CyberExperts

Top 20 Ways to Avoid Cyber Risks when Working from Home

George Mutune

-

April 21, 2020

Top 20 Ways to Avoid Cyber Risks when Working from Home

For most employees, working from home has been a big dream that came to reality at the start of 2020 when coronavirus became a pandemic in many countries. The outbreak has wreaked havoc in the world, with many millions of cases.

On the other hand, business operations must continue, and this has seen most organizations require staff to work from the safety of their homes. Before the entrance of the virus, approximately 7% of the American population, which translates to 9.8 million people, worked from home. This number has increased exponentially since all companies are encouraging working remotely. Although scientists are working round the clock to develop a vaccine, the reality is most people might continue getting their jobs done at home. Organizations have realigned their operations to support remote work, which might prolong once the pandemic is over. In light of this, understanding the top ways to prevent cyber risks when working from home can save enterprises plenty of security incidences.

Prevalent cyber risks when working remotely

1. Insecure remote working setups

The remote working setups for some employees may be highly insecure. Homeworking requires users to have computing devices and networks to access business applications and data remotely. However, the absence of security tools and controls such as firewalls, IDS, updated antivirus, among others, can cause security issues. The security measures are a necessity, yet they may be inaccessible to most remote users. As a result, the lack of security solutions exposes various cyber risks to a business and might cause attacks and severe breaches.

2. Employees use multiple devices

It is common for employees to use several devices like smartphones and laptops when working remotely. This practice complicates the deployed controls for protecting data since each device represents a potential entry point. Shared use between family and friends increases cyber risks. Moreover, prioritizing the use of personal devices with lesser security functions and features over company-issued devices is common. Unfortunately, the trend threatens the integrity, confidentiality, and availability of stored information since there might be instances of unauthorized access, modification, or deletion.

3. Sharing information using insecure networks

Office setups ensure to provide employees with secure intranets and communication infrastructure to facilitate secure information exchange. Remote working contrasts since users must communicate through their personal and less secure networks. Some may disregard the need to use encryptions and VPNs when communicating critical information. Attackers lurking in the network may exploit the opportunities to launch attacks. Such communication channels increase cybersecurity risks. They might be easily compromised, allowing adversaries to intercept and eavesdrop on confidential information.

4. Logistical challenges

Employees working from home require consistent IT support to resolve technological and security problems. However, in the current state, where countries have enforced lockdowns to minimize the spread of COVID-19, organizations may be challenged to provide the needed support. Travel restrictions may prevent them from providing physical assistance. Most employees lack the capacity and experience to handle security issues, thus leaving company resources exposed to attacks.

5. Insecure endpoints

Most companies have deployed endpoint detection and response systems. The systems actively monitor endpoints connected to the corporate network to detect and prevent adverse security events. Endpoints include any device used to access network resources and a leading cyber-attack vector. Almost zero employees implement such systems in their home networks or devices. On the other hand, IT security staff might be unable to monitor personal devices that don’t connect to the organization’s network. Cyber adversaries might utilize the opportunities to plant malware, providing them with full privileges to the networks and systems.

6. VPN manipulation

Virtual Private Networks (VPNs) are currently the lifeline for most enterprises. They extend encrypted networks to employee homes since they provide tunneled and encrypted connections. Despite this, many personal and home networks already contain compromised hardware or malware infections. Hackers can, therefore, use them to stage attacks through computers running VPN termini. Compromised computer identity can enable the attackers to piggyback through an active VPN, thus bypassing integrity checkers and implemented authentications. Some VPN providers may also fail to use secure encryption, thus providing vulnerable VPN services.

7. Unpatched applications

Unpatched applications and devices are highly vulnerable to attacks. Numerous companies have automated patching systems that download and install security patches immediately they are available. Most employees go for long without updating their applications or devices, providing hackers with exploitable vulnerabilities for launching attacks. Using them for work reasons introduces significant risks to organizational systems and networks. Also, IoT has increased, causing an upsurge of new products. Vendors may rush to create products without following necessary security guidelines. Worse still, some fail to provide timely updates to address emerging security concerns.

Tips for avoiding cyber risks

1. Understand threats to the organization

Business leaders, including the C-Suite, must fully understand the security threats facing their organizations. Work from home introduces threats from different dimensions, and it is essential to understand them all. As such, they should work with security teams to establish the most prevalent threats. This practice should include the value of threatened assets to inform the mitigation priorities. Also, identifying the risks should focus on identifying possible vectors manifested through work from home requirements. Subsequently, a company can know which controls and security tools to deploy to protect the most sensitive business data and critical applications.

2. Develop proper guidance and communication

The emergence of COVID-19 caught most organizations unaware. Due to imposed lockdowns, they had to quickly devise how employees can work from home without compromising security perimeters. Yet, most don’t have established policies that stipulate work from home guidelines and security requirements. Businesses must hence ensure to develop and document clear home working policies. They should include easy to understand procedures to ensure employees fully comply. The work from home policies should also contain information on how employees can handle insecurity occurrences, including the security teams to contact. Most importantly, remote working policies are necessary for ensuring businesses comply with regulations such as HIPPA.

