Cybersecurity Articles

Article / Updated 09-05-2023

The modern cloud environment is enabling game-changing innovation — that’s clear. Mobile devices have an app for virtually anything, Internet of Things technologies are dazzling users, widely dispersed workers are collaborating more effectively than ever, countless things are now available “as a Service,” and the list could go on forever. But with the growth, sprawl, and speed of cloud development, many organizations’ cloud-enabled software development life cycles are increasingly at risk, with an ever-expanding attack surface and the danger of missteps. Over the next few years, the vast majority of cloud data security breaches — most the result of misconfigurations and coding mistakes — will be totally preventable with detection tools aiming to try to catch issues before they turn into nightmares. But these helpful detection tools can create an unhelpful avalanche of alerts that overwhelm security and development teams and get in the way of real cloud security efficiency. How can you successfully use the detection tools you have in place in order to figure out which alerts matter most to your business and then quickly fix them before you find yourself with gaps that could be exploited? In this article, you take a look at some of the main pain points in cloud security remediation today and what can be done. Experiencing the Big Pain Points Today’s engineering teams have created vast continuous-integration pipelines that tap into code repositories, continuous-integration platforms, and tools for testing, orchestration, and monitoring. They all live within and across cloud platforms, so things are speedy and efficient. That’s great for business but a nightmare when it comes to keeping data secure in the cloud because everything from applications to developers to production environments are more distributed and complex than they used to be in the good old datacenter days. This situation creates seven pain points: Overlapping tools with duplicate alerts: Many effective security tools exist, but because the attack surface is so broad and complex, those tools overlap one another. A single event can trigger alerts in several different detection tools, and you don’t have a unified view into what the concerns are. Too many false alarms: The problem of alert overload from multiple tools is worsened by false positives that are then multiplied. In many cases a single root cause is at the heart of multiple different issues, along with multiple alerts — even from within the same product. Auto-scaling containers in the cloud can also auto-scale the alert load, unfortunately. Too few hours in the day for the security team: The blizzard of information makes it less likely that your security team will be able to keep up. They may spend a massive amount of time manually investigating threats and prioritizing risks, and by the time they’ve figured that out, there’s not enough bandwidth left for strategic issues. Difficulty finding the right fixer: An architecture based on microservices means a lot of folks are working independently, as individuals or distributed engineering teams, developing and releasing services on their own. That makes it more challenging to figure out who has an action item. Lurking shadow pipelines and exploitable secrets: Cloud container technologies let your developers spin up applications so quickly that the security team sometimes doesn’t even know they exist. Without a way to see “code to cloud,” you may not be aware of shadow DevOps activities and exploitable secrets. Not enough context on problem: The code owner, once identified, often must dig into each issue from scratch. There may be little or no context to help figure out the cause and solution. One-off solutions to zombie problems: After the fix has been devised, it may be implemented in a bespoke, one-off way. With no centralized view and no automation, there’s no guarantee that a problem that gets fixed today won’t crop up again tomorrow. Building Sustainable Cloud Security As your teams struggle with these pain points in cloud network security, take comfort in the fact that a certified cloud security professional can, indeed, deliver sustainable cloud security remediation. Here’s a four-point