Two-thirds of organizations are not prepared for AI risks – CyberTalk

Two-thirds of organizations are not prepared for AI risks – CyberTalk

EXECUTIVE SUMMARY:

Artificial intelligence is the new epicenter of value creation. Employees across industries are ecstatic about deploying easily accessible generative AI tools to elevate the quality of their output and to improve efficiency.

According to the latest research, 60% of employees use generative AI tools to augment their efforts. Roughly 42% of organizations say that they permit use of generative AI in the workplace, although only 15% retain formal policies governing the everyday use of AI.

And among organizations that permit the application of generative AI to everyday tasks, research indicates that only a third keep an eye on the ethical, cyber security and data privacy risks inherent in the technology.

Explaining the lack of suitable AI policies

The gap between AI use and AI governance can be attributed to the fact that senior organizational leaders aren’t particularly comfortable with AI technologies – and nor are the department heads and team leads around them.

In addition, AI is a fast moving field. The policies that made sense three months ago may no longer be relevant now or may not be relevant three months into the future. Most organizations lack tiger teams that can spend all day iterating on policies, although developing AI governance teams may quickly become a competitive advantage.

For organizations with existing AI policies, employee enthusiasm surrounding the benefits of AI may supersede their interest in adhering to top-down policies, especially if there are no incentives for doing so or consequences for flouting the rules.

Addressing AI risks (in general)

As noted previously, some organizations are struggling with top-down AI policy implementations. To overcome this challenge, experts suggest that organizations build AI policies, specifically those concerning ChatGPT and similar tools, from the ‘ground-up’. In other words, leaders may wish to solicit ideas and feedback from all employees across the organization.

Organizations may also want to leverage repudiated, industry-backed frameworks and resources for the development of responsible and effective AI governance policies. Resources to review include NIST’s AI Risk Management Framework and ISACA’s new online courses.

Addressing AI risks (in cyber security)

In relation to cyber security, the AI risks are numerous and varied. There are risks stemming from employee data inputs to AI models, risks concerning ‘data poisoning’, risks related to evolving threats, risks related to bias due to the opacity of models, and more.

For incisive and influential resources designed to help cyber security leaders mitigate risks pertaining to AI, check out the following:

Despite the aforementioned resources, leaders may still feel under-prepared to make policy decisions surrounding cyber security, data security and AI. If this sounds like you, consider AI governance and training certificate programs.

  • The Global Skill Development Council (GSDC) offers a Generative AI in Risk and Compliance certification that covers how AI can be used in cyber security and that steers leaders towards ethical considerations.
  • The International Association of Privacy Professionals (IAPP) offers AI governance training that focuses on deploying trustworthy AI systems that comply with emerging laws and current laws. It also covers other AI and security-related risk management topics.
  • The SANS Institute offers an AI Security Essentials for Business Leaders course that addresses balancing AI-related productivity gains with risk management.

Building a secure future together

Check Point understands the transformative potential of AI, but also recognizes that, for many organizations, security concerns abound. Rapid AI adoption, fueled by employee enthusiasm, can leave security teams scrambling to keep up.

This is where Check Point’s Infinity Platform comes in. The Check Point Infinity Platform is specifically designed to address the unique security challenges presented by the “AI revolution.” It empowers organizations to thrive amidst uncertainty and tough-to-keep-up with regulations.

Prioritize your cyber security. Discover a comprehensive and proactive approach to safeguarding systems that use AI with a system that is powered by AI. Learn more here.

To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Mastering cyber threat prevention and maximizing opportunities – CyberTalk

Mastering cyber threat prevention and maximizing opportunities – CyberTalk

Gary Landau has been leading IT and information security teams for over 25 years as part of startups as well as large global organizations. He is currently a Field CISO with Unisys Security Services, where he supports companies in many different industries. His mantra is “keep making it better” and he is passionate about continuously improving system reliability, performance, and security.

In this interview with Gary Landau, we dive into how Managed Security Service Providers (MSSPs) can play a vital role in helping organizations navigate the current cyber security landscape and how they can help you optimize your cyber security strategy.

If you missed Cyber Talk’s past interview with Gary Landau, click here.

As an MSSP, how do you accurately assess what is happening in cyber security today?

We have the advantage of aggregated information from our collective customers. With visibility into security issues across industries, with different types of regulated information and with information pulled from different geographies, we have an expansive understanding of the various cyber security issues that our customers are facing, and experience in discerning which solutions will work best for a specific client.

In which industries or sectors are you seeing the highest demand for MSSP services, and why do you think that is?

