Connect with us

Expert Speak

Achieving a Successful Continuous Threat Exposure Management Program

Published

on

Written by Lydia Zhang, the President and Co-founder of Ridge Security

If your organization is concerned about increasing and expanding cyber threats, you are not alone. While many enterprises recognize the need to create a multi-layered security posture, this article explores the importance of Continuous Threat Exposure Management (CTEM) and how it can help proactively manage risks and bolster defences against growing cyber threats.

CTEM is a cybersecurity program that goes beyond simply responding to threats. It leverages proactive attack testing and simulation to identify and mitigate vulnerabilities before real attackers exploit them. Organizations can prioritize and allocate resources more effectively by continuously monitoring and evaluating security risks. This systematic approach allows for a more robust defence in the face of a rapidly expanding attack surface.

Primary Benefits of Implementing a CTEM Program
Let’s take a closer look at some of the key advantages of implementing CTEM. By continuously scanning and monitoring your digital infrastructure, you can proactively stay one step ahead of cyber threats. CTEM prioritizes threats based on their potential impact and likelihood of occurrence. This way, resources can be efficiently allocated to tackle the most significant risks first. By following an iterative approach, CTEM allows you to learn from each assessment and adapt defences accordingly. You can implement effective remediation measures and continuously improve your security posture by generating actionable insights from real-time threat data.

This data-driven approach ensures decisions are made based on the latest threat intelligence. This empowers security teams to make more targeted and effective remediation efforts by leveraging real-time data. To maximize the effectiveness of a CTEM program it must be aligned with the organization’s business objectives. This also helps achieve adaptability and continuous protection against the ever-evolving threat landscape. By incorporating your strategic business goals into the CTEM program, you can ensure that it works hand-in-hand with your overall cybersecurity strategy.

The Lifecycle Process of an Effective CTEM Program
A successful CTEM program follows a comprehensive lifecycle process. Let’s break it down into key steps. In the initial phase, the security team identifies and analyzes the infrastructure assets to be included in the program. This analysis encompasses both internal and external attack surfaces, including on-premises and multi-cloud infrastructures.

Each asset’s risk profile is evaluated, covering explicit vulnerabilities and weaknesses like misconfigurations. Understanding the potential impact of vulnerabilities on business operations is essential. Gaps in the security infrastructure are identified, such as logging and detection gaps, and missing, fragmented, meaningless detection rules.

Cybersecurity capabilities, such as automated pen-testing, controlled attack simulation, and adversary emulation, are carried out within DevOps and production environments. These activities verify cybersecurity weak points and assess the effectiveness of your remediation efforts. Automation plays a crucial role in the CTEM process. It enables organizations to continuously identify, prioritize, validate, and address vulnerabilities and threats. By leveraging automation, you can stay ahead of the evolving threat landscape and constantly improve your security posture.

How to Tell If Your CTEM Program Is Working
Once you have a CTEM program, how do you know if it’s making a difference? There are some key indicators that can help measure the success of your CTEM program.

The first and most obvious sign of a successful CTEM program is decreased security risks. You want to see fewer vulnerabilities popping up, and when they do, you want faster resolutions. You also want to see a drop in successful attacks or breaches. In this cyber game of cat and mouse — your CTEM program should be the cat!

An effective CTEM program will see an improvement in your ability to detect bad actors trying to disrupt systems. It’s not just about quantity; you also want to see the increased complexity of threats detected. After all, cybercriminals are constantly evolving, so your CTEM program needs to keep up!

Time is of the essence when it comes to cybersecurity. A successful CTEM program should help you reduce the time between discovering and fixing a threat. The quicker you respond, the less damage, so keep an eye on how fast you’re remedying those vulnerabilities.

Automated pen-testing, workflow segmentation and Breach and Attack Simulation are ways of measuring how well your security controls are performing. You want to see those controls becoming more effective over time. It’s training your defences to be stronger and smarter.

Compliance is essential if you’re in an industry with regulatory requirements. A successful CTEM program should help you meet and maintain those compliance standards. So, pay attention to any decrease in compliance violations or issues. It’s a good sign that your program is on the right track.

