Anthony Perridge, VP International, ThreatQuotient In 2017, the value per Bitcoin reached over €20,000 (£17,324) – a climax in the…

Subscribe

Anthony Perridge, VP International, ThreatQuotient

In 2017, the value per Bitcoin reached over €20,000 (£17,324) – a climax in the hype surrounding the cryptocurrency. However, confidence has been lacking for the price to remain stable. To date, online currencies are more speculation than real means of payment as concerns around security are being raised. An establishment is only possible if users believe in the value’s sustainability, and this applies to every means of payment.

In no industry is the subjective perception of security as important as in the field of finance. Both private users and large customers are increasingly handling transactions online, so the fear of digital innovation isn’t what stop them from adopting this type of currency. It’s security they really care about, or rather their data’s security. The financial sector has acknowledged this and, must above all focus on security to appease the apprehensions some might have.

Blockchain is considered safe to this day, yet speculation is causing such great uncertainty that cryptocurrencies have not yet developed into serious competition for established currencies. IT decision-makers should therefore always keep in mind the importance of the users’ sense of security in their industry. As part of their digital transformation, many financial organisations have implemented several security tools and also have their own security teams.

These are necessary to comply with legal requirements. After all, almost all other sectors depend on the financial sector. Of course, it is also about the security of customers and partners’ data. Therefore, it is not surprising that this industry has taken a pioneering role over the years. While some organisations already have their own Security Operations Centres (SOCs) to respond to potential threats and identify Indicators of Compromise (IoCs), they should think about other ways to optimise their organisation’s cybersecurity.

From information to intelligence

The SANS Institute recently investigated the latest developments in security and revealed that companies are increasingly taking advantage of Cyber Threat Intelligence (CTI). The findings show a development that goes beyond the expertise of IOC and gives a new perspective of Threat Intelligence.

It is well known that public sources such as the National Cyber Security Centre (NCSC), security vendors and open source communities publish reports and threat feeds on current threats. At the same time, security tools such as Security Information and Event Management (SIEM) or firewalls also collect information that can be used to combat threats and create a situational picture. In addition, there are industry-specific Information Sharing and Analysis Centres (ISACs) that organisations can participate in. The number and quality of both information sources and IoCs continues to grow and is currently the most important resource for an effective cyber-defence.

However, the trend is moving towards Tactics, Techniques and Procedures (TTPs), meaning a better understanding of how the attackers want to penetrate victims’ networks. Instead of focusing only on the evidence of attacks, IT teams should work to stay one step ahead of the criminals by anticipating their next steps: leveraging cyber threat intelligence.

Thus, it is necessary to step away from the manual evaluation of individual fragments to the building of strategic knowledge about the danger landscape and the extent of the threats for the own systems. Without support, the analysis of IoCs is extremely time-consuming. Indeed, IT teams in the financial sector can sometimes find themselves having to compare and check data from different sources manually. In this situation, there’s no agreement on the activities between the individual teams, the work become inefficient and information silos start to emerge. At the same time the number of attacks continues to increase, and the growing networking infrastructures are also more complex.

When IT departments do not have an overview of their own security situation, there is no basis for creating trust – the basic but crucial quality that we mentioned earlier. CTI works at this point: SANS notes that after deploying an appropriate platform, 81 percent see their defence and detection capabilities as improved. It involves partial or complete automation to turn the available information into actionable intelligence and use it in your own organisation.

Building your own Threat Library in practice

It takes a variety of tools and processes to set up your own cyber threat intelligence platform. However, most financial companies already have the most important components for implementation. Often internal data sources already exist: SIEM solutions or threat information from security providers whose solution is used (IDS, Firewall, End Point Security). As mentioned, government agencies and open source offerings (such as www.malwaredomainlist.com) also have reports and analysis. In addition, information from industry associations and their own analyses of network traffic can be incorporated.

The challenging final step is building a cross-platform. The SANS speaks of a collection management platform (CMF), which is characterised mainly by building a local threat database, in which all data from external and internal sources are stored in a central location. In addition, information should then be automatically aggregated, normalised and de-duplicated, as well as relevance and priority for the own company be checked by means of a scoring system. The Threat Library serves as a “single source of truth” for all teams and systems within a company.

In terms of personnel, there are many departments that should be considered: in addition to SOCs and incident response teams, IT operations and security teams can also coordinate their actions with one another via a CTI platform. Of course, the departments are very differently positioned, especially in the financial area. This is why there are also own teams for compliance and audits, but also for the management of vulnerabilities. Moreover, service providers also took on such tasks.

