Daily Tech Digest - February 14, 2023

Will your incident response team fight or freeze when a cyberattack hits?

CISOs shouldn’t be surprised to hear that even well-prepared teams can have moments of paralysis; it’s just human nature, McKeown says. She says sometimes responders may experience cognitive narrowing, where they’re so focused on the situation directly in front of them that they can’t consider the full circumstances—an experience that can stop responders from thinking as they normally would. Niel Harper, an enterprise cybersecurity leader who serves as a board director with the governance association ISACA, witnessed a team freeze in response to a ransomware attack on his first day working with a company as an advisor. “They literally did not know what to do, even though they had some experience with [incident response] walkthroughs,” he recalls. “They were in panic mode.” Harper says he has seen other situations where the response was stymied and thus delayed. In some cases, teams were afraid that they’d be seen as overreacting. In others, they were paralyzed with the fear of being blamed.


What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All

Consider an organization that is focusing on increasing revenue by expanding outbound sales in new territories in the European market. A compliance-focused organization might conduct an internal assessment of EU General Data Protection Regulation (GDPR) requirements, determine if there are current controls in place to meet them and report metrics indicating the organization is compliant. However, a risk-focused enterprise begins by assessing the unique threats within the region and determining the risk factors that could prevent the organization from conducting sales in Europe. Wearing risk-colored glasses empowers risk professionals to proactively monitor and communicate risk in a context their organization will understand. Viewing business outcomes from this perspective enables organizational leadership to prioritize investments and agree on a suitable level of protection.


Australian organisations underinvesting in cyber security

The underinvestment was more stark among small companies, of which 69% had not invested enough in cyber security, according to the study conducted by Netskope, a supplier of secure access service edge (SASE) services. Major data breaches over the past year, however, have cast the spotlight on cyber security, with over three-quarters (77%) of 300 respondents who participated in the study noting that their leadership’s awareness of cyber threats had increased. Some 70% also noted an increase in their leadership’s willingness to bolster investments – the proportion of organisations that are planning bigger cyber security budgets between 2022 and 2023 jumped to 63%, compared with 45% that saw increases between 2020 and 2022. This increase is most pronounced among larger organisations with over 200 employees, where over 80% are increasing cyber security budgets. Among small firms with fewer than 20 employees, 41% planned to spend more on cyber security between 2022 and 2023, up from just 23% between 2020 and 2022.


What Is Zero-Knowledge Encryption?

Zero-knowledge encryption is not a specific encryption protocol, but a process that focuses on preserving a user’s data privacy and security to the maximum extent. In order for a service to be truly zero-knowledge, a user’s data must be encrypted before it leaves the device, while it’s being transferred, and when it is stored on an external server. This is because modern encryption in general is incredibly effective at barring unauthorized participants from decoding encrypted data. It’s functionally impossible to crack modern-day encryption using brute-force approaches. However, for ease of use and UX benefits, many service providers also hold a user’s encryption key—introducing an additional point of failure that’s attractive for malicious actors because service providers often hold many user keys. There are a variety of benefits (and also detriments) when service providers share knowledge of an encryption key, but it also means that someone other than the user can decrypt the data—which makes it not zero-knowledge.


Google Touts Web-Based Machine Learning with TensorFlow.js

Why Do ML over the Web? First off, he mentioned privacy. One common use case is for processing sensor data in ML workloads — such as data from a webcam or microphone. Using TensorFlow.js, Mayes said, “none of that data goes to the cloud […] it all happens on-device, in-browser, in JavaScript.” For this reason, TensorFlow.js is being used by companies doing remote healthcare, he said. Another privacy use case is human-computer interaction. “With some of our models, we can do body pose estimation, or body segmentation, face keypoint estimation, all that kind of stuff,” Mayes said. Lower latency is another reason to do ML in the browser, according to Mayes. “Some of these models can run over 120 frames per second in the browser, on an NVIDIA 1070 let’s say,” he said. “So that’s kind of [an] old generation graphics card and [yet it’s] still pushing some decent performance there.” Cost was his third reason, “because you’re not having to hire and run expensive GPUs and CPUs in the cloud and keep them running 24/7 to provide a service.”


