The Digital Insider | Category: Digital Security

Scams exposed! The most deceptive tax season traps (2024) – CyberTalk

EXECUTIVE SUMMARY:

Cyber scammers love tax season. Emotions run high and it’s easy for scammers to prey on FUD (fear, uncertainty and doubt). In the U.S., almost everyone is petrified (and peeved) by the tax system’s complexity, discouraged by deceptive tax service providers, and perpetually uncertain about their calculations.

Then of course, there’s also the possibility of owing a significant bill, of failing to receive funds, or of the inability to submit taxes on-time due to technological failures. Given the anxiety-ridden and sometimes grueling nature of the tax return process, cyber scammers have a field day preying on people.

Whether you’ve been filing taxes for just five years or for fifty years, anyone can fall victim to a tax season scam. This year, take care. Memorize the techniques employed in the most subtle and insidious scams and don’t forget to share insights with colleagues, family and friends:

IRS impersonation scams

1. Phone calls from the IRS. Scammers can spoof the IRS phone number, leading targets to believe that the IRS is on the line; that a legitimate IRS agent has a message for them.

Because no upstanding citizen wishes to deliberately flout the law or to ignore a call from an official agency, people are prone to providing ‘IRS agents’ with personal information — especially social security numbers.

2. Emails impersonating the IRS. Scammers send zillions of fake emails to people that appear to be from the IRS. Emails may display the IRS logo and otherwise look official. These emails ask for personal information or instruct people to input personal data into fake websites.

Last year, Americans lost $4.2 million to Internal Revenue Service (IRS) impersonators.

3. Account set-up assistance scams. Scammers sometimes chase vulnerable populations (the elderly, the differently-abled, the very young) to offer assistance with online account set-up. If you need assistance setting up an online account, contact the IRS directly.

Tax professional scams

4. Ghost tax preparers. Fraudulent tax preparers sometimes promise significant rebates or huge tax returns. However, their practices are illegal.

5. ‘I’ll help you negotiate a settlement’. Scammers may pose as helpful negotiators who can expeditiously resolve tax issues. Individuals who face mountains of debt may be tempted to talk to anyone who can ease the burden. While some scammers will prepare taxes for individuals, the red flag is that they won’t sign the taxes. Legitimate service providers will.

High-income filer scams

6. Charitable remainder annuity trust (CRAT) scams. These scams promise to eliminate ordinary income or capital gains tax on property sales. In essence, high-income individuals transfer assets into a trust, receive annuity payments and specify a charity as the ultimate beneficiary. While created as an altruistic mechanism for sharing wealth, scammers can manipulate situations and lead people to use CRATs as tax shelters.

7. Monetized installment sales scams. In these scams, fraudsters sell assets and assist individuals in deferring capital gains taxes. Legal grey areas are exploited and deals are structured in such a way as to fit the dictionary definition of tax evasion.

8. Captive insurance arrangements. High-income earners sometimes seek to reduce tax liability by developing their own insurance companies (captives). These are intended to insure risks related to a business, but there are ways in which scammers can abuse this structure for their own gain.

General scams

9. Tax refund accelerator scams. To execute these scams, fraudsters send personalized emails or share website details about a special service that promises to expedite the tax refund process, ensuring that consumers receive money faster than average.

Scammers manipulate people by emphasizing that the service is exclusive and only available for a limited length of time. Once victims provide personal details, the scammers disappear.

10. Unexpected calls from the Taxpayer Advocate Service. Although the Taxpayer Advocate Service is a legitimate IRS program, scammers may impersonate the group in order to gain a potential victim’s trust (and ultimately, their data, which can be used for multiple types of theft).

Another subtle sign of fraud…

Should you receive a notice about a “duplicate tax return” or a notice stating that additional taxes are owed, contact the IRS directly.

If you think that you’ve fallen for a tax scam…

If you think that you’ve become the victim of a tax scam in the U.S, reach out to the IRS immediately and report the scam to the Better Business Bureau.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

Mastering the CISO role: Navigating the leadership landscape – CyberTalk

Cindi Carter, Field CISO West at Check Point, and Pete Nicoletti, Field CISO East at Check Point, recently advanced the following discussion at Check Point’s flagship event, CPX 2024.

The evolving CISO role is an important and interesting topic in cyber security, which is why we’re empowering you with foundational, value-driven perspectives here. Elevate your cyber security organization with first-hand guidance from those at the forefront of innovation and excellence.

In an age of digital transformation, the role of the Chief Information Security Officer (CISO) has undergone and is still undergoing a profound evolution. No longer confined to technical risk mitigation, today’s CISOs must be strategic business partners, skilled communicators, and catalysts of cultural change within their organizations.

