.org

30 Governments Join Hands to Suppress Ransomware Payment ChannelsCISOMAGon October 18, 2021 at 2:24 pm Feedzy

FeedzyRead MoreThe Virtual Counter-Ransomware Initiative meeting facilitated by the White House National Security Council, to deliberate the efforts to improving national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals, has resulted in actions being initiated to address the increasing ransomware attacks. Officials from 31 countries and […]
The post 30 Governments Join Hands to Suppress Ransomware Payment Channels appeared first on CISO MAG | Cyber Security Magazine.

The Virtual Counter-Ransomware Initiative meeting facilitated by the White House National Security Council, to deliberate the efforts to improving national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals, has resulted in actions being initiated to address the increasing ransomware attacks. Officials from 31 countries and the European Union have issued a joint statement that their governments would take action to disrupt the payment channels and address the misuse of virtual currency.

There has been a spate of incidents where ransomware has been demanded in the form of cryptocurrency by cybercriminals for ease of business operations. Incidents of rising ransomware attacks have been reflecting the low resilience of the critical network infrastructure and the vulnerabilities.

The statement was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States.

Per the White House statement, significant economic losses have been incurred globally due to the increased ransomware attacks. “Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.”

Ransomware is a world-wide threat leveraging global infrastructure – and no country can fight it alone. This week, the United States and dozens of nations aligned on common approaches to counter it together.

— Jake Sullivan (@JakeSullivan46) October 14, 2021

The Counter-Ransomware Initiative

Governments of the 30 countries have realized the need for an immediate action plan and collective effort to tackle the risk of ransomware. Cybercriminals abuse the financial mechanism of countries and launder huge amounts through cryptocurrency mining, evading all kinds of surveillance.

The White House states, “We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities. We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and act against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts. We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing.”

The need of the hour is to collectively look at the problem of exploitation of the digital asset platform and disrupt the machinery from further exploiting the platform. As policies and regulations vary from one jurisdiction to the other, this effort will help accelerate the investigation and prosecution of the criminals. The problem has been exacerbated as incidents of attack are treated in isolation.

“Ransomware criminal activity is often transnational in nature, and requires timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units. Such collaboration must be consistent with domestic legal requirements and may be pursued alongside diplomatic engagement so that malicious activity can be identified and addressed, and the actors responsible can be investigated and prosecuted. Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same, in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations,” the White House said.

The post 30 Governments Join Hands to Suppress Ransomware Payment Channels appeared first on CISO MAG | Cyber Security Magazine.

The Virtual Counter-Ransomware Initiative meeting facilitated by the White House National Security Council, to deliberate the efforts to improving national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals, has resulted in actions being initiated to address the increasing ransomware attacks. Officials from 31 countries and the European Union have issued a joint statement that their governments would take action to disrupt the payment channels and address the misuse of virtual currency.

There has been a spate of incidents where ransomware has been demanded in the form of cryptocurrency by cybercriminals for ease of business operations. Incidents of rising ransomware attacks have been reflecting the low resilience of the critical network infrastructure and the vulnerabilities.

The statement was issued by ministers and representatives from Australia, Brazil, Bulgaria, Canada, the Czech Republic, the Dominican Republic, Estonia, European Union, France, Germany, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Mexico, the Netherlands, New Zealand, Nigeria, Poland, Republic of Korea, Romania, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Arab Emirates, the United Kingdom, and the United States.

Per the White House statement, significant economic losses have been incurred globally due to the increased ransomware attacks. “Ransomware payments reached over $400 million globally in 2020, and topped $81 million in the first quarter of 2021, illustrating the financially driven nature of these activities.”

Ransomware is a world-wide threat leveraging global infrastructure – and no country can fight it alone. This week, the United States and dozens of nations aligned on common approaches to counter it together.

Governments of the 30 countries have realized the need for an immediate action plan and collective effort to tackle the risk of ransomware. Cybercriminals abuse the financial mechanism of countries and launder huge amounts through cryptocurrency mining, evading all kinds of surveillance.

The White House states, “We are dedicated to enhancing our efforts to disrupt the ransomware business model and associated money-laundering activities, including through ensuring our national AML frameworks effectively identify and mitigate risks associated with VASPs and related activities. We will enhance the capacity of our national authorities, to include regulators, financial intelligence units, and law enforcement to regulate, supervise, investigate, and act against virtual asset exploitation with appropriate protections for privacy, and recognizing that specific actions may vary based on domestic contexts. We will also seek out ways to cooperate with the virtual asset industry to enhance ransomware-related information sharing.”

The need of the hour is to collectively look at the problem of exploitation of the digital asset platform and disrupt the machinery from further exploiting the platform. As policies and regulations vary from one jurisdiction to the other, this effort will help accelerate the investigation and prosecution of the criminals. The problem has been exacerbated as incidents of attack are treated in isolation.

“Ransomware criminal activity is often transnational in nature, and requires timely and consistent collaboration across law enforcement, national security authorities, cybersecurity agencies, and financial intelligence units. Such collaboration must be consistent with domestic legal requirements and may be pursued alongside diplomatic engagement so that malicious activity can be identified and addressed, and the actors responsible can be investigated and prosecuted. Together, we must take appropriate steps to counter cybercriminal activity emanating from within our own territory and impress urgency on others to do the same, in order to eliminate safe havens for the operators who conduct such disruptive and destabilizing operations,” the White House said.

NSA Releases Guidelines to Secure Wildcard TLS CertificatesCISOMAGon October 18, 2021 at 10:37 am Feedzy

FeedzyRead MoreThe National Security Agency (NSA) in the U.S. is alerting government and public organizations about the risks associated with the use of wildcard Transport Layer Security (TLS) certificates that is resulting in the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). The NSA warned that cybercriminals could exploit vulnerabilities in ALPACA to break into corporate […]
The post NSA Releases Guidelines to Secure Wildcard TLS Certificates appeared first on CISO MAG | Cyber Security Magazine.

The National Security Agency (NSA) in the U.S. is alerting government and public organizations about the risks associated with the use of wildcard Transport Layer Security (TLS) certificates that is resulting in the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). The NSA warned that cybercriminals could exploit vulnerabilities in ALPACA to break into corporate networks and obtain sensitive information.

What is a Wildcard TLS Certificate?

A wildcard TLS certificate or digital certificate is used to authenticate multiple servers. A TLS certificate allows security admins to use a single wildcard to protect the number of subdomains online. Threat actors often try to misuse wildcard TLS certificates, exploit unsecured servers, and decrypt TLS-encrypted traffic.

ALPACA Attack

ALPACA is a new kind of web application attack that prevents wildcard certificates to verify server identities during the TLS handshake. Attackers leverage the ALPACA technique to exploit hardened web applications via non-Hypertext Transfer Protocol (HTTP) services secured using the same or a similar TLS certificate.

The NSA has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense (DoD), National Security Systems (NSS), and Defense Industrial Base (DIB) organizations from poorly implemented wildcard TLS certificates and ALPACA attacks.