wish list of what a solution must be able to do: Map and visualize: Your solution must paint a great picture of the code-to-production pipeline and all its resources. It should create a heat map showing how code moves through the pipeline and where along the path the security issues are arising. Deduplicate: Your solution must be able to normalize and deduplicate the vast number of alerts that your detection tools are ringing. It should do this by comparing details about code flaws and misconfigurations to trim the list into unique alerts. Find the root cause and the owner: For every unique issue, you need to know the root cause, the code owner, and the configuration drift. You need all the context you can get, including issue severity, exploitation, and relationships. By correlating information from code and cloud resources, you can cut out a lot of manual work. Streamline the fix: Regardless of the alert source, the cloud provider, the configuration, or the language in which the code is written, a sustainable solution needs to aggregate and make sense of the data to recommend fixes on the most critical issues. And preferably, it should be able to auto-generate those fixes. How Dazz Fits into the Picture The Dazz Remediation Cloud is a cloud security solution that tackles issue remediation as a data problem. Its agentless, SaaS platform uses patented artificial intelligence (AI), data correlation, root-cause analysis, and automation capabilities to help resource-constrained security teams quickly prioritize and fix the vulnerabilities that matter most in collaboration with their engineers. Here’s how it works: Graphing the pipeline: Dazz automatically gathers a wealth of information by way of its API connections to all critical points in the code-to-cloud process. It maps everything into a pipeline graph that connects all the dots, documenting every path that code follows from development to cloud deployment, and every resource that touches it along the way. Contextualizing security: Because it has created a big picture from multiple sources, the Dazz Remediation Cloud can analyze and backtrack each security issue to its source and eliminate duplicates. Dazz receives an alert from a cloud security tool, determines the specific cloud resource that caused the security issue, and traces the cloud resource back to the pipeline used to deploy it. Dazz figures out which vulnerable artifact was deployed and what triggered its build. Automating root cause analysis: Dazz Remediation Cloud uses a root-cause analysis engine to automate the next steps of investigating and prioritizing cloud security issues. It continuously ingests security risks and automatically investigates them. It quickly discerns the identity of code owners, a root cause context, and a fix suggestion. Dazz can determine how exploitable a code vulnerability is, which developer is responsible for the fix, where in the software development life cycle to make the fix — and perhaps most important, how to ensure you’re taking care of the root cause once and for all. Tapping the remediation knowledge base: Dazz suggests fixes by tapping into a remediation knowledge base. It’s generated by using threat intelligence, program analysis, and AI. Behind the scenes, it automatically tests thousands of new options of fixes for emerging vulnerabilities and builds a template to suggest the best remediation steps for whatever security issues it’s bringing to your attention. Adopting solid governance and reporting: Dazz builds in its own set of best-practice policies for pipeline governance. As part of its proactive monitoring, it’s continually on the lookout for violations and unapproved practices, and it facilitates reporting that your risk and compliance team will greatly appreciate. The solution helps users adopt best practices such as standard cloud configurations, right-sized privileged access, and full auditing. By understanding the top remediation pain points and how you can begin to address them, your remediation nightmares can turn into soothing dreams with well-connected, automated solutions for a secure cloud. Download Cloud Security Remediation For Dummies, Dazz Special Edition, today, and discover how to start creating sustainable cloud security remediation.