A recent industry panel at the influential CPX 2024 conference in Las Vegas shed light on the shifting demands facing security leaders. As Dan Creed, CISO at Allegiant Travel Company, stated, “Ask SolarWinds what the consequences are…” for CISOs who fail to effectively communicate security priorities to the broader business.

The expanding attack surface

The root of this challenge lies in the expanding attack surface brought about by digital transformation. While past breaches often stemmed from vulnerabilities in corporate infrastructure, the greatest risks now emanate from employee devices and cloud-based services. As IT has transitioned from a cost center to a revenue driver, CISOs must integrate with lines of business and advise on strategic decisions.

IDC’s survey of 847 cyber security leaders reflects this shift, with only 12% citing technical skills as the most important CISO attribute. Instead, respondents highlighted leadership, team-building, and business management as the critical competencies.

“The consequence of not establishing those relationships [is] you get a culture at the company of ‘Well, it’s not my responsibility,’” one CISO warned, echoing the experiences of organizations like SolarWinds and MGM, where security lapses occurred due to a lack of security awareness and ownership among employees.

Fostering a security-aware culture

Successful CISOs are addressing the security awareness challenge by adopting a more user-centric approach, making security transparent and easy to use. As Pete Nicoletti, Field CISO at Check Point, explained, “Security should lubricate business and make it faster.” This could mean streamlining cumbersome VPN processes or transitioning to passwordless authentication.

Some CISOs are even experimenting with financial incentives, tying security culture metrics to bonus pools. “If your department does better, it increases your bonus pool above the norm […] and if you don’t, then it hits your bonus.”

Cultivating C-suite partnerships

CISOs must also cultivate stronger partnerships with their C-suite counterparts. IDC’s survey revealed discrepancies in how CISOs and CIOs perceive the CISO’s role, underscoring the need for better alignment.

Creed recounted a recent example where the Allegiant Travel board made decisions about connected aircraft without involving the CISO, leading to a last-minute “fire drill” to address cyber security requirements. “Do you think the board, when they first started talking of going down this path of ‘we’re going to expand the fleet’, considered that there might be security implications in that?” he asked.

Educating executives on security risks

To bridge this gap, CISOs must proactively educate executives on the business implications of security risks and advocate for a seat at the strategic decision-making table. As Russ Trainor, Senior Vice President of IT at the Denver Broncos, suggested, “Sometimes I’ll forward news of the breaches over to my CFO: here’s how much data was exfiltrated, here’s how much we think it cost. Those things tend to hit home.”

The evolving CISO role demands a delicate balance of technical expertise, business acumen, and communication prowess. CISOs who master these skills will not only mitigate cyber threats, but also position themselves as indispensable partners in driving their organizations’ digital transformation and growth.

“A lot of CISOs are rather gun-shy; hesitant to talk to the business about cyber security. Do better in trying to foster that human connection,” says CISO Cindi Carter.

For more insights like this, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

7 strategic ransomware remediation tactics for enterprise resilience – CyberTalk

EXECUTIVE SUMMARY:

For businesses of all sizes, ransomware is a growing threat. Ransomware typically encrypts critical data, rendering it completely or partially inaccessible until a ransom is paid. The downtime, data loss, and reputational damage caused by ransomware can be devastating.

Despite the doomsday sentiment around ransomware, there are effective strategies for ransomware remediation. By implementing a robust response plan, organizations can minimize damage and recover quickly. In this article, explore seven strategic tactics for ransomware remediation. Enhance your enterprise resilience.

1. Incident response plan

The foundation of successful ransomware remediation is a well-defined incident response plan. This plan outlines the steps to take upon detecting a ransomware attack, including:

Identification and containment: Identifying the infected systems and isolating them to prevent further spread.
Impact assessment: Determining the extent of the attack and the criticality of affected data.
Extraction: Removing the ransomware from infected systems while preserving clean data.
Recovery: Restoring critical systems and data from secure backups.
Reporting and learning: Reporting the incident to relevant authorities and conducting a post-mortem analysis to identify weaknesses and improve future response.

A comprehensive incident response plan empowers teams to act swiftly and decisively during a ransomware attack. Regularly test and update the plan to ensure effectiveness.

2. Prioritize backups

Regular backups are the cornerstone of a successful ransomware remediation strategy.
Key backup considerations:

Backup frequency: Implement a backup schedule that balances data protection with storage requirements. Consider the criticality of data and how often it changes.
Backup location: Store backups offsite and in the cloud to prevent them from being compromised alongside primary data.
Backup testing: Regularly test backups to ensure that they are complete and readily recoverable.

3. Patch management

Outdated software with known vulnerabilities is a prime target for ransomware groups. A robust patch management system ensures timely updates for operating systems, applications, and firmware throughout your network. Prioritize the patching of critical systems and those with known vulnerabilities that ransomware gangs are actively using.

