CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

More documents

Recommendations

Info

Data Breaches: Beyond Exposing Identities Exploring the implications of adversaries or competitors using compromised networks to gain a business advantage under the guise of a data breach By Kem Gay, Intelligence Analyst, 4iQ Exposed data breaches are costly and taxing for companies and customers alike. More importantly, breaches are likely to lead to economic espionage as exposed networks may reveal a company’s trade secrets, pending mergers and acquisitions, and other proprietary information (PI), threatening a business’s overall competitive advantage. This trend isn’t unique, and it has become an increasingly common occurrence. "Studies have calculated that the U.S. loses about 200,000 jobs a year, and Europe loses as many as 150,000 due to cyber theft, including digital theft, piracy, and espionage." Graff - The Dawn of the Code War, John P. Carlin with Garrett M. In the past two years, the U.S. Department of Justice has indicted several individuals for cybercrimes related to espionage and stolen personally identifiable information (PII). In December 2018, two Chinese nationals were indicted for conspiracy to commit computer intrusions, conspiracy to commit wire fraud, and aggravated identity theft. The pair, members of a known advanced persistent threat (APT) group colluding with China’s intelligence services, stole sensitive technology-related business information from companies and government agencies across 12 different countries. In addition, more than 40 computers were compromised in order to steal PII belonging to over 100,000 U.S. Navy personnel. In late 2017, three Chinese hackers were also indicted for similar offenses. In <strong>March</strong> of the same year, cyber criminals colluding with two Russian intelligence agents were indicted for unauthorized access to a U.S. email service provider resulting in computer hacking, economic espionage, and conspiracy. The perpetrators stole at least 500 million email accounts and trade secrets related to the company. Although we cannot determine, ‘Which came first: the chicken or
the egg?’ for the aforementioned computer intrusions and theft of PII and PI, we can confidently assert that both were targets for cyber criminals and nation state actors. According to a recent report from the National Counterintelligence and Security Center, “Cyberspace remains a preferred operational domain for a wide range of industrial espionage threat actors, from adversarial nation states, to commercial enterprises operating under state influence, to sponsored activities conducted by proxy hacker groups.” At 4iQ, we’ve continued to observe the flourishing trade of PII in underground communities and the dark web, despite efforts by companies to secure their networks with security protocols and employee cyber security training. In 2018, 4iQ curated 13,000 data breaches, while in 2017, an average of 245 breaches were discovered on a monthly basis. Compromised networks can be difficult to detect, and some take years to mitigate. Maintaining the integrity or availability of networks is a difficult task for the Chief Information Security Officer or others with that responsibility, as risk mitigation can be difficult to manage. There is no universal remedy to avoid being compromised, but that doesn’t mean you should feel powerless. Take, for instance, the infamous 2017 Equifax breach that affected some 148 million consumers worldwide. In the aftermath of the breach, a House Oversight Committee report concluded that the breach was entirely preventable given Equifax’s poor and dated cybersecurity practices. This problem isn’t unique to Equifax, and therein lies the problem. As a consumer, you expect companies holding your sensitive information to practice proper cyber hygiene, but that just isn’t always the case. A company-wide approach needs to be taken in order to safeguard personal data. Minute details, such as using unique passwords for all your accounts, often get overlooked, leading to detrimental outcomes. If an employee was affected by a third-party breach, and they happened to be using the same password for their work email as they were using for their outside account which was compromised, your company could indirectly be impacted. It’s cliché, but your organization is truly only as strong as its weakest link. Sitting through mandatory cybersecurity training might be a pain, but it serves a purpose. Additionally, keeping security software up to date and using a breach watch service can help mitigate your organization’s vulnerability, in turn reducing the vulnerability of all its stakeholders. Data breaches are an all too common occurrence for businesses in today’s global cyber-culture. Why risk adversaries and competitors using compromised networks to gain a business advantage under the guise of a breach?
Page 1 and 2: Data Breaches: Beyond Exposing Iden
Page 3 and 4: CONTENTS (cont') Prioritizing Secur
Page 5: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 24 and 25: About the Author Kem Gay is an Inte
Page 26 and 27: Rip Off the Band-Aid This leaves us
Page 28 and 29: Why Biometric Data Use Poses Unique
Page 30 and 31: • DNA Kits: If you purchased or u
Page 32 and 33: How to be Workforce Ready and Stand
Page 34 and 35: Maximiliano Gigli, a third-year cyb
Page 36 and 37: Interestingly, the two groups diffe
Page 38 and 39: Cross-site Scripting Is an Underrat
Page 40 and 41: Stealing HTML5 web storage data: HT
Page 42 and 43: Cybersecurity in New York City, the
Page 44 and 45: A boom in cybersecurity startups se
Page 46 and 47: illion risks and threats among its
Page 48 and 49: Some Important Developments in the
Page 50 and 51: About the Author Sharmistha Sarkar
Page 52 and 53: employees to contractors and sub-co
Page 54 and 55: The Internet of Things Engineering
Page 56 and 57: About The Author Milica D. Djekic i
Page 58 and 59: kind. Many of them require some kin
Page 60 and 61: 2019 Risks in Focus: Cyber Incident
Page 62 and 63: However, the past year has also wit
Page 64 and 65: Why Insider Threats Are One of the
Page 66 and 67: Unlike with outside security threat
Page 68 and 69:
Organizations will also frequently
Page 70 and 71:
The US Must Catch Up to Other Promi
Page 72 and 73:
The fact is, the wider internationa
Page 74 and 75:
Integrate Compliance and Regulation
Page 76 and 77:
Security have and have-nots How org
Page 78 and 79:
1. People Having the right people c
Page 80 and 81:
sources (such as syslog’s, Net Fl
Page 82 and 83:
Limitations of Current Endpoint Sec
Page 84 and 85:
For effective detection, most EDR s
Page 86 and 87:
Why Wi-Fi Hacking Will Persist Desp
Page 88 and 89:
About the Author Ryan Orsi is Direc
Page 90 and 91:
questions such as, “Who added a w
Page 92 and 93:
About the Author Josh Paape is an O
Page 94 and 95:
for well-known, repeatable needs fi
Page 96 and 97:
Overcoming Software Security Issues
Page 98 and 99:
Implementing Security Checks at Str
Page 100 and 101:
Phishing in the Dark: Employee Secu
Page 102 and 103:
phishing threats. Furthermore, almo
Page 104 and 105:
Unfortunately, once an application
Page 106 and 107:
Software Should Come with a “Nutr
Page 108 and 109:
vulnerabilities. If they find vulne
Page 110 and 111:
I can't get no satisfaction, I can'
Page 112 and 113:
How Organizations Should Choose a L
Page 114 and 115:
load balancers capable of integrati
Page 116 and 117:
SaaS DNS Security: Are you Protecte
Page 118 and 119:
associated with any security event
Page 120 and 121:
120
Page 122 and 123:
122
Page 124 and 125:
124
Page 126 and 127:
126
Page 128 and 129:
128
Page 130 and 131:
130
Page 132 and 133:
132
Page 134 and 135:
134
Page 136 and 137:
136
Page 138 and 139:
138
Page 140 and 141:
140
Page 142 and 143:
142
Page 144 and 145:
144
Page 146 and 147:
146
Page 148 and 149:
148
Page 150 and 151:
We’ve launched http://www.CyberDe
Page 152 and 153:
Marketing and Partnership Opportuni
Page 154 and 155:
Regent University’s Institute for
Page 156 and 157:
156
show all

CDM-CYBER-DEFENSE-eMAGAZINE-March-2019

Create successful ePaper yourself

Delete template?

Save as template?