risks ahead

Beware the Russian Hackers!

PRESS RELEASE March 2022

Businesses and individuals alike should be especially vigilant for scams and hacks by Russian vectors at the moment, according to the Managing Director of cyber security company, Digital Pathways.

Whilst there is nothing new about the idea of the ‘bad guys’ trying to attack systems by phishing, ransomware, trojan horse attacks, or malware worms, the current situation, due to the Russian aggression against Ukraine, may increase the number of cyber-attacks that we are likely to see.

This is especially so for the Banking Industry due to the blocking of Russia from the international online payments banking system, SWIFT.  It is likely that Russia and its allies may look to retaliate, targeting banks, other companies as well as individuals.

“My advice”, says Tankard, “is to be extra vigilant now, especially around passwords protecting clients’ personal details. Always check a sender’s URL.  Make sure it is bona fide by hovering over the link and checking it thoroughly.  Be aware that any using the suffix ‘.ru’ is Russian, and definitely, do not open attachments unless you are sure they are safe to do so.  Just hit the delete button!

“If you are unsure about an attachment there are a number of websites such as VirusTotal – https://www.virustotal.com where you can paste in a link or upload a file to be scanned for anything nasty.

“Protect yourself with security software. For a small annual fee, this software will block any hostile application from launching or will block an unusual outbound connection from a computer or server. Also, any file which is found to be malicious will be quarantined, and any other machine connected to the same network will be alerted for the same file, so any spread is contained immediately.

“But of course, make sure anything you buy is not a product of any Russian security company.”

“As always, back up everything, regularly”.

It is important that all businesses and individuals are aware of the likely increase in cyber-attacks at the moment and take all necessary steps to stop them.

Privileged Access Management

What Is Privileged Access Management?

Privileged Access Management (PAM) refers to the giving, to an IT user, access, or abilities over and above that of a standard user.  This may be in order for them to carry out their roles, for example, an IT administrator, and enables organisations to secure their systems, ensure the confidentiality of data as well as to allow the business to thrive.

It works by employing the principle of least privilege, where users are provided with the minimum level of access needed for their work and, given that humans are often the weakest link in an organisation’s cyber security system, making sure levels of access are kept ‘tight’ helps reduce the attack surface, and limit the damage from external attacks, insider threats and negligence.

It also provides good compliance rigors, as it allows organisations to record and log all aspects of the IT infrastructure, simplifying audit and compliance requirements.

Real-time data collection means that the organisation can monitor who has accessed critical information from networks, servers, and applications. Unauthorised login attempts are also logged, with alerts set for the detection of suspicious activity, thus allowing IT administrators to take immediate action.

Once focused on password protection modern PAM systems have evolved to include key security factors such as session monitoring, user behavioural analytics, multi-factor authentication, proxying and password vaulting.

And, once installed a Privileged Access Management (PAM) systems need managing.  Organisations need to monitor who has what privilege access on an ongoing basis, so as to keep control of all data.  A member of a human resource department, for example, moving to a new role in another area of the business, should not continue to be able to access their previous HR systems, unless still required for their new role.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

Work from anywhere

The Work From Anywhere Security Check list

The post-pandemic trend of ‘work from anywhere’ may offer many benefits both to employer and employees alike, but for security teams across the board, it adds a myriad of issues and concerns regarding exactly how data can be kept safe.

The ability to be connected on any device with access to every application, anywhere at all, is a reality today. But this reality hugely increases the attack surface within any organisation.  Together with the ever-growing instances of phishing and ransomware attacks, the need for robust and co-ordinated security strategies grows ever more important.

Many organisations find themselves with piecemeal security solutions, continually bolting on the next ‘sounds great’ solution without any holistic thought.  This results in security gaps, fragmented visibility, and a complex system, practically impossible to manage.

There is no doubt that we humans are the biggest threat of all.  We make mistakes.

So, what can be done?  Here is a checklist of the 10 ‘must-have’ protections for users, devices, and access.

