CS Nov-Dec 2023

More documents

Recommendations

Info

cyber awareness Don Boxley, DH2i: today's cyber threats are escalating into full-blown crises - we must urgently overhaul our digital defences. Simon Church, Xalient: invest heavily in training to enable employees to make smarter security decisions. understand the process and who is doing what. "And I'm not just talking about technology here, but people and processes. For example, what communications about the attack will they share with employees, customers and other stakeholders? What do they want employees to do? What do they want senior executives and the board to do? All too often I see organisations assume that, because they have the technology in place, it will magically and seamlessly recover their systems, but they neglect the fine detail around communications and reassurance." He also identifies human risk as a major factor. "In fact (depending on the sources you refer to) 75-90% of all cyber incidents are human initiated. So, it is very important to focus on having employee security awareness training in play. Today, employees operate in a blended environment, moving seamlessly between work applications and personal apps. Whereas previously they have been prevented from sharing company data outside the network perimeter, in our world of social media we often overshare, which leads to a lot of freely available open-source data, or OSINT. "Cybercriminals use OSINT for social engineering purposes. They gather personal information through social profiles and use this to customise phishing attacks. The most recent MGM breach, for example, was a result of a social engineering attack on an employee who inadvertently gave hackers access to MGM's systems. Investing heavily in training to enable employees to make smarter security decisions will help them manage the ongoing problem of social engineering and clever phishing attacks. Performance should also be regularly measured to see how employees are implementing training in the real world and there must be KPIs around this that are ideally discussed at senior management or board level. It is likely that the MGM attack could have been averted, if the employee had been more aware and better trained." Also, as many breaches utilise a vulnerability or flaw in operating systems' code, the patching cadence and criticality need to be agreed and assessed on a regular basis, so that the organisation prioritises patches based on risk to the business, Church adds. "To put this into context, last year there were approximately 20,000 new patches created by software vendors; this year, that figure is expected to increase to 22,000. This means that the largest organisations have a backlog of over 100,000 patches to deploy, which is an almost impossible task without clear risk prioritisation." Managing their third parties and any extended ecosystem cyber risk is equally critical for CEOs. "It is very difficult from an outside view to determine which third party has strong cyber controls and which ones are already, or likely to be, compromised. Standard risk assessment processes tend to be 'point in time', involving questionnaires and audits. For cybersecurity, this is a flawed approach that usually leads to risk tolerance or acceptance. Rather than just categorising third parties as high or low risk, organisations should focus on the nature of the relationship and their adherence to the same security policies and practices implemented by the organisation. Do they control sensitive data or have they got access to critical systems?" Cybercrime is predicted to be worth a massive $10.5 trillion dollars by the end of the year, Church points out. "If it were a country, it would equate to the thirdlargest country in the world, in terms of GDP, so it is clearly big business. Having robust security controls, a solid risk management plan and dynamic risk policies, as well as a tried and tested recovery plan, won't totally remove the threat of a cyberattack, but it will certainly reduce not only the probability of a breach, but also the impact to the business." 24 computing security Nov/Dec 2023 @CSMagAndAwards www.computingsecurity.co.uk
case study ON YOUR METAL! WHEN ONE METAL FABRICATION COMPANY SUFFERED SEVERAL MALWARE ATTACKS, IT REACHED OUT FOR THE RIGHT SOLUTION TO PROTECT ITS OPERATIONS In the last few years, ARKU Maschinenbau in Baden-Baden, Germany, has faced an increasing number of malware attacks. Working closely with the Freiburg branch of the IT systems house NetPlans, it introduced extensive measures to defend itself. In its search for reliable and scalable network protection, quickly became clear to the metal fabrication company that macmon NAC was the right option: NetPlans is a Platinum macmon partner with certified and continuously trained macom experts that has provided what is said to be "first-class support" for its customers - from the SME sector especially - with the implementation of a vast number of projects. To authenticate endpoints, ARKU uses macmon's integrated RADIUS server to make the decisions on ARKU Maschinenbau runs its worldwide operations from its base in Baden-Baden, Germany. granting access. As the ID or means of authentication, a number of properties can generally be used, such as the MAC address, username/password or certificate. Since the network is not accessed by the system until the RADIUS server has confirmed it, there are no unused or insecure ports, which increases security significantly. While granting access, the IT team can define and specify additional rules for the switch to implement. If the switch is technically capable of doing so (layer 3), a specific VLAN, defined ACLs or almost any other attributes can be assigned in this way. An access control list (ACL) limits access to data and functions. The ACL determines the extent to which individual users and system processes have access to certain objects such as services, files or registry entries. As IT & digitisation team leader at ARKU, Felix Pflüger, comments: "We use a variety of security solutions in our company. Thanks to macmon NAC, we always have oversight over our extensive IT infrastructure. Our switches are administered via SNMP and RADIUS, meaning macmon sets the appropriate VLAN on the switch port, or the port is blocked, if there are unknown devices. That prevents unauthorised devices from gaining access via network outlets, for example." Frequent visits by customers and suppliers present companies with the challenge of preventing these users' end devices from accessing the company's internal network. The functions of the 'Guest Service' module provide an intelligent and flexible management system for an external device with a granular guest ticket system for controlling temporary LAN and WLAN access. Since the number of external visitors was manageable during the Coronavirus period, the IT department was responsible for deciding whether or not visitors were granted access. In the future, however, this task will be delegated to authorised employees with the macmon guest portal. Without having to deal with the macmon NAC administration, they can generate access data directly in the portal or confirm visitors who have registered themselves. The resources shared and the duration of access can be defined while creating the access data, ensuring each visitor can access only the specific resources approved for them. For instance, a service technician who has to maintain machine equipment has different access rights to a customer visiting the company for a meeting. www.computingsecurity.co.uk @CSMagAndAwards Nov/Dec 2023 computing security 25
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Daniel Hofmann, Hornetsecurity
Page 8 and 9: ook review INSIDE THE REVOLUTION A
Page 10 and 11: product review HORNETSECURITY 365 P
Page 12 and 13: 2023 CS Awards Magician Nick Einhor
Page 14 and 15: ansomware ENEMY NO 1 - IS THE CROWN
Page 16 and 17: ansomware Michael Smith, Vercara: r
Page 18 and 19: inside view RANSOMWARE THREATENS BA
Page 20 and 21: cybersecurity training DRIVING EMPL
Page 22 and 23: cyber awareness THE CRIME-BUSTING C
Page 26 and 27: attacks offensive PHISHING ENTERS D
Page 28 and 29: attacks offensive Kennet Harpsoe, L
Page 30 and 31: artificial intelligence FAKING IT W
Page 32 and 33: data privacy WHAT DATA PRIVACY MEAN
Page 34 and 35: data privacy Edward Machin, Ropes &
Page 36: Computing Security Secure systems,

CS Nov-Dec 2023

Create successful ePaper yourself

Delete template?

Save as template?