Cyber Defense eMagazine July 2021 Edition
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Applying PR tactics is a new page in the hacker playbook to mask the organizational root causes of<br />
cyberattacks. Within these companies being targeted, it’s not a factor of negligence, it’s a lack of a clear<br />
understanding as to what these cybersecurity risks mean and how to translate them into impact. There's<br />
a big gap between the IT side of the house and the operational departments; each side has a separate<br />
administration department that doesn't always share security-related information in a timely manner. In<br />
the Colonial Pipeline’s case, their corporate exposure to the internet was most likely very tight, but<br />
exposure through its refineries—where they probably have their own security rules and procedures—<br />
was weaker and may not have matched up more stringent corporate security policies.<br />
Threat intelligence remains very compartmentalized and there's no central repository to share<br />
information. In many of these cybersecurity instances, investigators have to go to multiple sources, in<br />
multiple departments, to begin pinpointing the root cause of the attack. The highly operationalized<br />
companies who prioritized what is only important to their specific part of the organization prolong the<br />
attack identification process. From the IT department down to the industrial control systems, there needs<br />
to be a better accountability structure in place and support for corporate-wide threat/risk data sharing—<br />
especially in utilities.<br />
Attackers - A Victimless Mindset<br />
Oftentimes, criminals who do these types of attacks are under the impression that it’s a victimless crime<br />
and at one point, the company will get reimbursed by their cyber insurance provider. In the Colonial<br />
Pipeline case, the hackers are hitting the company’s bottom line as well as affecting the price of gas all<br />
along the U.S Eastern seaboard. “We are sorry. We wanted to start a little fire not a big fire” is far from<br />
an already morally dubious ‘Robin Hood’ act. Imagine what would have happened if this was a wellcalculated<br />
attack on purpose, like the 2015 attack on the Ukraine power grid.<br />
To combat criminal hackers there needs to be a real-time, institutional understanding of what the threats<br />
are and a universal repository of data shared among all organizations, similar to how the National Oceanic<br />
and Atmospheric Administration (NOAA) shares all weather-related information to benefit everyone. But<br />
the fact remains that companies don't want to talk about their cybersecurity issues fearing bad PR and<br />
shareholder repercussions. All organizations need to share information on security breaches to create<br />
resiliency that enables quicker and more effective attack responses. To achieve this resiliency and<br />
collective response, companies need to have an overall risk management strategy—not just a bunch of<br />
vendor management tools—to create a reasonable strategy.<br />
Conclusion<br />
We live in a world where virtually everything is connected to the internet and there will always be bad<br />
actors looking for a way in. Companies need to embrace this reality, but a lot of organizations chose to<br />
downplay their chances of being hacked. The minute devices are connected to the internet there is an<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2021</strong> <strong>Edition</strong> 49<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.