Will your incident response team fight or freeze when a cyberattack hits?
CISOs shouldn’t be surprised to hear that even well-prepared teams can have
moments of paralysis; it’s just human nature, McKeown says. She says sometimes
responders may experience cognitive narrowing, where they’re so focused on the
situation directly in front of them that they can’t consider the full
circumstances—an experience that can stop responders from thinking as they
normally would. Niel Harper, an enterprise cybersecurity leader who serves as a
board director with the governance association ISACA, witnessed a team freeze in
response to a ransomware attack on his first day working with a company as an
advisor. “They literally did not know what to do, even though they had some
experience with [incident response] walkthroughs,” he recalls. “They were in
panic mode.” Harper says he has seen other situations where the response was
stymied and thus delayed. In some cases, teams were afraid that they’d be seen
as overreacting. In others, they were paralyzed with the fear of being
blamed.What Kind of Glasses Are You Wearing? Your View of Risk May Be Your Biggest Risk of All
Consider an organization that is focusing on increasing revenue by expanding outbound sales in new territories in the European market. A compliance-focused organization might conduct an internal assessment of EU General Data Protection Regulation (GDPR) requirements, determine if there are current controls in place to meet them and report metrics indicating the organization is compliant. However, a risk-focused enterprise begins by assessing the unique threats within the region and determining the risk factors that could prevent the organization from conducting sales in Europe. Wearing risk-colored glasses empowers risk professionals to proactively monitor and communicate risk in a context their organization will understand. Viewing business outcomes from this perspective enables organizational leadership to prioritize investments and agree on a suitable level of protection.Australian organisations underinvesting in cyber security
The underinvestment was more stark among small companies, of which 69% had not
invested enough in cyber security, according to the study conducted by Netskope,
a supplier of secure access service edge (SASE) services. Major data breaches
over the past year, however, have cast the spotlight on cyber security, with
over three-quarters (77%) of 300 respondents who participated in the study
noting that their leadership’s awareness of cyber threats had increased. Some
70% also noted an increase in their leadership’s willingness to bolster
investments – the proportion of organisations that are planning bigger cyber
security budgets between 2022 and 2023 jumped to 63%, compared with 45% that saw
increases between 2020 and 2022. This increase is most pronounced among larger
organisations with over 200 employees, where over 80% are increasing cyber
security budgets. Among small firms with fewer than 20 employees, 41% planned to
spend more on cyber security between 2022 and 2023, up from just 23% between
2020 and 2022.What Is Zero-Knowledge Encryption?
Zero-knowledge encryption is not a specific encryption protocol, but a process that focuses on preserving a user’s data privacy and security to the maximum extent. In order for a service to be truly zero-knowledge, a user’s data must be encrypted before it leaves the device, while it’s being transferred, and when it is stored on an external server. This is because modern encryption in general is incredibly effective at barring unauthorized participants from decoding encrypted data. It’s functionally impossible to crack modern-day encryption using brute-force approaches. However, for ease of use and UX benefits, many service providers also hold a user’s encryption key—introducing an additional point of failure that’s attractive for malicious actors because service providers often hold many user keys. There are a variety of benefits (and also detriments) when service providers share knowledge of an encryption key, but it also means that someone other than the user can decrypt the data—which makes it not zero-knowledge.Google Touts Web-Based Machine Learning with TensorFlow.js
Why Do ML over the Web? First off, he mentioned privacy. One common use case is
for processing sensor data in ML workloads — such as data from a webcam or
microphone. Using TensorFlow.js, Mayes said, “none of that data goes to the
cloud […] it all happens on-device, in-browser, in JavaScript.” For this reason,
TensorFlow.js is being used by companies doing remote healthcare, he said.