I don’t see one type of industry seeking out MSSP services more than another. But what I do see is that select MSSP services are in greater demand than others. One service that I see in higher demand consists of 24/7 SOC services. Security monitoring and response needs to be 24/7, as it takes a lot of work to run a global SOC and most organizations can’t do it on their own. Part of what makes managing an SOC difficult for most organizations is the staff turnover, especially in a 24/7 security service. For the purpose of maintaining quality and consistency of services, having an MSSP take care of it can make a lot of sense.

What are the biggest challenges or obstacles that MSSPs face in meeting the cyber security needs of their clients?

One of the biggest challenges is storage space — so a lot of clients try to be sparing about how much log data they collect and retain. The more that they collect and retain, the more costly it can be. There’s a cost for ingesting data as well as storing it — mostly with SIEM solutions. So, clients try to make decisions about what not to collect or how to avoid retaining data for excessive lengths of time.

However, every time there’s an incident, those same customers lament that they didn’t have the logs available to do a thorough investigation into how the issue got started or where it spread to. After an incident, a lot of organizations regret that they didn’t collect those logs. It’s a cost-benefit analysis, of course, and they must decide what level of risk is acceptable. If that decision is to forego collecting some logs, then if an incident occurs, they need to be able to justify why they made such a decision. If they aren’t prepared to justify it, then they need to collect the logs.

Can you share some success stories or examples of how your MSSP has helped organizations overcome specific cyber security challenges?

One example is from when Unisys helped a city prepare to host the Superbowl by improving the city’s security posture. This involved collaborating with both local officials and the Department of Homeland Security to ensure cyber security across a vast number of areas.

Another example is our work with the California State University System in support of the largest PeopleSoft installation in the nation; where Cal State houses their HR, finance and student information systems in the cloud. We help them protect their sensitive data with data masking and many other tools and processes. For example, we protect them from ransomware with an immutable data vaulting solution. We keep their cloud environment secure by continually monitoring and driving towards 100% compliance with the recommended security settings, as outlined in the NIST800-53 and ISO27001 benchmarks.

What is your MSSP’s long-term vision for supporting organizations’ cyber security needs as the threat landscape continues to grow?

As an MSSP, Unisys does in-depth assessments to identify cyber security gaps, and then implements and manages advanced cyber security safeguards. Our assessments are continuous, so that our security safeguards are evolving as threats change. However, our focus goes beyond just cyber security. Our vision is to improve businesses and business technology through cloud adoption and application modernization. Cyber security is just a part of making this happen.

Is there anything else that you would like to share with our C-level audience?

C-level leaders should be realistic about their organization’s strengths, weaknesses, capacity and timelines. I recommend looking at where teams are struggling and to address corresponding issues first. Security is not something to procrastinate on. For organizations that want to build up internal capacity in certain areas, working with an MSSP sooner rather than later could save them money in the long-run. Not only can an MSSP take the stress off of teams and enable in-house staff to do a better job of what they already do well, but MSSPs simultaneously improve the overall security posture for the organization, letting everyone rest a little easier.

AI, CVEs and Swiss cheese – CyberTalk

AI, CVEs and Swiss cheese – CyberTalk

By Grant Asplund, Cyber Security Evangelist, Check Point. For more than 25 years, Grant Asplund has been sharing his insights into how businesses can best protect themselves from sophisticated cyber attacks in an increasingly complex world.

Grant was Check Point first worldwide evangelist from 1998 to 2002 and returned to Check Point with the acquisition of Dome9. Grant’s wide range of cyber security experience informs his talks, as he has served in diverse roles, ranging from sales, to marketing, to business development, and to senior management for Dome 9, Blue Coat Systems, Neustar, and Altor Networks. As CEO of MetaInfo, he led its acquisition by Neustar. Grant is the host of the CISO Secrets podcast (cp.buzzsprout.com) and the Talking Cloud Podcast (talkingcloud.podbean.com) on cloud security.

EXECUTIVE SUMMARY:

AI, AI, OH!

If you’ve attended a cyber security conference in the past several months, you know the topic of artificial intelligence is in just about every vendor presentation. And I suspect, we’re going to hear a lot more about it in the coming months and years.

Our lives are certainly going to change due to AI. I’m not sure if any of us really appreciates what it will be like to have an assistant that knows everything that the internet knows.

Unfortunately, not everyone will be utilizing these AI assistants for good. Additionally, the profound impact from employing AI will be just as significant for the nefarious as for the well-intended.

Consider what’s right around the corner…

Hackers often begin their social engineering schemes by directing their AI assistants (and custom bots) to conduct reconnaissance on their target.

The first phase is to gather intelligence and information about the target. Using any and every means available, they will determine what general technology products and which security products are being used and the current versions in-use. This phase might last weeks or months.