According to NSA, the realistic exploitation scenario in an ALPACA attack requires:

A target web application that uses TLS
Another service/application (typically not a web server) that presents a valid TLS certificate with a subject name that would be valid for the targeted web app, such as when wildcard certificates are too broadly scoped
A means for the malicious actor to redirect victim network traffic intended for the target web app to the second service (likely achieved through Domain Name System (DNS) poisoning or a man-in-the-middle compromise)
An HTTP request that is accepted by the second service that results in at least part of the request being reflected in the sender

Mitigating ALPACA Attacks

The NSA also recommended certain security measures to defend against ALPACA threats. These include:

Understanding the scope of each wildcard certificate used for the organization
Identifying all locations where the wildcard certificate’s private key is stored and ensure that the security posture for that location is commensurate with the requirements for all applications within the certificate’s scope.
Using an application gateway or Web Application Firewall (WAF) in front of servers, including non-HTTP servers.
Using encrypted DNS and validate DNS Security Extensions (DNSSEC) to prevent DNS redirection.
Enabling Application-Layer Protocol Negotiation (ALPN) to specify permitted protocols
Maintaining web browsers at the latest version with current updates

“By avoiding or responsibly using wildcard certificates, organizations can harden network identities against malicious actors using masquerade techniques. Additionally, ALPACA mitigations block known protocol confusion exploits and strengthen network posture against potential future issues. Administrators should always seek to apply defense-in-depth approaches that apply to classes of risks/threats in order to counter malicious threat actors,” the NSA said.

The post NSA Releases Guidelines to Secure Wildcard TLS Certificates appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

The National Security Agency (NSA) in the U.S. is alerting government and public organizations about the risks associated with the use of wildcard Transport Layer Security (TLS) certificates that is resulting in the exploitation of Application Layer Protocols Allowing Cross-Protocol Attacks (ALPACA). The NSA warned that cybercriminals could exploit vulnerabilities in ALPACA to break into corporate networks and obtain sensitive information.

What is a Wildcard TLS Certificate?

A wildcard TLS certificate or digital certificate is used to authenticate multiple servers. A TLS certificate allows security admins to use a single wildcard to protect the number of subdomains online. Threat actors often try to misuse wildcard TLS certificates, exploit unsecured servers, and decrypt TLS-encrypted traffic.

ALPACA Attack

ALPACA is a new kind of web application attack that prevents wildcard certificates to verify server identities during the TLS handshake. Attackers leverage the ALPACA technique to exploit hardened web applications via non-Hypertext Transfer Protocol (HTTP) services secured using the same or a similar TLS certificate.

The NSA has released a Cybersecurity Information (CSI) sheet with guidance to help secure the Department of Defense (DoD), National Security Systems (NSS), and Defense Industrial Base (DIB) organizations from poorly implemented wildcard TLS certificates and ALPACA attacks.

According to NSA, the realistic exploitation scenario in an ALPACA attack requires:

A target web application that uses TLS
Another service/application (typically not a web server) that presents a valid TLS certificate with a subject name that would be valid for the targeted web app, such as when wildcard certificates are too broadly scoped
A means for the malicious actor to redirect victim network traffic intended for the target web app to the second service (likely achieved through Domain Name System (DNS) poisoning or a man-in-the-middle compromise)
An HTTP request that is accepted by the second service that results in at least part of the request being reflected in the sender

Mitigating ALPACA Attacks

The NSA also recommended certain security measures to defend against ALPACA threats. These include:

Understanding the scope of each wildcard certificate used for the organization
Identifying all locations where the wildcard certificate’s private key is stored and ensure that the security posture for that location is commensurate with the requirements for all applications within the certificate’s scope.
Using an application gateway or Web Application Firewall (WAF) in front of servers, including non-HTTP servers.
Using encrypted DNS and validate DNS Security Extensions (DNSSEC) to prevent DNS redirection.
Enabling Application-Layer Protocol Negotiation (ALPN) to specify permitted protocols
Maintaining web browsers at the latest version with current updates

“By avoiding or responsibly using wildcard certificates, organizations can harden network identities against malicious actors using masquerade techniques. Additionally, ALPACA mitigations block known protocol confusion exploits and strengthen network posture against potential future issues. Administrators should always seek to apply defense-in-depth approaches that apply to classes of risks/threats in order to counter malicious threat actors,” the NSA said.

Three Steps to Bridge the Network and Security DivideCISOMAGon October 18, 2021 at 5:46 am Feedzy

FeedzyRead MoreUntil recently, network and security teams could go about their business completely effectively with little requirement for anything more than a light-touch partnership. If network teams are responsible for the roads upon which business data travels, then security teams have traditionally been in charge of barriers, guard rails, and toll booths. The two teams have […]
The post Three Steps to Bridge the Network and Security Divide appeared first on CISO MAG | Cyber Security Magazine.

Until recently, network and security teams could go about their business completely effectively with little requirement for anything more than a light-touch partnership. If network teams are responsible for the roads upon which business data travels, then security teams have traditionally been in charge of barriers, guard rails, and toll booths. The two teams have tended to operate within a shared working environment, with very clear and separate areas of activity. But, thanks to the impact of Digital Transformation, things are changing, and parallel-but-separate activity is not going to be workable for much longer.

By Neil Thacker, CISO EMEA, Netskope

Digital Transformation means something different to everyone, but you’d struggle to find a project that didn’t include a predominance of cloud, and it is this that is the cause of the shake-up for networking/infrastructure and security.

While networking and infrastructure teams prioritize performance, security teams are guided by a need to protect. With cloud, the two are not so easily separated. Old school approaches security directly impinge upon performance and usability, but overly permissive networking workarounds leave little security protection for sensitive and regulated corporate data that no longer sits inside a protective perimeter.

Security and networking teams know this. Most can see the need for change and closer collaboration, and many are even looking to converge teams and budgets, adopting a SASE (Secure Access Service Edge) architecture as a way, to ensure neither performance nor protection is de-prioritized. But these transitions are not easy. My job is to support CIOs and CISOs to make these necessary changes and I advise that teams agree and adhere to the following steps:

Agree joint metrics

To avoid conflicting priorities and optimizations, network and security teams should agree on a common set of metrics for digital risk, network performance, and user experience. Each action taken should be evaluated with respect to the unified set of metrics. These goals are jointly owned; network and security teams are equally accountable. Securing this consensus from the outset ensures no procurement decision is taken, or architectural ideology pursued, that would negatively impact upon another KPI. These metrics enable teams to pursue purchasing projects with multiple goals – passing any potential internal disputes out for resolution by the vendors pitching their technology solution.

Ensure full visibility of performance

Somehow, the many benefits of cloud have been enough to persuade organizations that visibility over what is being used – by whom, when, and in what ways – is not essential. Security professionals who find themselves disquieted by this state of affairs have had to bite their tongues while performance, cost, and usability advantage were prioritized over risk management. We need to agree that a lack of visibility is no longer something businesses should accept as an unavoidable side effect of the cloud.

To the rescue of the blindsided security professional rides SASE, securing data wherever it resides or travels (inside or outside of corporate infrastructure). Network and security teams should use the increased telemetry delivered by a mature SASE platform to create a whole new and detailed set of insights. These reveal the reality of business activity and processes and provide the potential to identify opportunities for service and policy improvement. Such visibility enables constant learning about the ways in which the business is operating, and understanding of end-user actions, behaviors, and processes, and so will help manage digital risk as well as identifying performance uplifts.

Take a unified approach to emerging threats

Network and security teams should seek to use the greater visibility delivered by SASE, along with unified metrics, to identify emerging risks and develop strategies to manage these within risk appetite. This allows the development of business, network, and security roadmaps that get ahead of threats. Just as shared metrics prevent security professionals from designing architectures that create unacceptable performance penalties, so network professionals can make use of threat intelligence to design a more robust and relevant access infrastructure. A SASE architecture makes a shared network/security strategy essential and the acknowledgment of that, with collaboration at the highest level from the outset, will make the process smoother sailing.

