CYBR650 Week 12 Final Entry

I made it through all the week to week 12! This class has been exciting, informative, and very stimulating. Believe it or not, the most difficult part of this course was developing my own threat model. The feedback from the professor and my classmates helped tremendously to help me stay on track! One of the best parts of this class was the ability to review other classmates’ assignments. This gave me a great opportunity to learn from others in the class. I believe this class will help to push me into the cyber security world in the company I work for, and I know the objectives and concepts taught in this class will be a great starting point for me. I know that I can now analyze the various elements of an information system, conduct an analysis for risks, threats, and vulnerabilities, and develop a process model to help identify the existing and future threat landscape.

This blog assignment was one of my favorites, as it gave me an opportunity to explore other topics related to current trends in cyber security, and to post my thoughts and opinions. I now browse through several online sites weekly in search of the latest news related to the world of cyber security, and this is a habit I will continue long after the class is over. One of my preferred online sources is Security Week. This online magazine was ablaze this week as the European Union’s new data protection rules went into effect. The EU’s General Data Protection Regulation (GDPR) seem to have far-reaching effects, as I have been receiving a large amount of emails and mail with privacy update notices. This new law is supposed to provide greater protection of people's online information, but as with many other consumers, I am skeptical. I appreciate that individuals must explicitly grant permission for their data to be used, but believe big companies will soon find loopholes or other ways around it. Read more here: https://www.securityweek.com/eus-new-data-protection-rules-come-effect.

Now that we have the EU’s GDPR in effect, how about someone start working on protecting us from the real bad guys? I mean, it’s great that the GDPR is focused on big companies like Facebook, WhatsApp, and Twitter, but is going after the hackers and other illegal actors on the cyber security stage? The news is currently highlighting the attack by alleged Russian hackers who have infected at least 500,000 routers and storage devices in over 50 countries. Now the FBI is warning that the attackers could collect user information or shut down network traffic on these home and office routers. Read more here https://www.reuters.com/article/us-usa-cyber-routers/fbi-warns-russians-hacked-hundreds-of-thousands-of-routers-idUSKCN1IQ2DY and here https://www.securityweek.com/us-disrupts-russian-botnet-500000-hacked-routers. Now that we’ve potentially ordered big corporations to place better security measures to comply with the GDPR, we need to also invest even more time and resources into going after the bad guys, and stopping them before they can attack.

My final entry for this class is a synopsis of a really good article on Security Week by Joshua Goldfarb. He talks about the 10 security behaviors that anger us. It is one of the most-commonsense pieces of security advice I’ve read in a long time. One of the 10 security behaviors is fire fighting; where a security team seems to running from one emergency to another. Companies often bring this upon themselves, when they refuse to threat model, or to hire enough properly trained It professionals. The result is a reactive one, where the security team has to put out endless ‘security’ fires. Another security behavior is probably the most common one: writing down passwords. We all know that writing down passwords is considered a terrible security habit. Yet, our password policies dictate that we create complex passwords that include upper and lower case letters, mixed with numeric and special characters, and with a particular length. If we didn’t write down our passwords somewhere, we’d be kicked out of our computer systems constantly. Companies need to help us with password management systems so we can keep track of all these unique passwords we need. You can read the full article at https://www.securityweek.com/10-security-behaviors-anger-us.

The Action Plan CYBR650 Week 10

Week 10 feels good as we near the finishing line of this class. The assignments are really empowering, as they have been helping me to understand a part of our company business that I’m not usually involved in. Developing the action plan really helped me to get a better appreciation of our IT team. The action plan is a crucial document that could go a long way in mitigating the risks that have been identified. I believe one of the challenges our IT folks face is (sometimes) their inability to communicate their findings in the kind of verbiage that upper management (who are often not technical) understands. This is such a vital piece of the equation; if the action plan properly conveys to management how you conducted your assessment, along with your results and the plan to address the threats, vulnerabilities, and risks, chances are management would approve it. The learning objectives for these two weeks (9 and 10) gave us the opportunity to review and provide constructive criticism on the action plan provide by our classmates, and I really enjoyed it. While giving feedback, I am also taking away ideas on how I can improve my own document.