Once gathered, the hacker will utilize AI to correlate the products and versions in-use with the known CVE’s issued for the same versions of products, and clearly identify the exploitable path(s).

200,000 known CVEs

And odds are on the hackers’ side. According to the National Vulnerability Database, there are currently over 200,000 known CVEs. Fifty percent of vulnerability exploits occur within 2-4 weeks of a patch being released, while the average time for an enterprise to respond to a critical vulnerability is 120 days.

All of this leads me to ask: When selecting a security vendor and security products, why don’t more companies ask the vendor how many CVEs have been released concerning the products being purchased?

After all, these ‘security’ products are being purchased to secure valuable business assets! Some vendors’ products have more holes than Swiss cheese!

Comprehensive, consolidated and collaborative

Of course, I’m not suggesting an organization usurp their rigorous assessment, evaluation, and selection process when choosing their security vendors and products, basing the decision solely on the number of CVEs; especially considering that today’s computing environments and overall digital footprints are vastly more complex than ever before and they continue to expand.

What I am suggesting is that now, more than ever, organizations need to step back and re-assess their overall security platform. Due to the increased complexity and ever-increasing number of point solutions, companies must consider deploying a comprehensive, consolidated, and highly collaborative security platform.

Reducing CVEs and Swiss cheese

Once your organization has identified the possible vendors who can help consolidate your security stack, be sure and check how many HIGH or CRITICAL CVE’s have been released in the last few years on the products you’re considering. And check on how long it took to fix them.

By consolidating your stack, you will reduce complexity. By eliminating the ‘Swiss cheese’ products in your security stack, you will eliminate the gaps most likely to be exploited in the future by artificial intelligence.

For information about cyber security products powered by AI, click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

How AI can benefit zero trust – CyberTalk

How AI can benefit zero trust – CyberTalk

EXECUTIVE SUMMARY:

The zero trust framework is a cornerstone of modern cyber security threat prevention and defense architectures. At its core, zero trust calls for continuous verification of every request and transaction within a network regardless of source or destination.

As cyber threats take on new characteristics, some organizations are looking to artificial intelligence in order to support the efficacy of zero trust implementations.

In this article, we’ll explore how AI can enhance zero trust initiatives. In particular, we’ll dive into how AI can render zero trust more capable and competent, providing practical insights that your organization can put into action.

How AI can complement zero trust

1. Adaptive access controls. Within zero trust, AI may be able to shift security from a more static operation to one that’s particularly dynamic and adaptive.

AI-powered zero trust access controls can flexibly modify and customize permissions based on immediate evaluations of users. The AI can intelligently ascertain whether to authorize or restrict users by reviewing contextual factors, such as user location, device status and behavioral trends.

In turn, this ensures that zero trust is continuously enforced, while simultaneously reducing administrative burdens and human error rates.

2. Privileged access management. With the integration of AI, privileged access management becomes more vigilant and effective. Employing AI-powered monitoring means that organizations can better enforce strict access controls and granular permissions – core tenants of the zero trust framework.

3. Advanced analytics. AI-based tools can aggregate and analyze information from a wide breadth of sources at near-lightning speed. In turn, CISOs can identify anomalous behavior at an expedited rate, leading to faster detection and mitigation of potential security breaches within the zero trust architecture.

4. Automated incident response. In a zero trust environment, where every access request is carefully reviewed, but the margin for error is non-zero, in the event that an incident manifests, AI can assist with incident response.

Further details

As time wears on, organizations are highly likely to integrate AI into zero trust architectures in a range of different ways. Exactly how remains to be seen, of course.

Nonetheless, even at this nascent stage, organizations can leverage AI within the zero trust framework to achieve a more dynamic, intelligent, and ultimately, more secure IT environment.

For further insights into artificial intelligence and cyber security, please see CyberTalk.org’s past coverage. For information about GenAI and zero trust, please click here.

Lastly, to receive timely cyber insights, informative interviews, recent research and easy-to-understand analyses each week, please subscribe to the CyberTalk.org newsletter.

Say goodbye to standard security for smartphones (you need this instead) – CyberTalk

Say goodbye to standard security for smartphones (you need this instead) – CyberTalk

By Zahier Madhar, Lead Security Engineer and Office of the CTO, Check Point.

Smartphones play a pivotal role in all of our lives. In a way, smartphones today are a sort of a diary, storing pictures, organizing them and displaying them in a story telling modality. Smartphones are much more than a piece of technology that allows you to make phone calls and send text messages.