Article / Updated 08-31-2023

In this article you will learn: what DSPM is why you need DSPM what you can do with DSPM ten must-have capabilities to look for in a DSPM solution how to get started with DSPM Data is the lifeblood of modern business and data security in the cloud is top of mind for organizations everywhere. Data security posture management (DSPM) solutions address the need for an automated, scalable, and agile system across the full data security lifecycle — from discovery, classification, cataloging, and risk prioritization to access control, policy enforcement, remediation, and real-time monitoring. This helps organizations reduce risks and costs associated with cloud data security while improving their overall cybersecurity posture. What is DSPM? Data security posture management empowers organizations to implement a data-centric security strategy by first providing an accurate inventory of their sensitive data and identifying where it violates data security policies, thereby enhancing overall data security posture. A data-centric security strategy emphasizes the importance of protecting your valuable data rather than focusing on systems and infrastructure. Key capabilities in a DSPM solution include the following: Global data visibility provides organizations with a comprehensive view of their sensitive data. This involves identifying the location and type of sensitive data to ensure proper protection measures are in place. All clouds — including infrastructure-as-a-service (IaaS), platform-as-service (PaaS), and software-as-a-service (SaaS) resources — need to be covered. The appropriate data owners must also be identified, to facilitate efficient communication of any data-related security or privacy issues. Data hygiene is about keeping your data clean and healthy. It encompasses various actions that help organizations maintain clean and organized data in accordance with their data governance framework. This includes addressing and remediating misplaced, redundant, and obsolete data to streamline maintenance, optimize storage resources, and reduce potential security risks. Purging outdated or irrelevant data is another essential part of good data hygiene, resulting in the retention of only accurate and useful data. Data security risk control involves immediately detecting and proactively remediating data risk factors to prevent data breaches. This capability detects and addresses three key data postures: Overexposed data, such as public read access, or permissive access rights, which should be identified and mitigated to reduce the likelihood of unauthorized access or data breaches Underprotected data, where there are missing controls like encryption, masking, or proper retention policies Misplaced data, such as cardholder data subject to the Payment Card Industry Data Security Standards (PCI DSS) in an unauthorized environment or PII data in a development environment Data access governance manages and controls access to sensitive data. This involves: Identifying all internal and external users, roles, and resources with access to sensitive data Monitoring and controlling access patterns based on their roles and responsibilities Ensuring that only authorized users have access to sensitive assets Regularly reviewing and updating access permissions based on actual usage Privacy and compliance ensure that organizations adhere to data privacy regulations and industry standards, and make audits more manageable (and perhaps a little less painful and costly). Providing objective evidence for audits can be challenging, but having reporting from DSPM that shows you know where your data is and understand that its security posture can significantly ease compliance. Why do you need DSPM? For modern enterprises, data is fuel for innovation. These companies understand that data is a key asset and a source of competitive differentiation. They democratize data to unleash its full potential and make it accessible for application developers, data scientists, and business users. However, as data proliferates, security doesn’t travel with it — and adding the pace of change to the sprawl of cloud technology means that data security teams just can’t keep up. Malicious actors constantly target this new threat vector — the “innovation attack surface” — which has emerged as a result of several key trends: Cloud transformation and data democratization: The cloud has enabled widespread data democratization, enabling easy access to data for developers, data scientists, and business users to support their innovation efforts. However, this freedom to access and use data without oversight creates unknown, unmanaged, and unprotected cloud data sources. Technology sprawl and complexity: In the public cloud, each cloud service is configured and used differently, and each introduces new and unique risks. The ever-changing architectures are confusing and complex, and if you’re not careful, this can lead to some costly and even devastating mistakes with sensitive data stored in the cloud. Cloud data proliferation: Nearly half of all data (48 percent) is stored in the public cloud today, and it’s only increasing, according to the Flexera 2022 State of the Cloud Report. Unfortunately, traditional data security controls are unable to keep up with the dynamic movement of data, so they must be configured from scratch every time data is created, copied, shared, or moved. Death of the traditional perimeter: One of the many benefits of the cloud is that it is accessible from anywhere. Thus, the notion of a network perimeter — an on-premises data center protected by a firewall — has all but disappeared. The lack of a single choke point (a firewall) means sensitive data is exposed by design because anyone can access it from anywhere with the proper credentials (whether authorized or stolen). Faster rate of change: Release cycles now happen