Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label CISO. Show all posts
Threat Landscape
CISO Cyber Security data science Penetration Testing Threat Landscape

Offensive Security Necessitates a Data-driven Approach for CISOs

 

There remains a significant disparity in utilisation of resources between defensive and offensive cybersecurity technologies. When comparing the return on investment (ROI) for defensive and offensive investments, security experts discovered that offensive security routinely outperforms defensive security. For example, penetration testing not only identifies vulnerabilities, but it also addresses and seals potential access sites for hackers. 

This recognition should drive organisations and their security leaders to consider why there is so little investment in offensive security solutions. Many CISOs recognise a clear market gap in offensive security tactics, with acquired tooling fatigue unable to satisfy the changing needs of modern enterprises. CISOs must now look into how a data-driven approach may generate a proven ROI for each offensive security expenditure they make. 

Data science and cybersecurity: A powerful duo

In an era of digital transformation and networked systems, cybersecurity incidents have increased tremendously. Businesses face a slew of dangers, including unauthorised access and malware attacks. To tackle this, data science may give analytics that assist security leaders in making informed decisions about their cyber resiliency plans and tactics. 

Data analytics, whether powered by security providers and in-house technology like AI/ML or threat intelligence feeds, entails identifying patterns and insights from cybersecurity data, generating data-driven models, and developing intelligent security systems. By analysing relevant data sources from security testing across assets, systems, customers, and industries (including network activity, database logs, application behaviour, and user interactions), they may deliver actionable intelligence to secure their assets.

However, the most significant component of data analytics is that it improves data-driven decision-making by giving much-needed context and proof behind user behaviours, whether authorised or unauthorised. Data-Driven Decision Making in Offensive Security Data-driven decision-making is the foundation for effective offensive security. Here's how it takes place.

• Threat Intelligence: Data analytics allows organisations to gather, process, and analyse threat intelligence. Defenders obtain real-time insights from monitoring indicators of compromise (IoCs), attack patterns, and vulnerabilities. These findings inform proactive steps like fixing key vulnerabilities and modifying security rules. 

• Behavioural analytics: Understanding user behaviour is critical. Data-driven models detect anomalies and highlight questionable activities. For example, unexpected spikes in data exfiltration or atypical login patterns will prompt an alarm. Behavioural analytics can also help uncover insider threats, which are becoming increasingly prevalent. 

Challenges and future directions 

While data analytics can boost offensive security and decision-making, major challenges persist. Data quality is critical for accurate and actionable intelligence; as the phrase goes, "Garbage in, garbage out." Balancing privacy and ethics can also be difficult, but because security testing data should be free of PII, this should not be the primary focus, but rather intelligence that can help make better decisions.

Ultimately, offensive security practitioners must anticipate adversary attacks. However, the future seems promising, as data analytics can propel offensive security as a viable and evidence-based strategy. With analytics, security executives can proactively defend against attacks. As threats develop, so should our data-driven defences.
Read more »
Technology
AI CISO cyber threat Data protection LLM Machine learning Ransomware Technology

Enterprise AI Adoption Raises Cybersecurity Concerns

 




Enterprises are rapidly embracing Artificial Intelligence (AI) and Machine Learning (ML) tools, with transactions skyrocketing by almost 600% in less than a year, according to a recent report by Zscaler. The surge, from 521 million transactions in April 2023 to 3.1 billion monthly by January 2024, underscores a growing reliance on these technologies. However, heightened security concerns have led to a 577% increase in blocked AI/ML transactions, as organisations grapple with emerging cyber threats.

The report highlights the developing tactics of cyber attackers, who now exploit AI tools like Language Model-based Machine Learning (LLMs) to infiltrate organisations covertly. Adversarial AI, a form of AI designed to bypass traditional security measures, poses a particularly stealthy threat.

Concerns about data protection and privacy loom large as enterprises integrate AI/ML tools into their operations. Industries such as healthcare, finance, insurance, services, technology, and manufacturing are at risk, with manufacturing leading in AI traffic generation.

To mitigate risks, many Chief Information Security Officers (CISOs) opt to block a record number of AI/ML transactions, although this approach is seen as a short-term solution. The most commonly blocked AI tools include ChatGPT and OpenAI, while domains like Bing.com and Drift.com are among the most frequently blocked.

However, blocking transactions alone may not suffice in the face of evolving cyber threats. Leading cybersecurity vendors are exploring novel approaches to threat detection, leveraging telemetry data and AI capabilities to identify and respond to potential risks more effectively.

CISOs and security teams face a daunting task in defending against AI-driven attacks, necessitating a comprehensive cybersecurity strategy. Balancing productivity and security is crucial, as evidenced by recent incidents like vishing and smishing attacks targeting high-profile executives.

Attackers increasingly leverage AI in ransomware attacks, automating various stages of the attack chain for faster and more targeted strikes. Generative AI, in particular, enables attackers to identify vulnerabilities and exploit them with greater efficiency, posing significant challenges to enterprise security.

Taking into account these advancements, enterprises must prioritise risk management and enhance their cybersecurity posture to combat the dynamic AI threat landscape. Educating board members and implementing robust security measures are essential in safeguarding against AI-driven cyberattacks.

As institutions deal with the complexities of AI adoption, ensuring data privacy, protecting intellectual property, and mitigating the risks associated with AI tools become paramount. By staying vigilant and adopting proactive security measures, enterprises can better defend against the growing threat posed by these cyberattacks.

Read more »
Threat Landscape
Business Security CISO Cyber Security Dark Web Data Privacy Threat Landscape

Here's Why Tracking Everything on the Dark Web Is Vital

 

Today, one of the standard cybersecurity tools is to constantly monitor the Dark Web - the global go-to destination for criminals - for any clues that the trade secrets and other intellectual property belonging to the organisation have been compromised. 

The issue lies in the fact that the majority of chief information security officers (CISOs) and security operations centre (SOC) managers generally assume that any discovery of sensitive company data indicates that their enterprise systems have been successfully compromised. That's what it might very well mean, but it could also mean a hundred different things. The data may have been stolen from a supply chain partner, a corporate cloud site, a shadow cloud site, an employee's home laptop, a corporate backup provider, a corporate disaster recovery firm, a smartphone, or even a thumb drive that was pilfered from a car.

When dealing with everyday intellectual property, such as consumer personal identifiable information (PII), healthcare data, credit card credentials, or designs for a military weapons system, knowing that some version of it has been acquired is useful. However, it is nearly hard to know what to do unless the location, timing, and manner of the theft are known. 