UX designers talk about ‘desire paths’. A desire path can be easily seen as you walk your dog about town; it’s the muddy route that cuts the corner, avoiding the tarmac path to find the faster route. Over the past decade, application teams grew to understand the power of user desires, with Shadow IT creeping in around the organization. Now it’s the security and networking teams that are having to rethink their infrastructure as a result of these desire paths. The workforce is embracing the work-from-anywhere approach, using the devices they choose and accessing the applications that they determine best support productivity. If we do not identify and respond to the desire paths in use then we fail to support the business. But if the desire paths we allow do not protect corporate data then we may become equally negligent.

Networking and security professionals must therefore collaborate to build an enabling infrastructure that both protects and shares the essential data required. Without parallel goals and metrics, one team’s success is tomorrow’s battle for the other side.

About the Author

Neil Thacker has an impressive background and is a regular commentator on DLP, Neurodiversity, data protection, and GDPR as well as other topics. He is co-founder of the Security Advisor Alliance, an advisory board member for the Cloud Security Alliance, and a member of EUUG (European User Group for Enterprise and Cloud Data Protection).

Neil currently serves as CISO for Netskope, tasked with supporting the business security challenges through product security, incident management, data protection, security audit, governance, risk, and compliance. He leads the data protection function in EMEA and is the global GDPR lead and central to Netskope’s annual cloud threat report, the latest of which was published in February.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Three Steps to Bridge the Network and Security Divide appeared first on CISO MAG | Cyber Security Magazine.

Until recently, network and security teams could go about their business completely effectively with little requirement for anything more than a light-touch partnership. If network teams are responsible for the roads upon which business data travels, then security teams have traditionally been in charge of barriers, guard rails, and toll booths. The two teams have tended to operate within a shared working environment, with very clear and separate areas of activity. But, thanks to the impact of Digital Transformation, things are changing, and parallel-but-separate activity is not going to be workable for much longer.

By Neil Thacker, CISO EMEA, Netskope

Digital Transformation means something different to everyone, but you’d struggle to find a project that didn’t include a predominance of cloud, and it is this that is the cause of the shake-up for networking/infrastructure and security.

While networking and infrastructure teams prioritize performance, security teams are guided by a need to protect. With cloud, the two are not so easily separated. Old school approaches security directly impinge upon performance and usability, but overly permissive networking workarounds leave little security protection for sensitive and regulated corporate data that no longer sits inside a protective perimeter.

Security and networking teams know this. Most can see the need for change and closer collaboration, and many are even looking to converge teams and budgets, adopting a SASE (Secure Access Service Edge) architecture as a way, to ensure neither performance nor protection is de-prioritized. But these transitions are not easy. My job is to support CIOs and CISOs to make these necessary changes and I advise that teams agree and adhere to the following steps:

Agree joint metrics

To avoid conflicting priorities and optimizations, network and security teams should agree on a common set of metrics for digital risk, network performance, and user experience. Each action taken should be evaluated with respect to the unified set of metrics. These goals are jointly owned; network and security teams are equally accountable. Securing this consensus from the outset ensures no procurement decision is taken, or architectural ideology pursued, that would negatively impact upon another KPI. These metrics enable teams to pursue purchasing projects with multiple goals – passing any potential internal disputes out for resolution by the vendors pitching their technology solution.

Ensure full visibility of performance

Somehow, the many benefits of cloud have been enough to persuade organizations that visibility over what is being used – by whom, when, and in what ways – is not essential. Security professionals who find themselves disquieted by this state of affairs have had to bite their tongues while performance, cost, and usability advantage were prioritized over risk management. We need to agree that a lack of visibility is no longer something businesses should accept as an unavoidable side effect of the cloud.

To the rescue of the blindsided security professional rides SASE, securing data wherever it resides or travels (inside or outside of corporate infrastructure). Network and security teams should use the increased telemetry delivered by a mature SASE platform to create a whole new and detailed set of insights. These reveal the reality of business activity and processes and provide the potential to identify opportunities for service and policy improvement. Such visibility enables constant learning about the ways in which the business is operating, and understanding of end-user actions, behaviors, and processes, and so will help manage digital risk as well as identifying performance uplifts.

Take a unified approach to emerging threats

Network and security teams should seek to use the greater visibility delivered by SASE, along with unified metrics, to identify emerging risks and develop strategies to manage these within risk appetite. This allows the development of business, network, and security roadmaps that get ahead of threats. Just as shared metrics prevent security professionals from designing architectures that create unacceptable performance penalties, so network professionals can make use of threat intelligence to design a more robust and relevant access infrastructure. A SASE architecture makes a shared network/security strategy essential and the acknowledgment of that, with collaboration at the highest level from the outset, will make the process smoother sailing.

UX designers talk about ‘desire paths’. A desire path can be easily seen as you walk your dog about town; it’s the muddy route that cuts the corner, avoiding the tarmac path to find the faster route. Over the past decade, application teams grew to understand the power of user desires, with Shadow IT creeping in around the organization. Now it’s the security and networking teams that are having to rethink their infrastructure as a result of these desire paths. The workforce is embracing the work-from-anywhere approach, using the devices they choose and accessing the applications that they determine best support productivity. If we do not identify and respond to the desire paths in use then we fail to support the business. But if the desire paths we allow do not protect corporate data then we may become equally negligent.

Networking and security professionals must therefore collaborate to build an enabling infrastructure that both protects and shares the essential data required. Without parallel goals and metrics, one team’s success is tomorrow’s battle for the other side.

About the Author

Neil Thacker has an impressive background and is a regular commentator on DLP, Neurodiversity, data protection, and GDPR as well as other topics. He is co-founder of the Security Advisor Alliance, an advisory board member for the Cloud Security Alliance, and a member of EUUG (European User Group for Enterprise and Cloud Data Protection).

Neil currently serves as CISO for Netskope, tasked with supporting the business security challenges through product security, incident management, data protection, security audit, governance, risk, and compliance. He leads the data protection function in EMEA and is the global GDPR lead and central to Netskope’s annual cloud threat report, the latest of which was published in February.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Your First 90 Days as CISO – 9 Steps to SuccessCISOMAGon October 16, 2021 at 9:30 am Feedzy

FeedzyRead MoreChief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much […]
The post Your First 90 Days as CISO – 9 Steps to Success appeared first on CISO MAG | Cyber Security Magazine.

Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.

By George Tubin, Director of Product Strategy at Cynet

SPONSORED CONTENT

A new guide by XDR provider Cynet (download here) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren’t just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.

Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and to implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of organizations to undergo digital transformations to deploy smarter and more adaptive defenses. This is critical, as a good security team can enhance an organization’s ability to scale and innovate. The question is where to start.

9 Steps for New CISOs

The eBook explains how new CISOs should tackle their first 90 days to ensure that each passing week builds on the last, and lets security leaders understand both their current reality, and what they need to improve. Before building a security stack and organization, new CISOs need to comprehend the status quo, what works, and what needs to be upgraded or replaced.

These are the nine steps to new CISO success, according to the guide:

Understanding business risks – The first two weeks of a new security leader’s new job should be spent not doing but learning. New CISOs should familiarize themselves with their organization, how it operates, its security strategy, and how it interacts with the market. It should also be a time to meet with other executives and stakeholders to understand their needs.

Comprehending organizational processes and developing a team – Next, it’s time to look at processes and teams, and how they interact. Before implementing new protocols, CISOs and security leaders should know the processes already in place and how they work or don’t work for the organization.

