encryption Image

Julius Caesar used encryption. Shouldn’t you?

Encryption is the process where information is converted from a readable format into one that obscures its meaning from those without the authorisation or ability to decipher it and has long been used to protect sensitive information from prying eyes.

The History Behind Encryption

Julius Caesar around 100 BC, was known to use a form of encryption to convey secret messages to his army generals posted in the war front. This substitution cipher, known as Caesar cipher, is perhaps the most mentioned historic cipher in academic literature. In a substitution cipher, each character of the plain text (plain text is the message which must be encrypted) is substituted by another character to form the cipher text (cipher text is the encrypted message). The variant used by Caesar was a shift by 3 ciphers. Each character was shifted by 3 places, so the character ‘A’ was replaced by ‘D’, ‘B’ was replaced by ‘E’, and so on.

Compliance Benefits

Encryption is invaluable for ensuring that sensitive information that falls into the wrong hands, is prevented from being of use to anyone without the ability to decrypt that information. This has huge benefits when compliance regulations come into play following a data breach, if data was encrypted the requirements for public disclosure are minimised, as the risk to data compromise has been eliminated. This is often referred to as ‘safe harbour’ and can be a lifesaver to organisations facing the stress of a data loss, with all its related impact on the business.

Virtual Data Protection Officer image

 Why you should use Encryption

Encryption with its various techniques of securing data has a key role to play in keeping sensitive and confidential information protected wherever it resides or is being transmitted, for example in emails. As a technology it can be deployed for data stored in servers, backup devices, and cloud services, often referred to as Data at Rest. For data in motion, encryption can be used to secure the transmission path by creating a unique closed point to point route between two or more points and eliminates the risk of a ‘man-in-the-middle’ attack, where a bad actor sits in between your transmissions and looks at your data.

Originally considered to be a complex technology to deploy and manage, it has now moved on and can be easily used by anyone. Gone are the fears that it will slow down access to data or double the size once encrypted.

Here are some points you should know about encryption:

  • Due to the increasing levels of both businesses and individuals falling victim to a plethora of cyber-attacks, the need for encryption is at an all-time-high.
  • Tokenisation is a form of encryption where applications can still operate but using tokens so that sensitive data is hidden, reducing the risk of exposure. An example of where it would be used is for medical research purposes, where large sets of data related to people are analysed but sensitive data that could be used to identify a person, is replaced with tokens.
  • Data masking encryption scrambles information, but it is often done more selectively. An example of where it is particularly useful is in redacting sensitive data in documents such as emails and office productivity documents so that they can be sent largely in plain text but with sensitive information, such as credit card numbers, hidden or masked.
  • Providers such as Google or Microsoft, or other centralised providers, offer encryption but if they hold the encryption key, they may de-code data if officially asked to, by a government or law enforcement agencies, or worse still if one of their employees wants to sell your data. For this reason, the technique of ‘bring your own key’ has been introduced where you hold and control your own keys outside of any service provider.
  • End-to-End encryption stops third parties from accessing data, as it flows from the sender to receiver only and is used by apps such as WhatsApp. Private networks called Virtual Private Networks (VPN) can be set up to achieve this.
  • Public/Private Key encryption is available for all to use but, only the intended receiver will have the decryption key by which to unlock the communication. This process works so any person can encrypt a message using the receiver’s public key, but that encrypted message can only be decrypted with the receiver’s private key.
  • Key Management: If keys and certificates are not properly secured the organisation is open to attack, no matter what security controls are in place. Always consider adding a High-Security Module HSM into any encryption plan. The HSM will also help define any key rotation needs and processes to change the key used in any data set.
  • Encryption is based on levels of complexity and thus security. The higher the encryption number the better the encryption code. Typically, 256-bit encryption is the standard level.
  • There are many names for encryption codes. Some are held for government use only and many others are proprietary. The most common commercial and widely recognised as being of a strong level of encryption are AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), and DES (Data Encryption Standard). Go for these rather than an unproven version.
  • Encryption when linked to access control can be a powerful tool in the separation of duties by controlling who or what process can see the data. This means users, in particular system administrators, can be prevented from reading the data but still allowed to manage it, for example, to do backups.

