CSO Online News
4 steps to better security hygiene and posture management
Fri, 09 Apr 2021 02:00:00 -0700

As the old security adage goes, “a well-managed network/system is a secure network/system," and this notion of network and system management is a cybersecurity foundation.  Pick any framework (e.g., NIST Cybersecurity framework), international standard (e.g., ISO 27000), best practice (e.g., CIS 20 Critical Controls) or professional certification (e.g., CISSP), and much of the guidelines presented will be about security hygiene and posture management.

Another time-honored colloquialism also comes to mind here: “An ounce of prevention is worth a pound of cure.”  From a cybersecurity perspective, all frameworks, standards, and best practices suggest that security strategies start with some fundamentals like an inventory of all assets on the network, hardened configurations, least privilege accounts, system/data classification, rapid vulnerability discovery/remediation, and continuous monitoring.  Get these right and you make it harder for adversaries to exploit your assets. 

To read this article in full, please click here

Security Recruiter Directory
Fri, 09 Apr 2021 02:00:00 -0700

Looking for a qualified candidate or new job£ CSO's security recruiter directory is your one-stop shop.

The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.

If you're a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.

To read this article in full, please click here

Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
Thu, 08 Apr 2021 02:00:00 -0700

Since December, the US has been in a cybersecurity crisis following FireEye’s bombshell that Russian hackers implanted espionage malware throughout US private sector and government networks through the SolarWinds supply chain hack. Despite growing pressure from Congress, the still-new Biden administration has released few details on how it plans to respond to this massive intrusion or the more concerning discovery in January of widespread and scattershot attacks by Chinese state operatives on Microsoft Exchange email server software.

To read this article in full, please click here

What is IAM£ Identity and access management explained
Thu, 08 Apr 2021 02:00:00 -0700

IAM Definition

Identity and access management (IAM) in enterprise IT is about defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications. Users include customers, partners and employees; devices include computers, smartphones, routers, servers, controllers and sensors. The core objective of IAM systems is one digital identity per individual or item. Once that digital identity has been established, it must be maintained, modified and monitored throughout each user’s or device’s access lifecycle. 

How to reset Kerberos account passwords in an Active Directory environment
Wed, 07 Apr 2021 02:00:00 -0700

Most large enterprises regularly change their Kerberos passwords. Small- to medium-sized businesses, however, might not have changed them since implementing their domain infrastructure. When an attacker wiggles into a network, they can use the golden ticket attack sequence. Active Directory (AD) uses the KRBTGT in the AD domain for Kerberos tickets. If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication.

Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor
Tue, 06 Apr 2021 12:44:00 -0700

A group of criminals behind a stealthy backdoor known as more_eggs is targeting professionals with fake job offers tailored to them based on information from their LinkedIn profiles. The gang is selling access to systems infected with the backdoor to other sophisticated cybercrime groups including FIN6, Evilnum and Cobalt Group that are known to target organizations from various industries.

Coca-Cola trade secret theft underscores importance of insider threat early detection
Tue, 06 Apr 2021 02:00:00 -0700

The trial of Xiaorong You is set to begin today, April 6, in Greenville, TN. She is accused of trade secret theft and economic espionage after allegedly stealing bisphenol-A-free (BPA-free) technologies owned by several companies, including her former employers Coca-Cola and Eastman Chemical Company. The value placed on the development of the stolen technologies is $119.6 million. Other affected companies include Azko-Nobel, Dow Chemical, PPG, TSI, Sherwin Williams and ToyoChem.

The details of the case suggest that the damages You is allegedly responsible for could have been minimized if better real-time insider threat detection methods had been in place. They also outline possible motives for the theft of the intellectual property: ego and money.

To read this article in full, please click here

What's next for encryption if the RSA algorithm is broken£
Tue, 06 Apr 2021 02:00:00 -0700

What if a big crack appeared overnight in the internet's security layer£ What if the fracture reached deep into the mathematical foundations of the cryptographic algorithms£ That appeared to happen in early March when a paper dropped with a tantalizing conclusion in the abstract: “This destroys the RSA cryptosystem.”

The SolarWinds hack timeline: Who knew what, and when£
Mon, 05 Apr 2021 02:00:00 -0700

Details of the 2020 SolarWinds attack continue to unfold, and it may be years before the final damages can be tallied.

While it is “hard to say” if the SolarWinds software supply-chain compromise will become known as the highest-impact cyber intrusion ever, it did catch “many people off guard” despite the security industry’s frequent warnings that supply chains pose substantial risks, according to Eric Parizo, principal analyst of security operations at Omdia, a global research firm.