Building a strategy – Then, it’s time to start building a new security strategy that meets the organization’s business strategy, goals, and objectives, as well as the staff’s career goals and objectives. This will include thinking about automation and how cyber-risks are detected and met, as well as how to test your defenses.

Finalizing strategies and implementation – With a strategy built, it’s time to put rubber to road and get going. Before finalizing your strategy, it’s important to get critical feedback from other stakeholders before bringing a final plan to the board and the executive committee. With final approval, it’s time to start building tactics and plan how to implement the new strategy.

Becoming agile – Once strategies are put into practice, security teams can focus on finding ways to become more responsive, more adaptable, and agile enough to meet any challenge. This includes finding the right project management tools and methods.

Measuring and reporting – Now, it’s time to ensure that the plans that were implemented are properly working. Once things are in place, it’s time to begin regular measuring and reporting cycles to show both the security team and the executive committee that the strategy is working.

Pen testing – This is a critical step and should be an important evaluation of a strategy’s effectiveness. Any good plan should always include rigorous testing to help teams find places where defenses are not working or vulnerabilities that might not have appeared on paper but do in practice.

Building a ZTA plan – Now, it’s time to do away with outdated identity and access management (IAM) paradigms and upgrade to multi-factor authentication (MFA). This also includes upgrading SaaS application security posture, as well as network defenses that can prevent common attacks.

Evaluate SaaS vendors – Finally, and with the goal of using SaaS applications wherever possible, a new CISO must carefully consider existing vendors to find a solution that can cover as many services as possible without requiring complex and potentially risky security stacks.

You can learn more about how CISOs can get started successfully here.

About the Author

George Tubin is the Director of Product Strategy at Cynet and a recognized expert in cybercrime prevention. He was previously VP of Marketing at Socure and Senior Research Director at TowerGroup where he delivered thought leadership and insights to large enterprises on cybersecurity as well as identity and fraud management.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

The post Your First 90 Days as CISO – 9 Steps to Success appeared first on CISO MAG | Cyber Security Magazine.

Chief Information Security Officers (CISOs) are an essential pillar of an organization’s defense, and they must account for a lot. Especially for new CISOs, this can be a daunting task. The first 90 days for a new CISO are crucial in setting up their security team, so there is little time to waste, and much to accomplish.

By George Tubin, Director of Product Strategy at Cynet

SPONSORED CONTENT

A new guide by XDR provider Cynet (download here) looks to give new and veteran CISOs a durable foundation to build a successful security organization. The challenges faced by new CISOs aren’t just logistical. They include securing their environment from both known and unknown threats, dealing with stakeholders with unique needs and demands, and interfacing with management to show the value of strong security.

Therefore, having clearly defined steps planned out can help CISOs seize the opportunity for change and to implement security capabilities that allow organizations to grow and prosper. Security leaders can also leverage the willingness of organizations to undergo digital transformations to deploy smarter and more adaptive defenses. This is critical, as a good security team can enhance an organization’s ability to scale and innovate. The question is where to start.

The eBook explains how new CISOs should tackle their first 90 days to ensure that each passing week builds on the last, and lets security leaders understand both their current reality, and what they need to improve. Before building a security stack and organization, new CISOs need to comprehend the status quo, what works, and what needs to be upgraded or replaced.

These are the nine steps to new CISO success, according to the guide:

Understanding business risks – The first two weeks of a new security leader’s new job should be spent not doing but learning. New CISOs should familiarize themselves with their organization, how it operates, its security strategy, and how it interacts with the market. It should also be a time to meet with other executives and stakeholders to understand their needs.
Comprehending organizational processes and developing a team – Next, it’s time to look at processes and teams, and how they interact. Before implementing new protocols, CISOs and security leaders should know the processes already in place and how they work or don’t work for the organization.
Building a strategy – Then, it’s time to start building a new security strategy that meets the organization’s business strategy, goals, and objectives, as well as the staff’s career goals and objectives. This will include thinking about automation and how cyber-risks are detected and met, as well as how to test your defenses.
Finalizing strategies and implementation – With a strategy built, it’s time to put rubber to road and get going. Before finalizing your strategy, it’s important to get critical feedback from other stakeholders before bringing a final plan to the board and the executive committee. With final approval, it’s time to start building tactics and plan how to implement the new strategy.
Becoming agile – Once strategies are put into practice, security teams can focus on finding ways to become more responsive, more adaptable, and agile enough to meet any challenge. This includes finding the right project management tools and methods.
Measuring and reporting – Now, it’s time to ensure that the plans that were implemented are properly working. Once things are in place, it’s time to begin regular measuring and reporting cycles to show both the security team and the executive committee that the strategy is working.
Pen testing – This is a critical step and should be an important evaluation of a strategy’s effectiveness. Any good plan should always include rigorous testing to help teams find places where defenses are not working or vulnerabilities that might not have appeared on paper but do in practice.
Building a ZTA plan – Now, it’s time to do away with outdated identity and access management (IAM) paradigms and upgrade to multi-factor authentication (MFA). This also includes upgrading SaaS application security posture, as well as network defenses that can prevent common attacks.
Evaluate SaaS vendors – Finally, and with the goal of using SaaS applications wherever possible, a new CISO must carefully consider existing vendors to find a solution that can cover as many services as possible without requiring complex and potentially risky security stacks.

You can learn more about how CISOs can get started successfully here.

About the Author

George Tubin is the Director of Product Strategy at Cynet and a recognized expert in cybercrime prevention. He was previously VP of Marketing at Socure and Senior Research Director at TowerGroup where he delivered thought leadership and insights to large enterprises on cybersecurity as well as identity and fraud management.

Disclaimer

Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.

Market Trends Report: Cloud Forensics in Today’s WorldCISOMAGon October 16, 2021 at 5:30 am Feedzy

FeedzyRead MoreCloud computing is transforming digital and IT infrastructure at an astounding pace. The pandemic and changing business models have prompted many businesses to migrate their digital operations and storage to the cloud. Today, it is common practice for an organization to adopt a hybrid, multi-cloud approach. From a security perspective, cloud technology poses many challenges […]
The post Market Trends Report: Cloud Forensics in Today’s World appeared first on CISO MAG | Cyber Security Magazine.

Cloud computing is transforming digital and IT infrastructure at an astounding pace. The pandemic and changing business models have prompted many businesses to migrate their digital operations and storage to the cloud. Today, it is common practice for an organization to adopt a hybrid, multi-cloud approach.

From a security perspective, cloud technology poses many challenges for cybersecurity leaders. One such issue is cloud forensics; scaling the traditional digital forensics process in a multi-jurisdictional and distributed cloud environment has become a challenging task.

The complex nature of the cloud poses multiple challenges to traditional forensics. It has become imperative for security leaders to understand the state of the cloud from the perspective of existing challenges and trends to develop solutions for the further development of information security against current and future threats.

The cloud offers various architectures, service models, processes, and continuously changing paradigms. So, it is challenging for investigators to gain access to data and resources required for forensics – the “artifacts,” as they call it. That includes registry keys, files, timestamps, and event logs. This is digital evidence that can be used in a court of law for criminal litigation.

This Market Research Report titled “Cloud Forensics in Today’s World” is based on a survey conducted by EC-Council‘s Cyber Research team. It is backed by the insightful perspectives of industry experts towards various trends and challenges particularly, with digital forensics in a cloud environment.