4. User education

Employees often unintentionally introduce ransomware through phishing emails, malicious attachments or unsecured websites. Consistent cyber security awareness training can enable employees to identify and avoid these threats.

Training should cover topics such as:

Phishing email identification: Teach employees to recognize red flags in emails, such as suspicious sender addresses, urgency tactics, and grammatical errors.
Attachment safety: Emphasize caution when opening attachments, especially from unknown senders.
Website security: Educate employees around identifying secure websites with HTTPS protocols.

5. Network segmentation

Segmenting your network creates logical barriers between different parts of your infrastructure. This limits the ability of ransomware to spread laterally within the network if a system is compromised.

Network segmentation can be achieved through:

Firewalls: Implement firewalls to control traffic flow between network segments.
VLANs (Virtual Local Area Networks): Create separate VLANs for different departments or functions to isolate sensitive data.

6. Endpoint detection and response (EDR)

EDR solutions go beyond traditional antivirus software by continuously monitoring endpoint activity for suspicious behavior. They can detect ransomware attempts in real-time, allowing for swift intervention before significant damage occurs.

7. Consider a managed security service provider (MSSP)

Maintaining a strong cyber security posture can be a complex and resource-intensive task. Managed Security Service Providers (MSSPs) offer a range of services, including threat detection, incident response, and vulnerability management.

Partnering with an MSSP can augment your internal security team’s expertise and provide 24/7 monitoring and support.

Check Point Infinity: empowering ransomware resilience

While these seven tactics provide a strong foundation for ransomware remediation, organizations can further enhance their security posture with Check Point’s Infinity platform.

Check Point Infinity is a comprehensive, AI-powered, and cloud-delivered security platform that safeguards your organization from sophisticated cyber threats, including ransomware. Here’s how Infinity empowers ransomware resilience:

Prevention-first approach: Infinity utilizes advanced threat prevention technologies to identify and block ransomware attempts at the network edge, email gateway, and endpoint level. Its threat extraction technology sandboxes suspicious files to detonate them in a safe environment, preventing malware from infecting systems.
Real-time threat intelligence: Infinity leverages Check Point’s ThreatCloud intelligence to stay ahead of the evolving ransomware landscape. ThreatCloud provides real-time insights into the latest threats.

Learn more here. For additional cyber resilience insights, please see CyberTalk.org’s past coverage or explore this eBook.

Lastly, to receive cutting-edge stories, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Streamlining supply chains | The impact of IoT on transportation and logistics

By Antoinette Hodes, a Check Point Global Solutions Architect and Evangelist with the Check Point Office of the CTO.

IoT is reshaping the way that businesses navigate the complexities of supply chain management. In today’s interconnected world, where speed, accuracy and sustainability are immensely important, traditional operational modalities are no longer sufficient.

To start, let’s take a look a look at fleet management. Fleet management refers to the process of overseeing, coordinating and managing an organization’s fleet of vehicles — think trucks, vans, cars, ships or even aircraft — to ensure efficient and effective operations.

Now, combine fleet management with smart transportation and logistics. Imagine that a pallet, parcel, and vehicle are infused with artificial intelligence, constantly communicating their whereabouts, condition and performance — all in real-time. This allows organizations to make well informed decisions based on data-driven insights provided by internet connected goods and an internet connected fleet. We are in the era of the “smart supply chain”.

Instant efficiency at your fingertips

IoT has revolutionized fleet management, bringing efficiency and control to logistics operations. By equipping assets like that pallet, parcel or vehicle with smart sensors and connectivity, businesses can now monitor and manage their fleets and goods in real-time.

With smart fleet management, organizations can track vehicle locations and fuel consumption, optimize routes, and manage driver performance. Further, IoT offers enhanced safety by providing alerts about specific driver behaviors, resulting in improved driver safety and an overall reduction in accidents. Plus, maintenance optimization will yield reduced downtime and increased vehicle lifespan. IoT-powered fleet management systems have become instrumental in enhancing organizational productivity and in reducing costs.

The road to smart logistics

Gone are the days when people mistakenly lost track of assets. With IoT-enabled asset tracking, businesses can keep a watchful eye on valuable goods as they move through the supply chain. Another benefit of attaching smart sensors to shipments is that companies can monitor factors like temperature, humidity, condition, location and utilization in real-time. Think of so-called ‘cold chain’ management; IoT sensors monitoring refrigerated containers and trucks. IoT sensors ensure the integrity of perishable goods, reducing spoilage and making sure that organizations comply with food safety standards.

Another huge benefit of smart logistics consists of alert notifications from the asset itself. Let’s use the example of smart, internet connected container. It can send alerts about unauthorized movement (i.e. theft).

Supply chain optimization drives business excellence

IoT is also providing data analytics and actionable insights around inventory levels. Armed with this information, organizations can make well informed decisions, minimize out-of-stock events and limit overstock situations.

