The best cloud security tools have these features… – CyberTalk

The best cloud security tools have these features… – CyberTalk

EXECUTIVE SUMMARY:

In the digital age, cloud computing has become an indispensable catalyst for business growth and agility. Nearly 90% of organizations report hosting sensitive data or workloads in the public cloud, while a staggering 76% have adopted a multi-cloud strategy – a figure that’s expected to rise in the near future.

The shift to cloud has led to increased scalability, flexibility and cost optimization, among other  benefits. In essence, cloud has enabled operational transformations.

However, the cloud has also introduced an array of complex cyber security challenges. To confront this reality, organizations need to adopt a proactive approach to cloud security, along with the best cloud security tools available. The most powerful cloud security tools are packed with advanced features, like those described below.

Threat detection and prevention capabilities:

One of the fundamental features of top-tier cloud security tools is comprehensive threat prevention and detection. Cloud security tools should employ sophisticated algorithms and machine learning techniques to identify and mitigate possible threats in real-time.

By continuously monitoring a number of different network areas and user behaviors, tools can find anomalies and spot malicious patterns. When that occurs, they can also promptly alert security teams, which can implement effective countermeasures.

Robust access control and identify management:

Robust access control and identity management functionalities are crucial when it comes to cloud security. The best tools offer granular controls over user privileges, ensuring that only authorized individuals can access sensitive data and other resources. Multi-factor authentication, role-based access controls and federated identity management capabilities can further enhance security – they verify user identities and limit access based on predefined policies.

Data encryption:

Top-notch cloud security tools should provide robust encryption mechanisms that protect data both in-transit and at-rest. This ensures that even if data is intercepted or compromised, it remains unreadable and secure, thus preventing potential data breaches and unauthorized access attempts.

Auditing and reporting capabilities:

The most effective cloud security tools offer comprehensive auditing and reporting functionalities. Tools should maintain detailed logs of user activities, system events and cyber security incidents. In turn, should a breach occur, organizations will be able to conduct thorough investigations and forensic analyses. Additionally, customized reporting capabilities are a must. These allow security teams to create insightful reports and to more easily comply with relevant security standards or frameworks.

Integration with existing security infrastructure:

Seamless integration with existing security infrastructure is a hallmark of exceptional cloud security solutions. The ability to integrate with firewalls, intrusion detection and prevention systems, along with other security tools, ensures a strong cyber security posture.

Scalability and flexibility:

Further, the best cloud security tools should offer robust scalability and flexibility. In so doing, they will be able to accommodate continuously changing business needs. As organizations grow and cloud environments expand, cloud security should be able to scale effortlessly, ensuring consistent security coverage and performance across the entire infrastructure.

Vendor support and regular updates:

Vendor support and regular updates are also critical factors to consider when evaluating cloud security tools. Top vendors provide reliable support. They’re also careful to address any issues or concerns expediently.

Additionally, regular software updates and patches are key in ensuring that cloud security tools remain effective in guarding against the latest threats and vulnerabilities.

User-friendly interfaces:

Finally, when it comes to cloud security management, user-friendly interfaces and intuitive dashboards are key. The most advanced cloud security tools offer intuitive and customizable dashboards that provide real-time visibility into the security posture, enabling security teams to quickly identify and respond to potential threats.

Further thoughts

As organizations continue to shift operations into the cloud, investing in the best cloud security tools is imperative. Advanced features from robust access controls, to data encryption, to strong vendor support enable organizations to mitigate risks and to ensure business continuity.

For more cloud security insights, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

The 10 most dangerous ransomware groups right now – CyberTalk

The 10 most dangerous ransomware groups right now – CyberTalk

EXECUTIVE SUMMARY:

Ransomware can ravage a business in seconds; inhibiting data access, cutting into profits, and tarnishing a carefully crafted reputation.

In 2023, every week, on average, 1 out of every 34 organizations worldwide experienced an attempted ransomware attack, representing an increase of 4% compared to the same period last year.

In many cases, it is the same handful of ‘ransomware families’ or ransomware groups that keep creating, delivering and propagating ransomware.

In this article, unpack who’s behind recent ransomware attacks, how ransomware groups operate, and what to pay attention to within your environment.

This information can then assist in determining how to fortify digital infrastructure. Get insights into where and how to focus your digital innovation and transformation initiatives. Create the best ransomware prevention program possible.

Let’s dive in:

The 10 most dangerous ransomware groups right now

1. Lockbit3. Of all the active ransomware groups, between January and June of 2023, Lockbit3 proved the most prolific.

Lockbit3’s maneuvers gave rise to 24% of all reported victims. The group attempted to disrupt and publicly extort organizations across more than 500 different instances, which represents a 20% increase in victims as compared to H1 2022.

LockBit leverages a Ransomware-as-a-Service model and typically targets large enterprises and government entities. LockBit goes after organizations worldwide, except for those in Russia or other Commonwealth of Independent States.