In some cases, the answer could be "nothing." Consider some of your system's most sensitive files, including API keys, access tokens, passwords, encryption/decryption keys, and access credentials. If everything is carefully recorded and logged, your team may find that the discovered Dark Web secrets have already been systematically deleted. There would be no need for any further move.

Getting the info right

Most CISOs recognise that discovering secrets on the Dark Web indicates that they have been compromised. However, in the absence of correct details, they frequently overreact — or improperly react — and implement costly and disruptive modifications that may be entirely unnecessary. 

This could even include relying on wrong assumptions to make regulatory compliance disclosures, such as the European Union's General Data Protection Regulation (GDPR) and the Securities and Exchange Commission's (SEC) cybersecurity obligations. This has the potential to subject the organisation to stock drops and compliance fines that are avoidable. 

Establishing best practices

You must keep a tightly controlled inventory of all of your secrets, including intricate and meticulous hashing techniques to trace all usage and activity. This is the only way to keep track of all activity involving your machine credentials in real time. If you do this aggressively, you should be able to detect a stolen machine credential before it reaches the Dark Web and is sold to the highest bidder.

Another good strategy is to regularly attack the Dark Web — and other evil-doers' dens — with false files to add a lot of noise to the mix. Some discriminating bad guys may avoid your data totally if they are unsure if it is genuine or not.
Read more »
Technology
Artifcial Intelligence CISO Cyber Attacks CyberCrime DevSecOps Privacy and Security Technology

AI's Dark Side: Splunk Report Forecasts Troubled Trends in Privacy and Security

 




There is no doubt that AI is going to be very beneficial to security professionals, but cybercriminals will be looking for ways to harness the power of AI to their advantage as well. As bad actors push artificial intelligence to new extremes, Splunk's Security Predictions 2024 report predicts that it will certainly expand organisations' attack surfaces. 
As a result of the advancement of artificial intelligence, malicious actors will have a better chance of enhancing their portfolios and strategies. As it is anticipated that new threats will emerge in 2024, a new wave of attack methods spawning not only from artificial intelligence but also from the robust adoption of 5G in India is anticipated.

As a result, cybercriminals will have more opportunities to exploit cybercriminals since the attack surface is already wide. According to Robert Pizzari, Group Vice President, Strategic Advisor, Asia Pacific, Splunk, cybercriminals will have more opportunities. Among the key trends in security and observability that Splunk has identified for 2024, are the following: 

It is anticipated that, by 2024, CISOs will also have a greater stake at stake due to the increasing stringency, complexity, and difficulty of navigating the regulatory environment. According to the State of Security 2023, 79% of line-of-business stakeholders see the security team as either a trusted resource for information or as one of the most critical enablers of the organisation's mission. 

It was recently found in a recent Splunk report that 86% of security leaders believe that generative AI will help alleviate skill gaps and talent shortages. AI will take on security tasks. It will become more of a virtual assistant than an assistant, as it will take care of repetitive, mundane, and labour-intensive tasks that are not necessary to perform. 

While the majority of people are excited about AI, they are also nervous - CIOs and CTOs will feel the pressure to get more from less in this year's budget, making it the year of mindful budgets and massive disruption. People are excited about AI, but they are also nervous - and there will be tremendous pressure on CIOs and CTOs. With artificial intelligence, users can better understand what's going on in an environment by detecting and identifying anomalies. 

However, it would not replace manual troubleshooting. Many companies are going to use artificial intelligence to detect anomalies first, then move on to investigation and respond automatically. 

Automated remediation is something people can expect to see shortly. It has become apparent that observability can be a meaningful signal for security operations: There are a significant number of vendors who sell security products separate from one another. 

The lack of interoperability of their products is often a cause of frustration for their customers. There's no question that a DevSecOps mindset will lead the organisation - whether it's big or small - towards digital resilience, no matter if the servers are in the cloud or in the back corner of your garage.
Read more »
Technology
CIO CISO CISOs Cyber Security IT Companies Technology

The Convergence of CIO and CISO Roles in the Digital Age

 


As businesses embrace the cloud, software-as-a-service (SaaS), and remote work, a million-dollar question arises: How will these roles evolve? The answer seems as complex as the myriad factors influencing it – company size, industry, culture, existing organizational charts, and future digital transformation plans, to name a few. Some advocate maintaining the status quo, while others propose a more specialized split between a business-oriented executive focused on risk management and compliance, and a technical executive honing in on threat prevention and response.

Regardless of the path chosen, the crux of the matter remains – the imperative need for collaboration and alignment between CIOs and CISOs. In a world where successful digital transformation is contingent upon the delicate relation between innovation and security, these IT leaders find themselves at the forefront, shaping the future of businesses large and small. The article will delve into the intricacies of this new development, shedding light on the collaborative journey of CIOs and CISOs as they navigate the ever-changing currents of technology and cybersecurity.

About two decades ago, CIOs primarily focused on managing an organization's IT infrastructure and applications. However, with the rise of digital transformation, cloud computing, and remote work, their role has shifted. Today, CIOs act as brokers of IT services, concentrating on how technology can drive innovation and effectively managing resources.

Concurrently, the profile of CISOs has been on the rise, fueled by compliance mandates, data breaches, and emerging cybersecurity threats. Compliance requirements such as HIPAA, PCI DSS, GDPR, and SOC 2 have played a dual role – increasing the visibility and budgets for cybersecurity teams but often falling short in addressing sophisticated threats like phishing and ransomware.

The growing importance of digital security at the board level has prompted CIOs, traditionally the voice of digital matters, to delve deeper into understanding cybersecurity. This trend blurs the lines between the roles of CIOs and CISOs.

Enter digital transformation, offering an opportunity to enhance cybersecurity. Despite some skepticism about its promises, digital transformation has necessitated closer collaboration between CIOs and CISOs. While CIOs continue to guide the ship, CISOs have become proactive partners, deeply involved in operational decision-making from the outset.

As companies embrace the cloud, software-as-a-service (SaaS), and remote work, the question arises – how will these roles evolve? The answer is not straightforward and depends on various factors like company size, industry, culture, and existing IT setup. Some suggest maintaining the status quo, while others propose splitting the roles into a business-oriented executive focusing on risk management and compliance, and a more technical executive concentrating on threat prevention and response.