To read this article in full, please click here

Top 5 skills a SOC analyst needs
Mon, 05 Apr 2021 02:00:00 -0700

A security operations center (SOC) analyst works within a team to monitor and fight threats to an organization's IT infrastructure, as well as to identify security weaknesses and opportunities for potential improvements. Since a SOC analyst must juggle multiple critical tasks spanning technical, analytical, and business areas, finding qualified candidates is often challenging. Fortunately, pinpointing expert hires can be made much easier by focusing on the following five key skills that every SOC analyst should possess:

1. Collaboration

Aptitude and drive are common and valued traits in smart, motivated people, yet SOC analysts must also be able to work closely and effectively with colleagues. "If you're looking at the SOC as a cohesive unit, you're looking for a lot of collaboration," says Scott Dally, director of NTT's security division's security operations center. "The ability to share information with other analysts through threat intelligence [ensures] that, collectively, the entire unit is on the same page for any given threat."

To read this article in full, please click here

New US CISO appointments, March 2021
Fri, 02 Apr 2021 02:00:00 -0700

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security.

Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have an announcement of your own that you would like us to include here, contact Amy Bennett, executive editor.

To read this article in full, please click here

How the CISO role is evolving
Thu, 01 Apr 2021 02:00:00 -0700

CISO definition

The chief information security officer (CISO) is the executive responsible for an organization's information and data security. While in the past the role has been rather narrowly defined along those lines, these days the title is often used interchangeably with CSO and VP of security, indicating a more expansive role in the organization.

Not every company has a top-level security executive: According to IDG's 2020 Security Priorities Study, 61% of surveyed companies do, though that rate goes up to 80% for large enterprises. But in companies that employ such an executive, they play an important role: the same study found that companies without a CISO or CSO were more likely to say their employee security training was inadequate and their security strategy was insufficiently proactive than those who had such officers.

To read this article in full, please click here

What are phishing kits£ Web components of phishing attacks explained
Thu, 01 Apr 2021 02:00:00 -0700

Editor's note: This article, originally published on August 7, 2018, has been updated to include new information on phishing kit features.

Phishing is a social attack, directly related to social engineering. Commonly centered around email, criminals use phishing to obtain access or information. Phishing attacks can be basic or customized toward the victim and their organization.

A phishing attack with a directed focus is called spear phishing. If, for example, the criminal were targeting a group or person within a company, they'd use spear phishing to make the email look and feel legitimate. Usually this is done by using the victim's correct name and title, referencing legitimate projects, known co-workers, or spoofing an email from a senior executive.

To read this article in full, please click here

Microsoft 365 Defender updates bring a single portal view
Wed, 31 Mar 2021 02:00:00 -0700

I recently spoke with Microsoft’s Rob Lefferts, corporate vice president, program management, M365 security and compliance, about recent updates to Microsoft 365 Defender solutions. Many of you are familiar with Microsoft 365 for Endpoint. If you have the proper licensing (E5), it allows you to drill down into exactly what your workstations are getting into trouble with and what risks they are bringing to your network.

PHP backdoor attempt shows need for better code authenticity verification
Tue, 30 Mar 2021 12:57:00 -0700

Unknown attackers managed to break into the central code repository of the PHP project and add malicious code with the intention to insert a backdoor into the runtime that powers most websites on the internet. The hackers impersonated two high-profile PHP developers, but the code commits were not very subtle and were detected within hours when other developers reviewed them.

The incident didn't have a widespread impact like the recent SolarWinds compromise or other supply chain attacks where backdoors made it into stable releases of software products and were pushed out to regular users. However, it made the PHP Group, the organization that maintains PHP, reconsider how its code infrastructure is run.

To read this article in full, please click here

10 pioneering women in information security
Tue, 30 Mar 2021 02:00:00 -0700

In the 1950s, women were calculating U.S. space missions, and by the 1960s they were programming mainframe computers. So, it should come as no surprise that there are also many remarkable female pioneers in computer and information security.

In honor of Women’s History Month, here are some of these women and their key contributions to the field.

Codebreakers and signal hoppers

Let’s start with WWII female codebreakers, like former Navy lieutenant Judy Parsons, a graduate of Carnegie Institute of Technology who joined the US Navy's WAVES (Women Accepted for Volunteer Emergency Service). She and her OP-20-G group of WAVES helped sink 95 German U-boats during WWII thanks to their codebreaking efforts.