The recommended mitigations list is extensive. Your organization might start with implementing sandboxed browsers, requiring accounts to comply with NIST password management and policy standards, and implementing email filters.

2. Clop Ransomware. Clop is among the most active ransomware groups observed this year, having led more than 100 attacks in the first five months of the year alone.

While Clop targets organizations across industries, – from multi-national oil companies, to healthcare organizations – it seems to have a particular affinity for organizations with revenues that exceed $5 million.

To date, Clop is believed to have cumulatively extorted businesses for more than $500 million in ransom payments.

After Clop’s alleged exploitation of a zero-day flaw in the MOVEit Transfer app in the spring of last year, the U.S. State Department’s Rewards for Justice program announced rewards of up to $10 million for information establishing a connection between Clop and foreign governments.

3. MalasLocker. This group first emerged in April of 2023. In its comparatively brief existence, it has done a lot of damage, targeting over 170 victims.

Approximately 30% of said victims have been Russian entities, which is highly atypical, as attacks on former Soviet Union targets are usually avoided.

The group largely targets users of Zimbra, an online collaboration tool intended for organizational employees. The group is best known for its seeming anti-capitalist sentiment, where it demands that victims make “charitable donations” to a non-profit of the victim’s choice.

The group has started out by targeting smaller organizations, however, it may attempt to wreak havoc on larger organizations as the weeks and months progress.

4. ALPHV (BlackCat). This ransomware gang is known for its creative and “crazy” ideas. For instance, its use of the rust programming language, which makes detangling ransomware attacks much more complicated than previously.

Across this year, ALPHV a.k.a BlackCat has executed several notable breaches. The group has taken credit for compromising airports, oil refineries and other critical infrastructure providers.

The cyber criminals involved are either loosely tied to the Darkside group or may have initiated a rebrand of the Darkside gang. Also worth noting, BlackCat hackers may have previously worked with the REvil cartel.

The recommended mitigations list is extensive. Recommended mitigations include reviewing domain controllers, servers, workstations and active directories for new or unrecognized user accounts, backing up data, reviewing Task Scheduler for unrecognized scheduled tasks, and reviewing antivirus logs for any indications of tampering.

5. Bianlian. Starting in June of 2022, this ransomware developer, deployer and data extortion group has targeted organizations across U.S. infrastructure sectors. The group has also compromised Australian infrastructure, professional services and property development organizations.

Bianlian attempts to gain system access through valid Remote Desktop Protocol (RDP) credentials, open-source tools and command-line scripting (for discovery and credential harvesting). Then, the group exfiltrates victim data via File Transfer Protocol (FTP), Rclone or Mega. Once complete, the group demands payment, threatening to dump private data online if payment is not made.

To mitigate threats from Bianlian, CISA recommends that organizations strictly limit use of RDP and other remote desktop services, disable command-line and scripting activities and permissions, and reduce use of PowerShell and update Windows or PowerShell or PowerShell Core to the latest versions.

6. Royal. This group has targeted a variety of critical infrastructure sectors, including the manufacturing, education, communications, and public health sectors.

The Royal ransomware group typically disables antivirus software and exfiltrates large quantities of data. Afterwards, the attackers deploy ransomware and encrypt systems.

In the past, Royal group criminals have made ransom demands ranging from approximately $1 million to $11 million USD.

In protecting against Royal, defenders are encouraged to retain multiple copies of sensitive or proprietary data and servers in physically separate, segmented and secure locations.

Further, require all accounts to comply with password management best practices, require multi-factor authentication, patch systems (and software and firmware) as needed, and segment networks.

7. Play. This ransomware group appeared in June of 2022. It was named for the “.play” file extension added after encryption of a target’s files and the single-word ransom note “PLAY” that’s shown to victims.

The group leverages custom tools. This approach is believed to reduce dwell time, decreases the likelihood that the tooling will be reverse-engineered or adapted by other groups, and may provide tighter control over operations than is otherwise available.

Initially, the group focused on Latin America, with an emphasis on Brazil. However, the group’s interests have expanded. In recent months, the group forced a state of emergency in the city of Oakland, California.

8. Akira. This group exploits public-facing services or applications, takes advantage of weaknesses in multi-factor authentication and also exploits known vulnerabilities in software.

Akira ransomware attackers target educational institutions, financial groups, those in the manufacturing sector, real estate and medical industries.

In the past, Akira has leaked victims’ data on their leak site. The size of the leaked data has ranged from 5.9 GB to 259 GB. Ransom payment demands have ranged from $200,000 to several million dollars.

9. NoEscape. These hackers rapidly emerged as a formidable threat earlier this year. NoEscape says that they’ve built their malware and its supporting infrastructure from scratch.

In terms of targets, it appears that NoEscape operators avoid attacking organizations in the Commonwealth of Independent States (CIS).