Many people, before they go to bed, they have their smartphones in their hands; they are getting the latest updates, finishing some work, or watching a movie or video shorts. And once they wake up, the first activity of the day consists of picking up the smartphone, checking the time and seeing about whether or not they have missed any updates.

Smartphones: dual uses

That very same smartphone is often used for business purposes as well; such attending or hosting meetings, emails and managing an agenda. The dual-purpose dimension is also the case with a laptop (used for both private and business purposes). The biggest different between a laptop and a smartphone is that a smartphone is always turned on and connected to the internet, while a laptop, not-so-much.

A second difference is that a laptop is managed and has a threat prevention application on it. In contrast, smartphones are, in many cases, managed by the organization but not secured by a threat prevention application.  However, the smartphone contains the same mix of private data and business related data as the laptop. See the problem?

The bakery next door

In a previous Cyber Talk thought leadership article, I talked about the bakery next door. The bakery next door can use a smartphone to get the status of the ovens, but also to control the ovens. Imagine if the baker’s smartphone were hacked and hackers took control over the most important ovens. This would impact the bakery’s output immediately. This is not just a theory; this could happen. Although this example is small-scale, the implications are immense; lack of smartphone security can jeopardize a business.

History of mobile threats

Malware targeting smartphones is not new. The difference today compared with 20 years ago is that the smartphone holds sensitive data; sensitive data on private and business level.

The question is why do organization fail to install mobile anti-malware on the smartphones? I believe it has to do with awareness, costs, and user experience or they think it is not needed (especially for iOS users).

iOS cyber security

Despite popular belief, it is possible to install malware on iOS devices and since the EU’s Digital Markets Act of 2022 came about, Apple has been forced to allow also apps outside the App store on its phones.

But regulating smartphones based on unified endpoint management and mobile device management is not enough. The reason why is simple: These security tools do not contain security controls for inspecting apps, network connections and interfaces in regards to malicious behavior.

Malware prevention

Let’s get back to the bakery next door. The baker uses his smartphone for daily business (baking bread-related tasks) and also for personal use. To avoid getting infected by malware, the baker does not install apps outside of the App store, does not scan QR codes and does not connect to public wifi.

As with his laptop, he makes sure that the smartphone and his apps are always updated with the latest software releases. Still, this is not enough. The baker won’t successfully avoid SMS phishing, malicious websites and network related attacks by taking those steps. To truly advance his security, the baker needs to install a mobile security solution that protects the smartphone from mobile security risks.

The baker is lucky because he relies on a cyber security vendor partner to deliver a platform and he can simply apply mobile security, in addition to the other security controls that have been delivered, through the platform.

In other words, what the baker has is a consolidated cyber security platform with threat prevention, ensuring that his business won’t be disrupted by opportunistic hackers.

Key takeaways

As I mentioned earlier, smartphones have become day-to-day essentials, shaping our social interactions and business operations. However, they also present security risks, as they contain sensitive personal and business information. Here are some tips to enhance smartphone security:

1. Stick to official app stores for downloading apps.

2. Avoid connecting to public wifi networks.

3. Consider installing a mobile threat prevention application.

As a Chief Information Security Officer (CISO), it’s crucial to treat smartphones with the same level of security awareness as laptops. Incorporate them into your awareness campaigns and ensure they are regularly updated with the latest patches.

Implement mobile threat prevention solutions like Harmony Mobile from Check Point to serve as a security enforcement point for your Unified Endpoint Management (UEM) or Mobile Device Management (MDM) system.

These measures will enhance security maturity and provide visibility into potential malicious activities on mobile devices within your organization.

For more insights from Zahier Madhar, please click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Zero Trust strategies for navigating IoT/OT security challenges – CyberTalk

Zero Trust strategies for navigating IoT/OT security challenges – CyberTalk

Travais ‘Tee’ Sookoo leverages his 25 years of experience in network security, risk management, and architecture to help businesses of all sizes, from startups to multi-nationals, improve their security posture. He has a proven track record of leading and collaborating with security teams and designing secure solutions for diverse industries.

Currently, Tee serves as a Security Engineer for Check Point, covering the Caribbean region. He advises clients on proactive risk mitigation strategies. He thrives on learning from every challenge and is always looking for ways to contribute to a strong cyber security culture within organizations.

In this informative interview, expert Travais Sookoo shares insights into why organizations need to adopt a zero trust strategy for IoT and how to do so effectively. Don’t miss this!

For our less technical readers, why would organizations want to implement zero trust for IoT systems? What is the value? What trends are you seeing?

For a moment, envision your organization as a bustling apartment building. There are tenants (users), deliveries (data), and of course, all sorts of fancy gadgets (IoT devices). In the old days, our threat prevention capabilities might have involved just a single key for the building’s front door (the network perimeter). Anyone with that key could access everything; the mailbox, deliveries, gadgets.