A good action plan is extremely important for improved security in any organization. Just identifying threats and vulnerabilities is not good enough. Action must be taken to mitigate these risks, and that’s where the action plan with good security recommendations come it handy. Many security breaches can be avoided if organizations simply implemented some common security controls and best practices, like updating configurations and keeping operating systems up to date with latest security patches. Even the best of hardware and software tools, if not properly configured, cannot resist cyber attackers. Hackers seem to be at the top of their game, employing more enhanced and sophisticated techniques to perform their exploits. Successful data breaches yield a big payload to attackers, and often have a major impact on organizations, including loss of revenue, loss of customers, damage to their brand, and even fines!

Many companies without a dedicated security team are now getting into the habit of using a managed security provider, much like in the case of Harry and Mae’s Inc. It can often be more cost effective and with less distractions to an internal staff. The idea is to go on the offensive, rather then being defensive. While we embrace rapidly advancing technologies, we have to understand these technologies often pose a serious security risk to organizations. IT staff have to stay current on new threats and security best practices. In today’s world of compliance with industry standards and federal and state regulations, companies have to be very serious about security; non-compliance can often result in hefty fines and other consequences. The action plan is useful in that it prioritizes the vulnerabilities, giving companies the chance to work on those that pose a major threat to the organization.

One very popular strategy in many action plan recommendations for better security is the development and implementation of a strong security policy, along with ongoing employee education and training, and monitoring for compliance. Employee education and training is beneficial to the employee and ultimately to the company. As employees practice good security measures, especially when it comes to passwords, etc., they’re doing their part to help keep the company safe and secure from data breaches. Employee education and training also helps to improve productivity, and it definitely goes a long way in adherence to quality and other industry standards. The action plan also provides a man to help track action ownership, resource estimates, priorities, target dates, etc. As it defines the recommended risk and compliance-related mitigation actions needed to improve the organization’s risk posture, it also provides a way to identify the company’s high priority assets and the owners or prime points of contact for these assets, which could come in very useful during or after an attack.

Threats and Vulnerabilities CYBR650 Week 9

Delving into week 9 brings the stark reminder that no one: no company, no organization, be it private or government, profitable or non-profit, no one is exempt from a cyber attack, no one is ever 100% secure from a cyber attack. While we laud the rapid pace of technological advances, and the comfort it brings us (I’m writing this blog while working from home today, so I don’t want to be too hypocritical), the problem is that this same technology is misused tremendously by cyber attackers. Despite the increasing wave of data breaches over the past few years to companies like Home Deport, Chase Bank, and Experian, it seems like companies are not doing their best to keep their data (and our data) as safe as possible. Just a few days ago Twitter announced that a bug in their system may have exposed user passwords internally. While the company quickly said that no breach occurred, and must be commended for coming out publicly very quickly, the fact remains that this information was available to hackers for a period of time, so Twitter can never be 100% sure that the compromised data was not acquired by attackers! I am leery that Twitter’s own internal investigation showed no signs of a breach or misuse; let’s get an independent auditor to confirm Twitter’s findings! Read more about it here: https://www.trendmicro.com/vinfo/us/security/news/online-privacy/change-your-passwords-twitter-bug-exposes-user-passwords.

The Twitter accounts’ compromise and the other data breaches is a reminder to all users, personal or corporate, of the need to practice good security measures on social media accounts. The top on the security list is creating and using strong passwords that follow complexity rules. If your password is easy for you to guess or remember, it is more likely to be an easy target for hackers. Also, always check your security and privacy settings. Don’t use the system default settings. Adjust the default settings as much as necessary so you can protect your personal information.

Every time I hear about a new technology or device being introduced, I get a little fearful. Take Amazon’s virtual assistant, Alexa, for example. Amazon has made several Alexa-enabled devices, and other manufacturers are building Alexa into many types of devices like phones and thermostats. I thought to myself: great; now let’s say see what hackers will do with it! Just two weeks ago, an article on the Trend Micro website stated that Alexa can be programmed to eavesdrop on its users and transcribe the information, which is a great potential for hackers to steal private information. As far as most (if not all) users understand it, the Alexa digital assistant is supposed to end the active session until prompted for another active session. However, it seems attackers can prompt Alexa to believe it has informed the user that the device is still actively listening, and can transcribe and send the information to the programmers. Read more about it at https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/alexa-can-listen-indefinitely-potentially-exploited-to-transcribe-information-to-cybercriminals.