Now that you know how to assess the success of your CTEM program, keep an eye on these indicators, and remember, it’s all about reducing risks, improving threat detection, responding faster, enhancing security controls, staying compliant, and protecting what matters most to your business.

Continue Reading

Cyber Security

The Evolution of Cybersecurity in Banking

Published

on

By Ricardo Ferreira, EMEA Field CISO at Fortinet

Changes in the banking sector associated with new digital initiatives have ushered in unprecedented cybersecurity risks. As highlighted in recent reports, key activities in the financial ecosystem can be disrupted by cyber incidents, so risk management and secure network protocols are paramount. With cybercriminals relentlessly pursuing financial gain, data breaches have become more frequent and sophisticated, underscoring vulnerabilities in the banking sector.

Regulatory approaches, such as EU DORA, G7, and reports from other central banks and regulators, emphasize the critical importance of cyber resilience in the banking sector. These regulations are reactive measures to past threats and proactive strategies designed to anticipate and mitigate future risks. Characterized by continuous digitization, increased third-party dependencies, and geopolitical tensions, the evolving cyber threat landscape demands a robust response from financial institutions.

Central Bank Digital Currencies (CBDCs) add another layer of complexity. As CBDCs gain traction, they present both opportunities for financial inclusion and challenges in terms of cybersecurity. In this competitive landscape, where traditional banks, financial technology disruptors, and digital-native challenger banks strive for market share, delivering a seamless digital experience is crucial. However, institutions must not lose sight of potential vulnerabilities as they race to innovate. Embracing digital technologies is essential, but so is ensuring that these technologies are safeguarded against ever-evolving threats.

As banks and financial services providers continue to grow and innovate, a holistic approach to cybersecurity informed by the latest regulatory insights and threat intelligence will be crucial to ensure sustainable and secure progress.

Cybersecurity in Banking
In the rapidly evolving digital landscape of banking, cybersecurity teams are at the forefront of a complex battle. The financial sector is particularly vulnerable to cyber threats, including significant data breaches. The financial sector is a favourite target for attacks seeking financial gain, trade secrets, or service disruptions that bring publicity to social or political causes. In fact, financial and cybercrimes are now top global policy concerns, according to a new INTERPOL report.

Depending on the severity of the attack and the specific bank in question, a single successful breach can lead to serious damage to the brand. According to the European Union Agency for Cybersecurity (ENISA), more than 10 terabytes of data are stolen monthly, and more than 60% of organizations may have paid ransom demands. Another report states that 2022 was the biggest year ever for crypto hacking.

As digitization becomes an even greater necessity across the banking industry and security risks increase, executive teams need to ensure the resiliency of their business operations, compliance with government and industry regulations, and the effectiveness of their cybersecurity infrastructure to protect the expanding attack surface.

Financial services providers must defend against an onslaught of data breaches, ransomware, malware, phishing, and social engineering attacks growing in sophistication, frequency, and intensity. The challenges of fending off threats increase as the attack surface expands in breadth and complexity. In its 2023 Global Cyber Risk Outlook, Moody’s states that regulators and insurers are taking actions to reduce financial exposure to cyberattacks, and at the same time, demand for cyber insurance will outweigh supply.

To remain competitive and resilient in this environment, financial institutions must continue to innovate and ensure that those innovations are secure. This dual mandate becomes even more challenging given the expanding attack surface, driven by the rise of digital banking, fintech disruptors, and the introduction of CBDCs and the modernization of their core systems. Key cybersecurity imperatives for banking include:

  1. Visibility. Maintaining comprehensive network visibility is paramount with the proliferation of mobile banking, IoT integrations, and cloud deployments. As the cyber threat landscape becomes more intricate, having clear oversight of all network activities is crucial to prevent data breaches and manage cybersecurity risks.
  2. Automation and operational efficiency. The era of siloed security solutions is fading. Modern cybersecurity demands integrated solutions that can automate tasks, reducing the need for manual configurations and constant monitoring. Implementing “policy as code” can further streamline this process, ensuring that security policies are consistently and automatically enforced across a secure network.
  3. Flexibility. The diverse IT architectures, spanning multi-cloud and on-premises deployments, necessitate agile security controls and policies. As financial institutions navigate the complexities of digital transformation, their security solutions, including policy as code practices, must be adaptable, ensuring that security policies align seamlessly with infrastructure changes.
  4. Compliance reporting. Regulatory compliance is not just a checkbox exercise. With central banks and other supervising authorities emphasizing cyber-resilience regulations, security teams must strike a balance between adhering to these regulations and proactively defending against cyber threats. Utilizing policy as code can also aid in ensuring compliance by codifying and automating policy checks.

Lastly, the human element cannot be overlooked. Beyond state-of-the-art technology, financial institutions need skilled professionals who can harness the potential of new platforms and systems. The limited availability of specialists in niche areas and a potential knowledge gap in understanding intricate products, processes, and systems pose additional challenges.

As the banking sector continues its digital journey, a holistic, informed, and agile approach to cybersecurity, adopting and succeeding at digital initiatives to converge network and security, reskilling the workforce, and driving automation will be the linchpins of success. Ensuring a secure network and effective risk management in the face of potential data breaches and evolving threats is paramount.

Cybersecurity Regulatory Impacts
Although the banking sector is a beacon of financial stability, it is increasingly grappling with dual challenges: ensuring robust cybersecurity and adhering to evolving regulations. As financial institutions strive to meet customer demands and counteract cybersecurity risks, they are simultaneously navigating a labyrinth of stringent data privacy and security regulations. These regulatory measures, coupled with the expanding digital landscape, have inevitably escalated operating costs, particularly in the realms of compliance for both retail and corporate banks.

The imperative for heightened security and compliance in banking is underscored by the need to protect sensitive personal data, maintain transactional integrity, and safeguard the health of national and global economies. Yet, a recent International Monetary Fund (IMF) survey paints a concerning picture of the regulatory landscape. Covering 51 countries, the survey revealed:

  1. 56% of central banks or supervisory authorities lack a dedicated national cyber strategy for the financial sector.
  2. 42% lack specific cybersecurity or technology risk-management regulation, and a staggering 68% do not have a specialized risk unit within their supervisory department.
  3. 64% have not mandated testing or provided guidance on cybersecurity measures.
  4. 54% do not possess a dedicated regime for reporting cyber incidents.
  5. 48% are without specific regulations addressing cybercrime.

While these statistics might paint a bleak picture, it’s essential to view regulatory and security requirements not as hindrances but as catalysts for innovation and risk management. For example, McKinsey highlights the potential of data analytics in banking, suggesting that it can lead to risk-reduction savings valued at up to $1 billion annually for some large banks. These savings encompass reduced fines, enhanced compliance reporting accuracy, improved management of sensitive data, and the mitigation of various other risks.

As the banking sector continues its digital evolution, striking a balance between innovation, cybersecurity risks, and regulatory compliance will be pivotal. Embracing this triad can unlock unprecedented opportunities, ensuring a secure, compliant, and forward-looking financial landscape.

Cybersecurity Risk Management for Banks
Cyber-risk management in today’s banking landscape extends beyond technical measures to encompass a holistic, organization-wide approach. However, many institutions grapple with limited tools to gauge cybersecurity risks, especially when integrating new digital partners and technologies.

Recent regulations emphasize operational resilience, advocating for a globally aligned risk management framework. This international convergence seeks to standardize practices, reducing fragmentation. A notable aspect of these regulations is the scrutiny of third-party providers, given their growing significance in the financial ecosystem.

While banks are traditionally cautious in IT vendor selection, the rise of innovative startups offers a number of promising solutions. Yet, this openness must be balanced with due diligence, especially when third-party relationships can introduce cybersecurity vulnerabilities. As banks evolve digitally, a harmonized approach to risk management that considers global regulations and third-party integrations is essential for a secure and progressive banking sector.