Another privacy use case is human-computer interaction. “With some of our
models, we can do body pose estimation, or body segmentation, face keypoint
estimation, all that kind of stuff,” Mayes said. Lower latency is another reason
to do ML in the browser, according to Mayes. “Some of these models can run over
120 frames per second in the browser, on an NVIDIA 1070 let’s say,” he said. “So
that’s kind of [an] old generation graphics card and [yet it’s] still pushing
some decent performance there.” Cost was his third reason, “because you’re not
having to hire and run expensive GPUs and CPUs in the cloud and keep them
running 24/7 to provide a service.”Solidifying Risk Management: How to Get Started With Continuous Monitoring
Continuous monitoring entails understanding not only the risks you’re facing now
and those visible on the horizon, but also the risks beyond the horizon. This
requires recognizing risk velocity, acknowledging risk volatility, and
developing and deploying a mechanism by which you can periodically check in on,
and be alerted to, key risks. The key is to think differently, and to use your
360° view of your organization to develop strategies that help you
simultaneously plan and execute in coordination and ongoing communication with
first- and second-line roles. ... KRIs are crucial for continuous monitoring,
helping companies be more proactive in identifying potential impacts. KRIs are
selected and designed by analyzing risk-related events that may affect the
organization’s ability to achieve its objectives. Typically, by looking at risk
events that have impacted the organization (in the past or currently), it’s
possible to work backward to pinpoint the root-cause or intermediate events that
led to them. Using the blockchain to prevent data breaches
A primary reason for the increase in data breaches is over-reliance on
centralized servers. Once consumers and app users enter their personal data,
it’s directly written into the company’s database, and the user doesn’t get much
say in what happens to it afterward. Even if users attempt to limit the data the
company can share with third parties, there will be loopholes to exploit. As the
Facebook–Cambridge Analytica data-mining scandal showed, the results of such
centralization can be catastrophic. Additionally, even assuming goodwill, the
company’s servers could still get hacked by cybercriminals. In contrast,
blockchains are decentralized, immutable records of data. This decentralization
eliminates the need for one trusted, centralized authority to verify data
integrity. Instead, it allows users to share data in a trustless environment.
Each member has access to their own data, a system known as zero-knowledge
storage. This also makes the network less likely to fall victim to hackers.
Unless they bring down the whole network simultaneously, the undamaged nodes
will quickly detect the intrusion.Companies serious about customer privacy in 2023 will start with data security
This should be viewed as an opportunity, rather than yet another compliance
burden for boards to manage. In fact, cyber executives are increasingly viewing
data privacy laws and regulations as an “effective tool for reducing cyber risks
… despite the challenges associated with compliance”, according to the World
Economic Forum. But to improve privacy protections, those same executives must
begin by enhancing security. Why? Because you can have security without privacy,
but never privacy without security. Privacy is the right for data subjects to
control how their personal information is collected, stored and used. Fail to
secure this data and others could access and use it unlawfully. In these terms,
data security is an essential prerequisite for protecting customers’ privacy
rights. It’s telling that the name for data privacy day in the EU is Data
Protection Day. Without adequate “technical and organisational measures” as
cited in Popia, true data privacy will always be out of reach.Healthcare in the Crosshairs of North Korean Cyber Operations
In addition to obfuscating their involvement by operating with other affiliates
and foreign third parties, North Korean actors frequently use fake domains,
personas, and accounts to execute their campaigns, CISA and the others said.
"DPRK cyber actors will also use virtual private networks (VPNs) and virtual
private servers (VPSs) or third-country IP addresses to appear to be from
innocuous locations instead of from DPRK." The advisory highlighted some of
newer software vulnerabilities that state-backed groups in North Korea have been
exploiting in their ransomware attacks. Among them were the Log4Shell
vulnerability in the Apache Log4j framework (CVE-2021-44228) and multiple
vulnerabilities in SonicWall appliances. CISA's recommended mitigations against
the North Korean threat included stronger authentication and access control,
implementing the principle of least privilege, employing encryption and data
masking to protect data at rest, and securing protected health information
during collection, storage, and processing.Three ideal scenarios for anomaly detection with machine learning
When detecting anomalies, the typical way to go in many business areas was
traditionally based on predetermined rules. For example, a fraud detection
system could spot suspicious card payments which greatly exceeded a spending
threshold. The main problem with this approach is its lack of flexibility, given
that the set of rules must be continuously updated to cope with ever-evolving
scenarios, such as anomalous activity due to a new type of malware. Here lies
machine learning’s full potential. Any system fuelled with this technology can
digest enormous datasets, autonomously identify recurring patterns and
cause/effect relationships among the data analysed, and create models portraying
these connections. In addition, when properly trained, such models will be
capable of processing additional data to make predictions, further refining
their skills through experience as they consume more and more information.Quote for the day:
"Don't necessarily avoid sharp edges. Occasionally they are necessary to leadership." -- Donald Rumsfeld
