Category Archives: Technology Risk

Want to scan your crypto wallet for risks? Check: AML crypto BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money.

Closing the Vendor Security Gap

Posted on by

What do organizations really know about their relationships with their vendors?

buy vilitra online familyvoicesal.org/resources/images/jpg/vilitra.html no prescription pharmacy

It’s a question that most companies can’t answer, and for many, that lack of knowledge could represent increased risk of a security breach. This year, Bomgar conducted research into vendor security on a global scale, and the findings underscore that much work remains to be done to shore up third-party security.

The 2016 Vendor Vulnerability Index report produced eye-opening results that should be a wake-up call for business leaders, CIOs and senior IT managers. The survey of more than 600 IT and security professionals explores the visibility, control, and management that organizations in the U.S. and Europe have over external parties accessing their IT networks. Some of the most surprising statistics are summarized below:

  • An average of 89 vendors are accessing a company’s network every week.
  • 92% of respondents reported they trusted their vendors completely or most of the time.
  • 69% said they definitely or possibly suffered a security breach resulting from vendor access in the past year.
  • In the U.S., just 46% of companies said they know the number of log-ins that could be attributed to vendors.
  • Only 51% enforce policies around third-party access.

It’s evident from these findings that third-party access is pervasive throughout most organizations. What’s more, this practice is likely to grow—75% of the respondents stated that more vendors access their systems today than did two years ago. An additional 71% believe this number will continue to increase for another two years.

Two-thirds of those polled admit they have a tendency to trust vendors too much—confidence that should be questioned based on the results of this report. The data revealed that, while most organizations place a high level of trust in their vendors, they still have a low level of visibility into how vendors are accessing their systems.

This contradiction is not something organizations should take lightly. As noted above, 69% of respondents admitted they had either definitely or possibly suffered a security breach resulting from vendor access. An additional 77% believe their company will experience a security issue within the next two years as a result of vendor activity on their networks.

As an organization’s network of vendors grows, so too does the risk of a potential breach. For most companies, it is essential that third-parties have access to sensitive systems as a course of doing business—the question centers on how to grant this access securely.

Historically, companies have used VPNs to provide network access to third-parties.

buy synthroid online familyvoicesal.org/resources/images/jpg/synthroid.html no prescription pharmacy

While appropriate for the intended end-user—remote and/or traveling employees—issues arise when the scope of VPN is trusted to manage connections from external groups. If a system connected via VPN is exploited and used as a point of persistence for leap-frogging into the broader network, hackers can persist for days or months and move stealthily about the network. Companies have also seen malicious (or well-intentioned) insiders choosing to abuse their access to steal or leak sensitive information, as this is all made fairly trivial when leveraging open-ended VPN connectivity.

To balance the dual demands of access and security, companies need a solution that allows them to control, monitor and manage how external parties are accessing their systems. Rather than providing “the keys to the kingdom,” a modern secure access solution enables organizations to grant vendors and other third-parties access only to the specific systems and applications needed to do their jobs.

To ensure security, organizations should also select a secure access solution that provides video and text logs of all session activity. This allows companies to monitor how remote access is being used and, perhaps more importantly, by whom. With this technology, any suspicious activity can be immediately flagged for further investigation. In addition, these session forensics can help companies meet internal and external compliance requirements.

Another secure access best practice is to employ a password/credential vaulting solution. This enables organizations to mitigate the risk of credentials shared between privileged users, which are often the target of a threat actor. It also reduces the risk of what system administrators often think of as “the stickynote nightmare,” where a sensitive credential is written on a stickynote and stuck on someone’s monitor for all who walk by to see. Password vaulting technologies also help with the dangers posed by embedded system service accounts that have administrative privileges and are rarely rotated for fear of bringing critical business services down. A small, yet strong initiative to protect network security would include requiring every privileged user to access credentials required for elevated work via checking out of a password vault. This removes most of the challenges associated with sharing credentials as, once they are checked back in, those credentials can be immediately rotated and thus become unknown to the employee or the bad actor who may have stolen them. Incorporating multi-factor technology in order to access the password vault and other sensitive systems takes it a step further.

In today’s heightened environment, following these steps should be essential security best practices for any company allowing vendors or other third-parties to access their network.

The Vendor Vulnerability Index report suggests that companies are aware of the threats posed by ineffective management and poor visibility into vendor access. Yet, as the data shows, just slightly over half of the respondents are enforcing any policies around third-party access. In light of these findings, companies should also ensure that they are properly screening any third-parties with whom they share network access. For example, does the vendor provide security awareness training as part of their employee on-boarding process?

buy ivermectin online familyvoicesal.org/resources/images/jpg/ivermectin.html no prescription pharmacy

Asking this and similar questions will give companies a clearer picture of the vendor’s security ethos, and help them to determine if the partnership is a good fit to begin with.

In order to combat this growing vulnerability, organizations need granular control over external access. Only with such a solution in place can companies feel confident that their vendors won’t unintentionally become their weakest security link.

