You Pursue a Career in Ethical Hacking

The scope of vulnerabilities and attacks expands as modern organizations adjust to digital transformations and embrace cloud technology. As a result, businesses require cybersecurity experts to protect their digital assets, and ethical hacking is one such field that is gaining momentum in the wake of recent cyberattacks. Let’s look at a few opportunities or benefits that ethical hacking has to offer:

High Pay Scale and Career Scope

As previously mentioned, the new and complex sophisticated cyberattacks have prompted organizations to improve their security measures and invest in a cyber workforce. While the demand for cybersecurity specialists is rapidly increasing, there is also a severe talent drought. Therefore, there is a need to close the skills gap, and ethical hacking is a viable career opportunity, and the demand is only going to rise in the future. Gaining certifications as an ethical hacker also elevates the chances of landing a high-paying job. From government agencies to private firms, banks, institutions are hiring ethical hackers to fortify their defenses against malicious attacks. According to PayScale, the average salary of an ethical hacker is $80,000 per year, while a certified ethical hacker can earn an average salary of $94,000 per year.

Diverse Employment Opportunities

After gaining advanced certifications or proficiency in ethical hacking, one can also set foot in other cybersecurity job roles. Ethical hackers are adept at network and system security, web and application security, pen testing, and others which make them eligible to also apply as a:

Network administrator/manager
Security investigator
Penetration tester
Web security administrator/manager
Data security analyst/specialist
IT security administrator/consultant/manager

Job Satisfaction

As an ethical hacker, you will play an integral role in safeguarding an organization’s digital assets and devising security measures, and effectively implementing them. Enterprises are aware of the importance ethical hackers hold in safeguarding their data and assets. As a certified ethical hacker, you can either be a part of in-house teams or offer your services independently from anywhere. The benefits and importance associated with ethical hacking are enormous, contributing to elevated job status and satisfaction.

Quick Guide on How to Become an Ethical Hacker

1. Educational Requirements

There is no one formula for becoming an ethical hacker. If this field entices you, you need to plan your ethical hacking learning path as per the industry requirements. To be eligible for an ethical hacking role, one needs to hold a bachelor’s degree in computer science, IT, or any subset of cybersecurity.

2. Acquire Fundamental and Essential Skills

An ethical hacker is a skilled pen tester as well. Ethical hackers need to demonstrate expertise in network security, web applications, networking databases, etc. Therefore, they need to have sound technical knowledge and understanding of operating systems, programming languages, networking, connectivity concepts, hacking tools, etc. Ethical hackers employ offensive techniques or measures to assess the security of an organization. Therefore, aspiring ethical hackers can acquire the following skills to learn how to start hacking ethically:

Networking skills
Technical skills
Programming skills
Encryption (Cryptography) skills
Knowledge about databases
Quick problem-solving skills
Effective communication skills

Apart from these, learning the fundamentals of ethical hacking, different types of ethical hackers, the difference between offensive and defensive security strategies are also crucial.

3. Getting Certified

While one can learn ethical hacking on their own, it is certainly not easy. You need to continuously upskill yourself with the latest technologies and tools as technology is rapidly evolving and the threat domain. You can learn and acquire the mentioned skills by enrolling in ethical hacking certifications that align with industry-specific requirements. Getting certified is the next step to advance your career further and earn lucrative benefits. EC-Council’s Certified Ethical Hacker (C|EH) program is globally recognized and equips participants with the necessary skills to hone their craft. It’s one of the most challenging and sought-after ethical hacking certifications in the industry.

Why Should You Join EC-Council’s Certified Ethical Hacker (C|EH)

C|EH is a credible program and ANSI 17024 Compliant. A pioneer in setting a global standard for ethical hacking, C|EH is an apt program for learning the elements of ethical hacking in a structured environment. It’s also stated as a baseline certification on the U.S Department of Defense (DoD) 8570/8140 Directive, the British NCSC Intelligence Agency, and several others.

The C|EH program is curated by industry experts to train participants in the latest hacking tools and technologies that hackers use. They can also expand their knowledge in diverse areas such as footprinting, network scanning, system hacking, sniffing, session hijacking etc.

The accredited program also includes twenty-four incredible hacking challenges across four levels of complexity that cover eighteen attack vectors. This hacking challenge enables participants to deal with real-life scenarios in this field.