  1. Email Security: Email is like sending a postcard. If you don’t mind the postman reading what is written on your card then it is fine, but would you put your bank details and PIN on a Postcard, obviously not. So, consider email in the same way. Always use an email security application to encrypt them, detect suspicious emails and block them, stop accidental emails going to the wrong person, or to check that attachments are not confidential.
  2. Ongoing Cyber Security training: We all tend to forget things quickly and, in the heat of the moment, may not recall how to spot a suspicious link. Training should be on-going and one useful element is to use an application that generates spoof emails to maintain awareness, has the ability to monitor progress and, provides The Board with a measurement of the improvement of staff cyber awareness.
  3. Endpoint Security: It is difficult to know what a remote user is doing, but by having an application on the endpoint which monitors the status of the device, checks that it is fully patched and that there are no rouge services running, can help to stop endpoints being compromised. Furthermore, adding services such as automatic back-ups, remote diagnostics and support, will enhance the remote user’s situation and reduce the support overhead of remote workers on IT Support Teams.
  4. Access control: We all know the problems surrounding the issue of passwords and their management. Making access to networks easy but secure, is a goal all remote working solutions should strive for. Multi-Factor Authentication removes the password issue in a simple fashion and can be extended to encompass signal sign-on, across other platforms and cloud services.
  5. Encryption: this is the only technology outlined within the GDPR rules and can significantly reduce the exposure of a data breach to a company. Encryption does not slow down a device, nor does it mean that data cannot be shared. It is simply there to protect the valuable asset of the data, whether it be in transit, at rest on a device or server, or in a cloud-based system, either managed by a third party or within your own cloud solution.
  6. Backup & Disaster Recovery: Data has value and blocked access to it poses a real threat to business. Ensuring data is protected against ransomware, secured by encryption and access controls, held in multiple locations in different formats, all lead to data being available on demand, to any user or device, in as timely fashion as can be managed during any recovery process.
  7. Threat intelligence: To be forewarned is to be forearmed. Therefore, understanding where threats may be, gives the business time to prepare and deploy measures to minimise risk.
  8. Third Party Risk Assessments: The supply chain is critical to a business but should that chain have a weak link, it could open a door into the network and allow a hacker in. Consequently, it is important to ensure suppliers’ networks are also robust by adding some form of risk assessment on key suppliers to ensure businesses can operate together in a trusted environment.
  9. Network Security: Data travels over networks, often in the public cloud, so should be protected by using a Virtual Private Network (VPN) to ensure that no third party can eavesdrop on communications or, insert data such as an altered invoice into the stream.
  10. Application Security: Applications are easy to deploy but often we do not check that they are functioning correctly or may have higher administration rights than needed, leading to application exploits or open doors into networks. Any new application should be checked for its handling of security and follow the GDPR standard of a Data Protection Impact Assessment (DPIA) to verify the application. As a last resort a full code review should be undertaken which will highlight any code trap doors hidden within it by the developer.

If you need any advice or would like to discuss any of the security checklist components please give us a call on 0844 586 0040 or email intouch@digitalpathways.co.uk

Every organisation can benefit from added protection, we’ll be happy to advise you.

Cyber Essentails

Why Adopt The Cyber Essentials Programme?

Why Adopt The Cyber Essentials Programme?

The government’s Cyber Essentials Programme was developed in collaboration with industry and is intended to help businesses mitigate common, online threats.

Operated by the National Cyber Security Centre (NCSC), it was launched in 2014 and has become a key element of excellence for cybersecurity.

Applicable to all sizes of organisations, it offers help to those seeking to implement a robust data security strategy, to protect both themselves and their clients. It does this by encouraging organisations to adopt good practice in information security and includes a simple set of security controls, protecting information from external and internal threats.