As of this writing, the NoEscape group provides its affiliates with ways to create their own payloads and to manage payloads for Windows and Linux. Apply a multi-layered approach in order to defeat these ransomware attackers.

10. Other. Roughly 34% of ransomware attacks are executed by a diverse set of ransomware groups.

These include groups like BlackBasta, Hive, and Conti, along with a cadre of others, some of which hide behind continual name changes, in an effort to “rebrand.”

 Further thoughts

Leverage these insights to elevate your cyber security and resilience posture. For more insights into ransomware, please see CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.

A strategic shift to AI-powered and cloud-delivered solutions – CyberTalk

A strategic shift to AI-powered and cloud-delivered solutions – CyberTalk

EXECUTIVE SUMMARY:

AI is revolutionizing businesses worldwide. Enterprises are being reinvented through artificial intelligence. AI is also separating the industry leaders from the industry followers. 

In the U.S., 73% of companies have already adopted artificial intelligence. Within certain sectors, experts expect that, on an annual basis, AI could contribute $4.4 trillion to the economy.

But, despite the promise and potential, a number of enterprises have slowed their AI adoption, citing compliance and data privacy concerns as barriers to rapid deployment.

What a lot of enterprises aren’t aware of is that there’s a strategic shift happening…AI has become an integral part of the cyber security landscape.

Diverse IT environments

Imagine an intelligent shield that dynamically protects data by adapting to emerging threats, ensuring that your organization always stays one step ahead of hackers.

AI-based cyber security tools, such as Check Point Infinity AI Copilot, can provide this type of flexible and comprehensive security for diverse IT environments.

Closing the talent gap

Another advantage of AI-powered cyber security tools is that they can help close the cyber security talent gap.

Worldwide, there’s a shortage of roughly three million cyber security professionals.

AI-based tools, like Check Point’s Infinity AI Copilot can enhance analysts’ speed and accuracy, bridging the gap.

AI-based cyber security tools like Infinity AI Copilot enable protection of data centers, networks, cloud, branch offices and work-from-anywhere users. Admins can now easily obtain capabilities that allow for streamlined management via a unified management console.

Collaborative communication

Platforms like Infinity ThreatCloud AI can also provide rapid, real-time threat intelligence. The intelligence is seamlessly woven into the fabric of the platform. Automation and orchestration features ensure that threat responses are fast and effective.

Get more information

AI-powered cyber security engines enable organizations to proactively prevent and defend against threats by offering complete coverage of a security estate, real-time insights, automated processes and greater efficiency.

Enhance your knowledge. Join me at SecureWorld Boston, a premiere cyber security conference that offers a wealth of learning opportunities for CISOs and other security professionals. We’ll talk more about AI-powered cloud-delivered cyber security, addressing specific use-cases in which AI-powered engines offer exceptional value. Register now and make the most of this event.

This International Women’s Day, meet a true technology trailblazer… – CyberTalk

This International Women’s Day, meet a true technology trailblazer… – CyberTalk

Micki Boland is a global cyber security warrior and evangelist with Check Point’s Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology, and innovation. Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and an MBA with a global security concentration from East Carolina University.

In this incredible interview, Check Point Evangelist Micki Boland discusses her career, mentoring the next generation of women in cyber and so much more. This interview will make you feel inspired, enlightened and energized. Don’t miss this!

What inspired you to pursue a career in cyber security?

Great question… it was on my mind for a long time. I had been in IT and emerging technologies for years. I worked in electronics and electrical engineering for the U.S. Army and eventually designed, architected, deployed and managed IT and communications systems for Kaiser Permanente and Sprint.

Before there was a formalized career in cyber security, most techies “hacked” things, took things apart and rebuilt and fixed them. Many of the people who eventually became hackers started in telecommunications.

I began my MBA with a global security concentration (political science), and included national security policy, evolution of terrorism, counterterrorism, and public safety strategy.

I mashed this up with my passion for emerging technology in my Master of Science Commercializing Emerging Technology degree while I was an HQ engineer at Nortel. After much consideration, I made the jump to cyber security.

I had a lot of supporters along the way, which I am so very grateful for and, as I can never thank those folks enough, I have tried to pay it forward.

I wanted to start my own business. I did a lot of planning and advice seeking from trusted entrepreneurs, and I also needed also to develop myself in advanced pen testing, ethical hacking, and digital forensic investigation and response.

Then, I made a huge leap to starting my own digital forensics investigation firm: a woman veteran-owned firm with an excellent management team, in Texas — a state that requires you to be licensed private investigators. We did get licensed.

Many adventures were had and hurdles overcome. My firm spent most of our time doing machine learning for attack path graphing and top down security assessments. We had a big goal of working on specialized forensics and investigations (non-exploitation). We were constrained primarily to enterprise and law firm work. Later on, a family friend who was at Check Point encouraged me to come to Check Point. I joined up with the Global System Integrator team here and I love Check Point Software’s entrepreneurial spirit and culture!