3. Deploy required security capabilities

Enterprises should ascertain all devices they own and manage have strong security capabilities. The capabilities protect the organizations by identifying possible threats and warding off attackers. The same best cybersecurity practices adopted within a company should extend to all remote employee environments. Among others, such critical capabilities include:

Providing secure connections to critical on-premise and cloud applications and data. For instance, they should apply to video conferencing software as they are increasingly relevant in remote environments.
Provide endpoint protection and detection capabilities in all mobile devices and laptops. These include strong encryptions and VPN tools.
Be capable of providing multi-factor authentications to ensure only the correct and legitimate users can access secured information.
Provide employees with capabilities to block malware, command and control traffic, and exploits. Automated real-time intelligence tools can assist in achieving this.
Provide security tools capable of filtering malicious URLs and conduct DNS sink holding to deter frequent spear-phishing attacks

4. Maintain effective password hygiene

Passwords provide strong defenses and are easy to create and use. Organizations often depend on strong passwords to keep their systems and networks secure. However, many users fail to observe proper password hygiene, thus exposing their companies to multiple security risks. Working from home approaches must emphasize the need for password hygiene since they introduce many vulnerabilities. It entails ensuring the creation of strong passwords using a combination of letters, symbols, and numbers. Employees should further frequently change their passwords. Hackers use brute-force and password stuffing attacks to crack passwords, and replacing them lowers the possibility of the attacks being successful. Besides, employees must use secure means to share passwords. These include using encrypted messages.

5. Regular system and software update

The need for regular updates to systems and software cannot is quite essential. New viruses and vulnerabilities facilitate attacks daily, and this poses risks to unpatched software and systems. Employees with remote access to vital infrastructure and data should consider checking for new updates every day to ensure they have the latest security patches. Where possible, enterprises should provide their workforce with the necessary updates to ensure they use secure devices. Individual users should consider turning on the automatic update option, which is usually available in most software and operating systems. They should turn on the option in personal devices as well as those that are company-issued. Employees should avoid using computers that lack the latest updates to protect against attacks.

6. Secure the Wi-Fi access points

Wi-Fi access points are hot spots for network intrusions and malware delivery. Wi-Fi access points are any devices used to create a wireless network, generally by connecting to a wired switch, router, or a hub through an ethernet cable. They usually provide internet access. All wireless clients use access points as the interface for sharing information. They are used to transmit sensitive information. Securing the access points involves changing the default configurations to more secure ones, applying security options such as WPA-PSK encryption, among others.

7. Encourage use of VPNs

Work from home involves using remote access to essential information, either through video conferencing or accessing company servers remotely. Employees may lack security tools like firewalls needed to filter malicious connections from their home networks. VPNs provide secure connectivity by tunneling and encrypting network connections. This assists in creating trusted online links between staff and their companies. Some corporate VPNs offer advanced features such as protection against malware and phishing attacks. Encouraging the use of VPNs in work from home approaches can secure against significant cyber risks.

8. Prioritize education awareness

Cybersecurity education and awareness has been, and remains to be, an acclaimed method for reducing cybercrimes. The strategy provides employees with the necessary knowledge and skillset for secure information access and usage. It also equips relevant skills used to identify adverse security events, manage them, and report them. Organizations need to provide employees with revised cybersecurity education and training, focusing on working remotely but securely. For instance, it should educate employees about the evolving phishing scams and online fraud. Scammers nowadays use information related to COVID-19 to scam people since it is an already viral topic, meaning the increased possibility of victims falling for it. It should also include best practices for safe remote access by creating awareness on the usage of tools like VPNs.

9. Don’t mix work with personal matters

Individuals working from home should avoid using work devices for reasons other than work purposes. Personal usage, such as accessing social media or movie websites, is ill-advised since it is one way of inviting malicious cyber actors. Also, a work environment does not support security procedures like real-time monitoring for security incidents. Using a work device for personal engagements means malware infections might go undetected. Accessing organizational resources using the same tools might transfer malware infections to corporate networks and systems. It can enable data breaches, exfiltration, or ransomware attacks. To prevent this, employees should avoid installing a service on a work device or use it for personal matters if such actions are against acceptable uses.

10. Secure video conferencing tools

Video conferencing is the backbone of most communication processes when working from home. It provides the infrastructure for holding group meetings, client discussions, among others. Remote workers rely on conferencing tools’ capabilities to transmit highly sensitive data, so it is necessary to observe the required security measures. When video conferencing, employees should avoid sharing confidential information as much as possible. Users should remove any background with sensitive data from a camera’s scrutiny. Also, mitigation measures should be identified and implemented before a video meeting. Controlling access is also a significant security measure. Users invited to a video meeting should have a password to authenticate them to prevent sensitive data disclosure to unauthorized parties.

