Connect with us

Expert Speak

Addressing Cybersecurity and Climate Change for a Sustainable Society

Published

on

Written by Barbara Maigret, Global Head of Sustainability and CSR at Fortinet

Our society faces significant challenges that must be addressed quickly to prevent disruptions that can threaten lives. The first is climate change, which poses a risk to our planet. According to the 2022 Global Risks Report, the current climate crisis remains humanity’s most significant long-term challenge. The second is cybersecurity, which has become a broad sustainability issue, threatening our evolving connected society and the digital economy on which individuals, organizations, and nations now rely.

These are both top concerns for governments, businesses, and individuals worldwide. And while these issues may seem starkly different, according to the “Declaration for the Future of the Internet” (recently issued by the U.S. Department of State and more than 60 signatory countries and partners), technology plays a critical role in “the fight against global climate change,” which, in turn, makes securing technology even more urgent.

Fortunately, the approaches to addressing these challenges are remarkably similar. They include changing behaviors, funding innovation, establishing strict and enforceable regulations, and encouraging collaboration across industries and interests.

Motivating Behavior Change Through Awareness
One of the most significant barriers to addressing these challenges is human nature. So, the first step to addressing these issues is to change behaviors, and that is done through awareness. Of course, not everyone will change, but we can tip the scales if enough people understand the issues and then adapt their behaviors.

Climate Change
Awareness is an essential factor in the global fight against climate change. Knowledge helps people understand the causes and consequences of global warming and encourages them to change their behavior, so we can adapt how we live to the realities of what is already a global emergency. A recent survey queried more than 3,000 people in eight countries about their awareness of climate change.

Even during the pandemic, 76% of respondents reported that environmental issues were the same or more concerning than health issues. And, 70% said they were more aware now than before COVID-19 that human activity threatens the climate and that the degradation of the environment threatens humans. They also expressed a commitment to changing their behavior to support a sustainability strategy.

Cybersecurity
Awareness also plays a crucial role in improving cybersecurity. The most vital step in the fight against cyberattacks is improving our first line of defense. While security technology continues to improve, the biggest challenge—and opportunity—is the human element. According to the 2021 Verizon Data Breach Investigations Report, 85% of data breaches involve human error. Opening a malicious email attachment, forgetting to change the password on a server, misconfiguring a device, or failing to patch or update a device are still the most common ways for attackers to breach a network.

Educating individuals on the risks they should avoid through cybersecurity awareness training is the most effective way to prevent most threats. Providing a workforce with the latest information about specific threats to the company and clearly explaining their essential role in protecting against them – both at work and at home – are vital for securing corporate networks and systems and keeping users safe online. This same effort needs to be added to school curriculum so children who grow up in an immersive digital society are also cyber aware. Effective cybersecurity awareness motivates lasting behavior change, both professionally and personally.

Fighting Climate Change and Cybersecurity Risk Through Innovation
Innovation is another area where these critical issues intersect. Technology plays a crucial role in helping society retool the systems and infrastructure needed to achieve and maintain a sustainable society.

Climate Change
Green technology innovation in all sectors is essential to addressing the global challenge of climate change. Renewable energy sources (solar, wind, wave, tidal, and geothermal power), sustainable transportation (electric vehicles, smart energy grids to reduce waste and improve efficiency), clean manufacturing processes, green buildings, and more energy-efficient devices all play a critical role in delivering considerably improved environmental performance.

According to the Global e-Sustainability Initiative, technology has the potential to contribute to all 17 goals of the UN’s Sustainable Development Goals (SDGs). Technology and innovation have the power to implement climate transformation and address the critical challenges of climate change. For example, emerging technologies, like extracting carbon from the atmosphere, can aid in slowing down global warming and help heal the planet. Similarly, new Internet-of-Things (IoT) technologies are being distributed globally to improve data-driven decision-making to increase energy efficiency, amplify the effectiveness of “green” technologies such as wind power and bioenergy, and further reduce our dependence on coal-based electricity generation.

Cybersecurity
As our society accelerates its dependence on technology to ensure a sustainable future, cybersecurity becomes mission-critical. To enable and secure digital acceleration and innovation across every sector of the modern digital economy, cybersecurity vendors must develop solutions that can keep up with technological advances and address how today’s businesses, governments, and individuals use technology.