Have you always been very interested in building things, systems and STEM?

Yes, as a kiddo I loved all science, technology, and math, how things are connected and how things work. I had a real aptitude for breaking, building and fixing things.

What career accomplishments are you most proud of?

I am humble and do not really like to talk much about myself. If I think about it though, I will have to say starting my own investigations firm was gutsy. It is one thing to create enterprise, study the market, develop “services”, build proformas, get funded and launch, and entirely different to sustain and grow this enterprise. Sales and marketing and acquiring and delighting new customers is everything! I encourage any woman wanting to start her own businesses to proceed with due diligence, bootstrap and do it, as it is simply an amazing experience.

As a woman in the cyber security industry, what challenges have you faced and how have you overcome them?

I think the challenges for me have been largely of my own making, in terms of insatiable curiosity, learning, growing, and continuous seeking of new challenges and adventures. I get bored easily and like to do new things.

On one hand, cyber security has fed my seeking behavior, as it is hugely dynamic. The industry is rapidly evolving, the threat landscape is ever changing; new and emerging technologies are being developed and rolled out that need to be protected, threat actors are honing their skills, as are defenders. It is never boring. On the other hand, my continuous seeking has limited my opportunities for senior leadership positions, as I do not seek to spend time in grade and/or wait for someone else to age out to get opportunities. This is a good thing. I would rather be an intrapreneur and leader, teaming, adapting, improvising, and overcoming challenges while continuously getting better and craftier.

That said, I think that, in cyber security, we should actively campaign for women, veterans, and people of all walks and backgrounds to join the cyber security field. We can provide development opportunities to gain skills and experience. We must not let opportunities constrain people that do not have 10 out of 10 skills and/or X years of experience, as frequently required within job descriptions. It is often said that women will not “fake it ‘till they make it” and will not go after roles that they feel they do not have 100% of the skills and experience required for.

Do not hesitate. If you want the role, you have to go for it. Plan and learn, get help if you need advice or a mentor, fill your gaps while you are in the job and in the field. If you want a career in cyber security grab the bull by the horns and get there!

What kinds of cyber security projects are you involved in at the moment that might inspire our readers?

Generative AI (all algorithmic machine learning) and computational intelligence (artificial neural networks ANN) have been my quest since starting my Master of Science at the University of Texas at Austin in 2009-2010. In my cohort were some of the most amazing and brilliant people.

Having been active in IEEE, I joined the Society for Design and Process Science and worked with a most talented Dr. Cristiane Gattaz, and her father (also Ph.D.) from Brazil, both of whom worked on ANN in the aerospace industry. I also got to meet Dr. Chittoor V. Ramamoorthy, Professor of Electrical Engineering and Computer Science, Emeritus, U.C. Berkeley (may he rest in peace) in Sao Paulo and Berlin, Dr. Robert Metcalfe, the inventor of Ethernet (Metcalfe’s Law), and founder of 3Com.

I met Gary Hoover, the founder of Hoover’s Business, which later became Dunn and Bradstreet. He is also the founder of Bookstop, which later became Barnes and Noble. All of these amazing people work in computational intelligence and nothing has been more exciting to me than neural networks, swarm intelligence, generative AI and large language models.

With emerging technologies, there are many perspectives: how organizations adopt these technologies without incurring additional risk; how the defenders (including Check Point with 50+ AI engines to deliver 99.7% confidence threat intelligence) are using these technologies to protect data, networks, people and devices; and the way the adversaries are utilizing these technologies to attack organizations. It does not get more fun than that!

And lastly, I will mention that these technologies have been utilized to create deepfake videos, voice clones, fake images and fake news. It will be increasingly important for humans to use a zero trust approach with the online content they consume and to also understand the uses of these technologies for manipulation, destabilization, disruption, distrust, to sway public opinion, and to foment violence.

How can we encourage more women to pursue careers in cyber security?

Check Point has an employee resource group called FIRE, an acronym that stands for Females In Roles Everywhere. I think this is a great place to start. In this organization, there is outreach to women within Check Point, among our partners and among customers. There are sponsored events, including those for females in leadership roles and the C-suite. There are mentoring and STEM initiatives. This is a great way to lead the charge in terms of attracting women to pursue careers in cyber security.

We can also get into K-12 schools and higher education — talking with students help them see the opportunities available in cyber security, with careers ranging from technical support, to coding, to threat hunting, to incident response, to architects, to engineers, to technical sales, and management.

In your opinion, what role does mentorship play in fostering the next generation of cyber security professionals?

Mentoring is extremely important in fostering the next generation of cyber security professionals. At all stages of our careers in this industry, we are all continuously learning. We have to keep learning. No one has more expertise and real world experience than the people on the ground working with customers every day; those helping them solve their cyber security challenges, responding to security incidents and securing their corporate assets and finances.

As we celebrate International Women’s Day, what message would you like to share with younger women who are thinking of pursuing a role in cyber security?