10 Lessons Learned from Breach Response Experts

Posted on by

SAN FRANCISCO—As hacking collectives target both the public and private sectors with a wide range of motivations, one thing is clear: Destructive attacks where hackers destroy critical business systems, leak confidential data and hold companies for ransom are on the rise. In a presentation here at the RSA Conference, the nation’s largest cybersecurity summit, Charles Carmakal and Robert Wallace, vice president and director, respectively, of cybersecurity firm Mandiant, shared an overview of some of the biggest findings about disruptive attacks from the company’s breach response, threat research and forensic investigations work.

In their Thursday morning session, the duo profiled specific hacking groups and the varied motivations and tactics that characterize their attacks. Putting isolated incidents into this broader context, they said, helps companies not only understand the true nature of the risk hackers can pose even in breaches that do not immediately appear to target private industry.

online pharmacy tobradex with best prices today in the USA

One group, for example, has waged “unsophisticated but disruptive and destructive” against a number of mining and casino enterprises in Canada. The hackers broke into enterprise systems, stole several gigabytes of sensitive data and published it online, created scheduled tasks to delete system data, issued ransom requests, and even emailed executives and board members directly to taunt them about the data exposed and increase the pressure to pay. Further increasing that pressure, the group is known to contact journalists in an attempt to publicize the exposed data. Victims have endured outages for days while trying to recover data from backups, and some have paid the ransoms, typically requested in the range of $50,000 to $500,000 in bitcoin.

Mandiant refers to this group as Fake Tesla Team because the hackers have tried to seem a more powerful and compelling threat by claiming they are members of Tesla Team, an already existing group that launches DDoS attacks. As that group is thought to be Serbian, they have little reason to target Canadian entities, and indeed, the bits of Russian used by Fake Tesla Team appears to be simply translated via Google.

In all of the group’s attacks that Mandiant has investigated, the hackers had indeed gained system access and published data, but they exaggerated their skills and some of the details of access. Identifying such a group as your attacker greatly informs the breach response process based on the M.O. and case history, Mandiant said. For example, they know the threat is real, but have seen some companies find success in using partial payments to delay data release, and they have found no evidence that, after getting paid, the collective does anything else with the access they’ve gained.

Beyond considerations of specific hacking groups or their motivations, Carmakal and Wallace shared the top 10 lessons for addressing a breach Mandiant has distilled from countless investigations:

  1. Confirm there is actually a breach: make sure there has been a real intrusion, not just an empty threat from someone hoping to turn fear into a quick payday.
  2. Remember you face a human adversary—the attacker attempting to extort money or make other demands is a real person with emotional responses, which is critical to keep in mind when determining how quickly to respond, what tone to take, and other nuances in communication. Working with law enforcement can help inform these decisions.
  3. Timing is critical: The biggest extortion events occur at night and on weekends, so ensure you have procedures in place to respond quickly and effectively at any time.
  4. Stay focused: In the flurry of questions and decisions to make, focus first and foremost on immediate containment of the attack.
  5. Carefully evaluate whether to engage the attacker.
    online pharmacy zydena with best prices today in the USA

  6. Engage experts before a breach, including forensic, legal and public relations resources.
    buy vardenafil online https://galenapharm.com/pharmacy/vardenafil.html no prescription
  7. Consider all options when asked to pay a ransom or extortion demand: Can you contain the problem, and can you do so sooner than the attack can escalate?
  8. Ensure strong segmentation and control over system backups: It is critical, well before a breach, to understand where your backup infrastructure is and how it is segmented from the corporate network. In the team’s breach investigations, they have found very few networks have truly been segmented, meriting serious consideration from any company right away.
  9. After the incident has been handled, immediately focus on broader security improvements to fortify against future attacks from these attackers or others.
  10. They may come back: If you kick them out of your system—or even pay them—they may move on, perhaps take a vacation with that ransom money, but they gained access to your system, so remember they also may come back.

Eliminating Language Barriers Between Information Security and the C-Suite

Posted on by

Whether or not security operations pose a core focus to a company or are an afterthought, the largest obstacle now affecting business and security outcomes is the language barrier that exists between security teams and the C-Suite.

In general, security groups’ budgets have increased over the years, with organizations adding more vendors to the mix, “layering” security with the latest new tool to address the latest threat. One of the newest such tools is “threat intelligence” which organizations are using to form an “intelligence-led security” program, a security operations center, or incident response capabilities. While threat intelligence and other solutions hold the answers to many of the important questions executives ask about cyberattacks, this terminology means nothing to C-level executives, nor does the output from these systems and programs. What does it mean that you have stopped one billion attacks this past month? What impact have the 30 incident responses you’ve run over that same period of time had on the business? What’s the significance to reducing response time from one month to one day?

Executives running and overseeing a company have two primary concerns: increasing revenue and shareholder value. There is a big disconnect between security and the C-suite because they speak two different languages. One is a very technical language that needs a translation layer to explain it to the executives. The other is a very strategic language that needs to be conveyed in a way that makes security part of the team and company, and ensures alignment and participation with the business units and executive suite.