That’s how traditional security for some IoT systems worked. Once the key was obtained, anyone could gain access. With zero trust, instead of giving everyone the master key, the application of zero trust verifies each device and user ahead of provisioning access.

The world is getting more connected, and the number of IoT devices is exploding, meaning more potential security gaps. Organizations are realizing that zero trust is a proactive way to stay ahead of the curve and keep their data and systems safe.

Zero trust also enables organizations to satisfy many of their compliance requirements and to quickly adapt to ever-increasing industry regulations.

What challenges are organizations experiencing in implementing zero trust for IoT/OT systems?

While zero trust is a powerful security framework, the biggest hurdle I hear about is technology and personnel.

In terms of technology, the sheer number and variety of IoT devices can be overwhelming. Enforcing strong security measures with active monitoring across this diverse landscape is not an easy task.  Additionally, many of these devices lack the processing power to run security or monitoring software, thus making traditional solutions impractical.

Furthermore, scaling zero trust to manage the identities and access controls for potentially hundreds, thousands, even millions of devices can be daunting.

Perhaps the biggest challenge is that business OT systems must prioritize uptime and reliability above all else. Implementing zero trust may require downtime or potentially introduce new points of failure.  Finding ways to achieve zero trust without compromising the availability of critical systems takes some manoeuvring.

And now the people aspect: Implementing and maintaining a zero trust architecture requires specialized cyber security expertise, which many organizations may not have. The talent pool for these specialized roles can be limited, making it challenging to recruit and retain qualified personnel.

Additionally, zero trust can significantly change how people interact with OT systems. Organizations need to invest in training staff on new procedures and workflows to ensure a smooth transition.

Could you speak to the role of micro-segmentation in implementing zero trust for IoT/OT systems? How does it help limit lateral movement and reduce the attack surface?

With micro-segmentation, we create firewalls/access controls between zones, making it much harder for attackers to move around. We’re locking the doors between each room in the apartment; even if an attacker gets into the thermostat room (zone), they can’t easily access the room with our valuables (critical systems).

The fewer devices and systems that an attacker can potentially exploit, the better. Micro-segmentation reduces the overall attack surface and the potential blast radius by limiting what devices can access on the network.

Based on your research and experience, what are some best practices or lessons learned in implementing zero trust for IoT and OT systems that you can share with CISOs?

From discussions I’ve had and my research:

My top recommendation is to understand the device landscape. What are the assets you have, their purpose, how critical are they to the business? By knowing the environment, organizations can tailor zero trust policies to optimize both security and business continuity.

Don’t try to boil the ocean! Zero trust is a journey, not a destination. Start small, segmenting critical systems and data first. Learn from that experience and then expand the implementation to ensure greater success with declining margins of errors.

Legacy OT systems definitely throw a wrench into plans and can significantly slow adoption of zero trust. Explore how to integrate zero trust principles without compromising core functionalities. It might involve a mix of upgrades and workarounds.

The core principle of zero trust is granting only the minimum access required for a device or user to function (least privilege). Document who needs what and then implement granular access controls to minimize damage from a compromised device.

Continuous monitoring of network activity and device behaviour is essential to identify suspicious activity and potential breaches early on. Ensure that monitoring tools encompasses everything and your teams can expertly use it.

Automating tasks, such as device onboarding, access control enforcement, and security patching can significantly reduce the burden on security teams and improve overall efficiency.

Mandate regular review and policy updates based on new threats, business needs, and regulatory changes.

Securing IoT/OT systems also requires close collaboration between OT and IT teams. Foster teamwork, effective communications and understanding between these departments to break down silos. This cannot be stressed enough. Too often, the security team is the last to weigh in, often after it’s too late.

What role can automation play in implementing and maintaining Zero Trust for IoT/OT systems?

Zero trust relies on granting least privilege access. Automation allows us to enforce these granular controls by dynamically adjusting permissions based on device type, user role, and real-time context.

Adding new IoT devices can be a tedious process and more so if there are hundreds or thousands of these devices. However, automation can greatly streamline device discovery, initial configuration, and policy assignment tasks, thereby freeing up security teams to focus on more strategic initiatives.

Manually monitoring a complex network with numerous devices is overwhelming, but we can automate processes to continuously monitor network activity, device behaviour, and identify anomalies that might indicate a potential breach. And if a security incident occurs, we can automate tasks to isolate compromised devices, notifying security teams, and initiating remediation procedures.

Through monitoring, it’s possible to identify IoT/OT devices that require patching, which can be crucial, but also time-consuming. It’s possible to automate patch deployment with subsequent verification, and even launch rollbacks in case of unforeseen issues.