Predictive analytics improves the overall supply chain. An example of this is warehouse automation via robotics, which reduces labor costs and minimizes errors in tasks like inventory management, order picking and packaging. Beyond that, IoT empowers organizations to meet customer demands faster and more effectively than they would be able to otherwise.

The key to operational reliability, predictive maintenance

Unplanned downtime can be a logistics nightmare. IoT and internet connected assets (fleet, machinery and goods) give organizations the opportunity to collect and analyze data. With the corresponding knowledge, organizations can proactively identify potential maintenance issues before they escalate into costly breakdowns. Real-time monitoring of engine performance, tire pressure, engine data and other critical parameters allow for timely maintenance interventions.

Logistics 2.0, IoT’s smart way forward

Here are some specific examples of how IoT is being used in the logistics and transportation sector:

Maersk implements IoT sensors and predictive analytics for fleet management. By collecting data on engine performance, fuel consumption, and other metrics in real-time, Maersk can anticipate maintenance needs and schedule preventive measures to minimize downtime and reduce costs.
UPS is using IoT to track the location of its delivery trucks in real-time. This information is used to optimize the delivery routes and reduce fuel costs.
FedEx is using IoT to track the temperature of its packages in transit. This information is used to ensure that the packages are not damaged during shipping. More information here.
DHL is using real-time inventory tracking to monitor the movement of goods throughout the supply chain, enabling precise tracking of stock levels and locations.
The Port of Los Angeles is using IoT to track the movement of cargo ships. This information is used to improve the efficiency of the port operations.
Amazon employs IoT-enabled warehouse management systems for smart logistics. These smart warehousing solutions utilize automated guided vehicles (AGVs), drones, sensors and cameras to optimize storage space, monitor inventory levels and streamline operations, ensuring efficient order fulfillment.

For more cyber security insights from expert Antoinette Hodes, please click here. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

U.S. Treasury warns financial sector, AI threats “outpacing” security – CyberTalk

EXECUTIVE SUMMARY:

According to a new U.S. Treasury Department report, the financial services industry is extremely vulnerable to cyber threats that weaponize AI-based tools. The report provides warning to the industry at-large, while also sharing best practices and advocating for AI-based threat prevention.

The “…report builds on our successful public-private partnership for secure cloud adoption and lays out a clear vision for how financial institutions can safely map out their business lines and disrupt rapidly evolving, AI-driven fraud,” stated Under Secretary for Domestic Finance, Nellie Liang.

AI-powered attacks

According to high-level stakeholders who hail from financial technology companies, generative AI capabilities may give the “upper hand” to cyber criminals.

Experts anticipate that AI will supercharge malware potency, social engineering tactics, vulnerability discovery (on the part of hackers) and disinformation campaigns – including deepfake videos that show impersonation of executives.

Financial institutions have long utilized AI for cyber security, anti-fraud and other operational purposes. However, many have stated that their current risk frameworks remain inadequate when it comes to preventing novel artificial intelligence-based attack vectors.

As AI models become more resource-intensive, over-reliance on third-party cloud providers also presents new cyber security risks.

Short-term recommendations

The Treasury report details several immediate measures that financial services companies can take to mitigate risks:

Leverage existing regulations. Although AI-specific rules are still emerging, many current cyber security, privacy and risk management regulations can be applied to AI system governance.
Improve anti-fraud data sharing. At present, large banks have a major advantage in building AI fraud detection models, as they have large data reserves. More public-private data pooling is needed.
Develop AI data supply chain mapping. Like nutrition labels for food, “AI nutrition labels” should be mandated to clarify the origins and parameters of training data used to build AI models.
Cyber workforce transformation. Static training programs must be overhauled in order to develop AI-fluent cyber security professionals; talent that can effectively operationalize AI-based tools while upholding ethics, security and privacy standards.
Push for increased government coordination. An inconsistent patchwork of state/federal AI rules presents a tangle of different challenges. Aligned regulations and public-private partnerships are needed in order to effectively combat threats.

Long-term solutions

In order to address the AI-based cyber security challenges outlined by the U.S. Department of the Treasury, financial institutions are also encouraged to explore Check Point’s industry-leading AI cyber security offerings.

Check Point’s unified cloud security platform secures financial AI workloads and data across public clouds, private clouds and on-premises, using comprehensive AI-powered security services.

Given how AI-based cyber threats are intensifying, banks and fintech groups need to urgently prioritize AI risk management programs, upgrading defenses before disruptive attacks manifest.

Early mover advantage

When it comes to getting ahead of the AI security curve, there is such thing as an early-mover advantage. By partnering with Check Point, financial institutions can acquire the strategic vision and execution velocity required to outpace modern threats. To learn more about AI-powered, cloud-delivered cyber security solutions, please click here.

