David Geer

Author Archives: David Geer

SWIFT has not seen its last ‘bank robbery’

A former CSO of the World Bank Treasury calls the SWIFT system outdated and open to malware attacks. Those vulnerabilities could lead to manipulation of financial transactions.SWIFT is the interbank financial messaging system for sending international money transfer instructions. The Society for Worldwide Interbank Financial Telecommunications, which the industry refers to as the SWIFT co-op maintains this system.CSO looks at the SWIFT co-op’s denial of the real issue, the cost of attacks, informed expert insights into these security flaws, how hackers are using and abusing these to their profit, and what the co-op should do to seal its messaging system to mitigate further falsifications.To read this article in full or to leave a comment, please click here

SWIFT has not seen its last ‘bank robbery’

A former CSO of the World Bank Treasury calls the SWIFT system outdated and open to malware attacks. Those vulnerabilities could lead to manipulation of financial transactions.SWIFT is the interbank financial messaging system for sending international money transfer instructions. The Society for Worldwide Interbank Financial Telecommunications, which the industry refers to as the SWIFT co-op maintains this system.CSO looks at the SWIFT co-op’s denial of the real issue, the cost of attacks, informed expert insights into these security flaws, how hackers are using and abusing these to their profit, and what the co-op should do to seal its messaging system to mitigate further falsifications.To read this article in full or to leave a comment, please click here

Fixing the communications issues between IT security and the board and c-suite

In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.To read this article in full or to leave a comment, please click here(Insider Story)

Fixing the communications issues between IT security and the board and c-suite

In the months before an unexpected crisis, IT security requests specific tools, training, and additional staff to keep enterprise data safe, but does not substantiate the need in terms the business can understand. The c-suite denies the requests, pointing to the investments they have already made in security technologies. Suddenly, hackers strike with a massive cyber attack.Suffering financial losses and brand damage, the c-suite asks IT security what happened. Security responds that they need specific tools, training, and staff to mitigate these concerns. But again, security does not make a business case in language the c-suite can appreciate. The leadership turns to existing vendors, who sell them their latest security products.To read this article in full or to leave a comment, please click here(Insider Story)

How to mitigate hackers who farm their victims

Nation-states and savvy criminal hackers don’t pull uninformed, spur-of-the-moment smash-and-grab jobs on data networks. They reconnoiter and position themselves to slowly implement precise surgical maneuvers to exfiltrate your information treasures. Most of these attackers are capable of ensuring you remain unaware of their movements until it is to their benefit for you to know.High-profile attacks that leveraged extended dwell time inside the networks of large retail chains such as Target are examples of how hackers farm or manage victim organizations in this manner.Hackers farm their targets by maintaining a veiled presence in sensitive places in and around government and enterprise networks, revealing their position in a calculated way at an optimal time to achieve some strategic goal, says Danny Rogers, CEO at Terbium Labs.To read this article in full or to leave a comment, please click here

How to mitigate hackers who farm their victims

Nation-states and savvy criminal hackers don’t pull uninformed, spur-of-the-moment smash-and-grab jobs on data networks. They reconnoiter and position themselves to slowly implement precise surgical maneuvers to exfiltrate your information treasures. Most of these attackers are capable of ensuring you remain unaware of their movements until it is to their benefit for you to know.High-profile attacks that leveraged extended dwell time inside the networks of large retail chains such as Target are examples of how hackers farm or manage victim organizations in this manner.Hackers farm their targets by maintaining a veiled presence in sensitive places in and around government and enterprise networks, revealing their position in a calculated way at an optimal time to achieve some strategic goal, says Danny Rogers, CEO at Terbium Labs.To read this article in full or to leave a comment, please click here

Emerging technologies are poking holes in security

Accelerated change challenges change management, security DevOps and emerging technologies that enable business innovation and opportunities demand fast, frequent change from the enterprise. The speed and regularity as well as the kinds of change challenge change management and ultimately security.To secure the enterprise in environments of unwieldy change, the business needs to know how each new technology affects change management and the organization’s security defenses.Organizations can then begin to evolve change management and security to close those gaps and avoid impacts on security.Emerging technologies such as DevOps, IoT, automation/intelligent software, information technology service partnering, cloud computing and BYOD all straighten out the curves in the race to make changes that propel the enterprise forward.To read this article in full or to leave a comment, please click here

How to keep viral memes from spreading malware in your enterprise

Perhaps the worst news about Pokemon Go is how attackers are using it to spread malware. This is not the first time bad-guy hackers have leveraged the popularity of games to spread malicious software. Viral memes spread malware, too, via drive-by attacks as people visit malicious sites that draw them by hosting or linking to the internet-based cultural sensation.Users assume that games and meme sites have integrity. This makes it easy for the hackers to push compromising software onto consumers’ phones and computers and into your organization. Cyber thugs also use man-in-the-middle attacks on game apps to take control of mobile devices and launch attacks on the enterprise.To read this article in full or to leave a comment, please click here