The controls, suggested by Cyber Essentials, are designed to prevent basic cyber attacks and come in two formats:

  1. Cyber Essentials – A self-assessment application that addresses basic threats and helps to prevent the most common attacks.
  2. Cyber Essentials Plus (CE+) – The same as for Cyber Essentials, but rather than being self-assessed, it requires verification of cybersecurity carried out independently by a certification auditor and includes a vulnerability scan.

Cyber Essentials offers a sound foundation of basic hygiene elements that all types of businesses can implement and potentially build upon. The government believes that implementing these measures can significantly reduce vulnerability. However, it isn’t a silver bullet to remove all cybersecurity risk; for example, it is not designed to address more advanced, targeted attacks, and hence, organisations will need to implement additional measures as part of their security strategy.

The Assurance Framework, leading to the awarding of Cyber Essentials Plus Certificates, has been designed to be light of touch and achievable at low cost. It is important to recognise that certification only provides a snapshot of cybersecurity practices, at the time of assessment.

It is always advisable to have an internal and external network scan before a certification test is booked, as the scan will highlight any areas of weakness giving time to fix issues and avoid having a failure on certification day, or a few ‘last minute’ fixes whilst the assessor is on-site!

The CE+ process falls into two sections, external and internal. Within these sections the assessor checks the following areas:

External System test details:

1          Review of customer questionnaire information on ports

2          Full-service scan / TCP and UDP service scans

3          External vulnerability scan

4          Web application testing for common known vulnerabilities, if in scope.

Internal system test details:

1          Internal vulnerability scan

2          Facility walkthrough.

3          Manual system checks:-

    • Un-necessary user accounts
    • Weak passwords
    • User access control (privileges check)
    • Un-necessary software
    • Auto run feature check
    • Security firewall and malware protection checks
    • Review password, Internet security, starter & leaver policies, Patch Management.

4          Email system checks to test possible weaknesses.

5          Mobile device checks to confirm the latest operating system is installed and password enabled.

During the test, evidence is required such as audit logs from firewalls and servers.

For businesses who are willing to adopt these measures, the benefits can be many, including the ability to tender for contracts that require a Cyber Essentials Certified supplier (mandatory for public sector work) and enhanced customer trust and confidence.

Becoming accredited helps to meet the needs of GDPR as it covers the requirement to understand where Personally Identifiable Information (PII) data is held and therefore, can provide evidence for GDPR statements/policies, showing that as an organisation, you have considered such issues and had controls verified by an independent assessor.

Businesses now live with the spectre of cyberattacks as the norm. Adopting Cyber Essentials Plus is one way of taking control and starting the process of fighting back.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

Cloud security

Should You Rely On Your Cloud Providers Security?

Should you rely on your cloud provider’s security?

Storing data in the Cloud has really only been ‘a thing’ during the last decade but most enterprises now have some kind of cloud presence.  So the question arises, just how secure is your data when there?

Many organisations consider that because data is stored in the Cloud by a third party, the burden of responsibility moves from themselves to their service provider, but they would be wrong, the final responsibility remains theirs.

Of course, cloud storage offers convenience, reliability, scalability, cost savings, and yes, security.  However, this needs to be underpinned by some baseline strategies before being moved across.

Firstly, ensure data is secured using multi-factor authentication.  This should be set up generally, but especially for administrator accounts, where hackers are particularly active due to their high-level access privileges.

As human error remains the number one cause of cyber attacks, ensuring employees are continually trained, kept up to date with security protocols, and employ strong passwords is critical, and, only allow access to areas essential for employees to carry out their work. Controlling who has access to data will reduce the chances of it falling into the wrong hands.

When an employee leaves the company, do not forget to remove all their access rights and delete them.

Know what data you have and where it is stored. This is important not only as a good security practice but for any Subject Access Requests you may receive under GDPR. If your data is scattered, your only resort is to use a data discovery tool to find it.

Realise the importance of each category of data and ask yourself what are the consequences should this data get leaked, tampered with, or deleted? Would you face regulatory fines, incur revenue losses, would it impact you operationally?

