Author Archives: Matthew Pascucci

Establishing A Data Protection Committee for Boards

Posted on by
Mobile apps might be a newer threat landscape within information security, but it’s not where the war is being waged. Don’t get me wrong there are some very dodgy things happening in the mobile arena and it’s something we need to be diligent with when it comes to security, but the biggest threats are occurring here, they’re happening in your infrastructure. Many mobile apps, I’m saying many when I refer to Apple, receive timely software updates, solid data permissions, and configurable privacy settings. This doesn’t mean they’re impenetrable as we’ve seen with the recent Stagefright and Trident attacks against both Android and iPhone respectively. With this being said, the infrastructure is still the target. It’s where the malicious actors are looking to conquer and mobile apps are just one way into this battle.
A few years ago everyone was concerned with locking down the perimeter and making it impenetrable. I honestly think we’ve done a decent job of this and attackers have shied away from walking right through the front door. I’m sure this still happens today with misconfigurations and weak firewall rules, but an enormous amount of time and money have been spent to protect the perimeter from attack. It boded so well that attackers started looking into other areas of attack and brought the focus back to the internal infrastructure, in particular, the endpoint. The endpoints within your infrastructure are comparable to the battlefield today. Included within this battle are not only mobile devices, but every endpoint that a user is touching. These are the entry points into the network and allow attackers the ability to gain a foothold into your environment.

With the war being focused back to the endpoint we’re seeing an entire new market based off analytics appear to protect the endpoints from attack. This is more than needed since the old method of using signatures has become a reactive approach of catching malicious actors moving through your systems. By being able to have additional visibility into your network from an east-west perspective improves your chances of detecting an attacker before they’ve compromised additional endpoints. The fight being brought down to the endpoint has spawned new technologies that didn’t exist just a few years ago. Just like the rise in technology produced during World War II to protect those against harm ushered civilizations into a new age of advancement after the war. The crisis of malware and attackers infecting endpoints has forced many vendors to generate technology that helps remediate some of the larger issues at hand within their infrastructure.

These technologies are in a direct response to the onslaught of attacks occurring within these networks against their infrastructure and endpoints. Many of these technologies are able to produce agents that allow segmentation for isolation, are signatureless, allow for an understanding of your compliance as hole, etc. Included within these detections are also systems that allow for deception to catch attackers within the infrastructure, use baselining analytics to catch endpoint behavior out of the norm and even allow third party “hunt teams” to search your network for malicious actors and events.

The endpoints within your infrastructure are where the battle is being waged and the technology is catching up once again to assist with giving people the ability to defend themselves. This of course, is not a panacea by any means, but it’s an exciting advancement to the call of duty that security practitioners require to assist them on the frontlines. Let’s hope that with the advancement of new technology the discouragement of attackers will be pushed back giving defenders just enough time to prepare for the attackers next avenue of attack. The cat and mouse game will continue, it’s just a matter of when and where.

Continue reading Establishing A Data Protection Committee for Boards

Posted in SBN

Using Security as an Business Enabler

Posted on by
Security is no longer a dirty word in most organizations. It’s become something to be embraced rather than a roadblock. With all the public hacks we’ve seen sprawl the headlines management has taken notice. Many organizations are looking to take the opposite approach when it comes to security now and embrace it as a business enabler. They’ve noticed that not only is it wise to secure their data and business, but it could essentially be used as a business benefit. The security mindset is seeping into the board room and it’s assisting with the growth of security as a business enabler. Here are a few areas that can assist with watering this thought throughout your enterprise.

One of the first steps in transforming a company to use security as an enablement is to permit the in-house security resources to be evangelists. This starts with the security management and works its way down through the entire department. This has been talked about numerous times in multiple other articles, but what they don’t talk about is allowing the security team to be put on display and network with other teams. At the end of the day they’re the ones who will be performing the work and are the disciples who will be pushing the security culture throughout the company. If they’re able to circulate into other groups spreading the word of security it will disseminate through the company much faster. In doing this, the security team needs to be careful of using FUD to get there way. Let’s be honest, by using Fear, Uncertainty and Doubt a security team will enforce some issues in the business, but it’s a short-term win. By creating a culture of partnership with groups first will gain clout in your decisions when it comes to matters of real importance. Bullying teams into security only makes them want to circumvent the process the next time you’re involved. This doesn’t lead to security enabling anything within a business. Let’s put a check on the ego’s here.