Real-life examples test whether you are prepared for a cyberattack

Are you ready?While 83 percent of respondents say cyberattacks are among the top three threats facing organizations, only 38 percent say they are prepared to experience one, according to ISACA’s 2015 Global Cybersecurity Status Report.Incident response is still largely a human response. Multiply an outdated response plan by the many human errors that can innocently occur during response and you have a recipe for potentially cataclysmic results in the threat event aftermath.Use the following tabletop exercises based on today’s most disconcerting threats to update your response plan for live action.To read this article in full or to leave a comment, please click here(Insider Story)

How to perform a risk assessment

Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case. Defending risks without knowing what those risks are is like playing a round of paintball with your eyes closed — you’ll keep missing your opponent. A risk assessment gives the enterprise a specific, more finely narrowed field of targets for which to aim. In this fifth and final installment of a five-part presentation of information security risk defense via informed incident response, CSO regurgitates reliable resources and expert steps you should use on the way to protecting data assets and stores in your enterprise. (See also as part of this series: How to audit external service providers.)To read this article in full or to leave a comment, please click here(Insider Story)

How to perform a risk assessment

Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case.To read this article in full or to leave a comment, please click here(Insider Story)

How to audit external service providers

News of or firsthand experience with breaches that attackers managed to achieve using external service providers such as POS vendors reminds enterprises that the federated enterprise makes a bulletproof perimeter no longer possible.Failure to audit your providers is like neglecting to audit your internal enterprise, culminating in similar ramifications. In both cases, you can’t close holes you don’t know exist. But knowing what to audit can be the lion’s share of how to get it done right.In this fourth installment of a five part series designed to harden and remove vulnerabilities in incident response itself, CSO tips you off on what to audit inside those who conduct trade so closely with you and what resources to use.To read this article in full or to leave a comment, please click here(Insider Story)

How to conduct a tabletop exercise

As you discovered in the first installment of this five-part series, tabletop exercises can be an important practical tool for reviewing and updating incident response plans. You should schedule them to correspond with yearly Incident Response (IR) plan reviews.When you use existing incident response measures as you play out tabletop data breaches, you uncover holes in IR that can amplify disaster when real data compromise hits the proverbial fan. Unexpected results in tabletop scenarios can foster positive change in IR planning to prepare the enterprise.To read this article in full or to leave a comment, please click here(Insider Story)

Reviewing incident response plans for data risk preparedness

Incident response plan reviews are growing in importance with the rapidly increasing numbers and types of information security incidents that enterprises must face. The enterprise must approach these reviews with a view toward effective event response.Yet more than one-quarter of IR professionals (26 percent) are dissatisfied with their current organization’s IR capabilities, calling them ineffective, according to a SANS Institute survey on the state of IR. After initial plan creation, the review is the opportunity to correct that ineffectiveness.To read this article in full or to leave a comment, please click here(Insider Story)

7 heavily-hyped information security products, vendors that hit the scrap heap

Hitting the heapImage by SmoobsInformation security vendors release new products with all the hope of parents sending their child out into the world or a mother bird forcing her babies out of the nest. Unfortunately, as everywhere else in nature, some security technologies fall to the ground and go splat! Here are seven security-related offerings whose trajectories fell off sharply just before the bitter end.To read this article in full or to leave a comment, please click here(Insider Story)

Which security products do enterprises expect too much from?

Enterprises rely on some security products too much while counting on others too little. One product category that companies place too much faith in is encryption, which has vulnerabilities. The OpenSSL web encryption technology’s infamous Heartbleed vulnerability is one example.Enterprises should assess their information security stance in light of the vulnerabilities that have actually given attackers a foothold and lead to costly breaches, whether for their organization or for their peers. Where an off-kilter reliance on some security products is the crack in these defenses, look at a more effective combination of tools. Don’t ignore tools that are effective yet limit some usability. Security products that enable a lot of usability while masking danger are among those that we do and will continue to count on too much.To read this article in full or to leave a comment, please click here

Endpoint security still inadequate despite growing threats

Endpoint security solutions today are lacking in spite of significant gaps, vulnerabilities in security and heightened fear of a security breach, says Promisec, endpoint security and compliance vendor.According to Promisec data, 89 percent of VP and C-Level IT leaders who responded in a Promisec survey have a heightened fear of a breach over the next year while only 32 percent of respondents have advanced endpoint security in place.The fact that 73 percent of the respondents agree that endpoints are the most vulnerable point for attack should magnify concerns. The demand is there and analyst market valuations for endpoint security reflect that. The market value should grow from $11.62 billion this year to $17.38 billion by 2020, according to a recent MarketsandMarkets report. Analyst group TechNavio pegs the growth at a CAGR of 10.4 percent over the period 2014-2019.To read this article in full or to leave a comment, please click here

Attackers are building big data warehouses of stolen credentials and PII

According to McAfee Labs, attackers are linking stolen personally identifiable information (PII) sets together in Big Data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen PII and usernames and passwords, according to McAfee Labs.A new type of criminal is combining warehousing and selling stolen data including access credentials and PII that are targeted to specific markets, industries, companies, and purposes, according to the McAfee Labs 2016 Threat Predictions and McAfee Labs’ Director of Threat Intelligence, Christian Beek. McAfee has seen the hacker underground and dark markets moving in this direction over the past seven months, Beek asserts.To read this article in full or to leave a comment, please click here