           The need for education of users in the area of cyber security and general security measures remains strong. People must understand that they are responsible for maintaining the security on their products, and should not rely entirely on vendors and manufacturers. While manufacturers may identify vulnerabilities and provide patches and system updates, it is still the user’s responsibility to actually download these firmware and software updates. Good security practices, like using strong passwords, not using the same passwords on different accounts, and changing passwords regularly should be followed. Operating systems and browsers should always be kept up-to-date in regards to patches and security updates. And make sure to keep regular backups of data; this comes in useful if an attacker targets and corrupts your data – a backup can save you time, money, and a lot of headaches.

Cybersecurity News CYBR650 Week 8

We’re not in the last few weeks of this class in Current Trends in Cybersecurity. I learned how to perform a threat analysis using my process model and the threats vulnerabilities I identified in the Harry and Mae's case study. After completing this assignment, I can see how critical thinking is a fundamental requirement for security professionals. I also see the need for IT security professionals to be able to present all vulnerabilities, threats, and risks in the language that will be easily understood by non-technical management. Threat modeling is a great approach to analyze the security of a company’s IT infrastructure, and serves to identify and help to mitigate all associated security risks, prioritizing the top threats that would have the greatest potential impact. This is why threat modeling should be an iterative process for any corporation. The Microsoft STRIDE threat model is a wonderful tool that group threats into categories, allowing security professionals to consider how the different threats in the model can affect application components.

I access Security Week often to get all the latest cyber security news. There’s a great article “Don't Fall Victim to IP Theft and Corporate Espionage” that discusses cyber espionage related to the business world, where corporate espionage targets proprietary information from private entities for commercial advantage, where a variety of techniques are used to gain illegal access to networks. Read more at https://www.securityweek.com/dont-fall-victim-ip-theft-and-corporate-espionage. This is why software companies have to move quickly to identify vulnerabilities and provide patches so espionage threat actors cannot exploit them. Users also have to demonstrate responsibility by not downloading unauthorized (and often malicious) software. Companies like ours regularly review security and access permissions granted to these programs to ensure we are in compliance. We are also very careful that our contractors and vendors are only given access to company networks that are absolutely necessary.

It is a fact that the number of attacks is rapidly increasing, as is the sophistication of these attacks. Last week’s hacking attack on three Mexican banks was centered on real-time payment transfers, which allows banks to transfer money between private accounts across an encrypted network. The hackers are stepping up their game, and should the good guys, when it comes to security. Read more at https://www.databreachtoday.com/hackers-target-3-mexican-banks-real-time-transfers-a-10927. Cyber attacks are more Sophisticated, and with today’s payload of data, the impact is more damaging, disruptive, and mostly than ever before. The data breach last year at Equifax was a wake up call to us that no one is really safe, and that today’s attacks are becoming more dangerous. Foreign nation-state hackers and criminals are using all the latest tools to steal data or set up conditions for conducting destructive attacks against networks in the future. This year, sophisticated cyber attacks continue to be one of the biggest technology concerns, as attackers continue to use tactics like social engineering, malware, and ransomware. Organizations must continue to invest in good, sensible security measures to protect against cyber attacks. The attacks are also becoming more public and more visible, as the impact of successful attacks are more far-reaching and with more potential victims. The problem is that hackers don’t give up; they simply change their method of operation and try other tools and techniques. However, one must bear in mind that the old social engineering technique is still a tried and true method that attackers use as they prey on people's tendencies to manipulate them. Sometimes they’re able to best of us, including IT security professionals. Just a few weeks ago a friend of mine was so afraid that the police was going to knock on his door that he quickly sent $2000.00 to pay a supposed IRS tax fee!

Threats and Vulnerabilities CYBR650 Week 7

This class has proven to be increasingly interesting. I’m taking this class simultaneously with Ethical Hacking and Response, and both classes have really opened my eyes to the world of cyber security, as well as current trends in cyber security. As I go through each week’s readings and assignments, I see many areas where I can apply what I learn to our corporation and in my own personal life. As I begin to learn about threats and vulnerabilities and the risk to pose, I’m gaining a better understanding of how I need to exercise good security measures in all my computing endeavors.

The Security Trends forum has been an excellent way to discover more of the cyber security environment; not just threats and vulnerabilities, but ways to mitigate those risks, which often involved good security policies that are already in existence. A good security policy is a proactive way organizations can ensure they are protected. It also establishes rules for good user behavior, and has to include employee training, and follow up to ensure users are in compliance. Security policies also serve to ensure the organization is in compliance to any applicable federal and state regulations. These classes are really helping me to understand how taking seemingly small security steps can help companies avoid data breach that can have major impacts.

