Naturally, the challenges facing the modern CISO are not focused on one front. Those on the receiving end of cyber attacks are of just as much concern as those behind them. More than half believe that users are the most significant risk facing their organisation. And just like the threats from the outside, there are several causing concern from within. Human error, criminal insider attacks and employees falling victim to phishing emails are just some of the issues keeping CISOs up at night. With many users now out of sight, working remotely, at least some of the time, these concerns are more pressing than they may once have been. Nearly half of UK CISOs believe that remote working increases the risk facing their organisation. And it’s easy to see why. Non-corporate environments tend to make us more prone to errors and misjudgement, and in turn, more vulnerable to cyber attack. Working from home also calls for slight alterations to security best practice. The use of personal networks and devices may require increased protocols and protections.
There are, however, tools that can help train defenders or aid in discovering gaps in defensive investment. There are three initial considerations for these tools. For the best defenders, identifying behavior, not static signatures or tools, is crucial. By correlating events and telemetry, they can spot new / unknown tools and react faster. To create this, the simulation tool must run complex chains of techniques based on the environment; checking the OS, downloading an implant, executing persistence, then searching local files before moving laterally, as an example. Secondly, the solution’s techniques must be relevant, basing them on updated imitations of those observed from real actors. Use of threat intelligence will benchmark against genuine attackers instead of generic outdated threats, decreasing the likelihood of defensive gaps. Finally, being able to get metrics on the performance of the current defensive set-ups it requires the solution to integrate with the SIEM. Without this, the ability to gain evidence on MITRE mapped control failing becomes cumbersome and error prone.
Operating in today's climate means updating mindsets, processes, budgeting cycles, incentive systems and traditional ways of working. It's not about ping pong tables and arcade rooms. It's being better at delivering on core competencies than competitors and having the digital savviness required to succeed in a digital-first world. However, the most valuable trait is curiosity because curiosity leads to experimentation, innovation, optimization, and learning. “Disruptors face the challenge of explaining the concept and the benefits of the new approach. Many organizations struggle to grasp it and operate under the inertia of business as usual,” says Greg Brady, founder and chairman of supply chain control tower provider One Network Enterprises. “The COVID-19 pandemic has opened the eyes of many executives to the shortcomings of the old way of doing business.” Some organizations attempt to mimic what the digital disrupters do. However, their success tends to depend on the context in which the concept was executed.
Like Tibetan-prayer-wheels, each framework promises to be the best business changer if one follows their special consultancy. Affected by the marketing machinery, executives and senior managers pick one of them. Hoping it will suit them instead of looking to their inner and outer organizational opportunities and boundaries to find real value adding outcomes for their business. These artificial dual operating systems get designed alongside the line organisations with their job descriptions, hierarchies, performance contracts, engineering models and cultural values. Hurdles are preprogramed because for many technical driven enterprises, industrial standards simply don’t scale with agile frameworks. A logical inference is that the necessary variety is very much lost. Operationalization of variety with minimal investment costs are entrapped. Consequently, the change system behavior will be like dandelion seeds - the change will take time, costs will spread, and development transaction costs will increase.
NVMe’s parallelism is fundamental to its value. Where SAS-based storage supports a single message queue and 256 simultaneous commands per queue, NVMe ramps this all the way up to 64,000 queues, each with support for 64,000 simultaneous commands. That massive increase is key to enabling you to ramp up the number of VMs on a single physical host, driving greater efficiency and easing management. Identifying individual workloads and planning for growth over time--along with high availability needs and continuity requirements (backup/restore, replication, geo-redundancy, or simply disaster recovery)--can help paint a picture of what you need in an NVMe array. While each of these considerations has the potential to drive up the initial cost of whichever NVMe array you select (or multiple arrays, when you consider redundancy), smart investments that match your needs ultimately reduce your cost of ownership in the long run. NVMe arrays are big-ticket items, so efficient storage practices are critical to making the most of the hardware you buy and extending the lifecycle of your storage media.