We all want to be able to communicate securely and without interference. Encryption can help us to achieve this and should be considered a core part, if not the starting point of any data security strategy that organisations develop both for data at rest and in motion. For both data security needs and for achieving regulatory compliance; encryption should be the baseline for any data security strategy.

 

cyber-security-consultant-image-mobile

How secure are your API’s?

How secure are your API’s?

Application programming interfaces (APIs) have become the must have option for many organisations, with enterprise developers relying heavily on them to support the delivery of new products. API’s allow programmers to integrate functionality from externally provided services instead of having to build these functions themselves.

While interconnections offered by APIs have been around since the first programmes were written, the landscape is changing, especially with the rapid growth of mobile applications. Even legacy applications have API’s written for them in-order to extend their life cycle rather than making them redundant.

With the rise of APIs come the potential for more security holes. This requires developers to understand the whole API code and not simply focusing on the part they need to integrate, as other sections could leak data from rogue applications coming from a bad actor. It is this lack of a full code review that is leading to data breaches and the bad press they bring, mandating Boards to review the need to keep corporate and customer information safe. Companies rely on their APIs to build applications that drive innovation and revenue, so there is no room for deployment delays.

The increasing regulatory focus on sensitive data leaks is impacting profitability and, the Public is taking notice. Poor API design and security practices are often at the root of sensitive PII data leaks.

APIs are everywhere, and they exchange highly sensitive data constantly, making them a rich target for attackers, which explains the significant increase in attacks targeting APIs in recent years which have moved beyond methods such as cross-site scripting (XSS) and SQL injection (SQLi) attacks to focus on finding unique vulnerabilities in APIs.

And traditional solutions such as Web Application Firewalls (WAFs), which depend on signatures and known attack patterns, cannot detect or prevent these new attacks targeting the unique nature of APIs. Because they validate transactions individually and cannot correlate activity over time, they cannot detect the reconnaissance behaviour of a bad actor looking for a business logic flow in a company’s APIs.

APIs are incredibly powerful tools that can help an organisation advance its business goals and better integrate with customers, vendors, and business partners. However, in the face of constantly changing application development methods, and pressures for innovation, some organisations have not fully grasped the potential risks associated with making their APIs available to the Public. Regardless of how many APIs are shared publicly, the security considerations should never be forgotten, and it is for the executives, responsible for security and governance, to ensure development and network teams never lose sight of establishing strong security policies upstream and managing them proactively, over time, for each development.

Advanced Threat Detection and Vulnerability Scanning Image

The Conundrum of Consolidation

What is the conundrum with consolidation?

The conundrum around individual components verses combined systems continues. Rather than reducing complexity, many businesses are managing multiple point products, incompatible dashboards, and struggling to integrate new systems with existing defences. This applies to all size of business but is especially hard for mid-size enterprise, where resources are stretched and the skills needed to truly understand the information that is being presented, simply not there.

Now there is a focus on Security Service Edge (SSE) which is emerging to reduce complexity and improve detection and response, all in one integrated system. This approach relieves the pressure on IT teams by integrating security from a single cloud-based platform, vital for all businesses but especially those in the mid-sized arena.

The answer to the conundrum of consolidation…..

An autonomous, integrated security platform has the capacity to tackle evolving threats, right across an organisation’s attack surface, around-the-clock and, at lightning speed.  Operating a single platform means all your security functions can share relevant data in a single, transparent dashboard, improving speed and accuracy of response and reporting, while helping to mitigate against cross-channel attacks and eliminate complexity.

And, it enables organisations to move away from the more expensive and time-consuming approach of running separate solutions in silos. Instead, it gives companies an integrated strategy that is simpler to use, easier to manage and, reduces the need for manual intervention.

Crucially, a platform approach enables digital business, giving users the freedom to access the applications and data they need, regardless of device or location, whilst providing visibility of threats and the tools to remove them to the IT team, to better utilise their time.

Not every organisation will have a specialist security person for every aspect of the cyber framework, so a single view of the critical aspects of a security in depth cyber plan is vital for every small to medium size company. Thus, the integrated approach presents, in a clear format, the real-world events happening with understandable options on how to defend or mitigate the situation.