11. Multi-factor authentication

Multi-factor authentication is a necessity for improved security and access control. Remote working makes it almost impossible to authenticate users with remote access to essential IT assets and information. Anyone with a password can have unlimited system access and steal or modify data at will. Multi-factor authentications provide controlled access by ascertaining a user is who he claims. It requires an employee to give a unique authentication item, such as a biometric or code, before granting access. The system requests the second level of authentication despite a user having a correct password and username. Businesses should consider implementing MFA in all their systems to have tighter control of who accesses what, thus ensuring integrity and confidentiality of critical assets and information.

12. Encrypted communication

Organizations have the prerogative of ensuring the implementation of encrypted communication mediums and channels. Employees should only be able to access information and business applications through recommended encryptions such as SSL and IPSec VPNs. The channels are necessary since they provide end-to-end encryption, thus preventing attacks such as man-in-the-middle and eavesdropping. Encryption assures of data CIA since it is inaccessible even if the network or mode of transmission has is compromised. Encryption also ensures only authorized personnel can access the data as it requires a correct decryption key.

13. Avail adequate IT support

Employees should have sufficient access to IT and security support when working from home. Most have little knowledge of dealing with arising IT problems and security events, which poses a danger to an entire company. Consistent IT support guides how to resolve minor IT mishaps, thus preventing instances of downtime. In severe cases, a business should have a response team to provide the required assistance for resolving security and IT problems. Therefore, business leaders should consider allocating enough resources to cater to remote assistance and on-site help where support experts must be physically present.

14. Update incident response policies

Incident response policies should be updated to reflect the changing work environment. Most companies maintain their plans to respond to on-site security events, with little or zero focus on remote working. Given the current circumstances, it is instrumental in developing and maintaining an incident response plan centered on responding to personal attacks and data breaches. Also, organizations should train employees on their specific roles in implementing the plan and conduct a simulation of rolling it out.

15. Avoid free networks and internets

It is common for individuals to connect to public Wi-Fi hotspots to utilize the free internet. However, hackers can easily snoop the traffic communicated through the network, while advanced actors can hijack the whole connection. Using the networks to access organizational resources invites hackers to infect systems and networks with data exfiltration malware, spyware, trojans, and viruses. If public networks are the only available internet sources, employees must use a reliable VPN and ensure that all communicated information has strong encryptions.

16. Observe strong physical security

Physical security entails implementing measures to curb device theft or unauthorized physical access to a computer’s contents. To achieve this, employees must ensure to store their work devices safely to prevent loss or theft. Stolen devices might contain sensitive information, and this can easily find its way to the black market. Also, a malicious individual might be plotting how to physically access data stored on a computer. Implementing measures such as strong passwords ensures the prevention of such plots.

17. Install antivirus and antimalware tools

Antivirus and antimalware software are vital in detecting and removing viruses. Most operating systems come with their inbuilt antivirus software, which contains a database with common virus signatures. Once a malicious actor introduces a virus to the system, the antivirus matches its signature with the database. It provides an alert once there is a match. To be effective, employees must always download new security definitions and updates once they are available. Where possible, users should consider more intelligent antivirus solutions to ensure the detection of all malware types.

18. Observe a clear desk policy

Although working from home does not pose serious threats of malicious employees or individuals, it is always essential to leave a clear desk. A clear desk policy means clearing any information and paper trail that can threaten information CIA if accessed by the wrong person. Such include written passwords or paper documents holding critical data. For instance, a well-intentioned person may come across a written password for a device and use it to gain access for personal use. This action might lead to security incidences if the user visits a phishing website or disables some security configurations. Employees must ensure to clear their desks every time they leave their workspace.

169 Avoid sharing URLs for virtual meetings

Virtual meetings are the norm in work from home environments. Employees should avoid sharing the URLs of scheduled virtual meetings in public places such as social media and other open platforms. Publicly shared conference IDs allow unauthorized individuals to access private meetings, which contradicts the very essence of privacy. It might cause information leakages, and this violates various compliance regulations. Besides, unauthorized access could compromise business strategies, insecurity, and loss of highly sensitive information.

20. Log off once done

Employees must ensure to log off from their devices every time they leave their workspaces. This practice prevents unauthorized access to their computers, further safeguarding the stored or access information. Logging off also prevents the devices from theft and instances of unauthorized use. Most devices support a log-off timer, where they can automatically lockdown after a period of idleness. Employees should utilize such functionalities and set the periods to be at most two minutes. As such, they can automatically lock even if the user takes only a short break. Preventing unauthorized access can protect from many security problems, thus ensuring the security and CIA of data and connected devices.

The Impact of the Coronavirus on the Cybersecurity Industry

George Mutune

-

March 27, 2020

0

The Impact of the Coronavirus on the Cybersecurity Industry

Facts About the Virus

Everybody in the world is now aware of the coronavirus and the necessary measures to contain its spread. The World Health Organization describes coronavirus, which is known as SARS-CoV-2, as a respiratory syndrome that causes COVID-19 disease.[1] The disease is highly infectious and spreads through coming into contact with contaminated surfaces or mouth droplets from infected people. The main signs are high fever, breath shortness, dry coughs, and tiredness.