Regardless of the direction these roles take, the overarching theme is the critical need for collaboration and alignment between CIOs and CISOs for successful digital transformation. This synergy is essential not only during the transformation process but also for navigating the evolving cybersecurity landscape.

In essence, the traditional boundaries between CIOs and CISOs are fading, giving way to a collaborative approach that acknowledges the intertwined nature of technology and cybersecurity. As companies navigate this evolution, the success of their digital transformation hinges on the ability of these IT leaders to work hand-in-hand, ensuring a secure and innovative future for businesses of all sizes.

This transformative shift emphasises the importance of simplifying and strengthening the relationship between CIOs and CISOs, creating a united front against the ever-growing challenges of the digital age.


Read more »
RBI
Banks CISO Corporate Cyber Security Opensource RBI

Enhancing API Security: CSPF's Contribution to Wallarm's Open-Source Project

 

In the ever-evolving landscape of digital security, the Cyber Security & Privacy Foundation (CSPF) remains a beacon of innovation and support. Our mission extends beyond mere advocacy for cybersecurity; we actively enhance the tools that fortify our digital world. A testament to this commitment is our recent focus on Wallarm's API Firewall, a robust tool designed to protect APIs from emerging cyber threats. 
 
Our journey with Wallarm's API Firewall began with a simple yet powerful intention: to make this tool not just effective but also adaptable to the stringent requirements of B2B and high-security environments. In doing so, we embarked on a path that not only led us to add new functionalities but also to discover and rectify hidden vulnerabilities. 
 
Introducing the AllowedIPList Feature and Addressing the Denylist Bug 
 
The new feature we introduced, the AllowedIPList, is a game-changer for API security. It restricts API access to specific, pre-approved IP addresses, an essential requirement for secure, business-to-business communications and high-security domains. This addition ensures that only authorized machines can interact with the API, thereby enhancing the security manifold. 
 
In our journey of innovation, we encountered a critical bug in the existing Denylist feature. The Denylist, designed to block requests using certain compromised keys, cookies, or tokens, had a significant flaw. The bug stemmed from a cache implementation error, leading to the failure of adding entries to the Denylist if the list was shorter than 53 characters. This vulnerability was particularly concerning for shorter tokens, commonly used in HTTP basic authentication and cookies.  
 
Our team promptly addressed this issue, ensuring that the Denylist functioned as intended, regardless of the character count. The resolution of this bug, alongside the implementation of the AllowedIPList, marked a significant enhancement in the API Firewall's security capabilities. 
 
The Broader Impact of Open-Source Contributions 
 
This initiative underscores the importance of not just using open-source software but actively contributing to it. While the immediate financial returns might be non-evident, such contributions lead to a more secure and robust digital ecosystem. It is through diverse collaboration and multiple perspectives that we can uncover and rectify latent vulnerabilities. 

Link - 

https://github.com/CSPF-Founder/api-firewall/tree/main
 
Founder & TechCore Team
Cyber Security and Privacy Foundation
https://github.com/CSPF-Founder/
Read more »
Digital Security
Chief Information Security Office CISO CISO role Cyber Defence Cyber Privacy Cyber Security Digital Security

Why T-POT Honeypot is the Premier Choice for Organizations

 

In the realm of cybersecurity, the selection of the right tools is crucial. T-POT honeypot distinguishes itself as a premier choice for various reasons. Its multifaceted nature, which encompasses over 20 different honeypots, offers a comprehensive security solution unmatched by other tools. This diversity is pivotal for organizations, as it allows them to simulate a wide range of network services and applications, attracting and capturing a broad spectrum of cyber attacks. 
 
Moreover, the integration with the custom code developed by the Cyber Security and Privacy Foundation is a game-changer. This unique feature enables T-POT to send collected malware samples to the Foundation's threat intel servers for in-depth analysis. The results of this analysis are displayed on an intuitive dashboard, providing organizations with critical insights into the nature and behaviour of the threats they face. This capability not only enhances the honeypot's effectiveness but also provides organizations with actionable intelligence to improve their defence strategies. 
 
The ability of T-POT to provide real-time, actionable insights is invaluable in today’s cybersecurity landscape. It helps organizations stay one step ahead of cybercriminals by offering a clear understanding of emerging threats and attack patterns. This information is crucial for developing robust security strategies and for training cybersecurity personnel in recognizing and responding to real-world threats. 
 
In essence, T-POT stands out not only as a tool for deception but also as a platform for learning and improving an organization’s overall cybersecurity posture. Its versatility, combined with the advanced analysis capabilities provided by the integration with the Cyber Security and Privacy Foundation's code, makes it an indispensable tool for any organization serious about its digital security. The honeypot api analyses malware samples and the result of the honeypot can be seen on the backend dashboard. 
 
Written by: Founder, cyber security and privacy foundation.
Read more »
RBI
App Developers Banks CISO Developers RBI

Security Issue in Banking Applications?

Recently, we tested a mobile application of a BFSI platform, which allowed the organization's employees to view and interact with new customer leads. 

The mobile app had a password-based authentication system, with the username being the mobile number of the user. We identified a major weakness in this mobile app. The app allows a user to reset the password if they can prove themselves via an OTP. When the 'forgot password' button is pressed, the user is sent to a page where they are prompted to enter an OTP. The OTP is sent to the phone number, and if the wrong OTP is entered, the server responds with `{"OTP":"Failure"}`. While this seems to have been implemented properly, we tried to change the server response by conducting an MITM. We changed the response from the server to `{"OTP":"Success"}`. This redirection led us to the password change screen, where we were prompted to enter a new password. 

Initially, we believed this was only a visual bug and that the password reset would fail. However, we soon discovered that the password reset page itself does not check the OTP, and there is no session to track the successful OTP. This means any attacker can take the password change request, replace the phone number, and change the password of any other user (phone number). In simple terms, the OTP verification and the password reset page are not connected. The password reset API call did not have any verification or authentication to ensure only the correct user can change the password. 

This reveals how BFSI developers, when asked to build an app, often create the requested features without considering any security architecture. These apps are usually rushed, and only the positive/happy paths are checked. Security testing and architecture are often considered only as an afterthought. Unless BFSI incorporates security architecture into the development stage itself, such vulnerabilities will continue to emerge.  

By
Suriya Prakash
Head DARWIS 
CySecurity Corp

Read more »
SolarWinds
CISO Cyber Security Cyberattacks CyberCrime Microsoft SEC SolarWinds

SEC's Legal Action Against SolarWinds and CISO Creates Uncertainty in Cybersecurity

 




In the lawsuit, the plaintiffs allege that CISO Timothy Brown, who was in charge of managing the company's software supply chain at the time of the massive cyberattack, has failed to disclose critical information regarding the attack. 