 

risks ahead

Multiscanning, the new must have

Every day, new malware and other online threats emerge, making Anti-Virus (AV) an increasingly important element of any cyber security strategy.

It is, however, unrealistic for a single anti-virus solution to be able to protect devices from all malware, not least because AV engineers need time to understand any new virus and develop the antidote. Furthermore, delays can happen due to systems not being updated as soon as a new AV patches are released.

We now have polymorphic viruses, which are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. They can encrypt their codes and use different encryption keys every time, blinding many AV engines, rendering them useless.

It is not surprising that 91% of cyberattacks start with an email which remain the largest attack vector for malicious actors, as it is cheap, easy to use, and provides a direct communication channel into an organisation.

It is also possible to be attacked without actually doing anything, even by avoiding suspicious email links, malicious websites or scanning files from the web before opening them. Something as seemingly harmless as a web page can be a way for malware to get into a system, simply by visiting them. Such weaknesses typically come from the clicking onto malicious ads, otherwise known as malvertising attacks. These land on a page that could download a file or execute a web script that compromises the system. Malvertising attacks come in a wide variety, can use legitimate, but compromised, websites and may use misleading prompts to trick a user into agreeing, or acting, without the understanding of its execution.

These ‘drive-by downloads’ are hazardous as PCs can be infected simply by visiting a good website at the wrong moment. Malware authors get away with this by exploiting online advertising networks and inserting their malicious ads in-between legitimate ones. Advertising networks are trying to crack down on these practices, but it is difficult to prevent them without sacrificing revenue.

Best practice now calls for the addition of more AV scanning engines, or multiscanning, to increase the detection rate of malware. By using more than 20 anti-malware engines, a detection rate of more than 99% is possible, so that new threats can be quickly detected and remediated.

Multiscanning also identifies malware outbreaks more efficiently, by consolidating virus definition database updates. As the number of antivirus engines increases, the time of exposure to malware decreases. With more than 20 anti-malware engines, exposure to malware can be reduced to less than 10 minutes.

Multiscanning technology improves the detection of outbreaks by using a variety of engines using a mix of heuristic, machine learning, and signature-based detection.  AV engines support pattern (or signature) matching to detect malware variants that exhibit similar behaviour to other variants in the same malware family. AV engines, using only definition databases, are less suitable for this purpose, while engines using artificial intelligence and behavioural heuristics can identify complex viruses, even polymorphic and unknown (zero-day) viruses.

Now is the time to strengthen your cyber security to include multiple, intelligence based, AV engines that can detect unusual behaviour, which is often a sign of malware lurking in your network.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

secure email image

Email: The Weakest Link

Email: The Weakest Link? It is a fact that the vast number of emails sent to an organisation are either spam or ransomware attacks, with many targeted hacks starting via email. Even the most careful of us can be duped into clicking a dubious link or opening a dangerous attachment. Traditional email has the confidentiality level of a postcard, easily read by anyone involved in its transport, the problem is clear.

So, it is not surprising that 91% of cyberattacks start with an email and remain the largest attack vector for malicious actors, as it is cheap, easy to use, and provides a direct communication channel into an organisation.

Sadly, so keen are we to open email that simple things are often over-looked, such as checking the addressee’s name. And, we are so used to letting our systems populate our ‘To’ fields that we don’t double check whether it is the correct ‘Paul Smith’ we are sending to. We are constantly told to watch out for phishing emails, but rarely to take care of what we are sending.

Lack of care becomes even more of a problem when confidential or sensitive data is attached.  Is it being sent to the correct person, should the attachment be allowed, who else could read the email? Even if it is good to send, how do we know it was received, when was it read and, if it has been forwarded?

Managing email security is a complex challenge that provides organisations with little in the form of competitive advantage. It often makes little sense for organisations to attempt to manage the intricacies of email security by themselves.

As a result, many turn to service providers to handle the issues surrounding email security. Such services aim to provide secure and verifiable collaboration and communication for both organisations and end users. It enables emails to be sent and received securely, as well as providing a verifiable and auditable trail of all communications, in-order to satisfy both security and regulatory compliance requirements.

