Today we will talk about various aspects of cyber security, with Bryan Miranda from Kinetic 6 expert in the sector who will explain his point of view on threats and on how to detect and defend from them.
1. What are the most common mistakes in the world of cybersecurity?
There are usually 5 most common mistakes made by individuals or organizations they are:
Always play a major role in any hack. For the ease of users, sometimes applications do not enforce password complexity and because of that users use simple passwords such as password, password123, Password @ 123, 12345, God, own mobile number etc.
Weak password does not always mean length and the characters used; it also means guessability. Name@12345, it looks quite complex password but can be guessable. So do not use passwords related to name, place, or mobile number.
Weak passwords can be guessable, or an attacker can bruteforce if the length of the password is very small, so try to use random strings with special characters. Though that can be hard to remember as a security point of view it’s quite secure.
Misconfiguration is when there is an error in system configuration. For example, if setup pages are enabled or a user uses default usernames and passwords, this can lead to breaches.
With setup/app server configuration not disabled, the hacker can determine hidden flaws, and this provides them with extra information. Misconfigured devices and apps present an easy entry point for an attacker to exploit.
Lack of Encryption
For organisations that are responsible for sensitive data and intellectual property approved, hardware encrypted storage devices should be provided as standard. Encryption is a must to ensure that, whether these devices are lost, stolen or forgotten, the data on them is inaccessible should they fall into the wrong hands. Businesses must accept the need for digitisation and the benefits it delivers to storing documents, online backups, document management and remote working. The process is faster, more efficient and, ultimately, safer than offline equivalents with the right controls in place.
Organisations need to have visibility of all devices accessing the network. Security policies that dictate what equipment employees can use can be tricky to enforce and could impede productivity and whilst security controls such as firewalls are essential, these don’t mitigate against employees misusing or losing devices.
Hardware encryption offers much greater security than software encryption and PIN pad authenticated, hardware encrypted USB storage devices offer additional, significant benefits. Being software-free eliminates the risk of keylogging and doesn’t restrict usage to specific Operating Systems; all authentication and encryption processes take place within the device itself, so passwords and key data are never shared with a host computer.
Weak Cyber Hygiene
Cyber hygiene (or cybersecurity hygiene) is a cybersecurity practice that maintains the basic health and security of hardware and software. Cyber hygiene is a joint precautionary measure performed by an organization's security practitioner, computer system administrator and users to help protect from attacks. The basic practice aids in maintaining and protecting already properly functioning devices, ensuring they are protected from threats such as malware.
Cyber hygiene aims to keep any sensitive data organized and secure it from theft or attacks. The concept works similarly to personal hygiene, where an individual maintains their health by taking precautionary measures that would help ensure their health. If an individual neglects their health, they might catch a cold. If an organization neglects cyber hygiene, then it could lead to a virus and data breach.
In order to know what is on an organization's network and how it's associated with risk, an organization needs to develop a cyber resilience plan that can evaluate their cyber hygiene.
Creating a routine around cyber hygiene helps ensure a system's health by enabling practices that continually help
prevent cybercriminals from causing security breaches, installing malware or stealing personal information. Having proper cyber hygiene also ensures better incident response if a successful attack occurs.
5Organizations that rely on only cybersecurity professionals to protect their network and devices ignore the role an individual employee or the end user can have in ensuring security. If employees and end users understand basic cyber hygiene practices, they can play a larger role in protecting and maintaining their devices and networks.
Not all threats to cyber security come from software.The pace at which software updates are released can make it difficult for the hardware to keep up. This, in turn, creates exposures that can put companies’ data at risk. As hardware becomes obsolete, many outdated devices will not allow updates with the latest patches and security measures. Devices that rely on older software are more susceptible to cyber attacks, creating a major potential vulnerability. It is important to monitor this and respond quickly when devices become out of date.
Many attacks start with outdated software. For this reason, not staying up-to-date with software patches leaves companies vulnerable to any number of information security breaches. As soon as attackers learn of a software vulnerability, they can exploit it to launch a cyber attack.Two large-scale cyber attacks launched starting in May 2018 illustrate this trend in cyber security. The attacks exploited a critical weakness in the Windows operating system known as Eternal Blue. Crucially, Microsoft had released a patch for the Eternal Blue vulnerability two months earlier. Organizations that did not update their software were left exposed. Millions of dollars were lost over a simple lapse in updating software.
2. What is the most effective preventive method?
I will try and break down the domains in the following:-
Enterprise Sector : Here the criteria is to have a 24x7 eyes on the screen approach as we all know that most enterprise level organizations already have all the hardware and software which is the best in the industry . Now it's just the matter of being able to react to the event from the moment it's been created and identified as a threat.
SMB Sector (Small Medium Business) : In this sector the emphasis on expenditure on cyber security tends to be low and the staff to augment that would be nearly non existent so the ideal focus area is
to have good quality managed security service providers who are able
to monitor and react to events in real time.
iii. SOHO Domain (Small Office Home Office) : It has become the most
popular domain today with the number of start up companies trying to make it big in the business domain. These companies are usually handled or run by industry professionals who handle High Value Clients and tier data. With the non-existence of an existing environment the emphasis is on endpoint detection and response or a means of keeping the end points used by these professionals safe.
3. How can an attack be identified based on behavioral analysis?
This method is the oldest and most time tested method. Back in the day when Anti Viruses used to use the technology of heuristic behaviour for detection which meant that it used to watch the behaviour of the particular process or program before it flagged it as malicious.
Today with the likes of AI (Artificial Intelligence) and ML (Machine Learning) where the algorithms decide and analyse the difference between a true positive and a false positive. The age-old method of monitoring the behaviour has always led to accurate detections because of the various deception and stealth techniques used by the hackers today.
4. What is your vision in the field of cybersecurity?
My vision is quite simple actually , I don't really advocate these fancy softwares that work on AI & ML. I am an old fashioned eyes on the screen practitioner .
Today with the serious lack of skill and cyber security experts and practitioners . I don't see how the cyber domain will survive without the use of Managed Security Providers . I personally believe that the use of Managed Security Services Providers vs the use of cutting edge technology be used to be able to get real time triage and mitigation which is the need of the hour.
5. What are 3 key points in defense from cyber attack?
1)The Managements outlook to cybersecurity is very important as in organisations if the management don't take it seriously and spend resources and money to be able to achieve it. We are already fighting a losing battle.
2) Prioritizing Your Valuable Assets: This is what we call in cyber security as protecting your crown jewels. We need to be able to know what it is that needs to be protected and where the budget is being spent to keep these critical assets intact.
3) Building a credible cybersecurity framework I’ve also found the security framework is very effective in communicating to the Board of Directors. Remember, many of these people are often in retirement (or near retirement), and IT security means antivirus (if you are lucky). Having a good organized framework provides that same communication medium that enables a productive conversation with your technical staff.
6. How do you see the future of cyber security?
The future is data and as this data is going to be in digitised form. So in simple words the security of the world is going to rely on cyber security. The future wars are not going to be fought on battlefields, it's going to be fought in cyberspace. So as far as I can say the future of Cyber Security is the Security of the Future.