Coronavirus first emerged in China, where experts identified the first infected person on November 17, 2019. In the space of three months, the virus has already spread to 195 countries, and there are currently more than 450,000 cases, 21,336 deaths, and 114,779 total recoveries.[2]

To contain and manage the quick spread, most countries have enforced total lockdowns and curfews to minimize human contact as medics and scientists have not discovered a vaccine. The drastic measures, in turn, have affected the normal operations of most organizations to the extent that they require employees to work remotely. However, the changing working requirements might result in profound cybersecurity impacts which might, in effect, require the adoption of different cybersecurity measures to address the challenges.

Adverse Cybersecurity Consequences caused by the Spread of Coronavirus

Remote Working

Traditionally, remote working, or working from home, has been identified to cause major cybersecurity challenges. Before the pandemic, only a small percentage of employees preferred working from home. This has since changed because numerous organizations now require employees to work remotely. For instance, Google’s parent company, Alphabet, Microsoft, Twitter, Apple, Amazon, and many others, have encouraged their labor force to work remotely from home.[3] This move has led to Zoom being the top downloaded application from Apple’s App Store and Microsoft Teams, seeing a sharp usage increase of 500%, indicating a world not ready for remote working.[4]

The outcome breeds a lot of challenges that severely impact the cybersecurity industry. Firstly, it is common knowledge that employees working remotely use highly insecure personal devices and home Wi-Fi to gain remote access to the corporate network. Such devices and networks may contain unpatched vulnerabilities or lack of essential updates. Insecure devices are a cause for celebration among hackers who can easily exploit them to steal information or gain unauthorized system access. Now that every employee from most companies is working from home, there are expanded attack surfaces and access points.

Furthermore, many employees use the public internet to research and communicate. The internet is riddled with hackers and malware since it is a public network accessible to everyone. In spite of this, employees might fail to observe vital security practices such as using VPNs for all remote accesses. VPNs are recommended tools for providing an end to end encryption and tunneling of all data exchanged between a server and a client. Failing to use a VPN, consequently, exposes a business to multiple security risks since cybercriminals can easily hack it.

Increasing Internet Scams

According to the words of BH Consulting CEO, Brian Honan, “criminals will take advantage of any situation to meet their ends.” This sad reality is becoming apparent, judging by the increased rate of internet scams following the outbreak of COVID-19 disease. For example, in a recent study done by CNBC, it showed there had been a 40% rise in phishing scams since the start of the Coronavirus pandemic.[5] In the COVID-19 context, phishing scams pose significant threats to both individuals and businesses in various ways. To begin with, individuals are more concerned about their health, making them more vulnerable to attacks as compared to under normal circumstances. The vice president of Allo, Hagay Katz, notes that cybercriminals often “use fear to create a sense of urgency in the victim to reduce their security awareness.”[6]

The large number of people who have become victims of the Coronavirus provides cyber adversaries with the rare opportunity to advance their phishing scam campaigns. The pandemic has gone global, making it the perfect hook for criminals to bait unsuspecting phishing victims. For instance, cybercriminals are circulating messages they purport to be global bodies such as the World Health Organization (WHO). They use texts and email to spread the information, which mostly contains phishing malware.

Malwarebytes Labs recently provided a technical scenario of a phishing campaign where malicious actors impersonated WHO.[7] According to the details, the phishers distributed messages claiming to provide the latest information on the “corona-virus.” This is a direct giveaway that it is a phishing scam because of the hyphen in the word coronavirus. However, given the reputation of WHO as an authoritative and trustworthy source of information, most targets might fall for the scam. In the campaign, Malwarebytes notes that the criminals use fake e-books to lure new victims. The book claims to contain valuable research about the global pandemic, and guidelines that people can follow to protect their relatives and friends. The adversaries behind the phishing scheme use the following teaser content to trick individuals to open the attachment.

Screenshot adapted from Malwarebytes Labs[8]

The phishing email further encourages Windows users to download and open the e-book. Once clicked, the attachment executes a file found in MyHealth-Ebook.zip and automatically downloads a malware. It is a malicious code for downloading GuLoader, which hackers use as the payload for delivering Formbook, a Trojan used to steal and pilfer information.[9] Other similar phishing tactics have increased steadily as hackers seek to maximize their gains from the fear caused by the coronavirus.

Increasing Espionage and State-Sponsored Crimes

In a research report by cybersecurity company CYFIRMA, COVID-19 has resulted in a raging war in the global cyberspace.[10] Cybersecurity threats and risks have multiplied due to increasing attack vectors and the rapid evolution of hacktivist techniques. As a result, the main challenge is testing businesses’ and countries’ resiliency and preparedness to counter cyberattacks from multiple fronts.

CYFIRMA intelligent research and threat visibility indicated a massive upsurge of at least 600% of threat indicators between February and March 2020.[11] They are all related to the COVID-19 outbreak. Hackers are clearly working hard on how to leverage the uncertainty and fear resulting from the coronavirus outbreak to accomplish financial and political goals.