Depending on the size and budget of an organisation, service providers play an important role. However, SANS experts are increasingly recommending partnerships and cooperation rather than considering outsourcing altogether. Proper management of the threat situation is essential, since the cyber threats are already an integral part of everyday life in the area of ​​finance, and organisations must prepare themselves for further attacks. The question then arises as to whether and how strongly your own company is affected.

Conclusion

The Threat Intelligence Platform figures speak for themselves: survey respondents recognise the greatest benefits in improving their security operations, threat detection and attacks, and blocking. Coordinating the use of CTI proved to be of particular value to 90 percent of users stating that it has improved the visibility of threats in their own network environment. Additionally, in almost all cases, the accuracy and speed of eliminating noise improved.

These are all areas that directly affect the user experience. Banking and payment in the digital world are particularly dependent on customers’ trust and subjective sense of security. Therefore, players in the industry need to have a clear understanding of the overall threat situation and their individual threat situation in order to respond properly at all times.

Data breaches are costly. According to a recent Ponemon Institute study, the average breach costs an organisation $3.86 million. A…

Subscribe

Data breaches are costly. According to a recent Ponemon Institute study, the average breach costs an organisation $3.86 million. A separate study found that, although the share price of breach-affected companies shows its sharpest drop 14 days after the breach is made public, there is still a discernible impact on the organisation’s stock valuation three years post-event.

By Josh Lefkowitz, CEO of Flashpoint

Business impacts at this level affect the fundamental financial performance and sustainability of an organisation, which means cybersecurity must no longer be considered an IT issue; it’s a matter for the board in its role as custodian of shareholder value. By managing cyber risk as part of the overall organisational risk strategy, boards can put it into a commercial context and drive the cultural awareness of risk that is essential to promote cyber resilience across the business.

Making the shift from technology-centric to business-centric risk management

Elevating cyber risk management to the board level is not without challenges, however. We are still very much in the midst of a shift in mindset from a technology-centric to a business-centric view of cyber threats. This can result in a disconnect: many boards find it difficult to interpret the information they receive from the IT team, while many IT functions struggle to understand what data the board really needs to carry out effective oversight. This challenge was underlined by EY interviews that found difficulties “obtaining relevant, objective and reliable information, presented in business-centric terms…[and this] affects board members’ ability to understand the risk facing their organisations and evaluate management’s response to these risks.”

This area is where the evolving role of the CISO—sitting between the business and the board—requires a mix of skills. CISOs need both technical expertise in analysing and interpreting threat metrics and technology performance, and the ability to apply these skills in a broader business context for board directors so they can deliver strategic cyber risk oversight and governance for the business.

Reporting to the board – from numbers to narrative

While increasingly boards are factoring cyber skillsets into their succession planning when recruiting new board members, most current board directors don’t have deep experience in cybersecurity. This means that any metric-based reporting should be simple to interpret, including auditable figures that provide an overview of the organisation’s security posture.

Reports should also be framed in terms of the impacts specific security incidents have on the business. For example, a DdoS attack might cause reputational risk, operational risk and strategic risk. And, of course, the flipside of risk is compliance, so the board also needs to know how cybersecurity incidents could impact data privacy and governance.

It’s the role of the board to challenge senior management robustly in order to deliver effective oversight, so CISOs should be ready to answer questions around the organisation’s cybersecurity maturity and the frameworks established to manage emerging threats.

However, while numbers and frameworks are valuable in helping boards evaluate and audit cyber risk posture, when it comes to setting a risk-aware culture, directors really need deeper context around the types of threats specific to their organisation. If board directors are given a window into the environment, tactics, and motivational psychology of actors that target their sector and business, they can better understand the risks themselves. Once that has been achieved, board directors can become an asset to the CISO in promoting a cyber risk-aware culture not just as a tick-box exercise, but because they have genuine appreciation of the factors, and indeed actors, in play.

To achieve this board-level buy-in, CISOs need to move from numbers to narrative to drive the message home. This is where business risk intelligence provides the context that helps bring risk to life.

It’s undoubtedly useful for senior leaders to understand the frequency and type of the cyber-attacks the business experiences, but it’s also valuable for them to know the extent to which the organisation is the topic of conversation in the illicit online communities that initiate those attacks.

Deep and dark web forums, chat services, and other platforms are often where cybercriminals discuss tactics to defraud or infiltrate the organisation. These types of venues are also where company secrets, intellectual property, and stolen data may be offered for sale. An overview of the company’s profile across the deep and dark web, as well as other illicit online communities, and the kinds of tactics that are being discussed, is a powerful way CISOs can help directors gain context to understand what the business faces.