Many of these services are cloud-based with some requiring the user to adopt a solution specific application.  The better and more versatile products work on any standard infrastructure that is already in use, including all the main email applications.

Such secure email services can be used as a standalone service or as one that is integrated into workflows that are in place. This means that neither the sender nor recipient of emails needs to change anything that they do in terms of the way that they are used to dealing with emails. They work with any email address, turning a normal email into one that is secure, such as the way that normal mail works, but is registered. It ensures that all email can be traced to the original sender and recipient via the transaction register that is provided through the service.

Ordinary emails will then be brought into compliance with requirements such as data privacy and protection laws and other industry standards. It also extends coverage to any mobile device use.

Digital Pathways research has shown that a secure email service could save up to 75% of the cost of sending a physical letter, meaning that even the most sensitive and confidential information can easily be sent in a cost-effective manner that serves the purposes of any organisation. It will enable productivity gains, elevating emails to the level of registered mail for a fraction of the cost.

Having good anti-virus (AV) protection is a must when it comes to protecting email.  Most secure email gateways have one anti-malware engine, and no matter how often virus definitions are updated, any given anti-malware engine is going to miss some threats. Current best practice, is to add more AV scanning engines, called multiscanning, to increase the detection rate of malware. By using more than 20 anti-malware engines, companies can reach a detection rate of more than 99% so that a new threat can be quickly detected and remediated.

Along with ensuring a high detection rate of malware, multiscanning also identifies malware outbreaks more efficiently, by consolidating virus definition database updates. As the number of antivirus engines increases, the time of exposure to malware decreases. With more than 20 anti-malware engines, an organisation can significantly reduce exposure to malware to less than 10 minutes.

Multiscanning technology also improves the detection of outbreaks by using a variety of engines using a mix of heuristic, machine learning, and signature-based detection.  AV engines support pattern (or signature) matching to detect malware variants that exhibit similar behaviour to other variants in the same malware family. AV engines, using only definition databases, are less suitable for this purpose, while engines using artificial intelligence and behavioural heuristics can identify complex viruses, even polymorphic and unknown (zero-day) viruses.

With the risk of substantial GDPR fines, gaining control on emails and ensuring you know where sensitive data is being sent is critical. The way email, and the sharing of documents, are handled needs careful consideration and protection. The excuse that an email went astray, or personal information was disclosed to a non-authorised party, will no longer be tolerated.

Email has become an essential communication tool, vital for almost every organisation and consumer. But security is a must. Ensuring all communications are done in a secure, cost-effective manner is no longer simply an option.

 

IT Security Image

Providing Cyber Defence Without Breaking the Bank

Cyber-attacks can cost businesses huge amounts of money; having robust cyber defence systems has therefore become a must. Today, defence systems are not confined to the perimeter of networks but go deep inside of an organisation, looking at user behaviour, checking where data is going and even, what an employee is doing when they are away from the network.

Although security in depth has become a buzzword, it brings with it great complexity, as most systems do not talk to each other. Systems which are in place to monitor, such as Security Information and Event Monitoring (SIEM) platforms, fail as they are only able to alert an operative to a problem and so, are only as good as the person who reacts to that alert if they are even looking! Given that cyber-attacks are mostly automated, the delay in reacting to an attack allows the threat to gain a hold before an organisation has even started to assemble a defence.

Having varied security systems also creates problems, such as a lack of knowledge of the differing products, both in terms of their use and an understanding of what they are showing. Often, this is due to an installing team leaving an organisation with the relevant system knowledge lost, making it harder to maintain, and react, to any issues that may follow.

Frequently, new security systems are brought in and placed on top of the old, ones to plug any perceived gaps.  The cycle continues with more layers of defence – ‘the tiers of doom’!

This ‘tier of doom’ scenario results in uncontrollable costs, leaving organisations exposed to attacks. Stopping this cycle is key to improving the cyber security position and can be achieved by ‘thinking smart’.

Using technology to control technology, and closing the skills shortage gap, can be achieved by using a cyber management platform (or Shield) that presents warnings, actions, and results, in a single pane of glass view, which will enable experienced cyber teams to work on one platform, rather than having to learn and remember say, 20 different dashboards.  It will show all the results and consequences of events happening in real-time and advises on appropriate action.