in weeks, days, and hours rather than months and years. Unfortunately, security teams are usually not on that same quick schedule and still rely on slower manual approaches. The changing role of security: In cloud computing, data security teams must evolve to securely enable the business rather than just slowing everyone down or letting risk grow exponentially. Data security in cloud computing must focus on protecting data from breaches and compromises while also empowering users to be productive. What can you do with DSPM? Data security, governance, and privacy teams can use DSPM to help keep their organization secure and compliant. Some common use cases for DSPM include the following: Automating data discovery and classification: DSPM helps organizations automatically and continuously discover, classify, and categorize all of their known and unknown data — including sensitive, proprietary, regulated, abandoned, and shadow data — across multicloud environments, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, and more. Enforcing data security policies automatically: DPSM automatically enforces data security policies at scale for all of your data as it travels through the cloud. DSPM converts data policies into specific technical configurations and shows where data security policies are violated. It also prioritizes issues for resolution and helps you fix those issues with clear, specific technical remediation instructions. Controlling data exposure: As data rapidly proliferates in the cloud, security does not follow that data, often leading to crucial business data being exposed. DSPM pinpoints all of your exposed sensitive data that can lead to data breaches, ransomware attacks, and noncompliance penalties — whether it’s misplaced data (for example, sensitive data mistakenly stored in public buckets), misconfigured controls (for example, third-party access granted to sensitive data), or overly permissive access. Controlling datacentric environment segmentation: DSPM helps you segment your cloud environments and apply location controls to comply with security and regulatory requirements. You can detect and receive alerts when sensitive or regulated data is placed in untrusted and/or unauthorized environments, review violations, and take action to remove the data or authorize the new environment. Complying with data privacy and compliance frameworks: DSPM streamlines evidence collection for internal and external privacy and governance stakeholders through autonomous data discovery and classification of your sensitive and regulated data. A DSPM data policy engine continuously enforces regulatory compliance and standards requirements for data, regardless of the underlying technology or location. Ten must-have capabilities to look for in a DSPM solution When considering a DSPM solution for your organization, be sure to select one with the following important capabilities and features: Autonomous: Automatically discover unknown, new, and modified data stores across all of your clouds — without needing credentials or manual configuration. Continuous: Change is constant — especially in the public cloud — so your DSPM solution must be able to continuously monitor your environment for changes and automatically scan new cloud accounts, new data stores, and new data added to existing data stores. Secure by design: Look for a solution that doesn’t extract data from your environment. Your DSPM should use the cloud service provider’s (CSP) application programming interface (API) and ephemeral serverless functions in your cloud account to scan your data. Breadth and depth of coverage: Whether you’re using Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Snowflake, Microsoft 365, or practically any combination of various cloud database, storage services, or software as a service (SaaS) apps, you need a single and consistent view of your data across clouds, geographies, and organizational boundaries to evaluate the risk to your data across all clouds. Intelligent classification: Look for a solution that utilizes multistep contextual analysis to automatically identify sensitive data with low false positive (FP) and false negative (FN) rates. The solution should also include hundreds of predefined classification rules, data validators, and classification algorithms that extract the data insights you need without having to locate the data owner. Extensive set of built-in datacentric policies: Look for a solution that provides out-of-the-box datacentric policies for common use cases like data security, proper governance, and privacy. Customization features: You need a solution with robust customization features that are flexible and powerful enough to match your data taxonomy and address any unique requirements your organization may have such as sensitivity levels/definitions, data types, and custom industry policies. Guided remediation: Look for a solution that provides a full analysis of why a security or compliance violation exists, evidence of its existence, and technical recommendations on how to fix it based on policy and environment. Simple and quick deployment process: Your DSPM solution should be agentless and connectorless to simplify and accelerate the deployment process. Look for a solution that can be deployed in minutes and delivers time-to-value in a few days. Easy integration with your ecosystem: Look for a DSPM solution with extensive integrations that include third-party systems such as IT service management (ITSM), security information and event management (SIEM), cloud security posture management (CSPM), extended detection and response (XDR), and data catalogs. Getting started Visit laminarsecurity.com to learn more. Download your free copy of Data Security Posture Management For Dummies to learn more about how DSPM enables organizations to harness the power of cloud data securely and efficiently.