In my Ethical Hacking and Response class, I was surprised to discover how much vulnerability has been discovered with the Apple iOS. I only use Apple devices, absolutely love them, and won’t switch to an Andriod device, ever. However, I must admit I was concerned. Like other Apple users, I thought Apple’s operating systems had the greatest high-tech security, but I am coming to grips with the fact that Apple mobile devices are also targets for attackers, and that any iOS device can be subject to attack sources of malware and viruses. For example, a Tech World article referenced 15 of the biggest Apple security threats, and I was surprised to learn about MacDefender, which was a malware that masqueraded as a security app users were invited to install an app as a way to detect non-existent security threats on their devices. Read more about it here https://www.techworld.com/picture-gallery/security/biggest-mac-security-threats-from-adware-icloud-hacks-ransomware-3623261/. A different article from Norton Security pointed out some common threats for Android, iOS, and Windows devices, with the rapidly advancing pace of technology bringing more sophisticated attacks. Some of the more common threats include collecting sensitive data stored on a device, spying on users and logging their activity, tracking locations, and opening back doors into a device to allow attackers to take control. Read more at https://www.nortonsecurityonline.com/security-center/mobile-threats-protection.html.

Back to my class, Current Trends in Cybersecurity, this is a great opportunity for me to learn more about perform threat and systems analysis, and discovering and analyzing certain threats and vulnerabilities so I can perform a risk assessment. I believe a threat analysis can be very useful in identifying and assessing threats and vulnerabilities, and, in the long run, create a more resilient network against threats, and mitigate any threats that do happen to break through. The fact is that a threat analysis allows IT personnel to locate vulnerable devices and systems, which can allow the company to respond quickly and make a considerable difference to limit damage from a cyber attack. Cyber attacks are on the rise, where attackers can wreak havoc on a corporation without ever leaving the safety of their homes. As attacks become increasingly sophisticated using technical skills and social engineering tactics to breach networks and gain access to sensitive data, the need for threat analysis becomes more apparent and more important.

Credible sources for threats, vulnerabilities, updates, and security news CYBR650 Week 6

The ‘Current Trends in Cybersecurity’ class has proven to be one of the best classes I’ve taken in this degree program. During week 2, I listed several credible sources of information for threats, vulnerabilities, updates, and security news. Although I haven’t actually used those sources for this week’s assignment, I still believe they are credible and I actually discovered some additional sources:

* https://www.csoonline.com/. One of their articles by Justin Dolly points out the top 5 cybersecurity concerns for 2018. Cyberthreats continue to rise exponentially, and no one (consumers or businesses) seems to be exempt from malware attacks and data breaches. The top five threats to watch out for in 2018 are (1) cryptojacking; where an attacker secretly uses someone’s computing device to mine cryptocurrency. Websites can run hidden cryptocurrency mining scripts in a user’s browser without the user’s knowledge. The attacker mines cryptocurrencies by using the computer's CPU to earn money for someone else. (2) PowerShell-based attacks; where an attacker uses malicious scripts to communicate with compromised websites acting as proxies for the command and control server. (3) Further growth in the cybercriminal underground; where the increase in cybercriminal tools and lower expertise will increase the number of cybercriminals. (4) Security software will be targeted; where attackers will target trusted programs and the software and hardware supply chain to control devices and manipulate users. (5) More cyber criminals will use worms to launch malware; where attackers will make more use of worm functionality to spread malware, simply because network compromise from worms spread faster than many other methods. Read more at https://www.csoonline.com/article/3241766/cyber-attacks-espionage/top-5-cybersecurity-concerns-for-2018.html.

* https://digitalguardian.com/. This is another great source for cybersecurity news. One article by Greg Funaro details several cybersecurity issues organizations can work on in an attempt to increase the effectiveness of their cybersecurity effort: (1) Treat data protection as your top priority. Recent data breaches at Equifax and several large U.S. banks only serve to emphasize the importance of protecting classified data. The fallout from losing sensitive data can be tremendous, including loss of customers, loss of revenue, and having to pay some hefty fines.  (2) Identify your critical IT assets and sensitive data. This is key to any organization. Once critical assets are identified, companies can go to work to gain visibility and control capabilities that can prevent attackers from accessing and stealing classified data. (3) Protect data assets. It’s just not enough to identify critical assets, but steps must be implemented to protect them carefully. When sensitive data is classified properly (using digital labels like “confidential”, etc.) it can help to protect information more likely to be targeted by attackers. Additionally, organizations must track who is accessing data and how that data is being used and shared, both internally and externally. (4) Pursue security education for employees. It’s just not enough to invest in security for critical assets. Part of that investment must include educating employees in password and data security practices. Employees must be aware that they play a crucial role in the security within their organization. Education on social engineering techniques and widespread attack methods can empower employees to recognize and report such attacks. (5). Compliance is not enough. In fact, compliance with industry and even government standards is often the beginning steps to securely protect sensitive data. Read more at https://digitalguardian.com/blog/5-cybersecurity-issues-avoid.