The US-CERT (United States Computer Emergency Readiness Team) has already published various alerts. They include fraudulent individuals tricking unsuspecting people to reveal sensitive personal data, or to donate to non-existent charities, all in the name of coronavirus containment and management. The hacker communities are spread across the dark web and communicate in a variety of languages such as English, Korean, Russian, Mandarin, and Cantonese.

To mention just a few, a hacktivist organization based in Hong Kong are creating phishing campaigns to target individuals located in mainland China.[12] These are to be used for political ends, with the objective being to incite social conflict by creating distrust by blaming the Chinese Communist Party. In a different analysis, a hacker group in Taiwan is employing similar techniques to target influential Chinese personalities, thus creating more unrest.

Additionally, hackers conversing in the Korean language have been planning how to use sophisticated malware to exfiltrate sensitive information they will use for financial gains. The group has also been identified to be creating a new EMOTET virus variant. EMOTET has been a prevalent security threat. The hackers plan to use the viruses to target the U.S., Singapore, Australia, and Japan.

Moreover, CYFIRMA researchers have noted hacker groups in North Korea are using phishing tactics to target businesses in South Korea. The criminals name the phishing emails “Coronavirus Correspondence,” and use them to trick computer users to open the attachments and malicious links. They immediately launch malware on machines, spreads throughout a network, and infects every connected system.

Anticipated Constraints on Resources

Coronavirus has caused the resources available in many organizations to stretch to the maximum. This has, in turn, caused negative impacts on their cybersecurity approaches. Countries with high infection and mortality rates are now in complete lockdown, resulting in dwindling daily revenues.

One of the most affected industries is the aviation sector, where experts estimate that the sector has so far lost over $113 billion in sales due to canceled flights to other countries.[13] Subsequently, businesses have resorted to restructuring their budgets to ensure they survive the pandemic. This means budget cuts in some sectors like cybersecurity, which may cause the inadequacy of technological and human resources needed to manage security operations.

Besides, countries such as Germany, Spain, U.S., China, and South Korea are among those that are worst hit by the coronavirus pandemic. These nations are some of the leading producers and innovators of cybersecurity technologies and processes. As the countries channel efforts to manage the coronavirus from spreading, they might experience labor and skill shortage, thus affecting their ability to drive for stronger cybersecurity required to mitigate the volatile cyber threat landscape. The private sector is mostly responsible for such innovations and creations, yet coronavirus has highly impacted the sector.

The shortage of vital hardware and skill has almost stretched the cybersecurity management of other organizations to the limit. This is clearly brought out in a survey involving security professionals from various firms. The survey results showed that 53% of the participants claimed that their security systems are overly stressed to address challenges resulting from measures taken to contain the virus.[14] Also, almost all enterprises had simply not planned for remote working, yet the workforce need to use VPN connections for remote access has sharply risen from 20%-50% to about 80%-100%.[15]

Failures in Supply Chain

The supply chain is critically vital to all cybersecurity functions and processes. Rarely can an enterprise claim to use security solutions provided by a single security firm. Most depend on multiple providers for security hardware and software.

On the other hand, the developers and innovators of security products also depend on other supply chain partners for different components needed during the development. Supply chain partners are global and the isolation of specific companies raises challenges in accessing or delivering the components. Whereas companies can rely on cloud-based security solutions for monitoring and response purposes, there are the hardware aspects that can only be installed physically. The failure of the supply chain can cause the unavailability of the security hardware, and this might impact a company’s ability to protect itself.

Risks in Healthcare Regulatory Compliance

The healthcare sector might experience the most adverse cybersecurity challenges. Hospitals and health facilities are the most active in the containment and management of people with coronavirus infections. Hackers are aware of this and channeling their resources and time towards the industry. This has seen an increase of 150% of the attacks targeted towards health institutions in the last two months.[16] Attackers leverage the dire need for round the clock access to EHR systems to execute attacks such as ransomware and phishing.

Brno University Hospital based in the Czech Republic is one of the main facilities for treating coronavirus patients that hackers recently attacked.[17] To contain further damage to essential systems, the hospital resorted to postponing treatment processes and to pull down the IT network, thus impacting the ongoing operations. Hackers will continue using the coronavirus pandemic to launch more attacks on hospitals.

On the other hand, regulatory compliances like the Health Insurance Portability and Accountability Act (HIPAA), advocate for privacy and security of health information. The coronavirus pandemic has impacted such regulations causing patients to worry whether covered entities keep their health data private. The U.S. Secretary for Health and Human Services, Alex Azar, announced a HIPAA waiver that spelled out some of the privacy requirements to be excluded during the pandemic.[18] Such include the right for a patient to; request for confidential communication; request for privacy restrictions; require privacy practices; request for opting out of a hospital directory; among others. The waiver relinquishes penalties for not meeting the mentioned HIPAA requirements. Although it is in the best interests of the patient as it facilitates quick treatments and admissions, it provides channels for multiple PHI privacy violations and impacts the security controls and practices put in place to ensure data security.

Cybersecurity Lessons Learned from Managing Coronavirus

Efforts made to contain and manage the spread of the virus provides valuable lessons. Organizations can borrow a leaf from them to develop strong cybersecurity strategies.