Article / Updated 08-31-2023

While cybersecurity may sound like a simple enough term to define, in actuality, from a practical standpoint, it means quite different things to different people in different situations, leading to extremely varied relevant policies, procedures, and practices. An individual who wants to protect their social media accounts from hacker takeovers, for example, is exceedingly unlikely to assume many of the cybersecurity approaches and technologies used by Pentagon workers to secure classified networks. Typically, cybersecurity means the following: For individuals, cybersecurity means that their personal data is not accessible to anyone other than themselves and others who they have so authorized, and that their computing devices work properly and are free from malware. For small business owners, cybersecurity may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers. For firms conducting online business, cybersecurity may include protecting servers that untrusted outsiders regularly interact with. For shared service providers, cybersecurity may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations. For the government, cybersecurity may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies. The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people's minds when they hear the word vary quite a bit. Technically speaking, cybersecurity is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas information security encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet). That said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations. For example, if someone writes down a password on a piece of paper and leaves the paper on their desk where other people can see the password instead of placing the paper in a safe deposit box or safe, they have violated a principle of information security, not of cybersecurity, even though their actions may result in serious cybersecurity repercussions. The risks that cybersecurity mitigates People sometimes explain the reason that cybersecurity is important as being “because it prevents hackers from breaking into systems and stealing data and money.” But such a description dramatically understates the role that cybersecurity plays in keeping the modern home, business, or even world running. In fact, the role of cybersecurity can be looked at from a variety of different vantage points, with each presenting a different set of goals. Of course the following lists aren’t complete, but they should provide food for thought and underscore the importance of understanding how to cybersecure yourself and your loved ones. The goal of cybersecurity: The CIA triad Cybersecurity professionals often explain that the goal of cybersecurity is to ensure the Confidentiality, Integrity, and Availability (CIA) of data, sometimes referred to as the CIA Triad, with the pun lovingly intended: Confidentiality refers to ensuring that information isn’t disclosed or in any other way made available to unauthorized entities (including people, organizations, or computer processes). Don’t confuse confidentially with privacy: Confidentiality is a subset of the realm of privacy. It deals specifically with protecting data from unauthorized viewers, whereas privacy in general encompasses much more. Hackers that steal data undermine confidentiality. Integrity refers to ensuring that data is both accurate and complete. Accurate means, for example, that the data is never modified in any way by any unauthorized party or by a technical glitch. Complete refers to, for example, data that has had no portion of itself removed by any unauthorized party or technical glitch. Integrity also includes ensuring nonrepudiation, meaning that data is created and handled in such a fashion that nobody can reasonably argue that the data is not authentic or is inaccurate. Cyberattacks that intercept data and modify it before relaying it to its destination — sometimes known as man-in-the-middle attacks — undermine integrity. Availability refers to ensuring that information, the systems used to store and process it, the communication mechanisms used to access and relay it, and all associated security controls function correctly to meet some specific benchmark (for example, 99.99 percent uptime). People outside of the cybersecurity field sometimes think of availability as a secondary aspect of information security after confidentiality and integrity. In fact, ensuring availability is an integral part of cybersecurity. Doing so, though, is sometimes more difficult than ensuring confidentiality or integrity. One reason for this is that maintaining availability often requires involving many more noncybersecurity professionals, leading to a “too many cooks in the kitchen” type challenge, especially in larger organizations. Distributed Denial of Service attacks attempt to undermine availability. Also, consider that attacks often use large numbers of stolen computer power and bandwidth to launch DDoS attacks, but responders who seek to ensure availability can only leverage the relatively small amount of resources that they can afford. What cybersecurity means from a human perspective The risks that cybersecurity addresses can also be thought of in terms better reflecting the human experience: Privacy risks: Risks emanating from the potential loss of adequate control over, or misuse of, personal or other confidential information. Financial risks: Risks of financial losses due to hacking. Financial losses can include both those that are direct — for example, the theft of money from someone’s bank account by a hacker who hacked into the account — and those that are indirect, such as the loss of customers who no longer trust a small business after the latter suffers a security breach. Professional risks: Risks to one’s professional career that stem from breaches. Obviously, cybersecurity professionals are at risk for career damage if a breach occurs under their watch and is determined to have happened due to negligence, but other types of professionals can suffer career harm due to a breach as well. C-level executives can be fired, board members can be sued, and so on. Professional damage can also occur if hackers release private communications or data that shows someone in a bad light — for example, records that a person was disciplined for some inappropriate action, sent an email containing objectionable material, and so on. Business risks: Risks to a business similar to the professional risks to an individual. Internal documents leaked after breach of Sony Pictures painted various the firm in a negative light vis-à-vis some of its compensation practices. Personal risks: Many people store private information on their electronic devices, from explicit photos to records of participation in activities that may not be deemed respectable by members of their respective social circles. Such data can sometimes cause significant harm to personal relationships if it leaks. Likewise, stolen personal data can help criminals steal people’s identities, which can result in all sorts of personal problems. Ultimately, cybersecurity will have different implications depending on the industry you’re operating in and the challenges you are facing.