In addition, empower your organization through more great thought leadership. Discover new artificial intelligence focused thought leadership insights from CyberTalk.org, here. Lastly, to receive cutting-edge AI cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Top 10 advantages of the CISO certification path – CyberTalk

EXECUTIVE SUMMARY:

On the fence about pursuing CISO certifications? For cyber security leaders, the job market is becoming increasingly competitive, a trend that’s forecast to continue across the next several years.

Due to new levels of digital complexity, organizations are demanding higher-caliber cyber security talent. For both aspiring CISOs and existing CISOs, it pays to unpack the value of pursuing (additional) certifications, if this is an area that you haven’t yet fully explored.

The CISO certification path can expand opportunities. It can assist with obtaining positions, it can ignite career advancement and more. In this article, review the real-world benefits of obtaining cyber security certifications and get links to timely cyber security training courses.

Top 10 things to know, CISO certification path

1. Strategic foundation. There’s just no getting around it — Cyber security leaders and CISOs need to have strong foundational knowledge. In the course of everyday work, CISOs are liable to encounter a wide array of information security issues, and need to be prepared for everything.

Certifications like the CISSP or the CISM provide professionals with comprehensive insights into core areas of cyber security, setting aspiring cyber security leaders up for future success.

2. Industry acknowledgement. Certifications serve as a form of recognition, providing tangible evidence of a person’s accomplishments, and thus improving professional credibility. Those with credentials are likely to see doors swing open faster than those without.

Some businesses and enterprises are now particularly keen on hiring cyber security leaders with credentials that indicate an understanding of business and enterprise risk. For leaders who have come up through the technology ranks, this can be lacking.

3. Continuous evolution. Cyber security leaders and CISOs need to remain agile and innovative in relation to cyber threat prevention. The field is in constant flux. Pursuing new credentials shows an interest in learning and an interest in adapting to the latest challenges.

Further, those who show that they are happy to grow professionally also show that they can foster talent and develop programs within an organization.

4. Strategic risk management. The nature of strategic risk management has evolved across the last 10 years. Security leaders have to understand the latest tools, means of assessment and mitigation. The certification path can provide advanced or supplementary professional development, rendering skills sharp, relevant and marketable.

5. Compliance mastery. Compliance is a necessary evil; one that’s both time-consuming and expertise-intensive. Given the lack of uniformity in international, national and local laws, compliance is more nuanced and complicated than ever before (the mere thought of compliance can bring on a wave of exhaustion). The CISO certification path provides critical information about how to handle compliance and regulatory requirements deftly and with aplomb.

6. Leadership excellence. One of the most important characteristics of a CISO consists of exemplary leadership skills. Certain certification programs offer specialized modules that focus on honing essential leadership competencies. CISOs must be able to guide and inspire teams, incentivizing them to operate effectively.

7. Global perspective. Cyber threats transcend geographical boundaries. Threats can originate from anywhere and target any organization. In light of this fact, CISOs need to be well-versed in different legal frameworks, especially if working for international organizations. Cyber security certifications can provide critical insight into this area.

8. Networking advantages. The CISO certification path serves as a nexus for networking and collaboration. CISOs who engage in networking opportunities, as provided by certification programs, can exchange knowledge and have people with whom to collectively problem solve.

9. Career elevation. CISO certifications propel cyber security professionals towards accelerated career advancement, as certifications enhance marketability. Those with certifications are sought-after leaders in cyber security, opening pathways to executive-level positions and prestigious roles.

10. Exemplary commitment. Pursuing the CISO certification path demonstrates a high level of commitment. As part of the certification, some cyber security certs require achieving career/experiential milestones and obtaining peer-based recommendations.

Certifications aren’t just about the class-related learning. They’re about truly ensuring and proving that someone is committed to creating a secure environment.

CISO certification path

For CyberTalk’s ultimate guide to the CISSP certification, click here. For CyberTalk’s ultimate guide to the CCSP certification, click here.

To discover CISO cyber security training courses offered by Check Point, click here. See more great tutorial and certification opportunities here.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

World Backup Day 2024: safeguarding your digital ecosystem – CyberTalk

EXECUTIVE SUMMARY:

Data loss is a difficult business reality. Depending on the circumstances, data loss can even force businesses to shut down in entirety.

Data loss can occur due to human error, natural disasters or cyber breaches. In the wake of an incident, some victims never recover the entirety of their data. This can result in repercussions ranging from customer distrust, to financial losses and legal penalties.

World Backup Day is observed on March 31^st every year and serves as a valuable reminder of the need for robust data protection, backup and recovery strategies.

While it’s true that some organizations do backup their data, it’s also true that 58% of backups fail to work properly when utilized. In 93% of ransomware events, cyber criminals attack backup repositories, resulting in 75% losing at least some backup repository data.