Many attacks stem from multiple vectors, all automated and programmed, which means cyber defence teams need many ‘eyes-on’ the defence perimeters, not always possible in our resource-light cyber team environment. Defence needs to be automated, using appropriate levels of authority and response. Given cyber management systems are connected to every defence technology within the network, it can automatically instruct systems to neutralise attacks, using playbooks designed around a company’s defence policy.

A one-vendor approach, in the hope that their offering, in a particular area, is good, is not always the best solution and is not necessarily the most cost-effective either.  A cyber management platform can empower an organisation to pick the best product it can afford, without the worry of training its staff or being forced to pay for expensive bolt-ons, just to keep support contracts simple.

Cyber management systems can also take away the requirement for compatible systems to be a driver, even legacy systems can be brought back into a cyber defence strategy. This saves money and breaks the ‘tier of doom’ as cyber teams can get on with understanding what they have, learning from the actions recommended from the platform.

No one can remember every aspect of every system within a network, especially if they haven’t logged on to the system in say, six months. The speed and frequency of attacks are becoming beyond normal controls. Couple this with the demands of day-to-day procedures such as patching, fault finding, opening ports to accommodate new business projects etc. and the pressures and distractions are great.

A cyber management system that sits in the centre of connected networks, seeing all, listening to all, speaking to all, and controlling all, must be a game changer in the cyber defence armoury whilst not ‘breaking the bank’!

Cyber-Attacks Are Like The Flu

Cyber-attacks are like the flu, even with an injection, eventually, you are going to get ill. It is always there, lurking, waiting to make your life just that little bit harder.

The same can be said of today’s cyber threats.  They constantly change, with malware vectors ever increasing.

Many companies are lax, leaving doors open, not deleting user accounts of those who have left, ignoring system alerts, not patching servers and endpoints, have weak email controls, allow fileless attacks or bad URLS.

Some can’t afford the time to investigate an attack so need to be proactive about stopping them. Traditional measures such as anti-virus are no longer good enough to meet the speed of change and are often unable to see new vectors, such as fileless attacks. Proactive systems are required which provide visibility, detection, and prevention, along with automatic\manual remediation.

Technology is available to deal with this and can fit across the whole network, servers to endpoints. It looks at what is normal if anything looks abnormal the process is killed immediately. Any Zero-Day attacks are stopped whereas, traditional forms of detection only kick in once the attack signature is known and implemented, which is far too late.

By using technology to detect a threat, and blocking it, prevents its spread and gives the IT team time to investigate in a quarantined environment. Enabling an exploit to run within a controlled environment, such as honeypots, allows deeper understanding of who the attacker is and their goal. This is useful, especially if the attack was targeted at critical assets, such as intellectual property or finance systems.

Another benefit of using technology is that it generally gives the IT department access to specialist security teams run by the vendor, a virtual in-house security operations team if you like, performing many triage functions and bringing special skills to the fore, which would normally not be available within the organisation.

All businesses need to stay ahead of the game, not to find themselves as the weakest link – goodbye!

The way forward is to use an AI-based system that learns the behaviour of the network. Technologies such as SOAR (Security, Orchestration, Automation, and Response) can link many disparate security technologies together, forming a single platform for management and alert. Being AI-driven, it allows the business to automate some functions, such as address blocking or taking a device offline during an attack.

Another approach is to lock down each endpoint as, in general, these are the most vulnerable to attack. If a protected endpoint starts to perform unusual acts, even if they are valid applications but used in an odd way, the device will be ring-fenced and the IT team alerted of the incident. This happens instantly, minimising the spread of the attack and with the intelligence to know other protected devices within the network, communicating the threat vector so that each endpoint protects itself, even before the exploit runs.

Now is the time to start protecting against the unknowns, as even the security vendors can’t always be on their ‘A game’, but you certainly can.

 

Padlock

Insidious Malware And What To Do About It.

Malware is an ongoing headache for IT users and it is a constant race to stay ahead of it.  Recently there has been the storm over the flaw in the Apache Log4J software, which seems to allow hackers to enter code in record-keeping logs, letting them then take control of data.

