SecureOps™
ITSM Integration
SIEM Integration
Continuous Compliance - Cyber Security Controls
When I’m not fighting the good fight against the dangerous world of cyber crime, you’ll often find me out on the field coaching youth soccer. In my experience as a coach, if you ask any group of kids new to the game of soccer “who wants to be a striker?” pretty much every hand will go up. But ask the same group “who wants to play in defense?” and the likelihood is that none will go up, often what I refer to as “no one wants to be a defender" syndrome.”
The coronavirus outbreak has become a real global pandemic affecting hundreds of millions of individuals and organizations across the world. Many governments have advised residents to avoid non-essential social contact and travel, a concept recently coined ‘social distancing’. For safety reasons, most organizations have also advised their employees to work remotely from home and have taken steps to allow users remote access who would not normally have the ability to do so.
Blogs are meant to be topical so there can only be one starting point for this one. We only deal in the business of compliance and cyber security so I can only really write about anything from this perspective. It’s not to make light of something that is deadly serious and causing so much suffering across the world, but simply that the way in which the topics of prevention, detection, containment and remediation are being exercised have such strong parallels within the cyber security world.
Organizations across the world are on the front lines of the ongoing COVID-19 crisis, being forced to thwart off cyber criminals as the coronavirus pandemic continues to spread. Over the last several weeks security researchers have reported an uptick in malicious activities associated with COVID-19 that are putting organizations at serious risk of attack.
As the cybersecurity landscape evolves rapidly, organizations are working harder than ever to navigate security threats without interrupting business growth and innovation. However, cyber threats, by definition, are unrelentingly chaotic. They are governed by unfair rules, evolve constantly and remain unpredictable, leaving organizations constantly grappling to keep up. This, of course, is totally by design. It not only benefits cybercriminals, but it is also used by security vendors to obtain commercial leverage who promise to offer businesses the next ‘silver bullet’ to all their security woes.
In recent years, with the rapid rise of cloud computing, the virtualization of applications and infrastructure has been replacing traditional in-house deployments of applications and services. It’s currently more cost-effective for organizations to rent hardware resources from companies like Microsoft, Amazon, and Google and spin up virtual instances of servers with the exact hardware profiles required to run their services.
As the world focuses on the significant threat posed by COVID-19, cyber criminals across the globe are positioning their weapons to capitalize on the coronavirus fears by launching online scams and cyber-attacks. It’s almost the perfect storm for them, an unprecedented number of home workers, combined with the general ensuing chaos caused by the bewildering global challenge we all face.
File Integrity Monitoring (FIM) is an essential security control that is designed to monitor and expose any change to the integrity of the system and configuration files. Maintaining integrity is critical for two reasons. Firstly, because changes to files could represent a malware infection, FIM provides a forensic-level breach detection mechanism. Secondly, with prevention better than cure, security defenses can only be maintained via a secure ‘hardened’ configuration, so monitoring for any drift from your hardened configuration state is crucial.
Virgin Media, a telephone, TV and internet service provider in the UK, has publicly apologized after a database containing the personal details of 900,000 customers was left unsecured and accessed without permission due to improper configuration for over 10 months.
The Center for Internet Security (CIS) developed the CIS Controls® and CIS Benchmarks™, the globally recognized standard and best practices for securing IT systems and data against the most persistent cyber attacks. The latest version of the CIS Controls, version 7.1, provides a new prioritization scheme to allow organizations to practice good cyber hygiene regardless of resources and expertise. John Gilligan, CEO of the Center for Internet Security states that the majority of security incidents occur when basic controls are lacking or are poorly implemented. He adds that the first six CIS controls have been assessed at preventing up to 90% of cyber attacks.
New Net Technologies LLC
USinfo@nntws.com
New Net Technologies Ltd UKinfo@nntws.com