Banking Cybersecurity Challenges 
Historically, banks have operated as siloed entities. Distinct departments, each with unique objectives, often rely on separate systems. This fragmented approach has inhibited growth, restricted scalability, and diminished customer satisfaction. Traditional banks, particularly, have garnered a reputation for cumbersome processes, especially when customers seek new services or support.

Implementing a unified platform that centralizes data and bridges the gap among various systems can effectively counteract the challenges posed by these silos. However, information silos also amplify cybersecurity risks, data breaches, and compliance concerns beyond operational inefficiencies, which are all pressing issues in today’s banking landscape.

The integrity of the IT infrastructure and the vast amount of data it houses remain a paramount concern in banks’ digital transformation journey. Addressing technical debt is crucial. This debt is often a byproduct of historical underspending and the juxtaposition of modern technologies atop outdated infrastructure. To navigate these challenges, banks should establish dedicated units or expert teams focused on innovating and ensuring that their offerings remain competitive. Assigning clear responsibilities for these innovation projects is pivotal.

Gone are the days when IT security in banking was a linear affair. Today’s banking ecosystem comprises tens or even hundreds of thousands of interconnected devices ranging from computers to Internet-of-Things (IoT) integrations. And when the proliferation of social, cloud, and mobile channels is factored in, the potential attack surface for data breaches and cybersecurity risks magnifies exponentially. The pressing question remains. How can banks ensure a secure network amid such vast complexity?

Although the need for financial organizations to embark on digital initiatives is essential, it accentuates the need for scalable security and compliance solutions. As banks evolve, the scalability offered by Software-as-a-Service (SaaS) solutions becomes indispensable, especially in the retail banking sector. Organizations must ensure that risk management remains agile and responsive to the ever-expanding digital landscape.

Secure Networking Solutions for Financial Organizations
Whether an organization has cutting-edge or legacy technology, infrastructure vulnerabilities can become prime targets for cybercriminals. As these adversaries relentlessly exploit weaknesses, financial institutions face the potential for significant financial losses, operational downtime, brand damage, and regulatory fines. Financial leaders must prioritize the resilience and overall health of their institutions.

Financial institutions should consider converging networking and security into a single secure networking solution to address these challenges. They can apply consistent threat intelligence and security services by consolidating disparate point products into an integrated cybersecurity platform.

Key features of an ideal security solution include:

  • Visibility: Comprehensive oversight across the entire digital attack surface
  • Advanced protection: Defense mechanisms against threats that are growing in volume and sophistication
  • Intelligent integration: Seamless integration within a smart IT architecture
  • Automation: Leveraging technology to address the shortage of skilled human talent
  • Simplified compliance: Streamlined processes to ensure adherence to data privacy regulations
Continue Reading

Cyber Security

How to Enjoy Threads and Keep High Levels of Privacy and Security

Published

on

Recently Threads released a new Web version allowing users to finally search for content and use other features from any of their desktop devices. For those who still use Threads, Kaspersky experts have compiled a list of tips on how to do it securely, protect personal data, and avoid scammers.

Kaspersky experts have previously discovered phishing pages imitating the web version of the social network and collecting users’ logins and passwords, as well as offers of a so-called “Threads Coin” promising to “connect users to the Metaverse,” which was fake and sold for cryptocurrency on the Web. It is important for users to always be on alert when exploring new social media platforms.

