Aviation Cyber Security – A Look at Some Real Threats Facing the Industry

CybeRiskBlog, Cybersecurity

Aviation Cyber Security

Faced with the task of transporting millions of passengers between various destinations around the globe on a daily basis, the aviation industry is required to maintain one of the most complex and integrated information and communications technology (ITC) systems on the planet. And like any digital/computer system, this electronic infrastructure is vulnerable to software glitches, hardware, software, and network failures, and the attention of cyber-attackers. But unlike in many other industries, the consequences of a systems failure or a successful cyber-attack can have life-threatening and potentially catastrophic consequences. The safety of aircraft and their passengers, the operational integrity and financial health of airlines and related industries, and the reputation of the aviation sector as a whole may be threatened by … Read More

Reality vs Cinema – A Look at Cyber Security in Movies

CybeRiskBlog, Cybersecurity

Cyber Security in Movies

When actor Michael Caine’s character in the 1969 movie The Italian Job sought help from a group of Britain’s most infamous computer hackers to steal a load of gold bullion from under the noses of the Mafia and the Italian police, the age of cyber-crime in modern cinema really got underway. Since then, hacking and hi-tech have become staple subjects for television and movie entertainment, bringing the cyber world to the attention of viewers and cinema audiences worldwide. Problem is, the vast majority of these cinematic efforts meet with groans of exasperation from real hackers and cyber security experts, alike. This is largely because of a disconnect between the realities of our own world (the real) and the world of … Read More

Enterprise Cyber Resilience – Equifax and Uber Learn the Hard Way

CybeRiskBlog, Cybersecurity

Enterprise Cyber Resilience

57 million people affected worldwide, by a breach that was covered up for over a year. 143 million American consumers affected by a single database hack – again with delays in making this news public, and with as yet undetermined impact at a global level. The recent data breach incidents at the smartphone app-based ridesharing company Uber, and the massive international credit reporting agency Equifax represent the antithesis of the principles of enterprise cyber resilience – both in their scale and in the haphazard and frankly inadequate nature of the response which they met from the targeted organizations. With public and media outcry, several ongoing lawsuits, and the financial and reputational damage suffered by both Equifax and Uber, the lessons … Read More

The Red, Blue and Purple Team and What’s Between Them

CybeRiskBlog, Cybersecurity

Purple Team

With a tradition stemming from military training exercises, the idea of pitting a “Red Team” of trained attackers against a “Blue Team” defending the organization has been taken up over the years by a diverse set of institutions. These include government bodies like the U.S. National Security Agency and the Government Accountability Office and corporate enterprises in which war-gaming exercises are used to test the security infrastructure of active businesses. The concept has also been used to test the physical security measures deployed at places like nuclear facilities, or the Department of Energy’s National Laboratories and Technology Centers. It’s an adversarial technique that can too often lead to the same outcome as many a sporting event: Two opposing sides give … Read More

Evolving Enterprise Cyber Security Challenge: The Lack of Professional Resources and the Impact on the Organization

CybeRiskBlog, Cybersecurity

Enterprise Cyber Security

In what’s been described as an “existential threat” to enterprise, national, and even global security, the past few years have seen a continuous drain on the pool of enterprise cyber security talent. Figures from 2016 confirmed that 86% of companies reported a shortage of professionals available to fill the growing need for skilled information security personnel. And a study conducted by the Enterprise Strategy Group (ESG) in 2017 cited 70% of cyber security professionals as saying that the skills shortage has had an impact on their organization. More worrying than this was the claim by 45% of organizations that there was “a problematic shortage of cyber security skills.” This dearth of talent is occurring at a time when cybercriminal networks … Read More

Cryptojacking – What is it and How Can it Co-Opt Your Devices?

CybeRiskBlog, Cybersecurity

cryptojacking

The recent discovery of the Loapi mining Trojan – a multi-faceted piece of malware with potentially device-killing consequences for users of Android hardware – has thrown the spotlight onto an emerging trend in malicious software design. This involves the engineering of malware code aimed at co-opting the system resources of a victim’s hardware, for the purpose of mining cryptocurrencies. This process has been dubbed “cryptojacking”, and its methodology and implications for cyber-security will form the basis of discussion for this article. Cryptojacking – Incentives for Bad Behavior Frenetic activity continues in the cryptocurrency sector, with recent dramatic hikes and plunges in the value of Bitcoin and other denominations hitting the mainstream news. With such wild fluctuations and the relative immaturity … Read More

Top 10 Cyber Security Trends for 2018

CybeRiskBlog, Cybersecurity

cyber security trends

2017 was once again a turbulent period for the cyber security sector. Data breaches affecting the health-care sector and over half the population of the United States, the co-opting of hundreds of thousands of Internet of Things (IoT) devices in massive Distributed Denial of Service (DDoS) attacks, and the emergence of ransomware as an enduring threat and money-spinner for cyber-criminal networks were just some of the developments seen over the past twelve months. As the holiday season approaches and the year draws to a close, it’s time to put the spotlight on the Top Cyber Security Trends and the issues and threats likely to feature prominently in the information security landscape for 2018. Top 10 Cyber Security Trends for 2018 … Read More

Securing Mail Relay is a Priority For Any Enterprise Security Program

CybeRiskBlog, Cybersecurity

Securing Mail Relay

Despite advances in telecommunications which have made real-time exchange media like video chat and Instant Messaging available, email remains one of the principal methods of establishing and maintaining personal and business contact. Individual and corporate identities and reputations may hinge on the way in which email communications are perceived by their recipients – in terms of content, etiquette, and relevance. Because of their central role in corporate affairs – and because of their potential to reach multiple potential victims – mail servers are often targeted by cyber-criminals and saboteurs. So securing mail servers and securing mail relay should be a priority consideration in any enterprise security program. Securing Mail Relay – The Menace of Spam Besides its capacity to annoy … Read More

Penetration Testing – The Connection Between Pen-Testers and Lockpicking

CybeRiskBlog, Cybersecurity

penetration testing

In an environment where innovation and collaboration are as much a part of the cyber-criminal ecosystem as they are a part of the tool-kit of the security professionals who must manage it, there’s a need for rapid response, real-time interventions, and awareness of the real-world applications and threat vectors used by today’s cyber-criminals. This is why some form of stress or penetration testing is a necessary factor in enabling organizations to maintain a robust security posture. Traditionally, pen-testers have had to think and act like hackers in order to fulfill their remit – and it’s no coincidence that many in the profession have a background which takes in at least some aspects of the darker side of Information Technology. With … Read More

The Chief Information Security Officer – What Role Does the CISO Play Today?

CybeRiskBlog, Cybersecurity

Chief Information Security Officer

With a job title as varied as the organizations which define it – chief security officer (CSO), security manager, chief security architect, information security manager, or corporate security officer, to name a few – today’s Chief Information Security Officer (CISO) is also increasingly called upon to wear an alternating series of hats, in negotiating the intricate web of enterprise security and corporate hierarchy. While overseeing the policies, tools, and practices that safeguard enterprise cyber-security, the CISO is simultaneously required to speak the language and enact the practices of the business arena. So anyone occupying this position must tread a wary and complex path, in order to fulfill their remit. As so much hinges on a successful tenure for the CISO … Read More