For example, to scale and adapt to today’s rapidly evolving digital world, cybersecurity is learning to apply advanced artificial intelligence and machine learning (AI and ML) to analyze massive volumes of data to detect sophisticated breaches and unusual network activity. It is also having to consolidate solutions so automation can be better leveraged to accelerate threat response time. Similarly, new security systems must be developed to protect emerging technologies, such as quantum computing, that hold so much promise.

Enforcing Climate Change and Cybersecurity Through Regulations
While self-regulation is ideal, regulations and international standards are necessary to drive a change in behaviors, especially if we hope to affect that change in the limited timeframe available.

Climate Change
Standards are essential to fighting climate change. They ensure trust, integrity, and consistent management in measuring and verifying greenhouse gas emissions and energy efficiency. To ensure progress is being made consistently, global frameworks are essential. The Taskforce on Climate-Related Financial Disclosures (TCFD) has become a worldwide standard for consistent climate-related financial risk disclosures. Companies, banks, and investors use it to provide sustainability information to stakeholders.

The EU’s Sustainable Finance Disclosure Regulation (SFDR) is designed to help stakeholders and clients understand, compare, and monitor the sustainability characteristics of investment funds, including their environmental impact. The Corporate Sustainability Reporting Directive (CSRD), due to go live in 2023, requires all large companies to report on their social and environmental impact.

And in the United States, the SEC draft rule, which requires public companies to disclose extensive climate-related information in their SEC filings starting in the fiscal year 2023, is another regulation that ensures that organizations are focused – and reporting on – efforts with environmental impact. These and similar measures put teeth in the governments of the more generic agreement have adopted, such as the Paris Agreement.

Cybersecurity
As with climate change, a unified set of practices and regulations serves as a shared map and reference point for organizations looking to secure digital infrastructures. They reduce risk by ensuring a baseline of quality and compliance for both technology and processes. Widely accepted guidelines for cybersecurity, such as NIST and ISO 27000 certification standards, help organizations implement best practices and technologies.

On the other side, regulations like GDPR and HIPAA ensure data privacy, protect personally identifiable information (PII), and force organizations to report on breaches. In addition, following the series of executive orders from the White House on the need for cybersecurity, the SEC has proposed new cybersecurity requirements for investment advisers and registered investment companies. They have also unveiled a proposed set of cybersecurity disclosure rules for public companies to standardize cybersecurity-related incident reporting, governance, and risk management.

Such standards are vital for ensuring that security requirements are consistently met using best practices and compliant solutions. Current and proposed regulations are designed to have the same effect as those targeting climate change.

Addressing Climate Change and Cybersecurity Through Collaboration
If there is one lesson to be learned, it’s that none of us can do this alone. In an age of specialization, we must develop private-public partnerships to help us more effectively address climate change, cybersecurity, and other emerging challenges.

Climate Change
As clearly highlighted during COP26 (the 2021 United Nations Climate Change Conference), saving the planet from climate change will not be possible without close partnerships between governments, NGOs, the private sector, and the public. A collective effort will be necessary if we are to meet global temperature and emissions reduction goals set by the Paris Agreement, new regulatory and compliance requirements, and the UN’s 17 SGDs.

Cybersecurity
The arms race with cybercriminals also can’t be won without global collaboration. Vendors, businesses, public agencies, and governments all have a role to play, whether through local coalitions, national organizations, or international forums. Disrupting cybercrime activities and dismantling the attack infrastructure is a joint responsibility that requires strong, trusted relationships between public and private organizations.

An example is FIRST, a consortium of incident response and security teams from every country that works together to ensure a safe Internet. Other leading partnerships include the NATO Industry Cyber Partnership (NICP) on cyber threat intelligence sharing and the World Economic Forum’s Partnership Against Cybercrime (PAC), which is currently mapping all major global cybercrime syndicates.

Conclusion
At the end of the day, if enough people switch to renewable energy, enough businesses take the necessary precautions to protect their systems and data, and enough governments take efforts to level the digital playing field, I am confident we can make our world sustainable.

Cyber Security

Why Context is Everything When it Comes to Cybersecurity?

Published

on

Written by Hadi Jaafarawi, managing director – Middle East, Qualys

The cybersecurity threat landscape has never been more challenging, sophisticated, and severe. Research suggests that in the UAE alone, around $746 million is lost every year to cybercrime, and the country faced a 79% increase in the problem from 2019 to 2020. For firms and IT departments across the region, it’s a constant battle to stay ahead of the bad actors.