This vulnerability comes from an open-source programme that is able to record changes to applications.  It is widely used by applications and services across the Internet and consequently, this security loophole is likely to affect us all, individual and corporation alike.

And, the concern now is that it may be able to cause further damage by encrypting or even deleting data.

It is not however the only such vulnerability.  So, what can we do to limit any possible damage, not only from this current exploit but from other forms of malware too?

Firstly, and most importantly, ensure all current patches and updates are installed. Most vulnerabilities are fixed by the vendor in a relatively short period of time, the issue comes from companies not updating the software that enables the new fixes to remove the vulnerability.

Secondly, install malware detection solutions or applications that can stop unknown or unusual processes starting, which could be controlled by malware. Or, remove all active links in emails and/or attachments, so that users cannot click on them without actively thinking. Remember, users are the biggest security threat of all.

Then:

.  Ensure your Internet browser is up to date

.  Do not use pirated software

.  Check your anti-virus is robust

.  NEVER click on suspicious links

And lastly, if you don’t need an application, or are not using it, turn it off!

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.

risks ahead

Beware the Russian Hackers!

PRESS RELEASE March 2022

Businesses and individuals alike should be especially vigilant for scams and hacks by Russian vectors at the moment, according to the Managing Director of cyber security company, Digital Pathways.

Whilst there is nothing new about the idea of the ‘bad guys’ trying to attack systems by phishing, ransomware, trojan horse attacks, or malware worms, the current situation, due to the Russian aggression against Ukraine, may increase the number of cyber-attacks that we are likely to see.

This is especially so for the Banking Industry due to the blocking of Russia from the international online payments banking system, SWIFT.  It is likely that Russia and its allies may look to retaliate, targeting banks, other companies as well as individuals.

“My advice”, says Tankard, “is to be extra vigilant now, especially around passwords protecting clients’ personal details. Always check a sender’s URL.  Make sure it is bona fide by hovering over the link and checking it thoroughly.  Be aware that any using the suffix ‘.ru’ is Russian, and definitely, do not open attachments unless you are sure they are safe to do so.  Just hit the delete button!

“If you are unsure about an attachment there are a number of websites such as VirusTotal – https://www.virustotal.com where you can paste in a link or upload a file to be scanned for anything nasty.

“Protect yourself with security software. For a small annual fee, this software will block any hostile application from launching or will block an unusual outbound connection from a computer or server. Also, any file which is found to be malicious will be quarantined, and any other machine connected to the same network will be alerted for the same file, so any spread is contained immediately.

“But of course, make sure anything you buy is not a product of any Russian security company.”

“As always, back up everything, regularly”.

It is important that all businesses and individuals are aware of the likely increase in cyber-attacks at the moment and take all necessary steps to stop them.

Privileged Access Management

What Is Privileged Access Management?

Privileged Access Management (PAM) refers to the giving, to an IT user, access, or abilities over and above that of a standard user.  This may be in order for them to carry out their roles, for example, an IT administrator, and enables organisations to secure their systems, ensure the confidentiality of data as well as to allow the business to thrive.

It works by employing the principle of least privilege, where users are provided with the minimum level of access needed for their work and, given that humans are often the weakest link in an organisation’s cyber security system, making sure levels of access are kept ‘tight’ helps reduce the attack surface, and limit the damage from external attacks, insider threats and negligence.

It also provides good compliance rigors, as it allows organisations to record and log all aspects of the IT infrastructure, simplifying audit and compliance requirements.

Real-time data collection means that the organisation can monitor who has accessed critical information from networks, servers, and applications. Unauthorised login attempts are also logged, with alerts set for the detection of suspicious activity, thus allowing IT administrators to take immediate action.

Once focused on password protection modern PAM systems have evolved to include key security factors such as session monitoring, user behavioural analytics, multi-factor authentication, proxying and password vaulting.

And, once installed a Privileged Access Management (PAM) systems need managing.  Organisations need to monitor who has what privilege access on an ongoing basis, so as to keep control of all data.  A member of a human resource department, for example, moving to a new role in another area of the business, should not continue to be able to access their previous HR systems, unless still required for their new role.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email [email protected] and we’ll be happy to advise you.