Article / Updated 06-21-2023

In this article you will learn: What the problem is with legacy data loss prevention systems How modern data loss prevention works How to download a free eBook to learn more about moving to a modern data loss prevention solution That successful data breaches can have devastating consequences for a business is not new news. The risks from insiders (whether malicious or negligent) are as dangerous to your business as attacks from nefarious outside actors. All threaten to expose sensitive information — personal data/information of customers and employees, financial documents, intellectual property, and so on. This is why your company needs a modern data loss prevention (DLP) system. Security professionals were once confident that the valuable data they protected was safely tucked away inside heavily fortified data centers. But as businesses, both large and small, undergo digital transformation, moving their data to the cloud and across distributed locations, the demands placed on legacy data protection systems have changed drastically. The reality is that most legacy data loss prevention tools are not designed to handle cloud and hybrid work use cases, which require integrations and capabilities with cloud services that legacy DLP systems simply don’t readily support. Consequently, you need to rethink your approach to DLP and consider using modern DLP security technologies. These are systems designed to automatically discover and protect the storage, flow, and use of sensitive data — anywhere across an organization’s networks, users, and services. The problem with legacy DLP systems Although legacy data loss prevention solutions have been around for more than ten years, they’ve gained a reputation for being complex to implement and manage. They’re also considered costly, limited in scope, less and less accurate, and not able to provide the comprehensive coverage needed for today’s current work-from-anywhere world. Legacy data loss prevention software was designed with a perimeter-based security model that assumes all data is stored within the corporate network and managed environments, a model that is no longer sufficient. We are now in the cloud era, when data is stored in multiple cloud-based locations and accessed by users and devices outside the corporate network. Additionally, legacy DLP systems were not designed to integrate with the wide range of cloud services and infrastructures that are now in use. This makes it difficult, or even impossible, to provide comprehensive protection for data in the cloud. Adding extra technologies to an outdated DLP approach doesn’t make it cloud-ready; it only adds complexity and additional strain on what might be an already-stretched IT department. How modern DLP works To effectively prevent data loss, a DLP system should be integrated and automated to continuously monitor and verify the identity of authorized individuals and devices, their behavior, their collaboration and external data sharing, the applications they’re using and their risks, and many other contextual factors. A modern DLP system performs several critical functions, including the following: Identifies sensitive data wherever it resides and moves, whether it’s data in motion (crossing the Internet, networks, apps, and devices); data at rest (being stored); or data in use (being collaborated on, printed, or faxed). Monitors the data environment to detect who’s accessing data and what they’re doing with it. By monitoring actions, DLP can detect incidents — such as unauthorized sharing of confidential information — that may be in violation of corporate policy and take action to address them. Automatically takes action to enforce policies by, for example, stopping the data flow, encrypting the data, quarantining the confidential information, or unsharing the data on software as a service (SaaS) application. Provides user coaching by automatically notifying users of violations and the reasons behind them, while educating them on safe data-handling practices. Notification also helps to instantly educate users on security policies, reducing the need for incident response teams to manually triage issues. To read more about moving to a modern DLP solution that supports your business goals and protects your company, download Modern Data Loss Prevention (DLP) For Dummies, Netskope Special Edition.

Cheat Sheet / Updated 01-10-2023

To cyber-protect your personal and business data, make sure everyone at home and at work recognizes that they are a target. People who believe that hackers want to breach their computers and phones and that cyber criminals want to steal their data act differently than people who do not understand the true nature of the threat. Many businesses use security awareness programs to improve security related behaviors.

Article / Updated 10-19-2022

The General Data Protections Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union (EU). The GDPR was a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data. After several years of refining and debating, the regulation was officially approved by European Parliament on April 14, 2016. The EU then allowed a two-year transition period for organizations to reach compliance. As of May 25, 2018, the GDPR's heavy fines kicked in, to be levied against any business not meeting the guidelines. Who is affected by the GDPR? The GDPR has far-reaching implications for all citizens of the EU and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR. What sort of data falls under the GDPR? Name Photo Email address Social media posts Personal medical information IP addresses Bank details The GDPR covers any information that can be classified as personal details or that can be used to determine your identity. Parental consent is required to process any data relating to children ages 16 and under. The regulation specifies the entities impacted by the GDPR. The wording specifically includes data processors and data controllers. What does this mean? Information that is stored in a “cloud” or in a separate physical location is still subject to penalties. Regardless of who has determined how your information will be used and who actually uses it, fines can still be imposed for misuse if it concerns the data of EU citizens. Penalties for not complying with GDPR Businesses that fail to comply with GDPR are subject to fines. This can mean different things for businesses, depending on the level of infraction. On the high end, businesses may be required to pay up to 4 percent of their global turnover, or 20 million euros, whichever is highest. Companies may also be fined 2 percent for not taking appropriate measures to keep records in order. Ultimately, the fine depends on the nature of the infraction. Data breaches and the GDPR A data breach is any situation where an outside entity gains access to user data without the permission of the individual. Data breaches often involve the malicious use of data against users. If a data breach should occur, the GDPR specifies that companies must provide adequate notification. The affected company has 72 hours to notify the appropriate data protection agency and must inform affected individuals “without undue delay.” Uncertain politics and the GDPR In an uncertain political climate, many companies and citizens are concerned about how they will be affected by the GDPR given the undetermined nature of Brexit. Companies operating in the United Kingdom are encouraged to take measures to comply with the GDPR. Although these companies may not be subject to the GDPR, EUGDPR.org states that “The UK Government has indicated it will implement an equivalent or alternative legal mechanisms.” If you believe you will be operating in the UK but not in other EU countries, you are still encouraged to prepare for the GDPR as the UK is expected to follow suit with similar data protection legislation.