Add in the fact that several security teams are either stretched or under-skilled, not to mention, that many face pressure to keep budgets in check and it really is a perfect storm. In an effort to level the playing field, security teams are turning to technology. But that comes with challenges of its own.

A lack of clarity
There’s no shortage of security tools offering what professes to be the solution. And it’s no surprise that security teams reach for them in the hope of coping with the issue and reducing their risks. More and more, companies are adopting an increasing number of tools to add further layers of security and protect against risk. Today an organisation’s security infrastructure will include everything from Security Incident and Event Management (SIEM) and Security Orchestration Automation and Response (SOAR) to Network Detection & Response (NDR) and Extended Detection and Response (XDR)

Admittedly, the tools each have value, so that’s not the problem. The challenge is that each new tool adds another data silo. Each separately reports its own specific data based on its own particular use and area of the network. And it’s then down to the analysts, who are faced with multiple alerts from multiple systems and solutions, to make sense of it all.

When there are too many alerts, issues can be notified to lots of different teams, or worse missed altogether. Alert fatigue — where the team is exposed to constant alerts and consequently fails to act when it really matters — is a real problem. This is why XDR tools are designed as a holistic, top-layer solution that collects data from multiple sources to provide a comprehensive picture, enabling real-time incident detection and response. But again, it’s not that simple, as XDRs vary in quality, effectiveness, and even function.

Some SIEM and XDR tools simply deliver raw data to analysts, who then have to interpret the data and make endless decisions about any actions that are needed. They collect disparate, unrelated data, and it’s up to the analyst to deal with the notifications, analyse, prioritise and then act, or not. Busy security analysts are likely to be faced with multiple alerts in any given day, many of which are actually false alarms. It’s little wonder that it’s easy to miss or ignore that one really vital alert.

Context is key
Enter the value of contextual insight. Rather than simply churning out data and leaving it to the over-worked analyst to handle, some XDR tools can go a step further by providing that all-important context. All alerts may look basically the same in one tool. But, when brought together with external threat intelligence and other security data, that harmless-looking alert will suddenly have more meaning and jump up the priority list. XDR is designed to break down data silos and provide the context required to help analysts get better insight, by creating a consolidated view of the entire enterprise technology stack and any threats. It pulls together all security solutions and functions into one place, giving analysts a single, comprehensive view of threats across the entire network.

By correlating data from asset inventory and vulnerability information, high-quality threat intelligence, network endpoint telemetry, and third-party log data, analysts get more context on what’s happening — leading to a far more effective and quicker response to threats. Without this context, too much time is wasted on manual tasks and important alerts can easily be missed. This context allows the rapid, focused investigation to be carried out where it’s actually needed.

Providing context using XDR gives security professionals the visibility and insights they need to reduce risks and improve their security approach. It empowers busy teams with the clarity and context to enable them to make the right decisions and deal with potential issues — and quickly.

Continue Reading

Cyber Security

How Cybersecurity Readiness Prevents SMBs from Fuelling Supply Chain Attacks

Published

on

Written by Ram Narayanan, Country Manager at Check Point Software Technologies, Middle East

Supply chain attacks aren’t new. If the past couple of years has taught businesses anything, it’s that the impact of supply chain cyber-attacks is now, universal, from the fallout of the SolarWinds software breach to the exposed Apache Log4j vulnerability and Kaseya last year. Unfortunately, when such supply chain attacks hit smaller businesses who are usually the suppliers to larger enterprises, their impact is especially prohibitive.

For SMBs already feeling the prolonged impact of the pandemic, the added pressure of dealing with sophisticated and frequent cyber attacks in real-time, is a heavy burden, as they try to protect their business against financial, legal, and reputational damage, as well as their own suppliers and larger clients’ security. It is now more important than ever for SMBs to implement strict security hygiene and effective cybersecurity processes to ensure their business is prepared for the event of cyber attacks happening.

SMBs as an indirect avenue of cyber attacks
The ‘new normal’ opened the door to several new vulnerabilities; cyber-attacks globally increased by 50% on average in 2021, compared to 2020. Our Check Point Threat Intelligence report revealed that an organisation in the United Arab Emirates is being attacked on average 906 times per week in the last six months. While security breaches are on the rise, the top threats impacting SMBs have remained the same. In Check Point’s Small and Medium Business Security Report from 2020/2021, we revealed phishing, malware, credential theft, and ransomware to be the top four threats impacting these businesses. So, what does this mean for them?