Whereas viral pandemics are obviously different from cyber-attacks, there is no big difference in how they wreak havoc. An uncompromised IT asset can be used as the base for spreading an infection to other connected systems. Impacts of a single infected entity can be negligible, but spreading the infection in multiple entities can cause significant harm. Smart companies understand such risks and have established programs to address them.

The following table shows the measures taken to contain COVID-19 spread and how organizations, governments, and individuals can use the lessons to enhance cybersecurity.

Measure	Coronavirus	Cybersecurity	Impact
Advanced warning	Close monitoring of new health alerts for health facilities to adequately prepare	Early warning of impending attacks by using threat intelligence measures to hunt for threats	Minimize future threats
Prevention	Develop a vaccine to stop the Coronavirus pandemic from spreading	Develop indicators of compromise (IOCs) and malware signatures to prevent known malware from infecting a system	Minimize future threats
Blocking	Testing people arriving from different countries and quarantining those exhibiting signs of the virus	Using technologies and tools for blocking malware from entering a system. Such include anti-malware solutions, firewalls, DMZs, and sandboxes for new applications/software	Minimize points of entry
Educating, training, and raising awareness	Encouraging individuals to adhere to the recommended measures for curbing infections, including the use of travel advisories to sensitize people on areas with high rates of infections	Training and educating end system users. This raises awareness on how the security practices to observe, and to avoid compromising critical systems, passwords, or personal data	Minimize points of entry
Observing recommended hygiene	Regularly washing or sanitizing hands to prevent contaminations	Sensitizing users the importance of observing cybersecurity hygiene as it relates to privilege management, vulnerabilities, and implemented policies	Restrict infections from spreading
Deploying measures for containment	Enforcing measures such as isolating infected patients, social distancing, and curfews	To contain an infection, companies should consider measures such as segmenting their networks and isolating infected systems	Restrict infections from spreading
Quick diagnosis methods and treatment	Deploying test kits, facilities for isolating and treating infected people, specialized teams for early response, and use of vaccines	Implementing security orchestration, automation, and response (SOAR), and other relevant tools for detecting, identifying, isolating, and remediating instances of security compromises	Managing infections
Ensuring early detection	Encouraging individuals with Coronavirus symptoms to seek medical attention	Ensuring the deployment of breach and anomaly detection, as well as SIEMs (Security Information and Event Management)	Managing infections

Recommended Measures for Enhancing Security

Fully Understand the Business

Until a few weeks ago, many businesses were not prepared for total lockdown. Most had not put in place sufficient measures for enabling secure remote access to corporate networks to facilitate a work from home strategy. To avert the associated cybersecurity risks, every company with insufficient remote access measures should take time to fully understand the business. This is by using security professionals and experts competent in business impact analysis (BIA) to assist full comprehension of provided services and products. The analysis must focus on technical dependencies that come along with service provisioning to facilitate the implementation of needed controls.

Update Business Continuity Plans

Business continuity plans consist of the crucial components used to avert disasters. The Coronavirus pandemic has been a disaster to many countries owing to the resulting stringent measures for curbing its threat. Businesses are experiencing numerous challenges in ensuring their operations continue operating securely. Therefore, they need to rapidly develop as well as update operable continuity plans to permit the continuance of core operations with little or zero reliance on external technologies or suppliers. The businesses must also focus on cybersecurity. They should link the business continuity measures with technical disaster recovery plans to prevent damages caused by malicious security events.

Increased Awareness and Education for Employees

With employees required to complete their work roles and responsibilities from home, their employers must intensify cybersecurity awareness campaigns and education. The training programs need to focus on safe remote working or access practices to ensure that all employees are conversant with technologies such as VPN. Also, training must focus on the need for constantly checking and installing newly released updates to ascertain the remediation of existing vulnerabilities. Cybersecurity education would be incomplete without training on the latest phishing tactics, how to identify them, and the appropriate response measures. As such, a business can be reassured of the security of their data, networks, and critical IT infrastructures.

Re-Evaluation of Existing Security Methods

As many businesses are adopting and changing to new business habits in the face of the coronavirus pandemic, it is only prudent they re-evaluate their cybersecurity measures. New working methods like 100% of employees working from home are bound to cause new risks. Countering them requires re-thinking of new approaches needed to keep a company secure. For example, geolocation practices can only be used to monitor users using the data obtained from their devices. It requires them to have a specified IP address such as that of a company network. Such methods cannot be used to monitor employees working from home since they use personal devices and different IP addresses. Hence, strategies such as the use of artificial intelligence can be used the remote interactions between users and company resources, enabling the identification of anomalous activities.

Prioritize what to Protect

There is no telling if or when a vaccine for coronavirus will be found. This will continue taking a toll on cybersecurity budgets and resources if the pandemic prolongs. As such, organizations should consider flexible cybersecurity processes where they can prioritize what to protect. This can be done by first undertaking a comprehensive security audit and an inventory to establish critical information systems, networks, and IT assets. The results can assist in determining the suitable resources for ensuring the organization protects core operations. An alternative would be outsourcing security to managed providers to address short-term security needs.