If this sounds as a sales pitch, then hopefully you’re sold. There’s no doubt that automation will significantly reduce the burden on security teams, improve the efficiency of zero trust implementation and greatly increase our overall security posture.

What metrics would you recommend for measuring the effectiveness of zero trust implementation in IoT and OT environments?

A core tenet of zero trust is limiting how attackers move between devices or otherwise engage in lateral movement. The number of attempted lateral movements detected and blocked can indicate the effectiveness of segmentation and access controls.

While some breaches are inevitable, a significant decrease in compromised devices after implementing zero trust signifies a positive impact. This metric should be tracked alongside the severity of breaches and the time it takes to identify and contain them. With zero trust, it is assumed any device or user, regardless of location, could be compromised.

The Mean Time to Detection (MTD) and Mean Time to Response (MTTR) are metrics that you can use to measure how quickly a security incident is identified and contained. Ideally, zero trust should lead to faster detection and response times, minimizing potential damage.

Zero trust policies enforces granular access controls. Tracking the number of least privilege violations (users or devices accessing unauthorized resources) can expose weaknesses in policy configuration or user behaviour and indicate areas for improvement.

Security hygiene posture goes beyond just devices. It includes factors like patch compliance rates, and the effectiveness of user access.

Remember the user experience? Tracking user satisfaction with the zero trust implementation process and ongoing security measures can help identify areas for improvement and ensure a balance between security and usability.

It’s important to remember that zero trust is a journey, not a destination. The goal is to continuously improve our security posture and make it more difficult for attackers to exploit vulnerabilities in our IoT/OT systems. Regularly review your metrics and adjust zero trust strategies as needed.

Is there anything else that you would like to share with the CyberTalk.org audience?

Absolutely! As we wrap up this conversation, I want to leave the CyberTalk.org audience with a few key takeaways concerning securing IoT and OT systems:

Zero trust is a proactive approach to security. By implementing zero trust principles, organizations can significantly reduce the risk of breaches and protect their critical infrastructure.

Don’t go it alone: Security is a team effort. Foster collaboration between IT, OT, and security teams to ensure that everyone is on the same page when it comes to adopting zero trust.

Keep learning: The cyber security landscape is constantly evolving. Stay up-to-date on the latest threats and best practices. Resources like Cybertalk.org are a fantastic place to start.

Focus on what matters: A successful zero trust implementation requires a focus on all three pillars: people, process, and technology. Security awareness training for employees, clearly defined policies and procedures, and the right security tools are all essential elements.

Help is on the way: Artificial intelligence and machine learning will play an increasingly important role in automating zero trust processes and making them even more effective.

Thank you, CyberTalk.org, for the opportunity to share my thoughts. For more zero trust insights, click here.

Ransomware attack causes city street lights to “misbehave” – CyberTalk

Ransomware attack causes city street lights to “misbehave” – CyberTalk

EXECUTIVE SUMMARY:

In England, Leicester City is experiencing persistent problems with its street light system due to a recent cyber attack.

While the street lights are ordinarily switched on and off at dawn and dusk, for the last six weeks, street lights across Leicester have remained illuminated during both the day and night. In some instances, street lights remain lit on one side of the street, while remaining off on the other side of the street.

Residents have noticed and commented on this peculiar behavior. When one individual spoke with the Leicester City Council about the issue, he was informed that the cyber attack had affected the ‘central operating system’ for the street lights, causing them to “misbehave.”

What happened

The cyber attack in question occurred on March 7th of this year and has been labeled “highly sophisticated.”

The responsible party, the INC Ransom group, is known for targeting government, education and healthcare organizations around the world. Attackers appear to have stolen documents from the Leicester City Council, a number of which have surfaced online.

Upon recognizing signs of an impending issue, the Leicester City Council IT team did remove systems from the internet; a standard best practice in the event of a possible ransomware attack.

Local impact

The unintended and continuous illumination of street lights is a concern for locals due to the high level of energy consumption and high costs involved.

“The lights in my area have been burning away all day and all night, so it’s going to be costing a lot,” said resident Roger Ewens. The City Council aims to resolve the issue by the end of the first week in May.

A spokesperson for the Leicester City Council stated that IT systems were shut down as a precautionary measure in the aftermath of the attack. In turn, specialists cannot currently address faults in the street lighting system.

The spokesperson explained that the default mode for such lights is for them to remain ‘on’ in the event of disruptions to systems, ensuring road safety and preventing unlit areas from becoming hazardous.