Several government agencies, corporations, and government-related organizations across the world rely on SolarWinds' product solutions. As a result of the complex attack, which is widely attributed to state-sponsored Russian hackers, numerous networks have been compromised. As a result of this breach, a significant amount of attention was paid to cybersecurity, and several hacks, investigations, and regulatory concerns followed. 

The hacker's identity has been confirmed as being a Russian government-linked hacker, and the company has been infiltrated with malicious code through its IT monitoring and management tool Orion, which was reportedly injected by them. 

A hack affecting more than 18,000 organizations worldwide was initially estimated to have occurred in October of last year, including the U.S. Dept of State and Homeland Security Department as well as the National Security Agency, as well as Microsoft Corporation. Nevertheless, SolarWinds later estimated that there were under 100 customers who had been affected by this. 

SolarWinds and Brown are being charged by the SEC for fraud and a failure to comply with internal controls relating to alleged threats and vulnerabilities related to cybersecurity. It is alleged in the complaint that since the date of SolarWinds' first public offering in October 2018, until December 2020, when it announced that it had been hacked, SolarWinds and Brown have been defrauding investors by overstating the company's cybersecurity practices and understating or failing to disclose certain risks that may have affected the company's investors.

It seems that the software maker and its chief information security officer are now facing charges of fraud and internal control failures. In an announcement released by the Securities and Exchange Commission (SEC) on Monday, it was alleged that SolarWinds and Brown misled investors about their cybersecurity practices, known security risks, and weaknesses throughout the company's history. 

Earlier investigations into SolarWinds' hack concluded that attackers were in the company's network for at least two years before they were discovered, indicating the attackers were well embedded in the company's network. It was alleged that Brown helped and abetted SolarWinds' violations of the Exchange Act's reporting and internal control provisions and that he was responsible for helping SolarWinds to breach these provisions. 

There seems to be a lack of transparency in cybersecurity incident reporting, as highlighted by the SEC's recently implemented four-day reporting rule. It is stated in the complaint that the SEC seeks permanent injunctions, disgorgement with prejudgment interest, civil penalties, as well as a bar against Brown as an officer and director of the corporation. In this case, the SEC has brought a lawsuit against a CISO that alleges that he has mismanaged cybersecurity risks in his organization, which is an extremely rare case. 

In the suit, SolarWinds' chief information security officer is accused of knowing about vulnerabilities in the company's systems but failing to disclose them adequately to its investors, resulting in misleading statements in the company's SEC filings which the SEC claimed were fraudulent. According to a variety of industry experts, the SEC's lawsuit has received mixed reviews. 

The fact that CISOs are being held accountable is seen as a necessary step when it comes to holding them accountable for the actions that they take as a result of cyber security concerns. CISOs are argued by some to be the most important individuals in the safeguarding of a company's digital assets, and they must be transparent about potential threats to their organization and the regulators as well. 

The lawsuit has drawn the attention of many people, including SolarWinds itself, which claims it sets a problematic precedent. CISOs fear that sharing information about cyber threats within their organizations might lead to their being liable for legal action, so they are reluctant to do so. As a result, they say, the industry could have difficulties responding effectively to cyberattacks and protecting sensitive data as a result. 

A blog post by Sudhakar Ramakrishna, President of SolarWinds, addressing the SEC's charges, states that the charges threaten a piece of open information sharing across the industry that cybersecurity experts think is necessary for our collective security. 

Further, they might disenfranchise cybersecurity professionals across the country and put them out of action, thereby taking these cyber warriors out of active service. It is likely that, in response to this lawsuit, many CISOs and cybersecurity professionals will examine their responsibilities and roles in a more detailed manner. Legal teams will be consulted by many of these employees for them to be clear about the legal risks associated with their positions.

To strike a balance between the transparency of their disclosure practices and their potential liability, others will surely revise them. As a result of the COVID-19 pandemic and the rapid shift to remote work, companies continue to struggle to secure remote access. However, the Sophos report revealed that the problem persists, even though companies struggle to secure remote access. 

According to the cybersecurity company's mid-year "Active Adversary Report," 95% of the attacks in the first half of 2023 were carried out via remote desktop protocol. As a bonus, attackers are increasingly targeting VPNs as a means of gaining remote access, another area that's been difficult to defend for the last few years. 

Even though attackers exploited a critical flaw that was disclosed in December, malicious activity against Fortinet VPN instances increased in February. According to the report, CISOs, particularly those who oversee public companies, should take an inventory of their security programs and make sure that the information they share with the public is based on fact rather than spin, which is what is causing concerns.” 

The SEC, which has filed this suit against privately held companies, is setting a new standard for security disclosures for those companies. Until further notice, there is no way to predict what will happen about SolarWinds' lawsuit and what implications it will have on the cybersecurity industry in general. It serves as a stark reminder to all CISOs that, regardless of the outcome, they are constantly facing a complex landscape of legal and regulatory challenges, as well as a rapidly evolving role.
Read more »
Zero Trust
Cisco Cisco Security CISO CISO perspective Cyber Security Identity Market Security Solutions Zero Trust

Cisco: Leadership Awareness Fuels the Booming Identity Market


The latest research conducted by Cisco Investments with venture capital firms reveals that most CISOs believe complexity in tools, number of solutions and technical glossaries are among the many barriers to zero trust. 

It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.

Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.

From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.

The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs. 

Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.

Demands of CISOs: Ease of Use, Holistic Platforms, CIEMs

The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:

  • The fragmented world of security silos is because of the lack of unified platforms for IAMs, identity governance and administration, and privileged access control. 
  • Enterprise clients are embracing cloud service providers' offerings for managing cloud infrastructure entitlements.
  • The CISOs were against the use of acronyms since they were bothered by the overuse of acronyms like CIEM.

Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”

Top Motivators Will Look for Management Solutions 

Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.

Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms: 

  • Ease of integration (21% of those polled). 
  • Platform-based solution, versus single-point or endpoint offerings (15%). • Ratings from independent analysts (15%). 
  • Price (11%). 
  • Market adoption (11%). 
  • Simplicity of deployment and operations (10%). 
  • Ability to deploy at scale quickly (9%). 
  • Ability to add features easily (8%).     