Email is critical to any business operations and we can’t live without it.  Be sure that your email service is as secure as it can be and remember, it’s always best to be sceptical of any email you get and keep in mind the spam warning signs.

Finally, back up! You can choose to back up with another cloud provider, or locally on an external hard drive or disk. You can also keep them off-site but make sure the data is encrypted for extra protection.

Data protection is not only an important part of maintaining trusting relationships with customers, suppliers, and stakeholders, it’s also a legal requirement, and you could suffer real consequences if you experience a breach because you’ve not taken the necessary steps to keep your data secure.

Relying solely on your cloud provider is not an option.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

AI and ML

The Security Conundrum of Artificial Intelligence/Machine Learning

The Security conundrum – Whilst Artificial Intelligence (AI) and Machine Learning (ML) are two buzzwords right now, especially within the broader waves of technological change sweeping through our world under the banner of the Internet of Things (IoT), they are, in fact, different.

AI is the concept of machines carrying out tasks in a smart way.  ML is an application of AI.  It is based on the premise that the machine is given data and left to learn for itself.

Though the benefits of both look good, there is a fear that these programmes could ‘go rogue’, turning on us, or, being hacked by other AI programmes.

Researchers from Harvard University demonstrated how medical systems using AI could be manipulated by an attack on image recognition models, getting them to see things that were not there. The attack programme found the best pixels to manipulate in an image to create adversarial examples that pushed models into identifying an object incorrectly and thus, caused false diagnoses.

Another doomsday scenario comes from the RAN Corporation, a US policy think tank, which describes several scenarios in which AI technology tracks and sets the targets of nuclear weapons. This involves AI gathering and presenting intelligence to military and government leaders, who make the decisions to launch weapons. If the AI is compromised, it could be fooled into making the wrong decision and lead to ‘the button’ being pressed incorrectly.

Hackers love AI as much as everyone else in the technology space and are increasingly tapping into it in order to improve their phishing attacks.

Anup Gosh, a cybersecurity strategist said, “The evidence is out there that machines are far better at crafting emails and tweets that get humans to click. Security companies that fight these bad guys will also have to adopt machine learning.”

An AI security arms race is likely to be coming, as hackers’ machine-learning-powered attacks are met with cybersecurity professional’s machine-learning-powered countermeasures.

This is seen in training applications that educate users to spot phishing attacks. Phishing is the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity using bulk email, which tries to evade spam filters.

Emails claiming to be from popular social websites, banks, auction sites, or IT administrators, are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering. However, these emails are so well crafted that many users click on the offered links or attachments, launching the attack.

By using AI and ML techniques, email training systems can take a company’s normal email behaviour and craft emails to simulate a phishing email into an organisation. It then monitors the level of opens and, when triggered, can run a short training video to educate the user on why they missed the evidence that the email was fraudulent. Deploying such systems can save companies from expensive shutdowns or rebuilds, due to ransomware outbreaks.

A new concern around AI is in regard to regulation, specifically GDPR. Is it permissible to let a user give an application permission to make automated decisions on their behalf? If yes, will it be accompanied by a comprehensible explanation of how the AI makes decisions and how these may impact the user? This could be a problem for companies developing AI.

It is hard to make a definitive statement about how all this will play out in practice. From a technical perspective, the level of granularity GDPR requires in explaining automated decisions is unclear. Until this is known, some innovators may choose to forge ahead with super algorithms. Others, worryingly, may ban European citizens from using some highly valuable functionality.

What is needed in the AI world is to ensure that the fundamental code is sound and not compromised by human error.

All software, no matter how well written, has bugs. These bugs can, if an attacker becomes aware of them, become a vector for attack. It is difficult for even the most skilled programmers to see the flaws in their own work, an outside review of the code will often turn up potentially dangerous vulnerabilities that have been missed by the development team.