Once you get the C|EH certification, you can also be eligible to work in diverse areas. Some of the common job roles for C|EH are:

Cyber Defense Analyst
Vulnerability Assessment Analyst
Cyber Security Analyst Level I and Level II
Network Security Engineer
Manual Ethical Hacker
Senior Security Consultant
And more

Cybersecurity is a thriving field, and the scope of ethical hacking looks favorable in 2021 and beyond. The demand for ethical hackers in any industry is steadily growing considering the cyberattacks. So, if you are keen on making your mark as an ethical hacker to protect your work data and assets, get certified as an ethical hacker.

20+ Job Roles | 10,000+ Job Openings | Avg. Salary of $93,000

Become a Certified Ethical Hacker.

FAQs

Who is eligible for the C|EH program?

Anybody with sound knowledge in computer and programming can learn this course. People who want to explore the world of penetration testing and combating cybercrime can take up this course.

What is the relevant work experience needed to be an ethical hacker?

Some employers also expect you to have a certain level of related work experience in computer technology. As such, ethical hackers can initially assume a network defender, penetration tester, or systems analyst position.

References:

https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
https://cisomag.eccouncil.org/how-to-learn-ethical-hacking-from-scratch-and-start-your-career/
https://www.mygreatlearning.com/blog/how-to-start-a-career-in-ethical-hacking/

The post How to Build a Career in Ethical Hacking in 2021 and Beyond appeared first on CISO MAG | Cyber Security Magazine.

Ethical hacking is emerging as a viable career path for IT and security professionals in 2021. The alarming rate of cyber incidents has pushed private organizations and government agencies to strengthen their defenses against malicious hackers in recent years. According to a Ponemon Institute study, the cost of data breaches jumped from $3.86 million to $4.24 million in 2021.

The pandemic-induced remote work also adds to the high incidents of cyberattacks, augmenting the need for cyber experts to take stock of the situation. Additionally, the need for skilled cybersecurity specialists to combat cybercrime has paved the way for numerous ethical hacking jobs.

This article sheds light on the career scope and opportunities for ethical hackers in 2021 and discusses the skills one needs to acquire to start their ethical hacking journey,

Before we discuss the skill sets and requirements for an ethical hacker, let’s briefly understand ethical hacking concepts.

Understanding Ethical Hacking and Ethical Hackers

Ethical hacking is an authorized attempt to intrude an organization’s network and systems to identify potential threats before cybercriminals do. Ethical hackers perform penetration testing to discover the anomalies and vulnerabilities that could disrupt the operations. They think and act like black hat hackers in order to find the bugs and patch the flaws without malicious intent.

Cyberattacks can cost organizations millions. Therefore, many firms are investing in cybersecurity practices and experts. Hence, the time is ripe for IT, security, and even networking professionals who want to delve into cybersecurity and build a rewarding career.

So, if you have limited knowledge of ethical hacking and wish to kickstart your career as an ethical hacker, this guide can help broaden your horizon. This article highlights the skillsets and requirements you need to have to become an ethical hacker.

Why Should You Pursue a Career in Ethical Hacking

The scope of vulnerabilities and attacks expands as modern organizations adjust to digital transformations and embrace cloud technology. As a result, businesses require cybersecurity experts to protect their digital assets, and ethical hacking is one such field that is gaining momentum in the wake of recent cyberattacks. Let’s look at a few opportunities or benefits that ethical hacking has to offer:

High Pay Scale and Career Scope

As previously mentioned, the new and complex sophisticated cyberattacks have prompted organizations to improve their security measures and invest in a cyber workforce. While the demand for cybersecurity specialists is rapidly increasing, there is also a severe talent drought. Therefore, there is a need to close the skills gap, and ethical hacking is a viable career opportunity, and the demand is only going to rise in the future. Gaining certifications as an ethical hacker also elevates the chances of landing a high-paying job. From government agencies to private firms, banks, institutions are hiring ethical hackers to fortify their defenses against malicious attacks. According to PayScale, the average salary of an ethical hacker is $80,000 per year, while a certified ethical hacker can earn an average salary of $94,000 per year.