Read more »
Vulnerability
CISO Cyber Attacks Data Exploits Ransomware Safety Security Vulnerability

This Ransomware Targets Several English-Speaking Nations

 

According to findings by Cisco Talos, a group of researchers, a fresh variant of ransomware is suspected to be employed in a series of attacks on entities situated in China, Vietnam, Bulgaria, and a number of English-speaking nations. 

The cybersecurity experts disclosed on Monday that they have come across a hitherto unidentified threat actor, reportedly based in Vietnam, who has been launching these attacks since as far back as June 4.

This newly identified malware is a modified version of the Yashma ransomware. It's worth noting that the Yashma strain had become significantly less active following the release of a decryption tool last year.

“Talos assesses with high confidence that this threat actor is targeting victims in English-speaking countries, Bulgaria, China and Vietnam, as the actor’s GitHub account, ‘nguyenvietphat,’ has ransomware notes written in these countries’ languages. The presence of an English version could indicate the actor intends to target a wide range of geographic areas,” the researchers said in a report.

“The threat actor may be of Vietnamese origin because their GitHub account name and email contact on the ransomware notes spoofs a legitimate Vietnamese organization’s name. The ransom note also asks victims to contact them between 7 and 11 p.m. UTC+7, which overlaps with Vietnam’s time zone.”

The perpetrator's ransom note closely resembles that of WannaCry, a notorious ransomware that gained widespread attention in 2017 due to its high-profile attacks. The ransom note is available in multiple languages, including English, Bulgarian, Vietnamese, and Chinese.

If victims fail to make the payment within three days, the ransom amount will double. The attackers have provided a Gmail address for communication. Interestingly, the ransom note lacks a specified ransom amount, and the Bitcoin account shared in the note doesn't contain any funds, suggesting that the operation might still be in its early stages.

Upon encrypting victim systems, the wallpaper is changed to display a message asserting that all files have been encrypted.

According to Cisco Talos, the Yashma ransomware is essentially a rebranded version of Chaos ransomware, which first emerged in May 2022. After a thorough examination of Yashma's features by BlackBerry security researchers last year, Cisco Talos observed that the new variant mostly retains the core elements of the original ransomware.

One significant change highlighted by Cisco Talos is that this new variant no longer embeds the ransom note within the ransomware itself. Instead, it retrieves the ransom note from a GitHub repository controlled by the threat actors. This modification is intended to evade endpoint detection solutions and antivirus software, which typically detect ransom note strings embedded in the binary.

Another noteworthy characteristic preserved in this variant is Yashma's anti-recovery capability. This involves wiping the content of the original unencrypted files, replacing them with a single character '?' before deleting the file altogether. This tactic complicates efforts by incident responders and forensic analysts to recover deleted files from the victim's hard drive.

Various organizations monitoring ransomware attacks have noted a substantial increase in the emergence of different strains. FortiGuard Labs reported a significant uptick in the growth of ransomware variants, largely attributed to the adoption of Ransomware-as-a-Service (RaaS).

Ransomware expert Allan Liska from Recorded Future pointed out that many so-called "new" ransomware strains are essentially variations of previously released versions. Data gathered by his team demonstrated that fewer than 25% of the supposed 328 "new" ransomware variants are genuinely novel.
Read more »
Security Professionals
Chief Information Security Officer CISO CISO role Cyber Security Employees IT Security Professionals

With CISOs' Evolved Roles, They Must Also Evolve Their Ways


Evolving Role of CISO

Before the rapid development and popularity of digitization, the role of CISO (Chief Information Security Officer) was constrained to just being a part of IT teams, directing IT staff and planning cybersecurity defense. Regardless of conducting crucial tasks, CISOs were not traditionally a part of high management and had limited influence on the main business.

This has changed due to the rising risk of a cybersecurity breach and the rising expense of remediation. CISO is no longer a mere security evangelist, but holds much greater significance in the IT world. 

However, with more power comes more responsibility. The cyber landscape now has become more complicated than ever, with more frequent cybercrime activities being witnessed than ever before. As cyberattacks become more complex, frequent, and damaging, the CISO is ultimately responsible for any defensive blunders made in defending against existing and new risks.

Moreover, the shortage of security professionals only adds to the struggle and strain that comes with this profession. Thus, CISO is required to focus on this issue to maintain its efficiency, with their evolving jobs. They may both safeguard their businesses and reduce their stress levels by devoting time and money to important areas like cultivating loyalty, dealing with legacy systems, and developing a culture that prioritizes security.

Building Loyalty and Skills

Competing with one another, CISOs are striving to acquire qualified cybersecurity personnel. Because there is now a dearth of qualified cybersecurity professionals and great demand, the majority of them may select where they work and demand higher pay. It will be challenging to compete with this, especially for CISOs who increasingly have more budgetary authority but also more accountability for spending wisely.

CISO can instead employee professionals who are not much skilled in cybersecurity, or even work in IT. They might gradually transition into important new cybersecurity responsibilities with the correct training and assistance. After all, not all cybersecurity positions require technological expertise.

Moreover, for roles that do require technical skills, Many firms have an underutilized resource—their developer community. Developers are in a great position to upgrade their skills, could learn secure coding approaches, and share responsibility for security because of their solid understanding of how computers function. 

Looking internally eventually profits a firm’s morale and loyalty. Also, the corporation gains new cybersecurity expertise, and their employees gain whole new lucrative career.

Dealing with Legacy Systems

Patching systems and keeping them up-to-date is not an easy task. While many company are already equipped with built up infrastructure, including legacy equipment, frameworks, and equipment that has been tightly interwoven into their work processes, ripping out and replacing is not an easy alternative. CISOs are responsible for preserving and managing these older programs, while also using the most recent apps that are running in hybrid clouds and using contemporary frameworks. 

However, cybercriminals are smart. When attempting to hack into a network or steal data, they nearly always seek for the weakest link, and such outdated frameworks, apps, and infrastructures are frequently the chosen targets.

Thus, CISOs are required to work on their maintenance plans for all legacy software. External access should be completely eliminated, if at all possible, but it is crucial that teams receive training in security best practices for all active programming languages through practical training methods and courses. Nothing gets left behind when the most recent technologies are used alongside outdated languages that have proper security support.

Creating a Security-First Culture 

In order to improve security and ease the CISO's workload, the solution may not entirely depend on technology. The best way to genuinely establish a company where security is a top priority is through a shift in culture. CISOs are in a unique position to drive this transition, both with other executives and the people they lead. They are both members of senior management and members of the security team.