What’s the fix? Communication. Each group has to understand the other at least enough to relay the core concepts as they apply to the other and in a language the other understands. As a first step, some companies are adding a technical expert—a “designated geek,” if you will—to their board of directors so they can work on improving communication and understanding. While that can help, it takes a lot more to make sure priorities, efforts and results don’t get lost in translation.

buy cytotec online thecifhw.com/wp-content/uploads/2023/10/jpg/cytotec.html no prescription pharmacy

A Two-Way Street

Executives need to include the chief information security officer or chief technical officer as part of their strategic discussions and make sure that security leadership has the ability to push that communication down to their teams in a way everyone understands. To that end, CISOs and executives need to train their security operations personnel to ensure they understand the business. This starts by asking some critical questions:

  • Does every member of the security team understand what is it that you sell/produce/provide?
  • What are the things your security teams need to watch out for to protect revenue?
  • Many organizations operate large industrial control systems. If your organization has such a system, is your security team aware of this?
  • If your company is moving into the cloud or is about to launch a mobile app, does your security team know about this and have you enabled them to get the right monitoring in place to protect it?
  • Have you involved the security team as you were designing that new revenue stream, or evolving your business model in some other way, to be sure that security isn’t an afterthought?
    buy amoxil online thecifhw.com/wp-content/uploads/2023/10/jpg/amoxil.html no prescription pharmacy

These are just a few examples of how executives need to think about the enterprise to ensure that security is strategically aligned. It is incumbent on the business to train the security personnel on its priorities so that security teams can look for attacks that are important to the business and take action.

Likewise, security teams need to change how they communicate to the C-suite. Every security team should conduct a stakeholder analysis to identify who needs to be informed of what and when. It all comes down to content, format and frequency. Make sure you have regular communications with not only your peers in security and network operations, but with the business units, risk management, C-level executives, the board of directors, and anyone else in the company that is involved in the day-to-day objectives and operations of the company. The CISO should be the link to make this connection happen, working with executives to establish regular communication.

There is no “right way” to communicate.

buy doxycycline online thecifhw.com/wp-content/uploads/2023/10/jpg/doxycycline.html no prescription pharmacy

Some executives and boards are more technical than others. Security teams need to take the time to learn what type of communication will be most effective or forever struggle to align security with the business. Sticking with the generated metrics of number of events, alerts and incidents per month has far less impact than an update that contains the “who, what, when, where and why” of a thwarted attack. For example: “We identified and stopped one attack this month from a cyber espionage group targeting our Western European manufacturing facility, which is responsible for $20 million per year in revenue to the company.”

For those in security who feel they can’t deliver such a statement because their security infrastructure doesn’t provide that kind of information about threat actors and campaigns, there is a path forward. Look into creating a program that uses adversary-focused, contextual cyber threat intelligence and make sure you understand enough about your business to know the impact of threats against the various business units. With the communication gap closed, and security and business goals aligned, organizations can become more secure, and profitable.

Delta Outage Spotlights Technology Risks

Posted on by


Delta’s computer outage on Jan. 29 was over by midnight, but its effects have extended into the week, not only resulting in 170 cancelations on Sunday, but grounding more than 100 flights on Monday and causing many delays. Adding to the frustration was the fact that the company’s mobile apps were also not working.

This latest incident follows another computer outage for Delta in mid-August, when flights were canceled for two days, leaving thousands of passengers stranded.

Such outages can be costly. A Southwest Airlines outage in July caused more than 2,000 flights to be canceled and cost about $54 million. The August Delta outage, which involved a fire, resulted in cancellation of 2,300 flights over three days and cost the airline $150 million in lost revenue, according to USA Today.

Jim Corridore, an analyst at CFRA Research, told USA Today on Monday that Delta’s computer outage puts a “spotlight on risks of airline technology infrastructure, much of which is old and patched with differing systems.” He said that airlines build new programming over old software, especially after a merger, when computer languages may differ. Programmers’ assumptions about how software will work are sometimes wrong.

While large companies such as Delta would have fewer outages with more testing of their systems, this is an expensive proposition.

online pharmacy suhagra with best prices today in the USA

According to USA Today:

Gil Hecht, CEO of Continuity Software, which tests computer systems for large banks and insurers, compared the construction of complex computer systems to a layer cake, with web servers, database software, storage and possibly interaction with other systems such as government computers that check whether passengers are allowed to fly.

“Testing should be done by every single layer and every single business service that participates in the critical infrastructure, and some of them are simply not under the airline’s control,” Hecht said.
buy silvitra online https://royalcitydrugs.com/silvitra.html no prescription

He compared one way of testing to running a car into a tree to see whether the airbags work, which isn’t possible while keeping a computer system working. Instead, testing for a large financial institution or airline must confirm that each layer is configured to work well with all the others, he said.

online pharmacy abilify with best prices today in the USA

“In order to do that, critical infrastructure operators must do much more testing, whether it’s manual by humans or by technology or by any means possible,” Hecht said. “Yes, it costs money. Quite a lot. But if more money and more effort will be driven into testing, we will have far less down time and data-loss events.”