Be bold. Come and join the cyber security warriors. We need you and you are indeed very welcome! If this is the career you want, I assure you, you will love it. Never let obstacles stand in the way of achieving your goals. If you do not know how to proceed, reach out and get a sherpa to help you with your strategy. Over, under, around or through the mountain!

Making cyber security more diverse and inclusive (starting now!) – CyberTalk

Making cyber security more diverse and inclusive (starting now!) – CyberTalk

Cindi Carter is a Field CISO for the Americas region at Check Point.

Happy International Women’s Day! As we recognize this day and celebrate the social, economic, political and cultural achievements of women, let’s also note that there is still much more work to be done, especially in relation to getting women involved in cyber security.

In this dynamic interview, Check Point Field CISO Cindi Carter discusses diversity, innovation and women’s empowerment in the security space. Cindi explores hidden aspects of these topics and also sheds light on the tremendous opportunities available for organizations.

Leverage the power of these perspectives to adapt your organization’s approach. Level-up all aspects of your cyber security strategy, including your talent strategy.

What impact does diversity have on innovation and problem-solving within cyber security teams?

Across the past 30 years, we have seen some of the most rapid technological advancements in human history. These advances have made both our business and personal lives easier and more convenient – by leaps and bounds.

At the same time, digital technologies have introduced enormous risks. As the technology evolves, so too do cyber crime techniques.

When I step back and think about who I prefer to hire, I intentionally look for people who may have a different viewpoint; people who can see things in ways that might make new avenues of exploration or new approaches accessible.

Of the requirements that I have for candidates, a technical background or a cyber security degree is the least of them. When working through a problem or a challenge, it’s sometimes extremely beneficial to have the perspective of someone who may not have grown up in IT or grown up in cyber.

In my view, diversity is a business-performance issue, not a compliance-with-the-mandate issue. Evidence shows that diversity impacts problem solving and innovation. Companies that are more diverse are more likely to achieve goals and outperform their peers.

We need creative and critical thinking skills on our teams – and those talents come from people with all different types of educational backgrounds, and from all different walks of life.

What initiatives can organizations pursue to retain and advance women in cyber security careers?

The gender imbalance in the cyber security field is non-trivial. Women make up just under 25% of the cyber workforce.

To not only retain women, but to also advance women’s careers, I believe that organizations should have professional forums that can offer resources and mentorship. These types of forums or special interest groups can support career aspirations and assist women in navigating their careers.

There are so many different roles in cyber security. There are at least 10 different primary cyber security “disciplines,” if you will. Within those disciplines, there are over 120 different types of roles.

So, when you consider the distinct career paths, specializations within the field, and the unique skillsets required within each, having professional forums can provide critical support.

Maintaining professional forums for women can also have a positive outcome for the organization as a whole – for all of the reasons that I mentioned in the previous answer in terms of contributing to innovation and problem solving.

How can CISOs and the organizations that they work for do a better job of collaborating with educational institutions, encouraging more women to pursue cyber security degrees?

Personally, I am involved in several different initiatives in this space across community colleges, technical communities, and through volunteer outreach programs.

At Check Point, we deliver a program called Secure Academy, which provides cyber security education courses to different types of institutions and diverse populations of students. At the end of the day, the students build the skills required to excel within the cyber security industry.

In a similar vein, CISOs, cyber security staff and organizations can create cyber training programs that can be shared with educational institutions. In turn, the institutions will be able to support and deliver a higher level of cyber security education to students.

You referenced them briefly – Would you like to talk a little bit more about the initiatives that you’re involved in that are designed to empower women in the cyber security space?

I am on a couple of different advisory boards for educational institutions. My roles include assisting with curation of educational material, offering 1:1 time to help women get a better sense of how to build their careers and answering questions, among other things.

It’s easy to make the false assumption that cyber security students have a strong sense of what it’s like to be a security practitioner. But people can get all of the education required and still not have any real understanding of what an SOC analyst does all day or the responsibilities involved in being a Chief Information Security Officer. So, in speaking more directly to my advisory capacity, I aim to offer a bit of that real-world perspective.

I am also the founding President of Women in Security – Kansas City, a non-profit that supports women at all career levels within the information security field.

Is there anything else that you would like to share with the CyberTalk.org audience?

As I noted earlier, technology has enriched our lives – it provides so much value – but it has also made us vulnerable to cyber crime.

We see that in the news everyday. And cyber crime is everywhere, affecting hospitals, schools and grocery stores, among other pillars of daily life.

As we continue to leverage digital technologies for business and personal gains, we’re going to see an increasing number of cyber crime-focused headlines. And we’ll feel the impact of those cyber attacks and data breaches.

But here’s the truth – I also believe that we don’t have to accept that kind of future. We can build a world where our organizations and personal lives remain unshaken by cyber crime. It’s a future that we all want – one where security prevails over vulnerability.