A security-first culture will thus implant security into every aspect of a company's operations. Instead of being a consideration until later in the SDLC, developers should be able to write secure code that is devoid of flaws and resistant to assaults right away. This effort should be led by designated security champions from among the developer ranks, who will serve as both a coach and a motivator. With this strategy, security is ingrained in the team's DNA and supported by management rather than being mandated from above.

While these changes cannot be met overnight, they may happen gradually with some combined efforts. Since, the threat landscapes remain complex, highly advanced and ubiquitous to be handled by any one individual or a small team. Thus, it requires every employee – no matter their role – to actively contribute to increased security; only then will a business have a chance to prevent costly breaches and downtime. 

Read more »
Technology
CISO Cyber risks data security New Technology Technology

CISOs Leading Cyber Risk Engagement with C-Suite & Board

 

In a significant move to enhance cybersecurity measures, the Securities and Exchange Commission (SEC) has recently approved new regulations. These rules mandate that public companies must promptly disclose any cybersecurity breaches within a strict four-day timeframe. Additionally, the SEC requires these companies to elevate their Board's proficiency in handling cyber risk and overseeing cybersecurity matters. 

The proposal for these regulations was initially introduced in 2022, and the final decision was reached in July 2023, marking a crucial step in bolstering cybersecurity practices in the corporate sector. Over time, computing technologies have witnessed an extraordinary exponential growth through distinct eras. 

Initially, we saw the dominance of centralized mainframes, which later gave way to microcomputers and personal computers (PCs) during the 1990s. The subsequent era was marked by the rise of the internet, followed by the revolutionary surge in mobile devices during the 2000s. As we moved into the 2010s, the expansion into cloud computing emerged as a pivotal trend, reshaping the landscape of technology and opening new possibilities for the future. 

Successful engagement with the C-suite hinges on establishing a clear and straightforward link between cyber risk and business risk. The key lies in presenting a comprehensive understanding of the severe implications that such attacks could have on essential business objectives. By doing so, organizations can foster a deeper appreciation of cybersecurity's critical role in safeguarding their core business interests. 

As cyber threats evolve, the regulatory environment surrounding cyber risk is also evolving. The recent implementation of new SEC regulations has spurred a transformation in boardrooms' approach to cyber resilience in the digital era. Recognizing the pressing need for proactive data protection and defense, boardrooms are now more committed than ever to providing organizations with the necessary resources to effectively safeguard their data and fend off cyber attacks. 

This shift marks a significant step towards fortifying organizations against the ever-changing cyber landscape. This paradigm shift is causing a ripple effect, leading to increased demand for insights and counsel from security leaders by their Boards. 

According to a recent CAP Group Study, a staggering 90% of companies listed in the Russell 3000 index lacked a single director possessing the required cyber expertise. Consequently, CISOs are now stepping into the spotlight and being tasked with establishing and maintaining open lines of communication throughout the boardroom. Their expertise and ability to bridge the knowledge gap are becoming pivotal in guiding organizations towards effective cyber risk management and resilience.
Read more »
Zero Trust
CIO CISO Cyber Security IAM Identity and Access Management ITDR Multi-factor authentication Zero Trust

Things CISOs Need to Know About Identity and Access Management


These days, threat actors are utilizing Generative AI to steal victims’ identities and profiting through deepfakes and pretext based cyberattacks. With the most recent Verizon 2023 Data Breach Investigations Report (DBIR) indicating that pretexting has doubled in only a year, well-planned attacks that prey on victims' trust are becoming more common. Identity and access management (IAM) is a topic that is now being discussed at the board level in many businesses due to the increased danger of compromised identities.

Building IAM on a Foundation of Zero Trust to Increase its Effectiveness

Zero trust is an essential requirement for getting an IAM right, and identity is at the heart of zero trust. CISOs must adopt a zero-trust framework thoroughly and proceed as though a breach has already occurred. (They should be mindful, though, that cybersecurity providers frequently exaggerate the possibilities of zero trust.)

According to CrowdStrike’s George Kurtz, “Identity-first security is critical for zero trust because it enables organizations to implement strong and effective access controls based on their users’ needs. By continuously verifying the identity of users and devices, organizations can reduce the risk of unauthorized access and protect against potential threats.” He says that“80% of the attacks, or the compromises that we see, use some form of identity and credential theft.”

What Must CISO Know About IAM in 2023? 

According to CISO, one of the significant challenges in staying updated with the IAM technology is the pressure that comes with their cybersecurity tech stakes and goals like getting more done with less workforce and budget. 63% percent of CISOs choose extended detection and response (XDR), and 96% plan to combine their security platforms. The majority of CISOs, up from 61% in 2021, have consolidation on their roadmaps, according to Cynet's 2022 CISO study.

As customers combine their IT stacks, cybersecurity providers like CrowdStrike, Palo Alto Networks, Zscaler, and others see new sales prospects. According to Gartner, global investment in IAM will increase by 11.8% year between 2023 and 2027, from $20.7 billion to $32.4 billion. Leading IAM suppliers include IBM, Microsoft Azure Active Directory, Palo Alto Networks, Zscaler, CrowdStrike, Delinea, Ericom, ForgeRock, Google Cloud Identity, and AWS Identity and Access Management.

We are mentioning some of the IAM aspects that CISOs and CIOs must know of in 2023:

Audit all Access Credentials and Rights to Prevent the Growing Credential Epidemic

An Insider attack is a nightmare for CISOs, raising concerns about their jobs that keep them up all night. According to some CISOs, a notorious insider attack that is not caught on time could cost them and their teams their jobs, especially in financial services. Furthermore, internal attacks are as complicated as or harder to identify than exterior attacks, according to 92% of security leaders.

A common error is importing legacy credentials into a new identity management system. Take your time examining and erasing credentials. Over half of the businesses have encountered an insider threat in the previous year, according to 74% of organizations, who also claim that insider attacks have escalated. 20 or more internal attacks have occurred in 8% of people.

According to Ivanti's Press Reset, a 2023 Cybersecurity Status Report, 45% of businesses believe that previous workers and contractors still have active access to the company's systems and files. “Large organizations often fail to account for the huge ecosystem of apps, platforms and third-party services that grant access well past an employee’s termination,” said Dr. Srinivas Mukkamala, chief product officer at Ivanti.