* https://www.infosecurity-magazine.com/news/. This magazine is actually one of my favorite sources for Information Security and IT Security News & Articles. One interesting article lauds the security for Windows 10 as being almost twice as safe as Windows 7. I find this surprising, especially since my assignment for another class in this Cybersecurity major was on the many vulnerabilities identified in the Windows 10 operating system. The author states that almost all the devices that were victims of the WannaCry ransomware attack were running Windows 7; even so, companies continue to rely on Windows 7 more than Windows 10. It seems that consumers are more prone to make better decisions, with almost 72% of home user devices migrating to Windows 10 by December 2017. Read more at https://www.infosecurity-magazine.com/news/windows-10-safe/.

Cybersecurity News CYBR650 Week 5

I’ve been looking forward to Weeks 5 and 6, even though I’m a little apprehensive about analyzing systems and data centers. The reading materials provide a lot of valuable information to help with the assignments. A description of the systems, networks, servers, and computers, and policies, standards, and procedures play a great role in systems analysis.

This week I’d like to focus on something that is currently at the top of cybersecurity news – the Facebook data breach. Although it seems outrageous that the personal information for more than 87 million users was compromised during the Cambridge Analytica data breach, a lot of security experts were sounding big warnings during the past decade. Additionally, more than a million users in each of the UK, Philippines and Indonesia may have also had their personal information compromised, with about 310,000 users in Australian. We’re told the number of users affected in the United States could actually be higher than the 87 million that was announced. Read more about it here http://time.com/5234740/facebook-data-misused-cambridge-analytica/ and here https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-breach. What is even more alarming, is that Cambridge Analytica used data obtained from these illegally accessed Facebook profiles to build a program to predict and influence voters. I say we shift our focus from Russia to Facebook when it comes to meddling in our elections! To make matters worse, more than 63,000 New Zealand users were also exposed, it was announced yesterday. Thankfully, that country’s privacy commissioner is working with his counterparts in the US, UK Australia and Canada to determine the severity and consequences of the privacy beach. Read more here https://www.theguardian.com/technology/2018/apr/10/facebook-data-breach-hits-63714-new-zealanders-after-10-people-download-quiz. 

It seems that Facebook did not learn from the many other companies who have suffered data breaches; even though Facebook discovered the data breach in late 2015, it did not alert users immediately. They probably tried to contain the breach in the hopes of maintaining the company brand, but alas, like our data breaches, word gets out sooner or later, and when done later, with major consequences! I must say I was not impressed with Mark Zuckerberg’s acknowledgement that he didn’t take a broad enough view of the company’s responsibilities! I mean, come on! You’re running the most influential and popular social media platform of all time, with more than a billion users, and he didn’t take a ‘broad enough view of the company’s responsibilities’? The fact that Facebook suffered a data breach of this magnitude and displayed such ignorance and lack of responsibility is quite appalling. 

To me, the bigger concern is who exactly has access to our data, and what are they using our data for. The issue of data harvesting and the threat it poses to our personal privacy is quite alarming. Our smartphones now store and transmit personal and sensitive information that we once kept locked away in our safes at home and in the office. We carry our personal identification information, our banking and credit card information, and login information to a host of other services; all of which could be very detrimental to us if it falls into the wrong hands. Our apps on our smartphones also have access to a lot of valuable and classified data. Data harvesting is big business today, and data companies are adding to the amount of data they have access to, and can sell or otherwise pass on to other entities. Some companies use the data they collect to determine and often dictate our likes and dislikes, our buying behaviors and patterns, our income levels, our hobbies, our personalities … and sell them to companies who are hungry to get their hands onto a particular market or target audience. It doesn’t help that companies like Equifax, who also recently suffered a major data breach, hold a treasure hove of valuable personal data on consumers.