  1. What is important to know regarding security settings in Threads:
    • Threads offers a Security Checkup. This feature shows key security-related data about Threads, Instagram or Facebook accounts.  It reflects currently connected email addresses, mobile phone numbers, the last time the password was changed and whether two-factor authentication (2FA) is on or not.
    • Users should not forget to set up 2FA. Threads is connected to the Instagram profile and uses the same logging details, so users should remember: one password gives access to two accounts! It’s always more secure to use 2FA as a security layer that protects accounts from unauthorized access. Modern reliable password managers can also generate and store unique one-time passwords for 2FA, that’s why one doesn’t need to install and use a separate solution for authentication.
    • It’s impossible to delete the Threads account alone – the connected Instagram profile will be deleted as well, which means that all data will be concealed from other users of the social network.
    • To do this, users need to go to Settings -> Account -> Deactivate profile and press Deactivate Threads profile.
  1. As for privacy, a user can limit who can contact them by muting, restricting or blocking someone.  In all these cases, none of the contacts will be notified of these actions.
    • If you don’t want to see someone’s post, you can mute the user. In case you don’t want to receive notifications of someone’s actions such as likes, replies, and so on, you can restrict the user. If you block a user, they won’t be able to find your profile or account – the list of blocked users is shared between Threads and Instagram.
    • To mute, restrict or block someone, go to their profile, click on the three dots in the upper right corner and select the action.
  1. To strengthen the privacy level in your Threads account, the following tips can be useful:
    • You can monitor and set up, who can mention you in posts with ‘@’ symbol.
    • Threads is trying to fight against offensive language, so users can filter offensive language in responses to their posts. The platform offers several tools, like automatic filtering with built-in lists or manually adding specific phrases and words.

“The emergence of a new social network has rapidly created a desire to explore something new and share text, images, and videos while interacting with billions of other people. At the same time, before registering everyone using Threads needs to set aside a few minutes to study the new tools this social interaction provides. We recommend you first pay attention to the ability to delete the account (surprisingly, not all social networks make it easy to do this) and the level of account protection (2FA, privacy settings). Familiarize yourself with the Privacy Policy of the social network to understand what happens to all your posts and photos after they are published, and how easy it will be to delete them,” comments Anna Larkina, Web content analyst expert at Kaspersky. “It is always worth remembering that data leaks, account hacks, marketing collection and analysis of user data, which is not always harmless, are common today. To minimize the risk of becoming a victim of another precedent and not increase your already large-scale digital footprint, you need to study the terms of a new service before signing up for it.”

Continue Reading

Expert Speak

Five Questions to Ask Before Creating a Perimeter Security Plan

Published

on

Written by Rudie Opperman, Engineering and Training Manager, EMEA at Axis Communication at Axis Communications

A well-protected perimeter is more than just a tall fence topped with barbed wire. It is a system of layered defences that are designed to deter, detect, and delay intruders. A robust security solution is essential for any organisation that wants to protect its assets and people.

The physical security market in the Middle East and North Africa (MENA) region was estimated at USD 1.8 billion in 2022 and is expected to see a CAGR of over 7% between 2022 and 2028. It’s clear that organisations in the region realise the value of security. However, developing a robust, carefully considered perimeter protection plan that protects premises and deters unauthorised persons before they can damage property or hurt customers or employees requires planning.

Here are five important questions to ask when designing a perimeter protection blueprint.

Is my technology up to date?
In fast-paced and high-technology regions such as the Middle East, using the most updated security solutions is essential for several reasons. The first is to ensure regulatory compliance. Organisations in critical infrastructure, or government entities, are often required by law to keep their security technology up to date to avoid penalties. This is relevant to both physical and cybersecurity, which work together to effectively secure organisations and their employees, assets, and premises.

Cybersecurity is receiving more attention from regulators than ever before, especially as ICT infrastructure and resources become critical assets across all industries. In Saudi Arabia, for instance, the National Cyber Security Strategy requires organisations to implement a number of security measures, including keeping security solutions up to date. The same applies to countries such as the UAE and Qatar.

The second is to improve product efficiency. Video motion detection technology has evolved from pixel-based analysis to smarter, object-based detection that issues alerts based on object type. The UAE and Saudi Arabia are excellent examples of where this versatile and powerful tool has helped to improve public safety, manage traffic, streamline the flow of people in public spaces, and provide insights and trends regarding that flow.

Recently, the Ajman Transport Authority in the UAE commenced the installation of surveillance cameras on all Abra ferries as part of its plan to enhance safety and security. The latest generation of smart IP devices and cameras utilise advanced analytics at the edge for proactive detection and decision-making. Furthermore, they are enhanced by innovative features such as radar detectors and thermal sensors.