Cheat Sheet / Updated 10-19-2022

Some scams cyber-criminals use to target online shoppers seem to persist for years. This likely indicates that people are continuously falling prey to the scams, thereby encouraging criminals to keep using the same forms of trickery over and over. Look here to discover some straightforward tips on how to keep yourself — and your loved ones — safe when using the internet to shop, as well as how to avoid common cybersecurity mistakes.

Article / Updated 06-23-2022

Hackers use a variety of means to gain passwords. One of the most common ways for hackers to get access to your passwords is through social engineering, but they don’t stop there. Check out the following tools and vulnerabilities hackers exploit to grab your password. Keystroke logging One of the best techniques for capturing passwords is remote keystroke logging — the use of software or hardware to record keystrokes as they’re typed. Be careful with keystroke logging. Even with good intentions, monitoring employees raises various legal issues if it’s not done correctly. Discuss with your legal counsel what you’ll be doing, ask for her guidance, and get approval from upper management. Logging tools used by hackers With keystroke-logging tools, you can assess the log files of your application to see what passwords people are using: Keystroke-logging applications can be installed on the monitored computer. Check out Veriato's Cebral, as one example. Dozens of such tools are available online. Hardware-based tools fit between the keyboard and the computer or replace the keyboard. A keystroke-logging tool installed on a shared computer can capture the passwords of every user who logs in. Countermeasures against logging tools The best defense against the installation of keystroke-logging software on your systems is to use an antimalware program or a similar endpoint protection software that monitors the local host. It’s not foolproof but can help. As with physical keyloggers, you’ll need to inspect each system visually. The potential for hackers to install keystroke-logging software is another reason to ensure that your users aren’t downloading and installing random shareware or opening attachments in unsolicited emails. Consider locking down your desktops by setting the appropriate user rights through local or group security policy in Windows. Alternatively, you could use a commercial lockdown program, such as Fortres 101 for Windows or Deep Freeze Enterprise for Windows, Linux, and macOS X. A different technology that still falls into this category is Carbon Black’s “positive security” allow listing application, called Cb Protection, which allows you to configure which executables can be run on any given system. It’s intended to fight off advanced malware but could certainly be used in this situation. Weak password storage Many legacy and stand-alone applications — such as email, dial-up network connections, and accounting software — store passwords locally, which makes them vulnerable to password hacking. By performing a basic text search, you can find passwords stored in clear text on the local hard drives of machines. You can automate the process even further by using a program called FileLocator Pro. How hackers search for passwords You can try using your favorite text-searching utility — such as the Windows search function, findstr, or grep — to search for password or passwd on your computer's drives. You may be shocked to find what’s on your systems. Some programs even write passwords to disk or leave them stored in memory. Weak password storage is a criminal hacker’s dream. Head it off if you can. This doesn’t mean that you should immediately run off and start using a cloud-based password manager, however. As we’ve all seen over the years, those systems get hacked as well! Countermeasures against weak passwords The only reliable way to eliminate weak password storage is to use only applications that store passwords securely. This practice may not be practical, but it’s your only guarantee that your passwords are secure. Another option is to instruct users not to store their passwords when prompted. Before upgrading applications, contact your software vendor to see how it manages passwords, or search for a third-party solution. How hackers use network analyzers to crack passwords A network analyzer sniffs the packets traversing the network, which is what the bad guys do if they can gain control of a computer, tap into your wireless network, or gain physical network access to set up their network analyzer. If they gain physical access, they can look for a network jack on the wall and plug right in. Finding password vulnerabilities with network analyzers The image below shows how crystal-clear passwords can be through the eyes of a network analyzer. This shows how Cain & Abel can glean thousands of passwords going across the network in a matter of a couple of hours. As you can see in the left pane, these clear text password vulnerabilities can apply to FTP, web, Telnet, and more. (The actual usernames and passwords are blurred to protect them.) If traffic isn’t tunneled through some form of encrypted link (such as a virtual private network, Secure Shell, or Secure Sockets Layer), it’s vulnerable to attack. Cain & Abel is a password-cracking tool that also has network analysis capabilities. You can also use a regular network analyzer, such as the commercial products Omnipeek and CommView, as well as the free open-source program Wireshark. With a network analyzer, you can search for password traffic in various ways. To capture POP3 password traffic, for example, you can set up a filter and a trigger to search for the PASS command. When the network analyzer