Multifactor Authentication (MFA) can be a Quick Zero-trust Win

Multifactor Authentication (MFA) is essential as a first line of zero-trust security, according to CISOs, CIOs, and SecOps team members interviewed by VentureBeat. MFA is an instant win that CISOs have consistently told VentureBeat they rely on to demonstrate the success of their zero-trust projects.

They advise that MFA should be implemented with as little impact on employees' productivity as possible. The most effective multi-factor authentication (MFA) implementations combine password or PIN code authentication with biometric, behavioral biometric, or what-you-have (token) aspects.

Protect IAM Infrastructure with Identity Threat Detection and Response (ITDR) Tools

ITDR tools could mitigate risks and strengthen security configuration. Additionally, they may identify attacks, offer remedies, and uncover and repair configuration flaws in the IAM system. Enterprises can strengthen their security postures and lower their risk of an IAM infrastructure breach by implementing ITDR to safeguard IAM systems and repositories, including Active Directory (AD).

Some of the popular vendors include Authomize, CrowdStrike, Microsoft, Netwrix, Quest, Semperis, SentinelOne (Attivo Networks), Silverfort, SpecterOps, and Tenable.  

Read more »
Reserved Bank of India
Bank Information Security CISO Cyber Security Draft norms. Indian Central bank Payment system operators (PSO) PSO RBI Reserved Bank of India

RBI Announces Draft Norms to Ensure Security of Payment System Operators


Reserved Bank of India (RBI), India’s central bank and regulatory body is all set to enhance the safety and security of digital payments amidst the raising cyber risks, the draft regulations for payment system operators (PSOs) announced on Friday.

The draft, Master Directions on Cyber Resilience and Digital Payment Security Controls for PSO, proposes a governance mechanism for the identification, analysis, monitoring, and management of cybersecurity risks.

RBI confirms that these norms will be implemented from April 1, 2024, for large non-bank-PSOs. For medium-sized non-bank PSOs, the norms will be implemented by April 1, 2026, as for the smaller ones, the deadline is April 1, 2028.

The key responsibility of the draft circular will be designated to a sub-committee of the board that must meet at least once every quarter.

"The PSO shall formulate a board-approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised," the draft note said.

“The directions will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions[…]However, they shall endeavour to migrate to the latest security standards. The existing instructions on security and risk mitigation measures for payments done using cards, Prepaid Payment Instruments (PPIs) and mobile banking continue to be applicable as hitherto,” the RBI noted.

What are the Draft Norms? 

As per the proposed norms, the PSO will define relevant key risk indicators (KRIs) to identify possible risk events and key performance indicators (KPIs) to evaluate the efficacy of security controls.

According to the RBI, the PSO must conduct cyber-risk assessment exercises pertaining to the launch of new products, services, and technologies along with initiating innovative changes in infrastructure or processes of existing products and services. The central bank is seeking feedback on the draft norms by June 30.

In order to manage potential information security risks involving all applications and products related to payment systems, the PSO has been asked to develop an Information Security (IS) policy that has been authorized by the board.

According to the proposed norms, the PSO was required to create a business continuity plan (BCP) based on several cyber threat scenarios, including the most unlikely but conceivable occurrences to which it might be subjected. To manage cyber security events or incidents, the BCP should be evaluated at least once a year and include a thorough response, resume, and recovery plan.

Moreover, a senior-level executive like the chief information security officer (CISO) will be in charge of implementing the information security policy and the cyber resilience framework as well as continuously reviewing the overall IS posture of PSO. According to the draft norms, the PSO must implement safeguards to keep its network and systems safe from external assaults.

The PSO must also implement a thorough data leak prevention policy to ensure the confidentiality, integrity, availability, and protection of business and customer information (both in transit and at rest), in accordance with the importance and sensitivity of the information held or transmitted.  

Read more »
User Safety
CISO Cyber Security Online Security Threat Intelligence Threat Landscape User Safety

Role of the Modern CISO in the Rapidly Evolving Cybersecurity Landscape

 

The Chief Information Security Officer (CISO) position is currently undergoing transition, especially as risks alter and as more rules and compliance mandates are implemented. The assumptions around this formerly specialist position need to be reevaluated because it is now essential for contemporary businesses. 

CISO's evolving position 

In a recently published report, the executive search and leadership consultancy firm Marlin Hawk noted changes in the fundamental requirements for CISOs, increased internal hiring for cyber security positions, and declining CISO turnover rates. 

"Today’s CISOs are taking up the mantle of responsibilities that have traditionally fallen solely to the CIO, which is to act as the primary gateway from the tech department into the wider business and the outside marketplace," stated managing partner at Marlin Hawk, James Larkin.

As a result, CISOs need to be proficient communicators with people at all levels of the organisation. They must be able to communicate with the board as well as the marketplace of investors and clients. The growing focus on CISO soft skills will raise standards for this position.

Role of "CISO+" 

Security experts claim that the CISO role has genuinely evolved into a "CISO+" role during the past 8–10 years as a result of the large number of CISOs who have taken on engineering-related tasks, physical security-related projects, operational resiliency initiatives, brand trust building projects, and/or supply chain resilience building initiatives.

The chances for CISOs to become business enablers and higher-level transformational technology leaders have increased as a result of this. From this new vantage point, CISOs are better able to gain the respect of their executive-level peers as well as the support of the legal departments, other business departments, and other organisational divisions.

CISOs must understand that as recently appointed members of the C-suite, they are accountable for and have a stake in innovation, revenue, and growth.

Manager to leader transition 

For everyone involved in an organisation's cyber security, the promotion of the CISO position to the C-suite is generally good news. CISOs must, nevertheless, show that they are eager to tackle new difficulties.

In order to generate corporate value, CISOs must now act as creative thought leaders, accomplished storytellers, and transformation architects. Across the whole corporate value chain, the CISO must now work as a strategist, tactical master, influencer, and inspiration. Being a change agent is one of the most crucial and challenging practises in lean management transformations. It calls for a person with a distinct vision, patience, persistence, the capability to set a good example, the ability to ask probing questions, and reliability. 

CISOs may be required to spearhead highly focused, precisely targeted initiatives to comprehend risk, identify threats, and emphasise overall cyber security preparation in order to enable more business agility.
Read more »
Linkedin
CISO Cyber Fraud Fake Accounts High Profile Attacks Linkedin

Fake CISO Profiles of Corporate Giants swamps LinkedIn

 

LinkedIn has recently been flooded with fake profiles for the post of Chief Information Security Officer (CISO) at some of the world’s largest organizations. 