Diverse Employment Opportunities

After gaining advanced certifications or proficiency in ethical hacking, one can also set foot in other cybersecurity job roles. Ethical hackers are adept at network and system security, web and application security, pen testing, and others which make them eligible to also apply as a:

Network administrator/manager
Security investigator
Penetration tester
Web security administrator/manager
Data security analyst/specialist
IT security administrator/consultant/manager
Job Satisfaction

As an ethical hacker, you will play an integral role in safeguarding an organization’s digital assets and devising security measures, and effectively implementing them. Enterprises are aware of the importance ethical hackers hold in safeguarding their data and assets. As a certified ethical hacker, you can either be a part of in-house teams or offer your services independently from anywhere. The benefits and importance associated with ethical hacking are enormous, contributing to elevated job status and satisfaction.

Quick Guide on How to Become an Ethical Hacker

1. Educational Requirements

There is no one formula for becoming an ethical hacker. If this field entices you, you need to plan your ethical hacking learning path as per the industry requirements. To be eligible for an ethical hacking role, one needs to hold a bachelor’s degree in computer science, IT, or any subset of cybersecurity.

2. Acquire Fundamental and Essential Skills

An ethical hacker is a skilled pen tester as well. Ethical hackers need to demonstrate expertise in network security, web applications, networking databases, etc. Therefore, they need to have sound technical knowledge and understanding of operating systems, programming languages, networking, connectivity concepts, hacking tools, etc. Ethical hackers employ offensive techniques or measures to assess the security of an organization. Therefore, aspiring ethical hackers can acquire the following skills to learn how to start hacking ethically:

Networking skills
Technical skills
Programming skills
Encryption (Cryptography) skills
Knowledge about databases
Quick problem-solving skills
Effective communication skills

Apart from these, learning the fundamentals of ethical hacking, different types of ethical hackers, the difference between offensive and defensive security strategies are also crucial.

3. Getting Certified

While one can learn ethical hacking on their own, it is certainly not easy. You need to continuously upskill yourself with the latest technologies and tools as technology is rapidly evolving and the threat domain. You can learn and acquire the mentioned skills by enrolling in ethical hacking certifications that align with industry-specific requirements. Getting certified is the next step to advance your career further and earn lucrative benefits. EC-Council’s Certified Ethical Hacker (C|EH) program is globally recognized and equips participants with the necessary skills to hone their craft. It’s one of the most challenging and sought-after ethical hacking certifications in the industry.

Why Should You Join EC-Council’s Certified Ethical Hacker (C|EH)

C|EH is a credible program and ANSI 17024 Compliant. A pioneer in setting a global standard for ethical hacking, C|EH is an apt program for learning the elements of ethical hacking in a structured environment. It’s also stated as a baseline certification on the U.S Department of Defense (DoD) 8570/8140 Directive, the British NCSC Intelligence Agency, and several others.

The C|EH program is curated by industry experts to train participants in the latest hacking tools and technologies that hackers use. They can also expand their knowledge in diverse areas such as footprinting, network scanning, system hacking, sniffing, session hijacking etc.

The accredited program also includes twenty-four incredible hacking challenges across four levels of complexity that cover eighteen attack vectors. This hacking challenge enables participants to deal with real-life scenarios in this field.

Once you get the C|EH certification, you can also be eligible to work in diverse areas. Some of the common job roles for C|EH are:

Cyber Defense Analyst
Vulnerability Assessment Analyst
Cyber Security Analyst Level I and Level II
Network Security Engineer
Manual Ethical Hacker
Senior Security Consultant
And more

Cybersecurity is a thriving field, and the scope of ethical hacking looks favorable in 2021 and beyond. The demand for ethical hackers in any industry is steadily growing considering the cyberattacks. So, if you are keen on making your mark as an ethical hacker to protect your work data and assets, get certified as an ethical hacker.

20+ Job Roles | 10,000+ Job Openings | Avg. Salary of $93,000

Become a Certified Ethical Hacker.

Get Certified Now

FAQs

Who is eligible for the C|EH program?

Anybody with sound knowledge in computer and programming can learn this course. People who want to explore the world of penetration testing and combating cybercrime can take up this course.

What is the relevant work experience needed to be an ethical hacker?

Some employers also expect you to have a certain level of related work experience in computer technology. As such, ethical hackers can initially assume a network defender, penetration tester, or systems analyst position.