sees the PASS command in the packet, it captures that specific data. Network analyzers require you to capture data on a hub segment of your network or via a monitor/mirror/span port on a switch. Otherwise, you can’t see anyone else’s data traversing the network — just yours. Check your switch’s user guide to see whether it has a monitor or mirror port and for instructions on how to configure it. You can connect your network analyzer to a hub on the public side of your firewall. You’ll capture only those packets that are entering or leaving your network — not internal traffic. Countermeasures against network analyzers Here are some good defenses against network analyzer attacks: Use switches on your network, not hubs. Ethernet hubs are things of the past, but they are still used occasionally. If you must use hubs on network segments, a program like sniffdet for Unix/Linux-based systems and PromiscDetect for Windows can detect network cards in promiscuous mode (accepting all packets, whether they’re destined for the local machine or not). A network card in promiscuous mode signifies that a network analyzer may be running on the network. Make sure that unsupervised areas, such as an unoccupied lobby or training room, don’t have live network connections. An Ethernet port is all someone needs to gain access to your internal network. Don’t let anyone without a business need gain physical access to your switches or to the network connection on the public side of your firewall. With physical access, a hacker can connect to a switch monitor port or tap into the unswitched network segment outside the firewall and then capture packets. Switches don’t provide complete security because they’re vulnerable to ARP poisoning attacks. How hackers break weak BIOS passwords Most computer BIOS (basic input/output system) settings allow power-on passwords and/or setup passwords to protect the computer’s hardware settings that are stored in the CMOS chip. Here are some ways around these passwords: You usually can reset these passwords by unplugging the CMOS battery or by changing a jumper on the motherboard. Password-cracking utilities for BIOS passwords are available on the Internet and from computer manufacturers. If gaining access to the hard drive is your ultimate goal, you can remove the hard drive from the computer and install it in another one, and you’re good to go. This technique is a great way to prove that BIOS/power-on passwords are not effective countermeasures for lost or stolen laptops. Check cirt.net for a good list of default system passwords for various vendor equipment. Tons of variables exist for hacking and hacking countermeasures depending on your hardware setup. If you plan to hack your own BIOS passwords, check for information in your user manual, or refer to the BIOS password-hacking guide. If protecting the information on your hard drives is your ultimate goal, full (sometimes referred to as whole) disk is the best way to go. The good news is that newer computers (within the past five years or so) use a new type of BIOS called unified extensible firmware interface (UEFI), which is much more resilient to boot-level system cracking attempts. Still, a weak password may be all it takes for the system to be exploited. Weak passwords in limbo Bad guys often exploit user accounts that have just been created or reset by a network administrator or help desk. New accounts may need to be created for new employees or even for security testing purposes. Accounts may need to be reset if users forget their passwords or if the accounts have been locked out because of failed attempts. Password weaknesses in user account Here are some reasons why user accounts can be vulnerable: When user accounts are reset, they’re often assigned an easily cracked or widely-known password (such as the user’s name or the word password). The time between resetting the user account and changing the password is a prime opportunity for a break-in. Many systems have default accounts or unused accounts with weak passwords or no passwords at all. These accounts are prime targets. Countermeasures against passwords in limbo The best defenses against attacks on passwords in limbo are solid help-desk policies and procedures that prevent weak passwords from being available at any given time during the new-account-generation and password-reset processes. Following are perhaps the best ways to overcome this vulnerability: Require users to be on the phone with the help desk or to have a help-desk member perform the reset at the user’s desk. Require that the user immediately log in and change the password. If you need the ultimate in security, implement stronger authentication methods, such as challenge/response questions, smart cards, or digital certificates. Automate password reset functionality via self-service tools on your network so that users can manage most of their password problems without help from others.

Cheat Sheet / Updated 03-15-2022

The General Data Protection Regulation (GDPR) was designed to streamline data protection laws across Europe as well as provide for some consistency across the European Union (EU). Although it's been in place since May 2018, it still causes a lot of confusion. This cheat sheet answers some questions about a few major misunderstandings: Does the GDPR apply to non-EU organizations? Can non-EU organizations be fined for non-compliance? Do you need an Article 27 representative?

Cheat Sheet / Updated 03-14-2022

Security awareness is much more complicated than just making users “aware.” Implementing an effective security awareness program means that you aren’t just providing information — rather, you’re specifically improving security related behaviors