Illustrating third-party risk

Third-party risk, including supply chain weaknesses, is a hot topic among board rooms as businesses realise that keeping their own house in order is not enough. Intelligence gleaned from illicit online communities can also be used to illustrate potential weaknesses in, or threats to, partner organisations. This intelligence can help boards meet objectives to manage supply chain risk.

Successful cyber risk oversight by company boards relies on them receiving a combination of auditable metrics, risk impact assessments and contextual information enabling them to provide informed oversight of cyber risk. Greater understanding of the threat actor environment also assists boards in leading a risk-aware culture across the business, moving from a tick-box approach to a genuine cultural shift.  

Is your company safeguarded against cyber-attacks? In this day and age, new threats to your business’s security are being developed…

Subscribe

Is your company safeguarded against cyber-attacks?

In this day and age, new threats to your business’s security are being developed daily. Ransomware, phishing and data leaking are a constant danger, threatening to take money, steal employee details and damage your customer data.

To prevent damaged relationships between clients and other key stakeholders, you’ll want to ensure that your cyber-security is up to scratch. But, just how is this possible within an ever-evolving digital landscape?

We recommend the following five simple, but effective hacks:

Email

It all starts with a simple email masked as a trusted source, which quickly – and unexpectedly – transforms into a simple way to gain vital, confidential information. Spear phishing has become a successful and popular tool for attackers to gain access to company files and details. With 91 percent of cyber-attacks beginning this way, it’s vital that you acknowledge the threat and generate awareness throughout your business, starting with each and every member of your team.

A key hack that prevents this from happening is keeping as many company emails off your website, opting instead for contact forms. Secondly, ensure employees never send sensitive information via email and educate them about the dangers of sharing company information outside of the workplace. While you may think this should be common knowledge, some staff members do and will overlook the potential consequences.

WiFi

Ever wondered about the dangers of WiFi hacking? Type a quick query into Google and thousands of results will be listed, advising you how to gain access to wireless internet and, more concerningly, how to reap plenty of ‘rewards’ by harvesting information.

The first step to protecting your network is enabling WiFi Protected Access, using encryption to lock all accessible routes. Then, change the SSID’s (wireless network names) in every office. Using the default name allows attackers to use prebuilt password crackers that are associated with common names, so the lengthier and more random the name, the better. This should be coupled with a strong password that will discourage and defence against potential hacks.

Update computers

Ensure that all device updates are implemented company-wide. You may remember the Equifax hack in 2017 where hackers gained access to the details of nearly 150 million people. The breach was caused by an application with vulnerabilities, ones which could have been fixed with a software update 2 months prior to the attack.

This highlights how important updates are. Hackers can easily find vulnerabilities in any software if they search long and hard enough, so in response, updates release new code that can patch up any holes and protect your company’s devices from malicious malware. Never overlook the value of software updates – they may appear annoying or inconvenient, but they serve a very valuable purpose.

Backup

If your company spans multiple offices, then you’ll likely be employing a cloud service so different departments have access to relevant files. Unfortunately, these digital filing cabinets are very susceptible to hacks. A fail safe method to guarantee protection is hard to come by, but there are simple measurements you and your staff can put in place.

A two-step authentication process should be introduced that requires your staff to confirm a code. The best way to do this is through the use of apps like Duo which constantly change and update the code required. Another option is through a key that can be plugged into a computer. It’s an extra-secure method that can be used with some of the most popular cloud storage options.

Employee education

Arguably the most effective thing you could do when developing your cyber-security strategy is educating your staff.

In accordance with the GDPR regulations, every member of staff should be aware of how to handle private and confidential information securely and safely, regardless of the department they work in. However, there is no harm in taking the time to set up full and comprehensive protocols for all aspects of cyber-security.

Introduce policies for how all information should be stored, provide password support that ensures no password is used twice and encourage the use of two factor authentication. Also, be sure to develop protocols should a data breach happen and only provide staff access to files that are required for their job roles. It’s recommended that regular training takes place in every office to keep staff up to date with the latest security changes.

These 5 tips may appear simplistic, but in the fast-paced environment associated with the modern businesses, it can be easy to opt for ease over safety. Make sure everything digitally hosted is fully protected from potential threats and consider what could be the biggest danger for your company to prepare for.

Tim Holman is CEO at 2|SEC Consulting, a cyber and information security consultancy