Key Findings:

Both multi-tenancy-related privacy issues and distributed data location were considered equally challenging by one-fourth of the respondents.
More than half of the respondents believe the hybrid cloud deployment model presents the most challenges towards cloud forensics.
Nearly 40% of the respondents say that a lack of channels for international communication contributes significantly to the legal challenges faced by cloud forensics.
There is a growing demand that the SLA should mention when and what data to collect, its purpose and legal liabilities.
FaaS (Forensics as a Service) is the most anticipated trend towards improving the cloud forensics domain.

To view the complete analysis and reportage, hit the download button now!

Check out our other Market Trends Reports here.

The post Market Trends Report: Cloud Forensics in Today’s World appeared first on CISO MAG | Cyber Security Magazine.

Cloud computing is transforming digital and IT infrastructure at an astounding pace. The pandemic and changing business models have prompted many businesses to migrate their digital operations and storage to the cloud. Today, it is common practice for an organization to adopt a hybrid, multi-cloud approach.

From a security perspective, cloud technology poses many challenges for cybersecurity leaders. One such issue is cloud forensics; scaling the traditional digital forensics process in a multi-jurisdictional and distributed cloud environment has become a challenging task.

The complex nature of the cloud poses multiple challenges to traditional forensics. It has become imperative for security leaders to understand the state of the cloud from the perspective of existing challenges and trends to develop solutions for the further development of information security against current and future threats.

The cloud offers various architectures, service models, processes, and continuously changing paradigms. So, it is challenging for investigators to gain access to data and resources required for forensics – the “artifacts,” as they call it. That includes registry keys, files, timestamps, and event logs. This is digital evidence that can be used in a court of law for criminal litigation.

This Market Research Report titled “Cloud Forensics in Today’s World” is based on a survey conducted by EC-Council‘s Cyber Research team. It is backed by the insightful perspectives of industry experts towards various trends and challenges particularly, with digital forensics in a cloud environment.

Both multi-tenancy-related privacy issues and distributed data location were considered equally challenging by one-fourth of the respondents.
More than half of the respondents believe the hybrid cloud deployment model presents the most challenges towards cloud forensics.
Nearly 40% of the respondents say that a lack of channels for international communication contributes significantly to the legal challenges faced by cloud forensics.
There is a growing demand that the SLA should mention when and what data to collect, its purpose and legal liabilities.
FaaS (Forensics as a Service) is the most anticipated trend towards improving the cloud forensics domain.

To view the complete analysis and reportage, hit the download button now!

Check out our other Market Trends Reports here.

How to Become a Successful Digital Forensic Investigator?CISOMAGon October 15, 2021 at 9:30 am Feedzy

FeedzyRead MoreDigital forensic investigators play an essential role in solving computer-based crimes. A sub-division of forensic science, digital forensics is alternatively known as computer forensics. With the widespread use of web applications for banking, transactions, and other services, the pandemic-induced remote work has resulted in a massive jump in digital-based crimes. Cybercrime has increased 600% since […]
The post How to Become a Successful Digital Forensic Investigator? appeared first on CISO MAG | Cyber Security Magazine.

Digital forensic investigators play an essential role in solving computer-based crimes. A sub-division of forensic science, digital forensics is alternatively known as computer forensics.

With the widespread use of web applications for banking, transactions, and other services, the pandemic-induced remote work has resulted in a massive jump in digital-based crimes. Cybercrime has increased 600% since the pandemic, according to Embroker statistics. As a result, there is a significant need for digital forensics investigators to look into these crimes and assist with data recovery operations.

So, if you are a cybersecurity enthusiast with critical and analytical skills, tracing computer-based crimes may be apt for you.

This article discusses the necessary skills, educational requirements etc., that can help you build a rewarding career in the digital forensics domain. But before we go into the details, let’s learn briefly about this field and the responsibilities of a digital forensic investigator.

Who is a Digital Forensic Investigator?

A digital forensics investigator is a trained professional/expert with impeccable knowledge of forensics principles, data acquisition, and legal procedures hired by law enforcement agencies and private firms. They are required to have an exceptional practical understanding of various concepts pertaining to digital devices (hardware related, software related, encryption, decryption etc.) for conducting a digital investigation. Identifying, collecting, storing, and documenting computer data using digital forensics tools to produce the necessary evidence that may be utilized in a court of law, is known as digital forensics investigation.

During the investigation, the digital forensic expert must understand, reconstruct, and analyze the crime scene, consider which digital device can be regarded as evidence, and extract the required data from the digital evidence. They are responsible for collecting evidence from the crime scene and preserving the pieces of evidence, lest they are tampered with.

The role of the digital forensic investigator differs depending on the nature of the case, i.e., recovering data (erased or lost data), incidents such as hacking and online frauds/swindles, or tracking sources (perpetrator) of a cyberattack. So, they need to learn the various digital forensics steps and phases to execute their tasks in a logical and systematic manner.

Advancing your career as a digital forensic investigator, one must gain specific skills, which we shall highlight in the next section.

Digital Forensics Skills and Requirements

In order to perform the tasks of a digital forensic investigator or analyst, one must be proficient in certain areas besides acquiring specific skills or certifications. The following are the basic set of skills and requirements one must acquire to become a successful digital forensics expert:

Education Requirements

A background in computer science or an equivalent is crucial to begin your career in this field. A bachelor’s in criminal justice can also be a viable option for one to pursue combined with computer forensics training later. Additionally, you can also earn your certifications online from a credible agency or institution. Employers’ requirements vary depending on the kind of profile they are hiring for. Getting a bachelor’s or master’s degree in cybersecurity specializing in digital forensics can also advance your career.

Common Skills

There are certain skills you need to hone to gain mastery in this field. Some common skill sets are discussed below.

Networking Skills: Sound knowledge in networking and connectivity concepts can help you in identifying a network intrusion.

Technical Skills: A thorough understanding of the fundamental technical aspects such as networking fundamentals, technical concepts, digital devices, how a system works, knowledge of different OS etc., can help you to acquire advanced certifications

Analytical Skills: Analyzing the digital evidence and data, cybercrime patterns and attacks etc. requires you to demonstrate critical and analytical skills to think like black hat hackers.

Communication Skills: As a digital forensic analyst, you need to convey technical information in a simple manner, so working on your communication skills should be on your list.

Comprehension of Cybersecurity Techniques

Broaden your knowledge about the latest breaches, vulnerabilities, risks, malware etc., in addition to being well-versed with the terms and concepts of cybersecurity.

Aspire to Learn

Technology is constantly evolving, and one needs to have the desire to learn and stay updated with modern technologies and evolving scope of attacks.

Work Experience

After obtaining skills and required certifications, gaining relevant experience in the required domain as a computer forensics analyst or an equivalent can help you accelerate your career and land you high-paying jobs as well.

How Can You Advance Your Digital Forensics Career with C|HFI

In addition to the skills mentioned above, one must know the various tools, techniques, and other methods used to conduct an investigation. Moreover, organizations prefer people who are well-versed in the digital forensics process and hold advanced from. Thus, increasing the possibilities of getting a job and qualifies them to be digital forensics experts with comparatively higher pay than other IT professionals. In addition, an accredited certification also enables one to apply in government as well as corporations. According to PayScale, the average pay of a certified digital forensic investigator is $64,900 per year.

Digital forensics is also expanding rapidly to include other branches such as Network Forensics, Database Forensics and so on which further increases the scope of employment in diverse fields.