With a source code review from Digital Pathways, you can minimise the number of vulnerabilities in your software and gain the assurance you need that your source code keeps to the very best security practices.

When code is developed, organisations need some shared accountability to ensure that all future application development remains secure. This requires security issues to be discussed at the beginning of each development cycle and then integrated throughout. Code should be regularly tested during the development phases and signed off, ensuring copies are securely kept to allow a controlled roll back to a known, previously verified position, should the need arise.

AI and ML are however having a positive impact within data security.  They have the ability not only to ingest information but to react and positively block attacks or ransomware outbreaks. Such systems combine Security Information & Event Management (SIEM) and Extended Detection & Response (XDR), along with Security Orchestration, Automation & Response (SOAR), and Incident Response Management (IRM) all in a single command and control interface.

It integrates disparate technologies to improve security monitoring, operations & incident response capabilities across SOC teams, Network & Security Operations, Security Analysts, InfoSec Managers, CTOs & CISOs. All interested parties can be aware of an incident but need not take action, as it can be left to the intelligence of the system to take the steps needed to stop the attack.

It has been reported that Elon Musk speaking with Demis Hassabis, a leading creator of AI, said his ultimate goal at SpaceX was the most important project in the world: interplanetary colonisation. Hassabis replied that, in fact, he was working on the most important project in the world: developing artificial super-intelligence. Musk countered that this was one reason we needed to colonise Mars so that we’ll have a bolthole if AI goes rogue and turns on humanity. Amused, Hassabis said that AI would simply follow humans to Mars!

AI/ML are with us and will remain so, with the development of human-like AI seen as an inevitability by technologists.  But, will they overcome the challenges to solve problems that are difficult for the computer but relatively simple for humans? How many issues will we face before we can trust the code that runs the programmes, If ever?

Only time will tell.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

Streamlining Data

The Case for Streamlining Data

Do you know what data you have? Where it is and who uses it?

No, then you need to read this blog!

It is not easy to understand where unstructured data exists in the enterprise. There can be massive volumes of documents, spreadsheets, presentations, and emails, all typically scattered about the organisation.  And this represents not only a major security weakness but an expensive one at that, which now, in COVID times, means that data could be in places your organisation does not control, such as Dropbox. This is where the term ‘Shadow IT’ has come from. All these diverse locations for data and its volume represents not only a major security weakness but an expensive one at that.

Having huge amounts of data scattered across the enterprise can result in heavy costs in terms of storage, whether in data centres or third party storage facilities.

Add to that, the requirements of GDPR and, in particular, Subject Access Requests (SAR’s), and you can see what a nightmare situation unstructured data storage can become.

Data classification systems are the answer.  They are able to take the challenge down to a focused data set of in-scope data, that can amount to only 10 to 20% of the entire environment. They can ensure that all personal data is found, using a more efficient and targeted approach, which could result in a saving of some 40% in storage capacity and removing risky data from shadow IT locations.

Indexing file properties including activity logs, who has accessed what, and ACLs, who has read/write/browse permissions to specific files, facilitates a proactive approach to data protection. Combining in-depth monitoring and active controls to confine any suspicious activity before it becomes a risk is key, for example, a Ransomware attack.

Personal data can be managed according to the data owner’s request. Deleting, migrating, archiving, restricting, and correcting content.

Capturing sensitive data that is no longer needed on the primary storage network, but must be maintained for long-term retention requirements, can be moved to an archive that can be easily managed and will ensure sensitive data is not left unprotected on the network. Retention policies can be defined, and compliance teams can easily search and manage the content.

Without an integrated approach, there will be too many aspects to the workflow and too many areas that can fail when managing significant volumes of personal data.

Knowing what data is held, where it is and who uses it, is key to good data management. Without it, data storage will simply grow and grow, cluttering the network and costing vast amounts in storage solutions or worse still, data being held in multiple silos to keep costs down but, with the inevitable situation of data loss.

So, streamline data handling today, before it gets out of control.