At the same time, that future may feel a bit out-of-reach because our talent pipeline is shrinking. As we strive for a cyber secure future, we need to actively support the next generation of professionals.

Around the world, we need to empower as many people as possible, especially women, to play critical roles in securing our digital ecosystem. Together, we can turn the tide, creating a more diverse, significantly more secure and more resilient cyber security environment.

Best practices, breaking barriers & business opportunities – CyberTalk

Best practices, breaking barriers & business opportunities – CyberTalk

Konstantina Koukou is a well-rounded, tech-savvy electrical engineering graduate with a specialization in Information and Telecommunication Systems and a Master’s degree in Business Administration. She has 13 years of experience in different roles, from technical to consulting, and a passion for cyber security.

Today, we’re taking the opportunity to highlight talented women in cyber security, including Konstantina Koukou, a distinguished technical expert and member of the Office of the CTO at Check Point.

In this interview, Konstantina shares several different reasons as to why she enjoys working in the cyber security space – reasons that you may be able to relate to.

Then, she delves into must-know insights and best practices that your organization should implement quickly in order to prevent emerging threats.

Finally, she provides fresh perspectives on how organizations can encourage more women to participate in the field of cyber security. Keep reading for amazing insights.

What do you enjoy most about working in the field of cyber security?

I enjoy it so much because every day is a new day; for all of us working in the industry. The fact that you need to constantly remain informed about new threats, attack methods, and new technologies is very intellectually stimulating. It makes cyber security for many cyber enthusiasts, including myself, an exciting and dynamic area to work in.

Also, in having the role of security consultant, as I do, it feels like you can have a real impact on protecting organizations and critical infrastructure, which can be quite rewarding, to say the least.

Lastly, I also like the social part of the job. I work closely with diverse teams and talented people, fostering collaboration to tackle security issues.

Your insights matter. What general cyber security recommendations do you have for organizations at this time, given what you’re seeing across the current threat landscape?

The threat landscape is evolving and we expect it to become even more challenging with the deployment of AI generated malware on the part of attackers.

There are several things that companies should do to stay protected. First of all, companies should build their own “human firewalls”. Companies need people who are trained, who are aware of the threats and the best practices and who can promote a culture of zero trust within the company.

Secondly, I believe that the current hybrid operating model of companies – given the adoption of cloud, SaaS services and the existence of the remote workforce – needs to be well monitored. When new products and services are introduced, there should not be any cyber security blind spots. Internal processes and tools should be aligned to improve the risk state.

Also, implementing AI in cyber security practices is a straightforward solution that can rapidly accelerate data analysis. Of course, the implementation of up-to-date cyber protections and zero trust principles in the organization goes without saying. Equally important is to develop and regularly test an incident response plan, as to make sure that the company is well prepared to respond and recover from cyber security incidents.

How can both academia and businesses encourage more women to pursue technical careers in cyber security?

It is imperative to bring in more female cyber crime fighters, not only because there is a huge lack of talent to cover the growing number of job vacancies, but also because it makes no sense for females to still be underrepresented in cyber security and the IT industry as a whole.

Failing to attract women means overlooking valuable skills and perspectives that can make the difference in the constant fight that is cyber security.

To achieve gender parity, the industry needs to address certain stereotypes. From an early age, girls need to interact with technology and to participate in S.T.E.M. programs, while schools need to foster digital literacy. Being called a nerd or geek is de-motivating for some girls (although for me it worked the opposite way : ) And to complement this, we need to create a supportive environment at home, school and/or work that focuses on the learning experience and motivation through curiosity.

Undoubtedly, there are many female role models in our industry that need to be promoted among a more general audience. Finally, in addition to the internships and mentoring programs that are always useful – either offered by educational institutes or businesses, – I think it also makes sense to recognize the current female employees organizations have.

Companies should invest in their employees, to allow them to progress, and investigate new roles, even if at first glance they don’t look like the perfect fit.

JetBrains TeamCity Supply Chain Bug; 1,700+ servers unpatched

JetBrains TeamCity Supply Chain Bug; 1,700+ servers unpatched

EXECUTIVE SUMMARY:

Security experts have warned that cyber criminals are exploiting a critical TeamCity vulnerability en masse. Hackers are creating hundreds of new user accounts on compromised servers. 

TeamCity as a target

First released in 2006, the popular commercial software known as TeamCity enables developers to create and test software in an automated fashion.

It offers feedback on code changes and reduces code integration problems. It also has native support for Jira, Visual Studio, Bugzilla (bug tracking), Maven (build automation), and more than a dozen other tools.

TeamCity has been used to build everything from websites to banking systems. According to parent company JetBrains, over 30,000 organizations rely on TeamCity. But the tool’s popularity has presented security challenges.

In late 2023, experts raised concerns about APT29‘s active exploitation of a similar vulnerability in the TeamCity product. The current vulnerability, well, keep reading…

Current vulnerability details

The new vulnerability is listed as CVE-2024-27198. It’s an authentication bypass vulnerability in the web component of TeamCity on-premises.