But it doesn’t have to be this way. A more proactive approach can transform operational outcomes for businesses across industry sectors…

Enhancing capabilities

In 2024, 56% of IT leaders expect to change their primary backup strategy and solutions in order to better protect and serve the organizations that they work for.

As indicated in the introduction, one critical issue is backup reliability. Although cyber leaders frequently acknowledge the significance of reliability when it comes to enterprise backup systems, the ugly truth is that reliability of backups is an area that many organizations have yet to address.

The first point of failure tends to be the absence of backup testing. This is compounded by reliance on outdated, legacy systems that lack the granularity and scalability required by modern businesses. Cost and complexity also factor into the equation.

Fundamental best practices

If interested in transforming and elevating your organization’s approach to digital backups, consider these recommendations:

1. Implement a multi-layered approach. In so doing, diversify your backup methodologies. Incorporate multiple layers of redundancy. This includes on-site backups, off-site backups and cloud-based backups.

While conventional backups are completed on-premise by an IT department, some organizations are now turning to Backup-as-a-Service (BaaS) providers. BaaS may allow for better use of IT resources, higher levels of redundancy, and greater cost-effectiveness, depending on the nature of the given organization.

2. Prioritize encryption and security. Encrypt all backed-up data. Develop robust access controls and authentication mechanisms, restricting access to backup repositories. Ensure that only authorized persons can retrieve or modify backup data.

3. Test and validate backup recovery processes. Conduct regular backup integrity checks to ascertain the completeness and recoverability of backup data.

In addition, go through simulated disaster recovery drills or tabletop exercises to evaluate the effectiveness of your backups/recovery procedure.

Document and analyze the results of testing, as to identify areas for improvement. It goes without saying – refine your backup strategy accordingly.

Leadership’s role

C-suite executives have a fiduciary responsibility to ensure that the business is safe from threats, including digital threats. Leadership must champion data protection measures — from DLP solutions to data backups — ensuring that levels of risk across the organization are minimized to the greatest extent possible.

Consider keeping your leadership in the loop regarding changes to backup systems and recovery processes. Document efforts, rationale and ROI. Data backups and recovery capabilities contribute to long-term business resilience and success, which are core areas of concern for the C-suite.

Further thoughts

World Backup Day 2024 serves as a call to action. It’s an opportunity to evaluate and reinforce existing backup strategies and to create new ones where needed.

For more insights and analyses designed to elevate your organization’s cyber security posture, please see CyberTalk.org’s past coverage.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

AI and cyber security, a year in review – CyberTalk

Pål (Paul) has more than 30 years of experience in the IT industry and has worked with both domestic and international clients on a local and global scale. Pål has a very broad competence base that covers everything from general security, to datacenter security, to cloud security services and development. For the past 10 years, he has worked primarily within the private sector, with a focus on both large and medium-sized companies within most verticals.

In this expert interview, Check Point security expert Pål Aaserudseter describes where we are with ChatGPT and artificial intelligence. He delves into policy, processes, and more. Don’t miss this.

In the past year, what has caught your attention regarding AI and cyber security?

Hi and thanks for having me on CyberTalk! Looking back at 2023, I think the best word to describe it is wow!

As 2023 progressed, AI experienced huge developments, with breakthroughs in chatbots, large language models and in sectors like transportation, healthcare, content creation and too many others to mention!

We might say that ChatGPT was the on-ramp into AI for most people in 2023. Obviously, it evolved, got a lot of attention in the media for various reasons and now the the makers are trying to profit from it in different ways. Competition is also on the rise, with companies like Anthropic. We’ll see a lot more happening on the AI front in 2024.

When it comes to cyber security, we have seen a massive implementation of AI on both sides of the fence. It is now easier to become a cyber criminal than ever before, as AI-enabled tools are automated, easy to use and easy to rent (as-a-service).

One example is DarkGemini. It’s a powerful GenAI chatbot, being sold on the dark web for a monthly subscription. It can create malware, build a reverse shell, and do other bad things, solely based on a text prompt, and it will surely be further developed to introduce more features that attackers can leverage.

When wielded maliciously, AI becomes a catalyst for chaos. From the creation of deep fakes to intricate social engineering schemes, – like much more convincing phishing attempts and polymorphic malware resulting in continuously mutating threat code variants – these things pose a formidable challenge to current security tools.

Consequently, the balance of power may tip in favor of attackers, as traditional defense mechanisms struggle to adapt and counter these evolving threats.

Cyber attackers leveraging AI have the capacity to automate and quickly identify vulnerabilities for exploitation. Unlike current generic attacks, AI enables attackers to tailor their assaults to specific targets and scenarios, potentially leading to a surge in personalized and precisely targeted attacks. As the scale and precision of such attacks increase, it’s likely that we’ll witness a shift in attacker behaviors and strategies.

Implementing AI-based security that learns, adapts and improves, is critical in future-proofing against unknown attacks.