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

Cybercrime

Is Your Data Being Secretly Manipulated?

So, you are alert to the threat of ransomware but, can you be sure that your data has not, is not and will not be, manipulated by outside forces?

More insidious than a ransomware attack is the hack where data or the network is compromised but is secretly hidden from view. The exploit can go unchecked for a long time, with information taken at will, the outcome of which may be very damaging for the victim company.

Such attacks fall under commercial espionage and the actors range from competitors, disgruntled employees, and even nation-states. Once in the network the attacker remains hidden and takes various approaches dependent on what is to be achieved. It is never the intention of the attacker to tell the victim that they have their data, but to remain hidden, indefinitely.

There have been instances where data has been monitored and fed back to the competition when a tender has been submitted or a change to pricing. Such information can be valuable, for example, when governments are placing large contracts.

Another example is where data is modified, resulting in expensive product recalls and loss of market confidence. It is likely that these attacks will convert into a blackmail scenario, where the victim is advised of the infiltration and possible data modification ramifications, should on-going payment not be forthcoming.  This is similar to a protection racket or extortion money!

These attacks generally occur due to the poor monitoring of network access and the missing of unusual events that are happening within the infrastructure. Frequently, incidents are flagged up, but due to the busy nature of many IT departments, they go unchallenged.

Companies need to protect themselves by being more proactive in stopping the unknown, rather than relying on known attack vectors which Antivirus and DLP solutions focus on. Fileless attacks are impossible for AV to detect and once triggered, look like a normal application able to hide themselves away and exploit at will.

There are solutions that are designed to understand what is normal on a network and take action on the unusual. They can take away the delay associated with SIEM solutions, as the required action is taken immediately rather than waiting for someone in the IT team to investigate, by which time, it is too late.

File integrity is another solution. Using file integrity monitoring you create a hash of the file itself, enabling you to be able to compare that hash. If it is the same, then you know no one has changed that file. Furthermore, you can apply classification, such as ‘Secret’, and should these types of files move, change or leave the organisation, an alert is sent to the data owners.

Companies face a continual stream of threats including, reputation, revenues, and future market share. Sadly, it often takes companies years to even realise they have had a breach, let alone know what data was affected. We need to stop thinking only in terms of data being taken and understand that it may also be manipulated.  Planning for the consequences of both scenarios is critical.

Protection rackets are no longer just in old films with Elliott Ness!  They are a clear and present danger and cannot be ignored!

Every organisation can benefit from added protection. Call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.

 

Jargon Explained image

Cyber Security Jargon Explained

We all need to be cybersecurity savvy these days, but how many of us understand the jargon often associated with it?

  1. The Cloud

The Cloud is a term used for a large computer facility where computer space can be rented either in a shared form, where multiple companies would share one physical machine or, a dedicated computer used exclusively by one company. Often these computer facilities are located around the country or overseas, creating a mesh that provides resilience, should one computer facility fail.

The Cloud can also be referred to as the Public Cloud, but there is also the term Private Cloud and this refers to a computer facility that is owned by a company or, leased from another service provider. In general, Private Cloud facilities are used by one company only.

Generally, all Cloud facilities are accessed via the Internet rather than having dedicated communication lines into the facility from a company’s own buildings.

  1. Mesh

In our homes and offices, we have a router that connects us to the Internet and we either plug an Ethernet cable from the router to our PC or, more commonly, we use WiFi to connect our devices to the router.

WiFi is fine in a small space but is not so good in a large area or a house with many rooms and floors, where both users and devices move around. Mesh networks are appearing, to overcome the failings of WiFi.

In a standard WiFi network each WiFi access point is a standalone system (i.e. it has no relationship with any other WiFi access point in your network) and so a device, such as a Smartphone, will try and hang on to a connection even when the signal is very low. Only when the signal is lost will the Smartphone try to find another WiFi access point. This means that if your phone is connected to a WiFi point in the lounge, and you move upstairs, your phone will try and stay connected to the lounge, not to the WiFi upstairs unless the signal is lost or you switch off the WiFi connection on the phone and then switch on again.