In a traditional waterfall model, teams release new features to an entire user base at one time. Using progressive delivery, you roll out features gradually. Here’s how it works: DevOps managers first ship a new feature to release managers for internal testing. Once that’s done, the feature goes to a small batch of users to collect additional feedback, or is incrementally released to more users over time. The final step is a general launch when the feature is ready for the masses. It’s a bit like dipping your toes into the water before diving in. If something goes wrong during a launch, you haven’t exposed your entire user base to it. You can easily roll the feature back if you need to and make changes. Progressive delivery emerged in response to widespread dissatisfaction with the continuous delivery model. DevOps teams needed a way to control software releases and catch issues early on instead of pumping out bug-filled versions to their users, and progressive delivery met this requirement.
Politics are another strong motivation for employees to become insider threats. For example, an employee might be upset with his or her work situation or job title but can't see a way to fix it because of inter-office politics. This could lead to that employee becoming disgruntled and wanting to take revenge on the company. This situation is common in enterprise-level organizations, where management doesn't take the time to get to know their employees or address their concerns. Providing an environment where employees can reach their full potential and have open lines of communication with their chain of command can help mitigate potential political concerns. This ties closely to professional reasons. For example, employees might feel slighted after being passed over for a promotion, or they might be the target of an internal investigation for misconduct. On the other hand, they could find themselves the target of misconduct by a peer or boss, which could lead them to take matters into their own hands. Humans are emotional creatures, and this, of course, applies to employees as well.
SecOps team members or external consultants can comb through the data to find the original malware that caused the attack, determine how it got onto the network in the first place, map how it traversed the network and determine which systems and data were exposed. Note that the storage capacity required to store even a week’s worth of packet data can quickly become prohibitively expensive for high-speed networks. To have a realistic chance of storing a large enough buffer, these organizations will need to be smart about where to capture and how much to capture. One way to do this is to use intelligent packet filtering and deduplication by front-ending the packet capture devices with a packet broker to reduce the amount of data saved. Another method is using integrations between the security tools and the capture devices to only capture packet data correlated with incidents or high alerts. Using a rolling buffer strategy to overwrite the data after a “safe period” has passed will also reduce storage requirements.
What people often forget is that the shiny all-singing, all-dancing device in their pocket is also a highly capable surveillance device, boasting advanced sensory equipment (camera and microphone), and a wealth of tracking information. People just assume that their mobile device is secure and often use it with less care (from a security point of view) for things that they wouldn’t do on a laptop. To this end, we now have a vast industry that sets out to secure and empower productivity on the basis that people can work anywhere and often use their devices for both work and personal use. Mobility and cloud technology have become essential with most people now working and managing their personal lives in a digital fashion. To coin a saying from the world of Spiderman (slightly out of context) — with great power comes great responsibility. We now live in a world where the once humble communication device is now a very powerful tool that needs to be used responsibly in the face of those wishing to act in a nefarious way.
You probably already know the importance of data literacy, but to frame this article, let's position the benefits in a modern data governance setting. The best way to do so is to use an example where the absence of data literacy led to disastrous consequences. There are many well-known examples of data literacy issues leading to extreme failures. However, one of the most significant occurred at NASA in 1999 and led to the loss of a $125 million Mars probe. The probe burnt up as it descended through the Martian atmosphere because of a mathematical error caused by conflicting definitions. The navigation team at NASA's Jet Propulsion Laboratory (JPL) worked in the metric system (meters and millimeters), while Lockheed Martin Astronautics, the company responsible for designing and building the probe, provided the navigation team with acceleration data in imperial measurements (feet, pounds, and inches). Because there were no common terms or definitions in place, the JPL team read the data inaccurately and failed to quantify the speed at which the craft was accelerating. The result was catastrophic, but it could have been easily avoided if a system of data literacy had been in place.
Quote for the day:
"The first key to leadership is self-control" -- Jack Weatherford