Technical details

To more technical readers, it may come as a surprise that these street lights are centrally controlled. All that needs to happen is for the street lights to turn on at dusk and to turn off at dawn, a process that could ostensibly be managed via an ambient light sensor.

Nonetheless, a number of cities are swapping out ambient light sensors with wireless controllers. This arguably provides operators with grater flexibility and the ability to switch lights on and off in such a way as to reduce energy consumption.

More information

The Council states that it is working with the Leicestershire Police and the National Cyber Security Centre to investigate the incident. The City will not be paying a ransom.

The Council is also committed to diligently resolving all issues via a series of restorative steps. Efforts will be made to restore normal operations of the street lighting system as quickly as possible.

For more on this story, please visit the BBC. Get in-depth ransomware prevention insights here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

The evolution from BEC to BCC – CyberTalk

The evolution from BEC to BCC – CyberTalk

David Meister is a valued technology expert with over 15 years of experience in technical and consultancy roles across a range of technologies, including networking, telecommunications, infrastructure, and cyber security. After starting his career as a network engineer, David’s passion for using technology to solve problems led him through various roles, including engineer, technical manager, consultant, and sales professional. As a consultant, David designed technology solutions for organizations in various industries, such as not-for-profit, engineering, mining, and financial services.

David holds technical certifications from Cisco and Microsoft, a Graduate Certificate in IT Management, and a Master’s in Business Administration. Currently, David occupies a pivotal leadership position as the head of Check Point’s Global Channel and MSSP program for email security. In this role, he provides essential support and advice to technology companies worldwide, guiding them on the best practices to protect their customers from cyber attacks.

In this exclusive interview, cyber security expert David Meister explores how threat actors are reconfiguring their practices to sleuth past security controls. Discover how comprehensive solutions can protect your people, processes and technologies from highly sophisticated hacker havoc. Stay one step ahead.

Would you like to share insights into the current cyber threat landscape? How should that influence organizations’ choice of email and collaboration security tools?

Threat actors are deploying traditional attack tactics in new ways, a trend occurring across threat vectors. For example, we are seeing malicious links move to QR codes, and Business Email Compromise (BEC) evolving to target Teams and Slack; thus expanding into Business Communication Compromise (BCC).

As threat actors look for new areas to exploit, organizations need to consider the breadth of the cyber security solution in-use within their organization and what vectors are covered. For instance, blocking phishing emails is essential, but consider a scenario where a partner organization is breached and the culprit phishing email comes from a legitimate source. What if a phishing link is hidden in a QR code inside an attachment, or what if that link or QR code comes in via Teams in a busy group chat? The evolution of BEC to BCC should be driving leaders to evaluate their strategy in protecting the entire communication suite, beyond just spam and malware in emails.

How can leaders ensure seamless integration and compatibility of email and collaboration security tools with other cyber security solutions?

It is extremely important that security solutions speak to each other to build a defense-in-depth approach rather relying on single point solutions. This includes integrating with native security provided by Microsoft or Google, as well as integration with security operations platforms used by your SOC. Integrations with Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response Solutions (SOARS), Extended Detection and Response (XDR), and more ensure that threats are not missed and that threat intelligence is shared and acted upon efficiently, enhancing an organization’s ability to prevent and respond to attacks.

Leaders should seek out tools that build a “defense in depth” approach to securing an organization. For email security, this means building on top of Microsoft Defender rather than setting up bypass rules, such as those used by legacy SEGs.

Managing time effectively is always a challenge when trying to integrate multiple solutions together. Where possible, using solutions that can be managed from a single interface will both save time and lead to an increased level of security.

To what extent should cyber leaders prioritize user training and awareness programs to enhance email security and the security of collaboration tools?

Awareness training is a key part of any cyber security strategy. A good awareness program should involve a holistic approach to training users. A holistic approach means looking beyond just phishing emails; looking at day-to-day activities of staff and their behaviors. As an example, if you have staff that travel regularly or use their laptops on public transport, have they been educated about the risks and best practices? It is all-too-common to see people in airport lounges leaving laptops unlocked or sitting on public transport with confidential documents open.

When users are educated about risks and secure behaviors, a secure culture starts to emerge. Responsibility for a security culture should go beyond just the CISO. It should include other stakeholders such as HR, finance and people managers. If senior leaders set the right example in terms of secure behavior, others will follow.

It is also important to address the risks of new technologies as they become a part of day-to-day working life. If users assume everything is safe, threats will be missed. So, they need to be educated about always looking out for the unexpected. Teams is now a part of almost everyone’s daily work life, but very few organizations have educated their users on the cyber security risks associated with it.

In short, leaders should prioritize educating users on newer technologies and the threats associated with them.