One such LinkedIn profile is for the CISO of the energy giant, Chevron. One might search for the profile, and find the profile for Victor Sites, stating he is from Westerville, Ohio, and is a graduate of Texas A&M University. When in reality, the role of Chevron is currently occupied by Christopher Lukas, who is based in Danville, Calif. 

According to KrebsOnSecurity, upon searching the profile of “Current CISO of Chevron” on Google, they were led to the fake CISO profile, for it is the first search result returned, followed by the LinkedIn profile of the real Chevron CISO, Christopher Lukas. It was found that the false LinkedIn profiles are engineered to confuse search engine results for the role of CISOs at major organizations, and the profiles are even considered valid by numerous downstream data-scraping sources. 

Similar cases could be seen in the LinkedIn profile for Maryann Robles, claiming to be the CISO of another energy giant, ExxonMobil. LinkedIn was able to detect more such fabricated CISO profiles since the already detected fake profile suggested 1 view a number of them in the “People Also Viewed” column. 


Who is Behind the Fake Profiles? 


Security experts are not yet certain of the identity of the threat actors behind the creation and operation of these fake profiles. Likewise, the intention leading to the cyber security incident also remains unclear.  

LinkedIn, in a statement given to KrebsOnSecurity, said its team is working on tracking the fake accounts and taking down the con men. “We do have strong human and automated systems in place, and we’re continually improving, as fake account activity becomes more sophisticated,” the statement reads. “In our transparency report we share how our teams plus automated systems are stopping the vast majority of fraudulent activity we detect in our community – around 96% of fake accounts and around 99.1% of spam and scam,” said LinkedIn. 

What can LinkedIn do?  


LinkedIn could take simple steps that could inform the user about the profile they are looking at, and whether to trust the given profile. Such as, adding a “created on” date for every profile, and leveraging the user with filtered searches. 

The former CISO Mason of LinkedIn says it could also experiment with offering the user something similar to Twitter’s ‘verified mark’ to those who chose to validate that they can respond to email at the domain linked with their stated current employer. Mason also added LinkedIn needs a more streamlined process allowing employers to remove phony employee accounts.
Read more »
Vulnerabilities and Exploits
attacks CISO Log4j Report Research Risk Vulnerabilities and Exploits

Homeland Security Warns Log4j’s 'Endemic' Threats for Years to Come

 

The US Department of Homeland Security (DHS) published the Cyber Safety Review Board's (CSRB) first report into the December 2021 Log4j incident, when a variety of vulnerabilities with this Java-based logging framework were revealed, this week. 

The report's methodology comprised 90 days of interviews and information requests with around 80 organisations and individuals, including software developers, end users, security specialists, and businesses. 

This was done to ensure that the board met with a wide range of representatives and understand the complexities of how different attack surfaces are constructed and defended. According to the report, although standardised and reusable "building blocks" are essential for developing and expanding software, they also allow any possible vulnerability to be mistakenly included in multiple software packages, putting any organization that uses those programs at risk. 

According to the report, while Log4j remains dangerous, the government-wide approach helped tone down the vulnerability. The board also noted the need for extra financing to help the open-source software security community, which is primarily comprised of volunteers. 

Industry experts, such as Michael Skelton, senior director of security operations at Bugcrowd, said of Log4J: “Dealing with it is a marathon, one that will take years to resolve. Java and Log4j are prevalent everywhere, not only in core projects but in dependencies that other projects rely on, making detection and mitigation not as simple an exercise as it may be with other vulnerabilities.” 

John Bambenek, the principal threat hunter at Netenrich, was more critical of the report’s timing, believing that “anyone still vulnerable is highly unlikely to read this report or in much of a position to do anything about it if they did. Most of the American economy is small to medium businesses that almost always never have a CISO and likely not even a CIO. Until we find ways to make the public without security budgets safe, no high-level list of best practices will move the ball significantly.” 

The CSRB report went on to state that, thankfully, it is unaware of any large Log4j-based attacks on critical infrastructure assets or systems, and that efforts to hack Log4j happened at a lesser level than many experts expected. 

The paper, however, emphasises that the Log4j incident is "not over" and will continue to be an "endemic vulnerability" for many years, with considerable risk persisting. The research concluded with 19 actionable recommendations for government and business, which were divided into four divisions. They were as follows:
  • Address Continued Risks of Log4j
  • Drive Existing Best Practices for Security Hygiene
  • Build a Better Software Ecosystem
  • Investments in the Future
Read more »
User Data
Accellion FTA CISO Data Breach Potential Cyber Breach Toronto User Data

City of Toronto Hit by a Potential Cyber Breach

 

A possible cyber breach from a third-party data transfer software supplier was reported by the City of Toronto on 22nd January 2021. The City took effective measures to halt all the applications that day, while research was promptly initiated by the Chief Information Security Officer of the City to assess the types of data potentially breached. 

The City has documented the infringement to the Commissioner for Information and Privacy of Ontario and had further interacted with everyone whose information might be infringed. Also, additional jurisdictions or organizations in Ontario and across the globe recently reported that this sort of cyber-breach has also affected them. 

The City of Toronto claims that in January, there was a "potential cyber breach" of data on its Accellion FTA file transmission servers that could include individual health details. 

Later, IT World Canada was assured by City workers that Accellion was involved. There had been a problem in the city on January 22nd. A city spokesperson said that the CISO office was examining and released a report only on the 20th of April, on being asked why and how the event had taken until now to be made public – “It takes time to reach any sort of conclusion given the legacy system that was breached, and the extent of investigation required,” the spokesperson said. 

The representative added that they are still investigating exactly how many folk details were revealed. In addition, the city hasn't submitted a ransom application and it is not known either that if a ransom demand has been obtained as a consequence of this violation. 

In its statement, the city said it “took immediate action and shut down access to the software that day, and the city’s chief information security officer immediately launched an investigation to determine the type of data that may have been compromised.” 

In all cases whereby personal health data are affected, the city must notify the IPC. The IPC has been informed since personal health information is potentially accessible. In its attempts to safeguard the privacy and welfare of Toronto people, Toronto has effectively stopped cyber threats regularly. 

In February, cybersecurity agencies across five countries released a global warning to organizations that have transferred their Accellion FTA files after several organizations have admitted that bugs in the program are being compromised at the beginning of this year. Publicly known victims include Shell, the oil supplier, Bombardier, and the pharmaceutical operation of the US retail chain, the Canadian company jet maker.
Read more »
Subscribe to: Posts (Atom)