To read this article in full, please click here

Booming dark web gig economy is a rising threat
Tue, 30 Mar 2021 02:00:00 -0700

“I need a site hacker for $2,000,” “Break this site for $10K,” “Can you collect information from our competitors’ websites£” or “Can you delete reviews£ Budget $300.”

Posts like these, in which individuals try to hire black hats, have flooded some of the most active hacking forums on the dark web. Most such messages are about attacking websites, buying and selling customer databases, or gaining access to corporate web resources. Most people want to buy, but a few also sell. Both new and experienced cyber criminals advertise what they can offer, revealing their expertise and their willingness to break the law.

To read this article in full, please click here

(Insider Story)
BrandPost: Episode 4: Reduce SOC burnout
Mon, 29 Mar 2021 12:07:00 -0700

In the fight against cybercrime, the battleground for many organizations is the security operations center. The SOC is ground zero for figuring out if an organization is under attack – and how to respond swiftly and efficiently if malicious behavior is detected.

It’s high-stakes work – and the stakes keep rising as the way people work evolves and more applications and workloads move to the cloud. These shifts are increasing the attack surface in new and sometimes unexpected ways.

“It’s a never-ending trend of increasing complexity, increasing vulnerability, [and increasing] expectations of security teams to be able to defend organizations in a world that is growing more and more diverse, with employees doing more and more different kinds of things, all of which represents opportunity for hackers,” says Rob Lefferts, Corporate Vice President of Microsoft 365 Security and Compliance.

To read this article in full, please click here

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Mon, 29 Mar 2021 04:27:00 -0700

While sophisticated ransomware and nation-state threat actors target US critical infrastructure, the only protection most organizations have against these attacks is tight and effective cybersecurity. These attacks have drawn government attention and sparked calls for liability protection against malicious intrusions. If organizations want this protection, however, lawmakers say they need to step up their game to implement better cybersecurity practices.

During a Senate Intelligence Committee hearing last month, Chairman Mark Warner (D-VA) said, "While I am very open to some level of liability protection, I'm not interested in a liability protection that excuses the kind of sloppy behavior, for example, that took place in Equifax, where they didn't even do the basic cyber hygiene."

To read this article in full, please click here

Can WebAuthn and U2F finally give us safe and easy Two-Factor authentication£
Mon, 29 Mar 2021 04:00:00 -0700
Using your smartphone for two-factor authentication is easy, but it's not as secure as you might think. The real future for secure 2FA lies in the WebAuthn and Universal 2nd Factor standards.
DNS over HTTPS, DNS over TLS explained: Encrypting DNS traffic
Mon, 29 Mar 2021 02:00:00 -0700

Being the backbone of the internet, the Domain Name System (DNS) protocol has undergone a series of improvements and enhancements over the past few years. The lack of stringent protections in the original DNS specification and discovery of security weaknesses over time, such as the decade-old Kaminsky bug, gave birth to the Domain Name System Security Extensions (DNSSEC) in 2010.

Attracted to disaster: Secrets of crisis CISOs
Mon, 29 Mar 2021 02:00:00 -0700

Stephanie Benoit-Kurtz spent much of her career taking jobs where the priority is crisis cleanup.

“I’m brought in when organizations don’t have what they need and they need someone to figure that out,” she says. That means assessing cybersecurity capabilities, pinpointing problems, and closing gaps. The work makes her, in her words, “a nicely paid janitor.”

Benoit-Kurtz and other security experts like her have plenty of opportunities for work, with high-profile breaches and hacks pushing CEOs and boards to hire new leadership, hoping that the top-level switch-up will set their organizations on a better course in the aftermath of a disaster.

SolarWinds, for example, hired former CISA chief Chris Krebs and former Facebook CSO Alex Stamos as consultants in early 2021, shortly after the discovery that Russian hackers had compromised the company’s software and used it as a pathway to launch other attacks.

To read this article in full, please click here

(Insider Story)
Women IT leaders reset the CIO-CISO relationship
Fri, 26 Mar 2021 02:00:00 -0700
AvidXchange CIO Angelic Gibson and CISO Christina Quaine are bridging the gap between IT and security by drawing on their experiences as women rising the ranks in IT.
The race to secure 5G
Fri, 26 Mar 2021 02:00:00 -0700

Increased bandwidth and lower latency create the opportunity to develop ecosystems that can transform entire industries. The combination of IoT, 5G, cloud, data analytics, quantum computing, and AI paves the way for new and improved products and services in the energy, transportation, manufacturing, healthcare and logistics industries, to name a few.