The reality is threat actors have taken advantage not only of the now-entrenched remote working model to target organisations, but also the usual limits preventing SMBs from bulking up on their cyber security defenses, mainly lack of budget and expertise. SMBs often do not have a dedicated IT or security department, meaning with no in-house security expertise and reduced focus on security patching, these companies are easier to socially engineer and infiltrate.

Adding to this, SMBs usually have employees doing multiple roles, and thus wider access to valuable areas of the business and information is given to them, and so if breached, they pose a  threat to multiple areas within the business. In addition, the business IT infrastructure is often shared for personal use communication as well eg. social media, personal emails allowing easier access to hackers, as the data is often not secured.

Threat actors often target SMBs as low-hanging fruit for their vital role in supply chains. This is especially so as such attacks wreak havoc on not only one organisation but entire businesses within the supply networks. By leveraging tactics such as phishing, cybercriminals gain access to an organisation to launch a malware attack, steal data and credentials or instigate ransomware.

Take, for example, the attack against Target USA where hackers used stolen credentials from an SMB vendor that serviced the HVAC systems in Target stores, to gain access to the retailer’s network and then laterally move to the systems that kept customer payment information. As a result, the global retailer was breached and 40 million credit and debit card details stolen.

The key factor to preventing cyberattacks is threat prevention. With minimal time and lack of cyber expertise or manpower, SMBs must adopt a prevention mindset to minimise potential cyber-attacks and threats.

Why cybersecurity readiness is paramount for SMBs
Beyond the immediate financial impact and reputational blow as a trustworthy, reliable partner, SMBs can also face legal or regulatory repercussions, operational disruption, flow-on costs for system remediation and cyberattack response, customer churn, and the loss of competitive advantage that can make or break a smaller business. In fact, a tarnished reputation as an avenue of attack can be even more detrimental to an SMB organisation, as the loss of trust with a larger organisation could mean a loss of potential business and revenue down the line with them or other new, potential customers.

With this in mind, budgetary constraints to keep computers and corporate networks protected should never be an excuse, as keeping sensitive data and information protected will bring many advantages and benefits to companies. This can range from overall cost savings, compliance with data protection laws, gaining the trust of customers and suppliers, to protecting your documents and information to the maximum by preventing any type of data breach.

How SMBs can prevent supply chain attacks
By applying stronger cyber defences, SMBs are in a position to provide larger organisations with assurance that larger companies they supply to will not be compromised via the SMB partner or third-party vendor. Whilst there are multiple means to prevent such supply chain attacks, the first step is to have good software capable of covering the entire company, protecting the company’s endpoints and devices, supported by regular backups so that, in the event of a cyberattack, they have the possibility of restoring all the data.

Any device that connects to the network can become a security breach, so it is important to secure all endpoints. It is especially critical for remote or hybrid workforces to avoid security breaches and data compromise. Also, all employees should be trained in cybersecurity so that they themselves become the first barrier to any attempted attack, such as phishing via email or SMS. Keep in mind that prevention is one of the best protection measures available.

A viable option for SMBs is to also consider engaging an experienced Managed Security Service Provider (MSSP), who will have the skilled resources, updated security software and experienced expertise to monitor for and analyse threats on behalf of the SMB player. This is especially useful for SMBs who have neither the time nor resources to adequately enforce threat detection and response.

Partnering with a cybersecurity expert equipped with best-in-class security and scalable solution such as Check Point Software can put SMBs in good stead to protect against the most sophisticated attacks and generate trust among larger potential players. Ultimately, SMBs seek a simple plug-and-play solution with best-in-class threat protection, given their lack of financial funding and skills. With an effective cybersecurity strategy, SMBs are better placed to demonstrate their credibility as secure partners to larger organisations, opening up more business opportunities.

Continue Reading

Cyber Security

How Cybercriminals Target Cryptocurrency

Published

on

Written by Sherrod DeGrippo, Vice President for Threat Research and Detection at Proofpoint

As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim to fraud attempting to exploit people for digital currencies.  The rise and proliferation of cryptocurrency have also provided attackers with a new method of financial extraction. It’s commonly believed that cryptocurrency provides more anonymity via less governmental and organizational oversight and visibility coupled with the inherent fungibility, thus making it an appealing financial resource for threat actors. The financially motivated attacks targeting cryptocurrency have largely coalesced under pre-existing attack patterns observed in the phishing landscape prior to the rise of blockchain based currency.