There are various certified digital forensics courses one can pursue. However, earning a credible certification that aligns with the industry-specific roles can broaden your career prospects. EC-Council’s Certified Computer Hacking Forensic Investigator (C|HFI) program is ANSI accredited which offers vendor-neutral training to organizations. C|HFI’s in-depth curriculum, carefully curated based on the numerous methods and digital forensics tools necessary and employed in an investigation, allows you to build a solid foundation. Further, this course validates your skills to be the finest digital forensics investigator.

20+ Job Roles | 4,000+ Job Openings | Avg. Salary of $96,000

Start your C|HFI Certification and Explore New Career Opportunities in the World of Digital Forensics.

FAQs

What are the requirements to become a Cyber Forensic Investigator?

You must possess good technical and analytical skills and have in-depth knowledge about the various operating systems and networking concepts. The primary educational qualifications are a bachelor’s degree in computer science, cyber forensics, or computer applications and a certification course like CHFI, which validates your skillset and gives an overall view of the complete work process of an investigator.

What are the various job opportunities available in computer forensics?

There are numerous job opportunities in the field of computer forensics. One such job role is the cyber forensics investigator, responsible for the thorough investigation of cybercrime. Other roles available are security analyst, network analyst, security consultant, computer forensic technician etc.

References:

https://en.wikipedia.org/wiki/Digital_forensics
https://www.guru99.com/digital-forensics.html
https://en.wikipedia.org/wiki/Digital_forensic_process
https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/.
https://www.forensicnotes.com/how-to-become-a-digital-forensics-professional/
https://cybersecurityguide.org/careers/computer-forensics/
https://online.champlain.edu/blog/top-skills-required-for-computer-forensics-careers
https://www.forbes.com/sites/laurencebradford/2017/04/29/6-skills-required-for-a-career-in-digital-forensics/?sh=461908017fa6
https://www.newindianexpress.com/business/2020/dec/08/cybercrimes-cost-global-economy-over-usd-945-billion-2233285.html

The post How to Become a Successful Digital Forensic Investigator? appeared first on CISO MAG | Cyber Security Magazine.

Digital forensic investigators play an essential role in solving computer-based crimes. A sub-division of forensic science, digital forensics is alternatively known as computer forensics.

With the widespread use of web applications for banking, transactions, and other services, the pandemic-induced remote work has resulted in a massive jump in digital-based crimes. Cybercrime has increased 600% since the pandemic, according to Embroker statistics. As a result, there is a significant need for digital forensics investigators to look into these crimes and assist with data recovery operations.

So, if you are a cybersecurity enthusiast with critical and analytical skills, tracing computer-based crimes may be apt for you.

This article discusses the necessary skills, educational requirements etc., that can help you build a rewarding career in the digital forensics domain. But before we go into the details, let’s learn briefly about this field and the responsibilities of a digital forensic investigator.

Who is a Digital Forensic Investigator?

A digital forensics investigator is a trained professional/expert with impeccable knowledge of forensics principles, data acquisition, and legal procedures hired by law enforcement agencies and private firms. They are required to have an exceptional practical understanding of various concepts pertaining to digital devices (hardware related, software related, encryption, decryption etc.) for conducting a digital investigation. Identifying, collecting, storing, and documenting computer data using digital forensics tools to produce the necessary evidence that may be utilized in a court of law, is known as digital forensics investigation.

During the investigation, the digital forensic expert must understand, reconstruct, and analyze the crime scene, consider which digital device can be regarded as evidence, and extract the required data from the digital evidence. They are responsible for collecting evidence from the crime scene and preserving the pieces of evidence, lest they are tampered with.

The role of the digital forensic investigator differs depending on the nature of the case, i.e., recovering data (erased or lost data), incidents such as hacking and online frauds/swindles, or tracking sources (perpetrator) of a cyberattack. So, they need to learn the various digital forensics steps and phases to execute their tasks in a logical and systematic manner.

Advancing your career as a digital forensic investigator, one must gain specific skills, which we shall highlight in the next section.

Digital Forensics Skills and Requirements

In order to perform the tasks of a digital forensic investigator or analyst, one must be proficient in certain areas besides acquiring specific skills or certifications. The following are the basic set of skills and requirements one must acquire to become a successful digital forensics expert:

Education Requirements

A background in computer science or an equivalent is crucial to begin your career in this field. A bachelor’s in criminal justice can also be a viable option for one to pursue combined with computer forensics training later. Additionally, you can also earn your certifications online from a credible agency or institution. Employers’ requirements vary depending on the kind of profile they are hiring for. Getting a bachelor’s or master’s degree in cybersecurity specializing in digital forensics can also advance your career.

Common Skills

There are certain skills you need to hone to gain mastery in this field. Some common skill sets are discussed below.

Networking Skills: Sound knowledge in networking and connectivity concepts can help you in identifying a network intrusion.
Technical Skills: A thorough understanding of the fundamental technical aspects such as networking fundamentals, technical concepts, digital devices, how a system works, knowledge of different OS etc., can help you to acquire advanced certifications
Analytical Skills: Analyzing the digital evidence and data, cybercrime patterns and attacks etc. requires you to demonstrate critical and analytical skills to think like black hat hackers.
Communication Skills: As a digital forensic analyst, you need to convey technical information in a simple manner, so working on your communication skills should be on your list.

Comprehension of Cybersecurity Techniques

Broaden your knowledge about the latest breaches, vulnerabilities, risks, malware etc., in addition to being well-versed with the terms and concepts of cybersecurity.

Aspire to Learn

Technology is constantly evolving, and one needs to have the desire to learn and stay updated with modern technologies and evolving scope of attacks.

Work Experience

After obtaining skills and required certifications, gaining relevant experience in the required domain as a computer forensics analyst or an equivalent can help you accelerate your career and land you high-paying jobs as well.

How Can You Advance Your Digital Forensics Career with C|HFI

In addition to the skills mentioned above, one must know the various tools, techniques, and other methods used to conduct an investigation. Moreover, organizations prefer people who are well-versed in the digital forensics process and hold advanced from. Thus, increasing the possibilities of getting a job and qualifies them to be digital forensics experts with comparatively higher pay than other IT professionals. In addition, an accredited certification also enables one to apply in government as well as corporations. According to PayScale, the average pay of a certified digital forensic investigator is $64,900 per year.

Digital forensics is also expanding rapidly to include other branches such as Network Forensics, Database Forensics and so on which further increases the scope of employment in diverse fields.

There are various certified digital forensics courses one can pursue. However, earning a credible certification that aligns with the industry-specific roles can broaden your career prospects. EC-Council’s Certified Computer Hacking Forensic Investigator (C|HFI) program is ANSI accredited which offers vendor-neutral training to organizations. C|HFI’s in-depth curriculum, carefully curated based on the numerous methods and digital forensics tools necessary and employed in an investigation, allows you to build a solid foundation. Further, this course validates your skills to be the finest digital forensics investigator.

20+ Job Roles | 4,000+ Job Openings | Avg. Salary of $96,000

Start your C|HFI Certification and Explore New Career Opportunities in the World of Digital Forensics.

Get Certified Now

FAQs

What are the requirements to become a Cyber Forensic Investigator?

You must possess good technical and analytical skills and have in-depth knowledge about the various operating systems and networking concepts. The primary educational qualifications are a bachelor’s degree in computer science, cyber forensics, or computer applications and a certification course like CHFI, which validates your skillset and gives an overall view of the complete work process of an investigator.

What are the various job opportunities available in computer forensics?