For organizations that already have email security (Microsoft…etc.), why should leaders consider switching to a stronger email security solutions provider?

Leaders should consider how a malicious actor would attack them. Is their email security exposed to the outside world with mail exchange (MX) records? Are external parties able to share files and to message users via Teams? If this has been considered, how is the organization preventing these threats?

Leaders should assess the speed at which existing cyber security solutions adapt to new threats; the use of cloud-based platforms that are regularly updated and powered by AI will assist in preventing the latest threats, including those associated with BCC.

For more information about recent BCC attacks, please click here.

Top 10 things CISOs should know about AI security tools – CyberTalk

Top 10 things CISOs should know about AI security tools – CyberTalk

EXECUTIVE SUMMARY:

As reported by executives, the top tangible benefit of AI is cyber security and risk management optimization. Right now, nearly 70% of enterprises say that they cannot effectively respond to cyber threats without AI security tools.

However, despite the decidedly viable and valuable AI-based security opportunities that exist, sensationalism continues to obscure how AI security tools can truly advance cyber security initiatives.

In this article, explore 10 essential ways in which AI-powered tools can supercharge your cyber security systems and help you fight back against the most formidable cyber threats.

AI security tools: Essential information

1. AI excels at anomaly detection. More than 50% of businesses primarily leverage AI for anomaly and threat detection. Traditional signature-based security tends to struggle while identifying zero-day attacks. In contrast, AI-powered solutions can quickly parse through large volumes of data to identify unusual patterns and potential threats, including never-before-seen threats.

2. Automation results in faster response. AI can automate repetitive tasks, like threat analysis and incident triage. In turn, this provides cyber security analysts with more time to focus on high-priority issues. This translates to faster response times and reduced damage from breaches.

3. Machine learning improves continuously. AI solutions that leverage machine learning improve and adapt, based on new data and attack patterns, on a consistent basis. As a result of the continuous learning process, organizations can stay ahead of the latest cyber threats effectively and with less anxiety around the issue than otherwise.

4. AI can enable a modular approach to security. Depending on the tooling, AI can enable organizations to start with specific AI modules, like threat prevention and incident response, and then add additional modules as needs change. This ensures that organizations get a high return on AI security tools and investments.

5. AI can help personalize security. Tools like Check Point Harmony can integrate with Check Point Infinity, leveraging contextual AI to understand user behavior, application risk and device posture. In turn, this allows for granular policy enforcement based on context, reducing the possibility of high-risk activities persisting along the attack surface.

 6. AI can reveal hidden patterns in threat data. Advanced AI-powered threat intelligence platforms can analyze vast quantities of data from disparate sources and can uncover connections and patterns that would otherwise be missed via traditional methods. This enables organizations to obtain a sharper understanding of the threat landscape. It also allows organizations to predict attacker behavior with greater accuracy and to prepare systems accordingly.

 7. Your adversaries are AI-powered. These days, cyber criminals are weaponizing AI-based tools to move at machine speed. They can exploit vulnerabilities, move laterally and compromise multiple targets simultaneously, expanding cyber threats. This means that your organization also needs to consider using AI in order to block AI-based threats.

8. Adaptive access control. Some AI-powered cyber security solutions can dynamically adjust access permissions based on user behavior and contextual factors. This ensures that only authorized users retain access to sensitive resources, limiting the potential for unauthorized data access or breaches where hackers simply ‘log in’.

9. The fusion of human expertise and AI. At Check Point, we believe that the future of cyber security lies not in replacing human expertise, but in empowering it. While AI offers unparalleled speed, analyses and automation, things like human judgement, experience and intuition are irreplaceable in the process of preventing and blocking cyber threats.

Security staff may need to transition from a solely human-driven approach to one that embraces collaboration with AI-based tools. This involves shifting the mindset to seeing AI as a partner, not as a human replacement.

10. AI-based cyber security solutions offer cost benefits. IBM research shows that organizations using AI and automation within cyber security incurred $3.05 million less in breach costs, on average, as compared to organizations without such solutions. When applied to cyber security, AI-based solutions not only enhance threat identification and mitigation, but also contribute to cost savings.

Conclusion

By leveraging AI-powered cyber security solutions, CISOs can significantly advance a given organization’s capacity to prevent, detect and respond to cyber attacks.

Check Point Infinity, for example, offers a comprehensive AI-powered security platform that empowers you to anticipate threats and automate responses with unmatched speed and precision.

This translates to proactive protection, minimization of damage, and peace-of-mind in knowing that your organization is future-proofed against the most sophisticated cyber sabotage.

Learn more here. Get further Cyber Talk insights into AI security tools by clicking here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.