Solidifying Risk Management: How to Get Started With Continuous Monitoring

Continuous monitoring entails understanding not only the risks you’re facing now and those visible on the horizon, but also the risks beyond the horizon. This requires recognizing risk velocity, acknowledging risk volatility, and developing and deploying a mechanism by which you can periodically check in on, and be alerted to, key risks. The key is to think differently, and to use your 360° view of your organization to develop strategies that help you simultaneously plan and execute in coordination and ongoing communication with first- and second-line roles. ... KRIs are crucial for continuous monitoring, helping companies be more proactive in identifying potential impacts. KRIs are selected and designed by analyzing risk-related events that may affect the organization’s ability to achieve its objectives. Typically, by looking at risk events that have impacted the organization (in the past or currently), it’s possible to work backward to pinpoint the root-cause or intermediate events that led to them.


Using the blockchain to prevent data breaches

A primary reason for the increase in data breaches is over-reliance on centralized servers. Once consumers and app users enter their personal data, it’s directly written into the company’s database, and the user doesn’t get much say in what happens to it afterward. Even if users attempt to limit the data the company can share with third parties, there will be loopholes to exploit. As the Facebook–Cambridge Analytica data-mining scandal showed, the results of such centralization can be catastrophic. Additionally, even assuming goodwill, the company’s servers could still get hacked by cybercriminals. In contrast, blockchains are decentralized, immutable records of data. This decentralization eliminates the need for one trusted, centralized authority to verify data integrity. Instead, it allows users to share data in a trustless environment. Each member has access to their own data, a system known as zero-knowledge storage. This also makes the network less likely to fall victim to hackers. Unless they bring down the whole network simultaneously, the undamaged nodes will quickly detect the intrusion.


Companies serious about customer privacy in 2023 will start with data security

This should be viewed as an opportunity, rather than yet another compliance burden for boards to manage. In fact, cyber executives are increasingly viewing data privacy laws and regulations as an “effective tool for reducing cyber risks … despite the challenges associated with compliance”, according to the World Economic Forum. But to improve privacy protections, those same executives must begin by enhancing security. Why? Because you can have security without privacy, but never privacy without security. Privacy is the right for data subjects to control how their personal information is collected, stored and used. Fail to secure this data and others could access and use it unlawfully. In these terms, data security is an essential prerequisite for protecting customers’ privacy rights. It’s telling that the name for data privacy day in the EU is Data Protection Day. Without adequate “technical and organisational measures” as cited in Popia, true data privacy will always be out of reach.


Healthcare in the Crosshairs of North Korean Cyber Operations

In addition to obfuscating their involvement by operating with other affiliates and foreign third parties, North Korean actors frequently use fake domains, personas, and accounts to execute their campaigns, CISA and the others said. "DPRK cyber actors will also use virtual private networks (VPNs) and virtual private servers (VPSs) or third-country IP addresses to appear to be from innocuous locations instead of from DPRK." The advisory highlighted some of newer software vulnerabilities that state-backed groups in North Korea have been exploiting in their ransomware attacks. Among them were the Log4Shell vulnerability in the Apache Log4j framework (CVE-2021-44228) and multiple vulnerabilities in SonicWall appliances. CISA's recommended mitigations against the North Korean threat included stronger authentication and access control, implementing the principle of least privilege, employing encryption and data masking to protect data at rest, and securing protected health information during collection, storage, and processing.


Three ideal scenarios for anomaly detection with machine learning

When detecting anomalies, the typical way to go in many business areas was traditionally based on predetermined rules. For example, a fraud detection system could spot suspicious card payments which greatly exceeded a spending threshold. The main problem with this approach is its lack of flexibility, given that the set of rules must be continuously updated to cope with ever-evolving scenarios, such as anomalous activity due to a new type of malware. Here lies machine learning’s full potential. Any system fuelled with this technology can digest enormous datasets, autonomously identify recurring patterns and cause/effect relationships among the data analysed, and create models portraying these connections. In addition, when properly trained, such models will be capable of processing additional data to make predictions, further refining their skills through experience as they consume more and more information.



Quote for the day:

"Don't necessarily avoid sharp edges. Occasionally they are necessary to leadership." -- Donald Rumsfeld

No comments:

Post a Comment