5G also offers the foundation for a robust IoT ecosystem that will allow enterprises to harness data in unprecedented ways and enable governments to offer improved services to their constituents. By 2023, there will be more than one billion 5G connections, according to forecasts from International Data Corporation (IDC). Key drivers such as ever-increasing online content consumption, expanded reliance upon IoT devices, and the popularity of cloud gaming mean this rapid growth will continue for the foreseeable future.

To read this article in full, please click here

(Insider Story)
CSO's ultimate guide to security and privacy laws, regulations, and compliance
Fri, 26 Mar 2021 02:00:00 -0700

This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or regulation as well as information about what and who is covered.

CSO updates this directory, originally published on January 28, 2021, frequently as new laws and regulations are put in place.

Click on a link to skip to information and resources on that law:

Broadly applicable laws and regulations

Industry-specific guidelines and requirements

US state laws

International laws

Broadly applicable laws and regulations

To read this article in full, please click here

BrandPost: Episode 3: The Zero Trust Model
Thu, 25 Mar 2021 09:32:00 -0700

Trust. It’s essential in successful relationships. A lack of trust among people can be hurtful – or demeaning. But in security, trusting no one — or nothing — until it is verified  is becoming a smart strategy for defensive posture. It’s a concept known as Zero Trust.

A Zero Trust model embraces three principles:

  1. Verify explicitly, by continuously authenticating and authorizing access
  2. Use least-privileged policies to limit user access with just-in-time and just-enough-access, and
  3. Assume breach, which minimizes a breach radius by segmenting access by network, user, devices, and app awareness.

Zero Trust is different from a perimeter-based defense because instead of only building a moat, security teams also focus on protecting what’s inside the perimeter with strong authentication and security standards that minimize privileges, giving users access only to those things they need to do their work.

To read this article in full, please click here

How the Lift mentoring program gives women in cybersecurity a leg up
Thu, 25 Mar 2021 02:00:00 -0700

Audrey Gonzalez was advancing her cybersecurity career when, instead of looking to the next rung, she thought about leaving the profession altogether.

“I felt inadequate. I was feeling like I was not cut out for this type of work, that my peers were more qualified,” Gonzalez remembers.

Had she left, Gonzalez’s departure would have been one more blow to a field that already suffers from too few professionals to meet demand as well as an underrepresentation of women.

But before that happened, Gonzalez shared her self-doubts with her mentor who in turn shared insights about impostor syndrome—the feeling of being not as competent as others believe you to be—and how common it is.

To read this article in full, please click here

Business continuity and disaster recovery planning: The basics
Thu, 25 Mar 2021 02:00:00 -0700

Editor's note: This article, originally published on March 27, 2014, has been updated to more accurately reflect recent trends. 

Wildfires in California. A snowstorm in Texas.  Windstorms across the Midwest. Floods in Hawaii. Hurricanes in Florida and Louisiana. Russian hackers and ransomware attacks. And let’s not forget the global pandemic.

To read this article in full, please click here

Why XDR must include MDR
Wed, 24 Mar 2021 02:00:00 -0700

In my last blog post, I described how the market for eXtended Detection and Response (XDR) is evolving and how CISOs should approach this new and promising technology. It was good and useful information, if I do say so myself, but it didn't directly address the question why security professionals should care about XDR in the first place.

The answer: Because XDR has the potential to accelerate threat detection/response while streamlining security operations. 

I’ve been writing about security operations and analytics platform architecture (SOAPA) since 2016.  From its inception, SOAPA was designed as an interoperable security operations technology architecture, using APIs, messaging buses, vendor co-development, and custom coding as a means for integration.  The vision for XDR is that it will deliver an out-of-the-box SOAPA.  Large enterprise organizations will still operate other specialized security operations technologies like threat intelligence platforms (TIPs) and security orchestration, automation, and response (SOAR) platforms, but XDR will integrate with these systems while acting as a central hub for security operations.

To read this article in full, please click here

(Insider Story)
How Azure Active Directory helps manage identity for remote users
Wed, 24 Mar 2021 02:00:00 -0700

The pandemic has pushed admins to realize that identity should be the first thing they think of when designing a secure network. If you aren’t prioritizing your identity focus in your organization, it’s time for you to do so. If you’re managing identity with an on-premises mindset but support remote staff, then it might be time to update your approach.

Feed Fetched by RSS Dog.