In a Mesh network, each Mesh access point is connected to all other Mesh points in your network and as you move around your home, it is the Mesh that connects you to the closest point as it is controlling your phone connection. By doing this you will always have a strong signal and will have no data loss due to losing a WiFi connection.

  1. BYOD

This stands for Bring Your Own Device and refers to an employee or contractor using their own computer, Smartphone, or other such devices as opposed to using a company-supplied device.

There are benefits to individuals using their own devices rather than being forced to use a company-supplied unit and whilst there are the obvious cost savings for companies, often the hidden costs of technical support and data security are overlooked.

  1. Crowd Sourcing

This term is often mistaken for Crowd Funding, where many hundreds or even thousands of people put small amounts of money into a company as shareholders in order to gain financial returns if the company becomes successful.

The term CrowdSource is used in a similar way, in that a vast amount of people and their devices send information to a central source that aggregates all the data together, to form a bigger picture, and to enhance a provided service. An example would be a navigation system, where the route plan is sourced from digital maps and GPS but, by overlaying crowdsourced data on traffic flows, reroutes or journeys and average speeds, taken from devices in vehicles, then fed back to the navigation systems and incorporated into the travel plan, allows them to dynamically route the journey to avoid congestion. It also eases the amount of traffic in an area for example, following an accident, as traffic will be routed around the incident until such time as traffic in the area clears or speeds up.

  1. Credential Stuffing

Credential stuffing is a new form of attack to gain an account takeover through automated Internet attacks. It works by a hacker gaining access to a list of user ID’s and passwords and then systematically using each ID and password pair to log onto any website until they find a positive logon. Once gained they can take over the account and, if it is a financially interesting one such as a shopping site or bank, will proceed to exploit the user’s account.

Credential stuffing is dangerous to both consumers and enterprises because of the ripple effects of these breaches, such as system crashes due to the high volume of login attempts, loss of user confidence in online shopping and, possible loss of money both to a business or an individual.

  1. GDPR

This stands for the General Data Protection Regulation that came into force in May 2018 and replaced the Data Protection Act. This regulation puts greater emphasis on companies to protect personally identifiable data and allow the data owner to have access to any data held on them by an organisation.

The regulation has improved the way data is stored and used and is being enforced by the Information Commissioner’s Office in the UK.

  1. AI

AI stands for Artificial Intelligence and refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions, including learning and problem-solving.

The holy grail of Artificial Intelligence is for it to rationalise/balance ideas or issues and take actions that have the best chance of giving a positive outcome.

The fear is when or if AI takes away human controls, as it decides the human is not making the right decision. This might be fine on occasions but certainly not in others such as life or death situations.

  1. Disruptive technology

This is a technology where its application significantly affects the way a market or industry functions. An example is The Internet. Pre The Internet, most of us visited shops to buy goods however, the introduction of the Internet significantly altered the way we shopped which saw the demise of busineses  unwilling to adapt to it.

  1. Biometrics

The use of biometrics is a way to measure a person’s physical characteristics to verify their identity. It can include physiological traits, such as fingerprints, eyes, and voice, or behavioural characteristics, such as the unique way you type on a keyboard.

These characteristics are electronically stored and used to identify a person.

Biometrics can be blended together to form a very strong form of user authentication, vital in our digital world where user identity, in electronic form, is key for areas such as Internet banking.

  1. Open Source

Originally referred to Open Source Software (OSS), It has now been shortened to Open Source, but remains software code that is designed to be publicly accessible so anyone can see, modify and distribute the code, as they see fit.

Unlike commercial software, such a Microsoft Word or Adobe Illustrator, it refers to code owned by the inventory/company with users paying to have access to it.