[1] https://www.who.int/emergencies/diseases/novel-coronavirus-2019/technical-guidance/naming-the-coronavirus-disease-(covid-2019)-and-the-virus-that-causes-it

[2] https://www.worldometers.info/coronavirus/

[3] https://time.com/5801882/coronavirus-spatial-remote-work/

[4] https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/05/our-commitment-to-customers-during-covid-19/

[5] https://www.cnbc.com/2020/03/20/phishing-spam-spike-as-hackers-use-coronavirus-to-hit-remote-work.html

[6] https://www.infosecurity-magazine.com/news-features/dangers-covid-phishing-scams/

[7] https://blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/

[8] https://blog.malwarebytes.com/social-engineering/2020/03/cybercriminals-impersonate-world-health-organization-to-distribute-fake-coronavirus-e-book/

[9] https://blog.malwarebytes.com/cybercrime/2018/07/trojans-whats-the-real-deal/

[10] https://www.cisomag.com/cyberthreats-due-to-coronavirus/

[11] http://blog.agoracom.com/2020/03/19/how-coronavirus-is-impacting-cyberspace-sponsor-datametrex-ai-limited-dm-ca/

[12] https://www.cisomag.com/cyberthreats-due-to-coronavirus/

[13] https://edition.cnn.com/2020/03/05/business/airlines-coronavirus-iata-travel/index.html

[14] https://www.cnbc.com/2020/03/20/phishing-spam-spike-as-hackers-use-coronavirus-to-hit-remote-work.html

[15] https://federalnewsnetwork.com/cybersecurity/2020/03/telework-capacity-wasnt-a-good-investment-now-agencies-see-unprecedented-stress-tests/

[16] https://www.medicaldevice-network.com/news/coronavirus-cybersecurity/

[17] https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/

[18] https://www.hhs.gov/sites/default/files/hipaa-and-covid-19-limited-hipaa-waiver-bulletin-508.pdf

Current and Future State of Identity Access Management (IAM)

George Mutune

-

March 15, 2020

0

Current and Future State of Identity Access Management (IAM)

It is a proven fact that maintaining excellent customer experience results in increased revenue growth for a company. However, to achieve such an experience, a business must invest in new technologies, processes, and systems. The current era necessitates the implementation of disruptive technologies to retain, serve, and win new customers. Identity and Access Management (IAM) is one of the most vital technologies today. Despite its beginning as a platform for acquiring technologies, it has grown to become an essential tool for enabling companies to engage with and understand customers.

Why your Business Needs IAM

1. Manage Customer Preferences, Identities, and Profiles

Customers value relevant, consistent, and personalized experiences in all engagements with a business. An enterprise can only achieve this by accurately enrolling, identifying, and verifying customers. The company should also remember the client’s preferences, interactions and understand how they behave. All this can only become feasible by implementing a central platform for managing customer identities. Such includes a website to inform clients of acceptable payment methods, subscription expiration, email lists, among other offers.

2. Offer Secure, Adaptive Access to Protected Information

Most businesses today provide digitized products and processes. As a result, they tend to generate more data every day. Most companies also work in partnerships with many other third parties, such as contractors, suppliers, and outsourcers.

For this to happen, an organization must ensure that the right and authorized data owners can access the information and ensure no unauthorized access or data usage instances. This is irrespective of the hosting model or location. Besides, the company must ascertain that authorization processes consider the context. As such, IAM needs to tie business partners, customer data, and employees. They can achieve this by implementing and managing IAM technologies.

3. Enhance Customer Relationships Through Leveraging Identity Data

IAM deployments offer identity patterns and rich context regarding how end-users interact with a website, corporate applications, mobile applications, and call centers. Security personnel also analyze the data and use the results to implement defensive measures to protect against attacks and investigate security events.

More importantly, analyzing the data provides companies with information on how clients browse through a website and experience challenges in authentication, self-services such as password reset, and registration. The information also enables an organization to redesign its website to provide users with more targeted experiences and speed up vital processes like registration.

4. Maintain Privacy Preferences

Most customers are increasingly becoming concerned and sensitive to how companies collect personal information, the purpose of collection, and storage procedures. This is due to the implementation of various legislations that provide data owners with more control over how businesses can use their information.

To ensure conformance, an enterprise must manage the user identities such that the users can log in to their accounts and customize their privacy preferences.

Furthermore, businesses must ascertain that when storing, copying, or transmitting data, they have protected it when at rest, in use, or in transit. They must also enforce a client’s privacy preferences, but they can extract from the collected information without overlooking the possible value.

5. Support Zero-Trust Processes

Zero-trust models are increasingly becoming the de facto and necessary standard governing information security principles. Businesses also apply these models in other areas such as network security, application security, data protection, and cloud security.

Implementing IAM systems assists in adherence to zero-trust models. They provide the least privilege controls to ensure users only access what they need to accomplish their objectives. More so, IAM enables companies to transit to new and identity-based perimeters easily. IAM also ensures the prevention of over privileging users. It provides avenues for pre-integration with other components and domains in an organization’s IT environment.