The third reason to ensure you are using the most up-to-date technology is to ensure protection against cyberattacks. By its nature, Internet of Things (IoT) technology is connected to the Internet. This means IoT devices such as IP cameras and other endpoints are vulnerable to cyberattacks. Distributed denial-of-service (DDoS) attacks continue to grow in number and size, according to the latest Cloudflare research. In IoT-enabled, cutting-edge environments, these attacks can cripple perimeter security solutions by either crashing systems or blocking access to video footage.

This is where downloading the latest solution updates and patches can help better protect companies from cyber threats.

How will climate or environmental conditions affect my detection?
The Middle East’s climate and environmental conditions, such as high temperatures, high humidity, sand and dust storms, and strong winds, can affect security equipment. For facilities operating in extreme conditions, such as oil and gas, power plants, airports, and ports, operators must consider more than just the functions and features of security solutions.

Cameras with conventional optical sensors are not always sufficient for extreme lighting conditions such as low light or backlight. As a result, using the right sensor technology is key to achieving optimal visibility and range levels. Security cameras exposed to a constantly changing environment (humidity, moisture, or temperature) can corrode and malfunction. Issues can also appear when saline air, cleaning agents, and other harsh chemicals are present. This is true for use in coastal sites, food plants, medical facilities, and clean room environments.

IP cameras with a wide dynamic range or thermal technology and robust housings (usually stainless steel or polycarbonate) are more suitable for these conditions. Image stabilisation can also be a problem in windy conditions that cause vibration. Electronic image stabilisation (EIS) can reduce shaking caused by high- and low-amplitude vibrations and wind.

Who should receive the alert and how?
Monitoring perimeters at all times across multiple locations can be challenging. However, adding an intelligent and robust network video-based system, featuring IP audio and video analytics, to traditional security measures enables reliable intrusion detection. These solutions allow security personnel to survey perimeters whether they’re observing monitors, patrolling facilities, or off-premise using mobile devices.

Perimeter protection solutions evaluate situations and should notify personnel only when there’s a true threat. By dismissing non-threatening subjects or events, employees can better verify the nature of the risk and respond appropriately. This level of security helps businesses reduce false positives, lowers property damage and losses, and decreases business disruptions.

For example, in airport environments, security solutions with remote capabilities can quickly alert airport personnel, ensuring that intruders are apprehended before or, at worst, immediately after a breach occurs. Case studies of this include Jeddah and Madinah airports in Saudi Arabia, which have introduced modern technology to enhance customer safety and security efficiency, especially during high-traffic periods when Hajj pilgrims head to Mecca.

How should I determine what caused the alert?
The right perimeter protection solutions make identifying the cause of an alert or threat easier. For instance, thermal cameras can help to identify and deter threats. Thermal cameras with intelligent video analysis produce significantly fewer false alarms than optical cameras and are less sensitive to severe environmental conditions, such as extreme winds, sandstorms, and fog. Some thermal cameras are also equipped with EIS to keep them stable in windy conditions. When coupled with remote monitoring capabilities, thermals can quickly notify personnel to verify the threat in person or by using visual cameras.

Security equipment may have trouble identifying intruders in poor or extreme lighting conditions. However, cameras fitted with a wide dynamic range can help by restricting the scene to better view objects. Furthermore, though it may come at the expense of colour detail, cameras fitted with 940nm infrared light can illuminate dark scenes. Cameras with radar capabilities take detection a step further. By not being fully dependent on scene visibility, security personnel have a reliable solution that also minimises false alarms.

What is my required detection level?
Security personnel should eliminate blind spots along perimeters. Consider the need to detect threats at all distances and the real-world limitations of perimeter protection technology. For example, a thermal camera with ranges in excess of 300 metres may not be able to distinguish between humans and animals. System needs, environmental conditions, and terrain should all be considered when designing a perimeter security solution.

Looking to the future of security perimeter planning in the Middle East
|With the rapid development happening across the Middle East, prioritising security perimeter planning is essential. With the threat of crime and the responsibility of looking after critical infrastructure, businesses and organisations need to take every possible step to protect their assets and people, and a well-protected perimeter is an essential first line of defence against intruders. The right security professional can help you assess your needs and recommend the best security measures for your property.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.