There are numerous job opportunities in the field of computer forensics. One such job role is the cyber forensics investigator, responsible for the thorough investigation of cybercrime. Other roles available are security analyst, network analyst, security consultant, computer forensic technician etc.

References:

https://en.wikipedia.org/wiki/Digital_forensics
https://www.guru99.com/digital-forensics.html
https://en.wikipedia.org/wiki/Digital_forensic_process
https://www.geeksforgeeks.org/chain-of-custody-digital-forensics/.
https://www.forensicnotes.com/how-to-become-a-digital-forensics-professional/
https://cybersecurityguide.org/careers/computer-forensics/
https://online.champlain.edu/blog/top-skills-required-for-computer-forensics-careers
https://www.forbes.com/sites/laurencebradford/2017/04/29/6-skills-required-for-a-career-in-digital-forensics/?sh=461908017fa6
https://www.newindianexpress.com/business/2020/dec/08/cybercrimes-cost-global-economy-over-usd-945-billion-2233285.html

The Friday Podcast: The Big Stories for the Week (15 October 2021)CISOMAGon October 15, 2021 at 5:50 am Feedzy

FeedzyRead MoreIn the Friday Podcast Episode 7, we tell you about the big stories our cybersecurity editors produced this week. CYBERSECURITY AWARENESS MONTH October is designated as Cybersecurity Awareness month. Continuing our series of articles and content pieces on this theme, our Sr. Feature Writer Rudra Srinivas designed a lovely Infographic all by himself. His visual […]
The post The Friday Podcast: The Big Stories for the Week (15 October 2021) appeared first on CISO MAG | Cyber Security Magazine.

In the Friday Podcast Episode 7, we tell you about the big stories our cybersecurity editors produced this week.

CYBERSECURITY AWARENESS MONTH

October is designated as Cybersecurity Awareness month. Continuing our series of articles and content pieces on this theme, our Sr. Feature Writer Rudra Srinivas designed a lovely Infographic all by himself. His visual story is titled “How to find a Phishing Email” and you can view it at the link below.

The infographic offers five tips to fight phishing.

View here

INCIDENT RESPONSE INTERVIEW

Those concerned with Incident Response will want to read our interview with Sriram Tarikere, Senior Director with Alvarez & Marsal’s Global Cyber Risk Services in New York.

In an email interview with Tarikere, our Sub-Editor, Pooja Tikekar discussed the need for having well-prepared incident response teams who respond to threats. Tarikere also shares ways to respond to a cyber incident in a timely manner, common cloud migration misconceptions, and security predictions for 2022. He has also written an article for us in our October issue.

Read More

Google has set up a Cybersecurity Action Team to Boost Cybersecurity

Search engine giant Google announced the formation of a Cybersecurity Action Team to support the security and digital transformation of governments, critical infrastructure, private enterprises, and small businesses. The Google Cybersecurity Action Team intends to guide customers through the cycle of security transformation and enhance their cyber-resilience preparedness against potential security threats.

The team, which initially begins within Google Cloud, will bring full-spectrum security and customer engineering solutions to help organizations address business and security challenges. It also provides new security solutions to organizations of all sizes as per future requirements.

Well, here’s one more example of a Big Tech company acting responsibly and doing its bit to protect customers on the cloud.

Read more

White House is Bringing 30 Nations Together for a Counter-Ransomware Event

The Biden administration has initiated the virtual Counter-Ransomware Initiative meetings joined by ministers and senior officials from over 30 countries to address the growing ransomware landscape. The two-day Counter-Ransomware Initiative meetings will discuss the efforts to improve national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals.

The Counter-Ransomware efforts focus four parameters:

Disrupt Ransomware Infrastructure and Actors
Bolster Resilience to Withstand Ransomware Attacks
Address the Abuse of Virtual Currency to Launder Ransom Payments
Leverage International Cooperation to Disrupt the Ransomware

Read more

Australia has Unveiled a Ransomware Action Plan to Combat Cyberattacks

With rising state-sponsored ransomware operators and attacks becoming widespread, the Australian government has announced a Ransomware Action Plan to tackle the rising cyberthreats. The government is also collaborating with international and business partners to protect Australians against global ransomware threats.

The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter.

The authorities stated the ransomware action plan would ensure that Australia remains a challenging target for cybercriminals.

Read more

Indian Bank Users are becoming Victims of Drinik Android Malware – which uses Tax Refund as Bait

And its tax season here in India.

The Indian Computer Emergency Response Team (CERT-In) released an advisory related to a new malware called Drinik.

The Android malware targets Indian Bank customers through a hacking process using Phishing emails to steal sensitive user data.

Detailing the process, the advisory describes the attack vector to pose as an Income Tax Department message. The SMS is a phishing message that asks the user to enter personal information and download and install the malicious APK file for verification. Personal and financial details like PAN card number, Aadhaar, date of birth, email address, bank details, IFSC code, card details, PIN and CVV are all entered, stored, and stolen through the malware.

To lure the victim the malware displays a refund amount message and seeks further permission to transfer the amount to the user’s bank account.

The article offers tips and best practices to mitigate the risks from Drinik malware.

Read more

PODCAST

For Episode #15 of our podcast, I caught up with a friend who’s a Gartner analyst from India.

How do you detect malware that uses legitimate channels to penetrate corporate networks? Prateek Bhajanka, Senior Principal Analyst, Gartner, Inc. gives us some tips and also suggests using Gartner zero-trust frameworks like CARTA to check sneaky threats.

You’ll want to listen to Episode #15 which is titled: Malware through the Green Channel.

Prateek also shared something interesting from his personal life. He is so obsessed with Security that he takes his frameworks and best practices home and applies it there too — much to the chagrin, bewilderment, and annoyance of his family members! But Prateek is only trying to protect them.

Listen here

You’ll find all our past episodes on SoundCloud.com/cisomag

The post The Friday Podcast: The Big Stories for the Week (15 October 2021) appeared first on CISO MAG | Cyber Security Magazine.

In the Friday Podcast Episode 7, we tell you about the big stories our cybersecurity editors produced this week.

CYBERSECURITY AWARENESS MONTH

October is designated as Cybersecurity Awareness month. Continuing our series of articles and content pieces on this theme, our Sr. Feature Writer Rudra Srinivas designed a lovely Infographic all by himself. His visual story is titled “How to find a Phishing Email” and you can view it at the link below.

The infographic offers five tips to fight phishing.

View here

INCIDENT RESPONSE INTERVIEW

Those concerned with Incident Response will want to read our interview with Sriram Tarikere, Senior Director with Alvarez & Marsal’s Global Cyber Risk Services in New York.

In an email interview with Tarikere, our Sub-Editor, Pooja Tikekar discussed the need for having well-prepared incident response teams who respond to threats. Tarikere also shares ways to respond to a cyber incident in a timely manner, common cloud migration misconceptions, and security predictions for 2022. He has also written an article for us in our October issue.

Read More

Google has set up a Cybersecurity Action Team to Boost Cybersecurity

Search engine giant Google announced the formation of a Cybersecurity Action Team to support the security and digital transformation of governments, critical infrastructure, private enterprises, and small businesses. The Google Cybersecurity Action Team intends to guide customers through the cycle of security transformation and enhance their cyber-resilience preparedness against potential security threats.

The team, which initially begins within Google Cloud, will bring full-spectrum security and customer engineering solutions to help organizations address business and security challenges. It also provides new security solutions to organizations of all sizes as per future requirements.

Well, here’s one more example of a Big Tech company acting responsibly and doing its bit to protect customers on the cloud.