As noted previously, the vulnerability is being exploited on a large-scale, which involves the creation of numerous new users on unpatched instances of TeamCity that are exposed on the public web.

Risk to supply chain

JetBrains did address the issue with a fix on Monday. However, more than 1,700 organizations have yet to receive the software update.

The vulnerable hosts are primarily located in Germany, the United States and Russia, with a few in China, the Netherlands and France. Of these, researchers believe that cyber criminals have already compromised more than 1,440 instances.

“There are between 3 and 300 users created on compromised instances, usually the pattern is 8 alphanum characters,” said a spokesperson from LeakIX, a search engine for exposed device misconfiguations and vulnerabilities.

The compromise of production machines used to build and deploy software (as TeamCity provides) could lead to supply chain attacks, as they may contain sensitive information about the environments where code is deployed, published or stored. Hackers could potentially extract information, reconfigure details and/or deploy a significant malware-based threat.

March 5th 2024: On March 5th, experts recorded a sharp spike in attempts to exploit CVE-2024-27198. The majority of attempts came from systems in the United States; on the DigitalOcean hosting infrastructure.

Unauthorized access to a TeamCity server could grant an attacker complete control over all aspects of projects — builds, agents and artifacts. Consequently, it serves as a suitable means through which to position an attacker to execute a supply chain attack.

Urgent update

The severity score for CVE-2024-27198 is 9.8 out of 10. The bug affects all TeamCity releases up to 2023.11.4 of the on-premise version.

Due to the widespread vulnerability exploitation, administrators of on-premise TeamCity instances are advised to take immediate steps surrounding the installation of the newest updates.

This incident underscores the importance of addressing vulnerabilities in a timely manner. It also speaks to the need to implement proactive threat detection mechanisms.

For further information about the TeamCity vulnerability, click here. Lastly, subscribe to the CyberTalk.org newsletter for more timely info, interviews and cutting-edge analyses, delivered straight to your inbox each week.

Navigating and managing your organization’s AI risks – CyberTalk

Navigating and managing your organization’s AI risks – CyberTalk

By Hendrik De Bruin, Security Engineer, Check Point Software Technologies.

As you know, 2023 was the year where AI took off. Organizations quickly adopted AI-based products to stay competitive, increase productivity and improve profitability.

However, much of this rapid adoption, which often occurred unofficially, has left organizations to contend with serious cyber security vulnerabilities – and CISOs are exposed.

Secret and confidential information leakage

There have been instances in the past where engineers and developers have uploaded proprietary source code to ChatGPT for purposes of evaluating and improving on the code.

This little oversight could prove extremely costly if a competitor, or anyone with malicious intent, were to illicitly obtain access to ChatGPT’s underlying technology.

How can CISOs protect organizations from AI-related risks?

The CISO role is ever evolving. It appears that artificial intelligence will become another area of responsibility for CISOs globally.

Whether you are the CISO for a Fortune 500 company or a small business, chances are that the organization you represent has already integrated AI into a number of its day-to-day activities.

If not adopted in a controlled and responsible manner, AI does pose a significant potential risk to organizations. The following recommendations may enable CISOs to better manage AI-based risks:

Evaluation of the current situation. Before any risk can be mitigated, it is critical to first have a thorough understanding of the risk. You need to understand the probability of a risk’s likely manifestation. This will ensure that appropriate controls can be put in-place.

In order to better understand the risk posed by artificial intelligence to your information security, the following questions should be answered:

  • What AI systems are currently in use? There may be some official use cases and some unofficial (shadow IT) cases where the organisation is making use of artificial intelligence.
  • How are these AI systems being used? For what purposes are these systems being used and does the mere usage of these systems pose a risk to the organisation or its reputation?
  • What information is used in conjunction with AI systems? Considering the risks involved in managing and processing personal identifiable information (PII), it is critical to know how that information is being used and the implications thereof. The same pertains to confidential and classified information.

Asking the above questions should allow you to identify the most obvious risks posed to the organisation in terms of regulatory and compliance risks, data privacy risks, data leakage risks, and adversarial machine learning risks.

Define and implement administrative controls

Once a thorough understanding of the organisations’ current artificial intelligence landscape has been obtained and risks identified, the next step is to produce policies and procedures that adequately protect the organisation against risks identified during the evaluation stage.

These policies should deal with all aspects of AI usage within the organization. They should also go hand-in-hand with awareness training, ensuring that employees internalize the policies.

Once implemented, adherence to these policies should also be monitored.

Define and implement technical controls

After policies and procedures have been developed and applied, technical controls must be deployed as a means of policy and procedure enforcement.

Arguably, “Defense-in-Depth,” as enforced by solutions leveraging artificial intelligence and machine learning, is your best bet against unknown and increasingly sophisticated threats – such as those facing organizations today.