What new challenges and opportunities are you seeing? What has your experience working with clients been like?

New challenges in AI and cyber security include addressing the ethical implications of AI-driven security systems, ensuring the reliability and transparency of AI algorithms, and staying ahead of evolving cyber threats.

Regulation is important, and with the EU AI Act and AI Alliance, we are taking steps forward, but as of now, the laws are still miles behind AI development.

There are also opportunities to leverage AI for proactive threat hunting, automated incident response, and predictive analytics to better protect against cyber attacks.

Working with clients has involved assisting them in understanding the capabilities and limitations of AI in cyber security (and other areas) and helping them integrate AI-powered solutions effectively into their security strategies.

Have there been any new developments around ethical guidelines/standards for the ethical use of AI within cyber security?

Yes! Efforts to establish guidelines and standards for the ethical use of AI within cyber security are ongoing and gaining traction. Organizations such as IEEE and NIST are developing frameworks to promote responsible AI practices in cyber security, focusing on transparency, fairness, accountability, and privacy.

As mentioned, the AI Alliance is comprised of technology creators, developers and adopters working together to advance safe and responsible AI.

Also, to regulate the safe use of AI, the first parts of the very important AI Act have been passed in the European Union.

As a cyber security expert, what are your perspectives around the ethical use of AI within cyber security? How can organizations ensure transparency? How can they ensure that the AI isn’t manipulated by threat actors?

My perspectives on the ethical use of AI within cyber security (and all other fields for that matter) are rooted in the principles of transparency, fairness, accountability, and privacy.

While AI holds immense potential to bolster cyber security defenses and mitigate threats, it’s crucial to ensure that its deployment aligns with ethical considerations.

Transparency is key. Organizations must be transparent about how AI algorithms are developed, trained, and utilized in cyber security operations. This transparency fosters trust among stakeholders and enables scrutiny of AI systems.

Fairness is essential to prevent discrimination or bias in AI-driven decision-making processes. It’s imperative to address algorithmic biases that may perpetuate inequalities or disadvantage certain groups. Thoughtful design, rigorous testing, and ongoing monitoring are necessary to ensure fairness in AI applications.

Note: You can compare training an AI model as to raising a child into a responsible adult. It needs guidance and fostering and needs to learn from its mistakes along the way in order to become responsible and make the right decisions in the end.

Accountability is crucial for holding individuals and organizations responsible for the actions and decisions made by AI systems. Clear lines of accountability should be established to identify who is accountable for AI-related outcomes, including any errors or failures.

Accountability encourages responsible behavior and incentivizes adherence to ethical standards.

Privacy must be protected when using AI in cyber security. Organizations should prioritize the confidentiality and integrity of sensitive data, implementing robust security measures to prevent unauthorized access or misuse. AI algorithms should be designed with privacy-enhancing techniques to minimize the risk of data breaches or privacy violations. Their design should also take things like GDPR and PII into account.

Overall, ethical considerations should guide the development, deployment, and governance of AI in cyber security (and other fields leveraging AI).

What are the implications of the new Check Point partnership with NVIDIA in relation to securing AI (cloud) infrastructure at-scale?

This shows the importance of securing such platforms, as cyber criminals will obviously try to exploit any new technology. With the immense speed of development on AI, there are going to be errors, mistakes, code and prompts that can be compromised. At Check Point, we have the solutions to secure your AI! Learn more here.

Why do hackers love Linux? The 7 deeply unsettling realities – CyberTalk

EXECUTIVE SUMMARY:

Why do hackers use Linux so extensively? This open-source operating system (OS), which some see as more stable and reliable than any other operating system in existence, has become a favored playground for cyber criminals.

Although Linux claims only a small percentage of the OS market share, major telecommunications networks, science-based organizations (particularly those running supercomputers), national e-voting systems and global stock exchanges run on Linux. National Departments of Defense are also known for their reliance on Linux.

In this article, we unpack why Linux has become an irresistible target for motivated cyber criminals. You’ll gain new insights designed to help inform (and transform) your security processes and system development. Keep reading to learn more:

Why do hackers love Linux? 7 unsettling realities

1. The open-source advantage. Linux is open-source software. The source code of the Linux project is available to the general public. Anyone can download the source code for free, modify it for their own use and even create their own version of Linux. This can be good, but it also comes with challenges…

While the open-source model allows for collaboration and rapid innovation, it also exposes the source code to malicious actors, who may scrutinize it for vulnerabilities. Malicious persons can then exploit weaknesses with relative ease.

2. Ubiquity and versatility. Linux powers a diverse array of systems and applications, from IoT devices, to desktops, to smartphones. This makes Linux an attractive target for hackers who want to maximize their impact. When compromising a Linux system, cyber criminals can potentially gain access to a wide network of interconnected devices and services, thereby enabling them to amplify the effects of their activities.