Read more

White House is Bringing 30 Nations Together for a Counter-Ransomware Event

The Biden administration has initiated the virtual Counter-Ransomware Initiative meetings joined by ministers and senior officials from over 30 countries to address the growing ransomware landscape. The two-day Counter-Ransomware Initiative meetings will discuss the efforts to improve national resilience, addressing the misuse of virtual currency, laundering ransom payments, disrupting the ransomware ecosystem, and prosecuting the cybercriminals.

The Counter-Ransomware efforts focus four parameters:

Disrupt Ransomware Infrastructure and Actors
Bolster Resilience to Withstand Ransomware Attacks
Address the Abuse of Virtual Currency to Launder Ransom Payments
Leverage International Cooperation to Disrupt the Ransomware

Read more

Australia has Unveiled a Ransomware Action Plan to Combat Cyberattacks

With rising state-sponsored ransomware operators and attacks becoming widespread, the Australian government has announced a Ransomware Action Plan to tackle the rising cyberthreats. The government is also collaborating with international and business partners to protect Australians against global ransomware threats.

The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter.

The authorities stated the ransomware action plan would ensure that Australia remains a challenging target for cybercriminals.

Read more

Indian Bank Users are becoming Victims of Drinik Android Malware – which uses Tax Refund as Bait

And its tax season here in India.

The Indian Computer Emergency Response Team (CERT-In) released an advisory related to a new malware called Drinik.

The Android malware targets Indian Bank customers through a hacking process using Phishing emails to steal sensitive user data.

Detailing the process, the advisory describes the attack vector to pose as an Income Tax Department message. The SMS is a phishing message that asks the user to enter personal information and download and install the malicious APK file for verification. Personal and financial details like PAN card number, Aadhaar, date of birth, email address, bank details, IFSC code, card details, PIN and CVV are all entered, stored, and stolen through the malware.

To lure the victim the malware displays a refund amount message and seeks further permission to transfer the amount to the user’s bank account.

The article offers tips and best practices to mitigate the risks from Drinik malware.

Read more

PODCAST

For Episode #15 of our podcast, I caught up with a friend who’s a Gartner analyst from India.

How do you detect malware that uses legitimate channels to penetrate corporate networks? Prateek Bhajanka, Senior Principal Analyst, Gartner, Inc. gives us some tips and also suggests using Gartner zero-trust frameworks like CARTA to check sneaky threats.

You’ll want to listen to Episode #15 which is titled: Malware through the Green Channel.

Prateek also shared something interesting from his personal life. He is so obsessed with Security that he takes his frameworks and best practices home and applies it there too — much to the chagrin, bewilderment, and annoyance of his family members! But Prateek is only trying to protect them.

Listen here

You’ll find all our past episodes on SoundCloud.com/cisomag

Australia Unveils Ransomware Action Plan to Combat CyberattacksCISOMAGon October 14, 2021 at 4:02 pm Feedzy

FeedzyRead MoreWith rising state-sponsored ransomware operators and attacks becoming widespread, the Australian government has announced a Ransomware Action Plan to tackle the rising cyberthreats. The government is also collaborating with international and business partners to protect Australians against global ransomware threats. “We are continuing to observe cybercriminals successfully use ransomware to disrupt services and steal from […]
The post Australia Unveils Ransomware Action Plan to Combat Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

With rising state-sponsored ransomware operators and attacks becoming widespread, the Australian government has announced a Ransomware Action Plan to tackle the rising cyberthreats. The government is also collaborating with international and business partners to protect Australians against global ransomware threats.

“We are continuing to observe cybercriminals successfully use ransomware to disrupt services and steal from Australians. Whether it is conducting attacks on critical infrastructure, taking from small businesses, or targeting the most vulnerable members of our community, cybercriminals use ransomware to do Australians real and long-lasting harm,” said Karen Andrews, MP Minister for Home Affairs.

Ransomware Action Plan

The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter.

The authorities stated the ransomware action plan would ensure that Australia remains a challenging target for cybercriminals. Under the ransomware action plan, the Australian government will:

Launch additional operational activity to target criminals seeking to disrupt and profit from Australian businesses and individuals
Establishment of the multi-agency taskforce Operation Orcus as Australia’s strongest response to the surging ransomware threat, led by the Australian Federal Police
Awareness raising and clear advice for critical infrastructure, large businesses and small to medium enterprises on ransomware payments
Joint operations with international counterparts to strengthen shared capabilities to detect, investigate, disrupt, and prosecute malicious cyber actors when engaging in ransomware
Introducing a specific mandatory ransomware incident reporting to the Australian Government
Introducing a stand-alone offense for all forms of cyber extortion

Cybersecurity Initiatives by Australia

The Australian government has initiated multiple cybersecurity measures to combat rising cyber and ransomware attacks. The government invested $1.67 billion in cybersecurity funding over ten years via its Cybersecurity Strategy 2020 to build new cybersecurity and law enforcement capabilities.

International Pact to Thwart Cyberattacks

Australia recently partnered with the U.K. and the U.S. to form a trilateral security partnership known as AUKUS. The security pact is committed to maintaining diplomatic, security, and defense cooperation in the Indo-Pacific region. The three nations announced their plans to boost cybersecurity, artificial intelligence, quantum computing, and other critical technologies.

The post Australia Unveils Ransomware Action Plan to Combat Cyberattacks appeared first on CISO MAG | Cyber Security Magazine.

Read Aloud

With rising state-sponsored ransomware operators and attacks becoming widespread, the Australian government has announced a Ransomware Action Plan to tackle the rising cyberthreats. The government is also collaborating with international and business partners to protect Australians against global ransomware threats.

“We are continuing to observe cybercriminals successfully use ransomware to disrupt services and steal from Australians. Whether it is conducting attacks on critical infrastructure, taking from small businesses, or targeting the most vulnerable members of our community, cybercriminals use ransomware to do Australians real and long-lasting harm,” said Karen Andrews, MP Minister for Home Affairs.

Ransomware Action Plan

The Ransomware Action Plan is built on three objectives – Prepare and Prevent; Respond and Recover; Disrupt and Deter.

The authorities stated the ransomware action plan would ensure that Australia remains a challenging target for cybercriminals. Under the ransomware action plan, the Australian government will:

Launch additional operational activity to target criminals seeking to disrupt and profit from Australian businesses and individuals
Establishment of the multi-agency taskforce Operation Orcus as Australia’s strongest response to the surging ransomware threat, led by the Australian Federal Police
Awareness raising and clear advice for critical infrastructure, large businesses and small to medium enterprises on ransomware payments
Joint operations with international counterparts to strengthen shared capabilities to detect, investigate, disrupt, and prosecute malicious cyber actors when engaging in ransomware
Introducing a specific mandatory ransomware incident reporting to the Australian Government
Introducing a stand-alone offense for all forms of cyber extortion

Cybersecurity Initiatives by Australia

The Australian government has initiated multiple cybersecurity measures to combat rising cyber and ransomware attacks. The government invested $1.67 billion in cybersecurity funding over ten years via its Cybersecurity Strategy 2020 to build new cybersecurity and law enforcement capabilities.

International Pact to Thwart Cyberattacks

Australia recently partnered with the U.K. and the U.S. to form a trilateral security partnership known as AUKUS. The security pact is committed to maintaining diplomatic, security, and defense cooperation in the Indo-Pacific region. The three nations announced their plans to boost cybersecurity, artificial intelligence, quantum computing, and other critical technologies.