Confusion often arises as some Open Source code is offered ‘free of charge’ whilst for others, a paid-for licence is required.

In general, payment is requested when a company develops further Open Source code and then provides technical support or enhancements to that code.

If there are any other ‘Jargon’ related queries/questions you have or anything you are confused or concerned about in relation to Cyber Security please do not hesitate to get in touch and we will endeavour to help.

SOARX :Security, Orchestration, Automation & Response. SOAR Picture

SOARX, Mitigating Threats

Threats to organisations are coming thick and fast from a variety of different directions, and often businesses do not have adequate, or up-to-date, solutions to mitigate them.

Many find themselves with layered security systems; multiple data packages all trying to work in sync with each other, a result of the continued adoption of the latest software packages, with little holistic forethought.

This commonly seen situation is far from ideal, and now, more than ever, there is a definite need to employ a system that can look at the complete structure. One that can drill through the layers and unify the threats into a single view.  It should have the built-in ability to take appropriate action, based on business dynamics relevant to the threat, stopping the attack from happening in the first place.

Gartner was first to define SOAR as Security Orchestration, Automation and Response (SOAR). Solutions should provide three core functions; Orchestration and Automation, which enable Response, as well as Measurement.

They explained, “SOAR solutions are gaining visibility and real-world use, driven by early adoption, to improve security operations centres. Security and risk management leaders should start to evaluate how these solutions can support and optimise their broader security operations capabilities.”

SOARX, is such a solution.  It provides a central management offering to security orchestration, automation and response, going beyond existing SOAR offerings due to its ability to fully manage, monitor, automate, and orchestrate complex network and security ecosystems, from a single pane of glass, not only for known applications or devices but also custom-built applications, legacy devices, and cloud-based services both public and private.

Applying business logic to the findings of the system enables proactive actions to be taken that can be linked to the level of threat on a particular application or device. Take a reservations system, for example, a threat to a bookings system can be graded so that a low threat level would not be taken offline, resulting in loss of revenue. The old-style Intrusion Prevention Systems (IPS) are unable to do this, as they only have an on/off approach.

Furthermore, using SOARX in such scenarios as the one above can be fed into an existing Support Ticketing system to make the wider management team aware of a critical incident from which SOARX could be instructed to take automated action, or the ticket could be passed to a technician to deal with the situation.

Using the platform for the migration of systems and devices is another benefit.  Switching from one load balancing company to another. Normally a complicated thing, fraught with potential errors and downtime, but with a SOARX approach, configurations can be replicated whilst both systems are in place and working together. Once the new system is deployed and signed off, the old system can be taken offline, by SOARX, in a controlled way.

This type of a system is truly able to manage complex networks of systems and applications, which is not bound by ‘standard’ communications, but is a truly multilingual, multi-disciplined platform that enables organisations to have a much greater view on their world and, make decisions based on real information, not speculation.

When considering SOARX, it is critical to begin by identifying the gaps in the current security program that you are trying to solve. Are you trying to better orchestrate and automate your disparate security technologies? Are you trying to better define your security workflow? Are you seeking a solution that provides better incident management capabilities?

Once the core target problems have been documented, it is possible to identify the processes to be performed by the SOARX. It will be critical to ensure it is possible to perform each process in the desired manner.

Additionally, any integrations with existing tools and technologies that may be needed should be identified and categorised as either ‘must-haves’ or ‘nice to haves’.

SOARX will increase the effectiveness and efficiency of the overall security program. Return on investment (ROI) is critical and SOARX has an inbuilt ROI calculator to identify cost savings the system is creating. It is important to keep in mind that the focus of automation should be on supporting people, processes, and force multiplication, not to replace analysis.

For organisations finding themselves with a complex web of differing security packages, with the expense and manpower necessary to maintain them, SOARX is really a ‘no brainer’!

Every organisation can benefit from added protection. call us on 0844 586 0040, or email intouch@digitalpathways.co.uk and we’ll be happy to advise you.