3. Kernel vulnerabilities. Why do hackers use Linux to gain elevated privileges? It’s simple. Despite a strong reputation for security, the Linux kernel, the core element responsible for managing system resources, has been dogged by vulnerabilities over the years. High profile bugs have effectively provided cyber criminals with opportunities to unduly gain elevated privileges.

4. Supply chain attacks. Why do hackers use Linux ecosystems for widespread disruption? In the era of containerization and DevOps practices, supply chain attacks targeting Linux ecosystems have become a serious concern. By compromising a widely used package or container image, cyber criminals can inject malicious code that propagates across numerous systems, resulting in widespread disruption and data breaches.

5. Cryptocurrency mining. Linux’s efficiency and scalability render it a preferred platform for cryptocurrency mining operations; both those that are legitimate and those that are illicit. Cyber criminals adeptly leverage Linux’s systems to harness the extensive computing power for mining, evading detection all the while.

6. Internet of things. The proliferation of Linux-based IoT devices has created an expansive attack surface for cyber criminals. Many IoT devices are bereft of proper security, making them easy targets for hackers seeking entry points into networks. Hackers use Linux to establish a foothold, via IoT, within corporate networks, enabling them to eventually deploy more sophisticated network-based attacks.

7. Technical capabilities. Why do hackers use Linux tools for advanced exploits? Linux’s command-line interface and powerful tools (like Bash and Python) are a force-multiplier. Understanding the intricacies of Linux enables elite cyber criminals to craft sophisticated exploits that sow more chaos, lead to more damage and turn up higher yields than attacks leveraging other operating systems.

For more of the latest cyber security insights, please see CyberTalk.org’s past coverage. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.

3 current ransomware trends (and how to take action) – CyberTalk

EXECUTIVE SUMMARY:

Ransomware is one of the most disruptive and financially damaging cyber threats that modern organizations face. As a cyber security community, we’ve made great strides in combating ransomware attackers, data encryption and extortion. However, as expected, cyber criminals have responded by evolving their tactics.

This article explores the latest ransomware trends to remain aware of and mitigate. From emerging social engineering techniques to vicious voice-cloning schemes, discover the nascent strategies that criminals are employing to extort victims.

Forewarned is forearmed, as the saying goes. Are you keeping a pulse on adversary behavior? By understanding the current modus operandi of ransomware groups, organizations can effectively elevate their cyber security posture and stay a step ahead of attackers.

3 current ransomware trends

1. Phishing is old, but this kind of sophistication (and by extension cyber criminal success) is brand new. Experts are seeing that cyber criminals who collect breached data can use AI to parse through the information. Criminals can then organize it in such a way as to conduct highly targeted spear phishing attacks.

Instead of a single cyber criminal tricking a single individual into handing over private details through a targeted spear-phishing attack, as in days of old, a cyber criminal can now leverage AI to do it for them. What was once a manual process has been automated, multiplying the results exponentially.

2. Voice cloning technology has been around for some time, but improved AI technologies mean that a small clip from an online video enables cyber criminals to replicate a voice with chilling levels of accuracy. This has previously led to wire fraud incidents, other unauthorized financial transactions, and ransom situations. Deepfake voice attacks are becoming increasingly difficult to detect and a represent a growing danger for organizations.

3. Ransomware-minded cyber criminals are constantly seeking out new software-based vulnerabilities to exploit. Cyber criminals are actively scanning for and exploiting bugs in exposed services, web applications, cloud environments and remote access solutions. While this reality isn’t new, some organizations have been slow to implement systems and processes that can close these types of security gaps. Be sure that your organization isn’t one of them.

Countering ransomware threats

Forward thinking organizations are adopting AI-driven cyber security solutions. These advanced tools leverage machine learning and natural language processing capabilities to detect and mitigate sophisticated phishing attempts, contextualize potential threats, and to proactively identify and remediate vulnerabilities, among other things.

Industry leaders are also emphasizing the utility of a multi-layered security approach. This refers to combining AI-driven defenses with robust incident response plans, network segmentation, data encryption and comprehensive vulnerability management programs.

A more severe ransomware onslaught

In light of recent law enforcement actions targeting affiliate networks, some ransomware operators may reduce the number of affiliates that they work with and replace them with AI-based models that can perform certain kinds of tasks. In turn, ransomware operators may force-multiply activities and negative outcomes.

While the full impact of such a transition may take months or years to manifest, it highlights the need for organizations to remain vigilant and focused on elevating cyber security strategies. As a cyber security leader, concentrate efforts around threat intelligence gathering, continuous monitoring and proactive vulnerability management.

As noted previously, embrace cutting edge technologies to fortify prevention and defense mechanisms. Learn more about leveraging AI to make your organization more resilient. Click here or read our latest eBook on the subject.

Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.