If you can’t speak the language of risk a company will never see security as an enabler. Learn to be bilingual when dealing with those that might not understand security and bring the concept of risk into the conversation. Not all vulnerabilities, misconfigurations, etc are equal and if you’re running around like Chicken Little each time something is wrong, your influence can be tarnished. I’m not saying to not be security concise, that’s the last thing I’m saying, but applying risk to security is how it ends up becoming an enabler. This can be used against new threats coming into the enterprise, during mergers and acquisitions and essentially any business decision making process. This allows security to be seen as confident and astute when it comes to complex enterprise decisions and not as a panic-stricken department looking to catch up to the threats of the day.

This allows security to become a partner and change the perception of what your mission is within the business. You’re not here to stop projects or become a roadblock to progress, but to become a shareholder in assisting with moving the organization to the next level. By reaching this level it brings together the ability to work together with the business to not only protect the brand, but to protect the bottom line. By making security a trusted advisor in your business it allows an organization to continue customer loyalty or even gain additional respect, sell more products, complete compliance and reach higher levels of standards, wile first and foremost protecting your data and brand. By building relationships, networking, speaking security in a language that others will understand not only helps your internal security function more efficiently, but it will spread throughout the organization making security part of the process and a driver in your business going forward. 

Continue reading Using Security as an Business Enabler

Posted in SBN

Seven ways to prevent catching malware in 2017

Posted on by
The Internet has changed the world we live in. Accessing data and information as well as communicating with people from far away is nowadays a breeze. However, our curiosity can lead us down very dark virtual alleys that may not seem so dark at first sight. The biggest security risk is usually the user itself. Catching malware is fairly easy, but in general it can be avoided easily too. All we need is a little common sense. 

#1: Update your operating system, browsers, and plugins

Whenever there is an update available for your computer waiting in queue, don’t wait further. Updates to OS, browsers, and plugins are usually released to patch any security vulnerabilities recently found. So while you leave those softwares alone, cybercriminals may find their way in through the vulnerabilities.

#2: Install antivirus or malware software

This should go without saying. However there are many computers, particularly home computers that do not have an antivirus or malware protection installed. This should be a must-have first step when it comes to keeping you computer virus free.

#3: Only open downloads and links that you can trust

This too may seem obvious, but it shouldn’t be stressed enough. In order to keep your computer away from malware, you must not visit dubious sites or download questionable, dodgy or illegal files. This is pretty much a sure way to catch malware. If you aren’t able to avoid these sites, make sure your system is properly protected. If you need assistance evaluating links for their safety, you may use the browser plugin Web of Trust (WOT).

#4: Keep your antivirus updated

Protecting your system with protection software is the first step; maintaining it updated is the second. A free antivirus is better than nothing, but bear in mind that it is not the ideal solution. Microsoft provides a security package “free of charge”. Free in that if you have Windows on your system, you will have access, but only because you paid for your Windows license. Most users are not aware of this program, but it’s actually pretty decent protection.

#5: Turn off HTML in emails

Very often, malware is distributed through email. Malicious emails can contract malware by running scripts automatically when opening an email in HTML view. That is why most email clients per default don’t display HTML content – pictures, etc. Do not change this feature – leave it that way and only allow reliable sources to automatically display HTML content.

#6: Enable click-to-play pluginsOne of the more usual ways that exploit kits (or EKs) are delivered to your system is through malvertising, also known as malicious ads. You don’t even need to click on the ad to become infected. These malicious ads can live on well-known, prestigious websites. Besides maintaining your software patched so that exploit kits won’t do their dirty work, you can block the exploit from ever being delivered simply by enabling click-to-play plugins. Click-to-play plugins will keep Flash or Java from running unless you tell them to (by clicking on the ad). The bulk of malicious ads relies on exploiting these plugins, so by enabling this feature in your browser you will manage to keep the EKs at bay.
#7: Run regular scheduled scans with your antivirus

This one too might seem like a no-brainer, however many of us forget to do this. Set up your antivirus of choice to run at regular intervals. Once or twice a week is preferred, but do not wait much longer between scans. Keep in mind that it’s difficult to use your computer while your antivirus is running. A potential solution is to run the software during night time when you aren’t using it. However, we usually turn off the computers at night. Set your antivirus to run on a specific night and remember to leave your computer on on that day. Make sure it does not go into hibernation mode or shut off automatically.

The author of this article is Sarah Williams, who is a copywriter for Gloc Media, a PPC management agency in London, United Kingdom. You can follow her on Twitter on @SWilliamsLondon, connect with her on LinkedIn and say hi on Google+. She loves books, hiking and the online universe.

Continue reading Seven ways to prevent catching malware in 2017

Posted in SBN