CS Mar-Apr 2020

More documents

Recommendations

Info

expert insights THE INTELLIGENT APPROACH TO CYBER THREAT INTELLIGENCE SEEKING SOMEONE WHO CAN UNDERSTAND VULNERABILITY, EXPLOITATION AND ATTACKER MOTIVATION? IAN THORNTON-TRUMP, CHIEF INFORMATION SECURITY OFFICER FOR CYJAX, MAY HAVE THE ANSWER Ian Thornton-Trump, Cyjax. As soon as you say the word 'Intelligence', everyone seems to think 1960s East Germany. I don't know why everyone seems to think that the words 'Intelligence Analyst' are exclusively reserved for nation states or large organisations. I'm here to tell you that tactical intelligence and strategic intelligence are easily within the reach of most organisations - no trench coats required. The reality is that an 'intelligence Analyst Skill' is not learned in university; it's generally the domain of law enforcement, military or government agency service. That's a travesty that I am going to fix right now. It does not require some sort of special person, special forces qualified and of exceptional intelligence. It does require a person to be able to embrace a different way of thinking and writing, which moves beyond traditional academic writing or journalism. Intelligence analysis and the products that process produces are all about timely, accurate and actionable content - a marked departure from 5,000 words on the fall of the Prussian Empire or an attempt to sensationalise the latest celebrity misstep. When you stick the Cyber word in front of 'Intelligence Analysis', one may think that this is even more esoteric profession, but it is actually applying the 'world's second oldest profession's' thinking to a relatively new problem. Despite the Hollywood and media stereotypes of excessive gym-based activity 'Blackhat' or nerdy computer skills 'CSI Cyber', the actual "Cyber Threat Intelligence Analyst" needs none of those marksmanship or hacking skills - it's not to say they may not help, but realistically it's unlikely to be needed in day-to day-activity. So, the question is: What is a Cyber Threat Intelligence Analyst? An oracle? A fortune teller? In simple terms, it's someone that can understand vulnerability, exploitation and attacker motivation. An expert at threat modelling with gifted communication skills. Folks that have had to stand in front of a class or defend a dissertation are generally superior recruits for executing analysis tasks to protect organisations. If Park Rangers look for fires through binoculars, Intelligence analysts tell them where to look and why they need to look. That's the essence of the job. One can easily understand that, if you know where to look and why you need to look, this is a huge cost savings and a huge time saving - that's the value of intelligence when it comes to your organisation. Imagine if a person was able to look at what you have and tell you what bad guys have that may take it away, and what you could do to thwart them. A 'win', then, is getting in front of an attack by knowing when, where and how the attack might come. Now, truth be told, I've had a lot of training as an intelligence analyst (Canadian Forces & RCMP - I was actually trained by a ex-CIA instructor) and, in the case of 'Eternal Blue', 'Blue Keep' and the registration of a fraudulent typosquating domain, along with issue of a certificate for that typosquating domain, I'm very confident that an attack on an organisation is forthcoming - as that's what bad guys do. My prediction based upon analysis comes from experience, but how I reach that conclusion is an intellectual process - easily taught and more accurate over time with analyst experience. Good intelligence can help direct a spoiling attack - something that disrupts the bad guys from successfully executing an exploit against you. The information to protect your organisation is out there - you just need someone that is trained in the art of listening and direct your organisation to take action. 30 computing security Mar/Apr 2020 @CSMagAndAwards www.computingsecurity.co.uk
COVID-19 HOMING IN ON COVID-19 AS THE IMPACT OF THE COVID-19 VIRUS ESCALATES, MORE AND MORE EMPLOYEES ARE WORKING FROM HOME. BUT DANGERS LURK THERE AS WELL AND URGENT ACTION NEEDS TO BE TAKEN As the UK begins to embark on its biggest ever deployment of homeworking due to the spread of COVID- 19, there is a real risk of an imminent largescale cybersecurity crisis, warns Phil Chapman, Senior Cybersecurity Instructor at Firebrand Training. "Hundreds of thousands of people will soon, if not already, be working from home for an unspecified period of time, putting a huge strain on IT departments who hold a lot of the responsibility for keeping the business up and running during this period. For many companies and employees, it will be the first time they have experienced home working on such a magnitude and many will not be sufficiently prepared for the security risks." Three pieces of advice that Chapman offers to organisations that are seeking to mitigate the risk they face during what are challenging times are: Advise your employees to avoid using their Wifi connection at home and rather connect their laptops or workstations to the router with a network cable. "Not only does this provide a more secure connection, but it also enhances speed, as it will be quicker than wireless." Make sure employees are using a VPN [Virtual Private Network], with appropriate encapsulation and authentication to the data they are accessing. "If possible, use IPSEC or SSTP (Secure Socket Tunnelling Protocol) as a connection. You can suggest split tunnelling, which allows a user to establish a secure VPN for work-related connections, but use their own Internet connect to do 'non-work' related activities. The most important thing is to ensure your staff have sufficient cybersecurity awareness. "At this time, there should be no reason why a user is connecting to corporate resources in public spaces as they should be at home," he adds. "But they must be aware that other people can still access their screens - although the risk is smaller at home, users should lock their devices when not in use. They should behave as if they were in the office, applying the same security mechanisms as they would do at work. Acceptable usage policies [for corporate and BYOD devices] should be robust and apply at home equally as at work. This also includes telephone calls and online meetings." MANAGING RISK There are several things organisations can do to better protect their corporate environment from threats as they adapt to a remote and distributed workforce, states Matt Shelton, director, Technology Risk and Threat Intelligence, FireEye. "Accessing corporate resources remotely creates an opportunity for attackers to blend in with the workforce. Implementing multi factor authentication (MFA) on all external corporate resources significantly reduces this risk." But organisations should not stop at MFA, he adds. "Implement a single sign on (SSO) platform to tie corporate and cloud resources together with a common authentication source. Employees will appreciate a common set of credentials, while providing administrators with the ability to centralise credential management and monitor for abuse." No one yet knows the likely scale of the virus's impact or how long the pandemic may last. Keeping safe from COVID-19 and staying secure at home when working on-line may become a long-term challenge that most of us will have to face in the weeks and months that lie ahead. Phil Chapman, Firebrand Training: ensure your staff have sufficient cybersecurity awareness. www.computingsecurity.co.uk @CSMagAndAwards March/April 2020 computing security 31
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: editor's focus RICH VEIN OF POSSIBI
Page 8 and 9: expert insights WHY CYBERSECURITY P
Page 10 and 11: 2020 predictions MORE 20/20 VISIONS
Page 12 and 13: 2020 predictions Mike Riemer, Pulse
Page 14 and 15: expert view CEOS IN THE FIRING LINE
Page 16 and 17: data management THE PLOT THICKENS W
Page 18 and 19: data management All of this potenti
Page 20 and 21: cybersecurity and ISPs WORLD-WIDE M
Page 22 and 23: fraud & cybercrime CYBERCRIME FIGUR
Page 24 and 25: Coronavirus scam SPOOF ATTACK UNLEA
Page 26 and 27: GDPR BREACHED - AND TOTALLY UNAWARE
Page 28 and 29: encryption systems THE QUANTUM CRYP
Page 32 and 33: product review CLOUD PROTECTION FOR
Page 34 and 35: expert insights ESSENTIAL BUILDING
Page 36: Shearwater Group plc is an award-wi

CS Mar-Apr 2020

Create successful ePaper yourself

Delete template?

Save as template?