The human element

In the age of artificial intelligence, the human element may be the most critical “ingredient” in mitigating risks and keeping the organisation safe.

Critical thinking is a human superpower that should be employed to differentiate fact from fiction, so to speak.

The keep-the-human-in-the-loop or Human In The Loop (HITL) approach should be considered. This approach allows AI to make tactical decisions, perhaps even some strategic ones, while humans maintain managerial decision making powers over processes and activities related to these systems. This ensures that humans are always in the loop and available to apply critical thinking, good judgement and oversight.

What does the future hold for AI and cyber security?

During 2024 and over the next few years, I’m certain that adoption of AI will continue to grow on the part of threat actors and defenders alike.

These are “…engines that learn and improve themselves against the kind of attacks we don’t yet know will happen,” says Check Point’s CTO, Dr. Dorit Dor.

It is clear that artificial intelligence is here to stay. Adoption is growing at a phenomenal rate on the part of attackers and defenders alike, however it is end-users and their adoption of AI and generative AI that may pose the biggest risk to organisations and their secret/confidential information.

10 proven strategies for cultivating a security aware culture – CyberTalk

10 proven strategies for cultivating a security aware culture – CyberTalk

EXECUTIVE SUMMARY:

A security aware culture is essential when it comes to ensuring both stronger cyber security and better business outcomes. As security awareness increases, the probability of a breach (and corresponding business fallout) declines.

But security aware cultures don’t create themselves – they don’t happen organically. Cyber security leaders need to invent the culture through strategic and measured initiatives.

Advance your cyber security. Keep your organization as secure as possible. Leverage the following insights to establish (or refine) your security aware culture.

Cultivating a security aware culture

1. Know your company. Aim to anchor a cyber security culture within the existing company culture. Ensure that corporate values serve as cornerstones of your security culture. Create tailored programs that engage employees and that lead the C-suite to perceive you as attuned to your unique workplace.

2. Start with a cultural assessment. In building a security aware culture, start by examining the congruence (or lack thereof) between the corporate culture and everyday actions around cyber security. In the vast majority of cases, there’s a disconnect between the two.

A cultural assessment will clarify the gaps between corporate cultural norms and security best practices. An assessment should include one-on-one interviews with people across all levels and functions of the organization, research regarding existing security practices, and group discussions.

3. Communicate effectively. Once you’ve determined where gaps exist between the corporate culture and the (ideal) security culture, develop means of gradually promoting employee habit change. From a video series, to phishing exercises, to workshops, cyber security leaders have numerous avenues available through which to communicate new messages and to (re)shape workplace practices.

4. Consider regulations. In building a security aware culture and designing new programming, consider which regulatory requirements the company must adhere to. Best practices that are communicated to employees should broadly align with and support regulatory requirements.

5. Strengthen rapport with stakeholders. Ensure that you introduce yourself to all appropriate individuals – either via email or in-person. Ask questions about existing projects and priorities, ensuring that you’re genuinely listening to their concerns. For new cyber security initiatives, get buy-in, as this helps show a united front across the company and can benefit campaigns.

6. Team up with the communications or marketing team. To build a security culture while remaining mindful of employees’ time and attention, collaborate with your internal communications or marketing team on messaging.

They will have a sense of how to create a regular messaging cadence without overwhelming employees. They can also potentially assist with launching surveys, analyzing metrics for you and ensuring messaging alignment with the organization’s brand.

7. Avoid imposing on employees. The security team should be seen as a helpful and supportive bunch. The security team should avoid coming across as a group that pesters, micromanages or intensely imposes on others in regards to security practices. (No one wants to be ambushed by a cyber security analyst about the fact that they’ve used the same password 3X.) Rather, in building a security aware culture, draw people in using welcoming and approachable tactics.

8. Leverage new hire orientations. See if your team can get some face time (the opportunity to run a 20 minute workshop) during new hire training. This allows you to make a positive impression on new employees at the very beginning of their tenure. Importantly, make sure that your Power Point presentation isn’t a snooze.

Explain how the cyber security team serves the organization. Talk about why employees are really the front-line of cyber defense. Provide a preview of what employees should expect in the way of cyber security-related communication and further education.

9. Empower through recognition. Acknowledge and reward employees who take cyber security seriously – those who report phishing incidents, exhibit excellent password hygiene…etc. Promoting positive behaviors among employees generally contributes to improved outcomes, strengthening cyber security measures overall.

10. Measure effectiveness. When you set up security aware culture initiatives, ensure that there is a way to measure the impact of your efforts. Be able to demonstrate a return on investment.

Further thoughts

In addition to elevating your security, a security aware culture can be presented as a competitive advantage. Touting a strong security strategy that includes a culture of security awareness can help position an organization as an industry leader.

It can also result in a ripple effect across other organizations, prompting them to establish security awareness programs. This ultimately strengthens your entire industry’s ecosystem.

For more high-impact articles like this, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.