References:

https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
https://cisomag.eccouncil.org/how-to-learn-ethical-hacking-from-scratch-and-start-your-career/
https://www.mygreatlearning.com/blog/how-to-start-a-career-in-ethical-hacking/

Attackers Receive $5.2 Bn in Ransom via Bitcoin PaymentsCISOMAGon October 18, 2021 at 4:02 pm Feedzy

FeedzyRead MoreRansom payments in the form of virtual currency have been increased exponentially. As per an analysis from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), around $5.2 billion worth of Bitcoin transactions are linked to the commonly known ransomware operators. In addition to Bitcoin, FinCEN also identified ransom payments requested in Monero. The FinCEN analysis […]
The post Attackers Receive $5.2 Bn in Ransom via Bitcoin Payments appeared first on CISO MAG | Cyber Security Magazine.

Ransom payments in the form of virtual currency have been increased exponentially. As per an analysis from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), around $5.2 billion worth of Bitcoin transactions are linked to the commonly known ransomware operators. In addition to Bitcoin, FinCEN also identified ransom payments requested in Monero.

The FinCEN analysis of ransomware-related suspicious activity reports (SARs) during the first half of 2021 revealed that ransomware is a significant threat to the U.S. financial sector, businesses, and the public.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem. Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” said Deputy Secretary of the Treasury Wally Adeyemo.

Top Ransomware Variants

While the analysis found over 68 ransomware variants reported in SAR data for transactions during the review period. The most-reported variants include:

REvil or Sodinokibi
Conti
DarkSide
Avaddon
Phobos

Rising Ransom Trend

In total, FinCEN observed $590 million in ransomware-related SARs, a 42% increase compared to a total of $416 million for all of 2020. It is suspected that the SARs data in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous ten years combined.

“This trend potentially reflects the increasing overall prevalence of ransomware-related incidents as well as improved detection and reporting of incidents by covered financial institutions, which may also be related to increased awareness of reporting obligations pertaining to ransomware and willingness to report,” FinCEN said.

Actions Required

FinCEN recommended certain actions in case of any suspicious ransomware activity. These include:

Incorporate Cyber Event Indicators (IOCs) from threat data sources into intrusion detection systems and security alert systems to enable active blocking or reporting of suspected malicious activity.
Contact law enforcement immediately regarding any identified activity related to ransomware, and contact OFAC if there is any reason to suspect the cyber actor demanding ransomware payment may be sanctioned
Report suspicious activity to FinCEN, highlighting the presence of IOCs, such as suspicious email addresses, file names, hashes, domains, and IP addresses, can be provided in the SAR form.

The post Attackers Receive $5.2 Bn in Ransom via Bitcoin Payments appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

Ransom payments in the form of virtual currency have been increased exponentially. As per an analysis from the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), around $5.2 billion worth of Bitcoin transactions are linked to the commonly known ransomware operators. In addition to Bitcoin, FinCEN also identified ransom payments requested in Monero.

The FinCEN analysis of ransomware-related suspicious activity reports (SARs) during the first half of 2021 revealed that ransomware is a significant threat to the U.S. financial sector, businesses, and the public.

“Ransomware actors are criminals who are enabled by gaps in compliance regimes across the global virtual currency ecosystem. Treasury is helping to stop ransomware attacks by making it difficult for criminals to profit from their crimes, but we need partners in the private sector to help prevent this illicit activity,” said Deputy Secretary of the Treasury Wally Adeyemo.

Top Ransomware Variants

While the analysis found over 68 ransomware variants reported in SAR data for transactions during the review period. The most-reported variants include:

REvil or Sodinokibi
Conti
DarkSide
Avaddon
Phobos

Rising Ransom Trend

In total, FinCEN observed $590 million in ransomware-related SARs, a 42% increase compared to a total of $416 million for all of 2020. It is suspected that the SARs data in 2021 are projected to have a higher ransomware-related transaction value than SARs filed in the previous ten years combined.

“This trend potentially reflects the increasing overall prevalence of ransomware-related incidents as well as improved detection and reporting of incidents by covered financial institutions, which may also be related to increased awareness of reporting obligations pertaining to ransomware and willingness to report,” FinCEN said.

Actions Required

FinCEN recommended certain actions in case of any suspicious ransomware activity. These include:

Incorporate Cyber Event Indicators (IOCs) from threat data sources into intrusion detection systems and security alert systems to enable active blocking or reporting of suspected malicious activity.
Contact law enforcement immediately regarding any identified activity related to ransomware, and contact OFAC if there is any reason to suspect the cyber actor demanding ransomware payment may be sanctioned
Report suspicious activity to FinCEN, highlighting the presence of IOCs, such as suspicious email addresses, file names, hashes, domains, and IP addresses, can be provided in the SAR form.