Proofpoint researchers observe multiple objectives demonstrated by cybercriminal threat actors relating to digital tokens and finance such as traditional fraud leveraging business email compromise (BEC) to target individuals, and activity targeting decentralized finance (DeFi) organizations that facilitate cryptocurrency storage and transactions for possible follow-on activity. Both of these threat types contributed to a reported $14 billion in cryptocurrency losses in 2021. In fact, Business Email Compromise topped the list of types of attacks CISOs in UAE expect to face in the coming months with 35% of CISO’s being concerned of potential BEC attacks.

While most attacks require a basic understanding of how cryptocurrency transfers and wallets function, they do not require sophisticated tooling to find success. Common techniques observed when targeting cryptocurrency over email include credential harvesting, the use of basic malware stealers that target cryptocurrency credentials and cryptocurrency transfer solicitation like BEC. These techniques are viable methods of capturing sensitive values which facilitate the transfer and spending of cryptocurrency.

There are multiple DeFi applications and platforms – such as cryptocurrency exchanges – that people can use to manage their cryptocurrency. These platforms often require usernames and passwords, which are potential targets for financially motivated threat actors.

Despite public keys being “safe” to share, researchers are seeing actors solicit the transfer of cryptocurrency funds via BEC type emails that include threat actor-controlled public keys and cryptocurrency addresses. These email campaigns rely on social engineering to secure the transfer of funds from targeted victims.

Credential Harvesting and Cryptocurrency
In 2022 Proofpoint has observed regular attempts to compromise user’s cryptocurrency wallets using credential harvesting. This method often relies on the delivery of a URL within an email body or formatted object which redirects to a credential harvesting landing page. Notably these landing pages have begun to solicit values utilized in the transfer and conversion of cryptocurrencies.

Crypto Phishing Kits
Credential harvesting landing pages are often built with phish kits that can be used to create multiple landing pages and used in multiple campaigns. Phish kits give threat actors the ability to deploy an effective phishing page regardless of their skill level. They are pre-packaged sets of files that contain all the code, graphics, and configuration files to be deployed to make a credential capture web page. These are designed to be easy to deploy as well as reusable. They are usually sold as a zip file and ready to be unzipped and deployed without a lot of “behind the scenes” knowledge or technical skill.

It is no wonder that CISOs around the world consider phishing as one of the most prevalent and challenging cybersecurity threats. A 2021 Proofpoint study found that almost a third of CISOs in the UAE believed they were at risk of suffering a phishing attack. Proofpoint researchers have observed multiple examples of phishing threat actors create and deploy phishing kits to harvest both login credentials to cryptocurrency related sites and cryptocurrency wallet credentials or passphrases.

Business Email Compromise – But For Crypto
A popular form of financial crime vectored through phishing is business email compromise (“BEC”). In 2022 Proofpoint regularly observes cryptocurrency transfer within the context of BEC attempts. Primarily these requests are observed in the context of employee targeting, using impersonation as a deception, and often leveraging advanced fee fraud, extortion, payroll redirect, or invoicing as themes.

The initial BEC email often contains the safe for public consumption values, including public keys and cryptocurrency addresses. By impersonating an entity known to the user and listing an actor-controlled public key or address, actors are attempting to deceive users into transferring funds from their account willingly based on social-engineering content. This is like the way actors use routing and bank account numbers during BEC phishing campaigns.

Conclusion
Financially motivated threat actor activity attempting to steal or extort cryptocurrency is not new. However, cryptocurrencies, digital tokens, and “Web3” concepts are becoming more widely known and accepted in society. Where once “crypto” was a concept that thrived in certain parts of the internet, it is now a mainstream idea, with cryptocurrency apps and services advertised by professional athletes and celebrities, and major events sponsored by cryptocurrency and block chain companies.

But threat actors are way ahead of general adoption of cryptocurrency, with existing infrastructure and ecosystems long established for stealing and using it. And as mainstream awareness and interest increases, it is more likely people will trust or engage with threat actors trying to steal cryptocurrency because they better understand how DeFi operates or are interested in being a part of “the next big thing”.

Users should be aware of common social engineering and exploitation mechanisms used by threat actors aiming to steal cryptocurrencies.

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.