Current and Future IAM Trends

Security professionals expect IAM to become more integral in both business and individual lives, largely influenced by continuously changing societal and technological landscapes. Despite the human inability to accurately predict new evolutions beyond the near future, certain new technologies will emerge, most of which might require more secure approaches to IAM. This is especially so considering that employee inability to manage and protect their access credentials such as passwords cause 90% of successful attacks.

The current IAM strategies might be incapable of meeting future requirements, especially with increasing devices and systems interconnection and automation.

1. Smart Device and Robotics Identification

Based on the future prediction, IAM techniques will go beyond the current authentication criterion, such as pets, humans, and biometrics, to include smart device and robotics identification. Businesses and individuals will accomplish this through interconnecting systems with automated tasks and data sharing capabilities, thus facilitating a collaborative and easier IAM environment.

Furthermore, interconnected and distributed technologies will increase in number, thus providing accurate, continuous, and seamless resource access. This will, in turn, require the development and implementation of advanced IAM strategies focused on artificial intelligence, sophisticated biometrics, machine learning, and any other disruptive technologies.

Subsequently, enterprises will no longer rely on the currently used IAM methods, including passwords, for accessing secured resources and physical facilities. Instead, they will substitute them with smart systems configured to continually learn distinct personal characters and features to strengthen access control.

2. IAM as a Utility

Professionals regard IAM to be the center of current and future digital transformations. As such, businesses will use it as the epicenter of securing IT infrastructures in all organizations, governmental agencies, higher learning institutions, among others. IAM also extends to all substantive applications or systems deployed within an organization.

Organizations will, therefore, apply IAM as a utility identity soon. To achieve this, tech companies will first need to devise consistent and reliable data collection, processing and organizing, and dissemination techniques.

Currently, enterprise data resides in multiple disparate silos. This has resulted in organizations deploying data sharing and modification orchestration as the cornerstone for providing solutions to existing IAM challenges, including account provisioning. For example, event triggers like making changes to authoritative data sources like HR systems might lead to the automatic creation of user accounts, along with IAM aspects. Such include assigning access privileges and defining user attributes used to determine the access levels.

As a result, such identity abstraction can be termed as an IAM architecture that is service-oriented. It currently targets to be a ubiquitous service seeking to provide identity information to network, application, and people services. The future of IAM contrasts since it will be developed based on highly accessible and flexible foundations to ensure data integration from diverse environments. As such, it will provide numerous consumers with a secure IAM method before allowing access to protected resources.

Despite the obvious benefits, the main challenge to achieving IAM as a utility is that many organizations contain numerous processes and environments that first require cohesive integration and normalization. The lack of standardized methods for integrating the various capabilities of available procedures and processes further increase the challenges.

In more cases than not, application or system vendors tend to ignore recommended efforts for integrating standards such as SCIM (System for Cross-domain Identity Management). Instead, they develop proprietary interfaces only to turn out to be a cumbersome process when integrating with other IAM deployments. Additionally, some IAM vendors do not have a sufficient portfolio consisting of connectors needed for seamless integration with other IAM systems. Organizations should fill these existing gaps to ensure a cohesive foundation in anticipation of future IAM requirements.

Besides, almost all IAM share the same philosophy; each deployment type is unique and needs unique customized processes and policies. As a result, there has been a proliferation of costly, brittle, typically challenging to upgrade, and highly customized deployments. Subsequently, vendors have resorted to recycling various IAM deployments. Businesses replace older implementations once they have fully met the organizational security needs and substituted them with new ones. Other instances of IAM deployments include if further integration and increased expansion prove to be too expensive.

However, instead of ensuring full access control, recycled IAM deployments might be insufficient in protecting numerous applications. They might not be inclusive of the scope of automated provisioning/de-provisioning or proper access governance control processes. This is because continuous recycling might cause a company to end up with specific systems such as SAP, Oracle, and Active Directory. Hence, current IAM deployments may be insignificant in ensuring each application or system’s security in a given environment, exposing them to untold risk.

This does not necessarily mean that the broader IAM objectives are unachievable. To meet the goals, organizations need to avoid getting caught up in pitfalls brought about by custom one-off IAM deployments. IAM requirements across companies are similar, as only their capabilities align with select patterns. All future IAM deployments need to reference an IAM architecture template to ensure they apply to all connected applications and systems. The following attributes describe the capabilities that enterprises should include in future IAM deployments.

Interactive: All application developers and end-users should be able to interact with a deployed IAM platform.

Accessible: Future IAM vendors should include processes and policies capable of uniquely identifying different actors. They should also define the permission levels of an actor, which are based on factors such as obligations, entitlement, assigned rights, and roles.

Adaptable to change: An IAM platform must feature capabilities for defining and managing the continuous changes brought about by changing relationships between enterprise resources and identities. The ability to adapt should be consistent throughout the IAM lifecycle.

Manageable: These are the capabilities needed for a company to easily manage, upgrade, and configure a deployed IAM solution.

Measurable: An IAM deployment should contain capabilities to be used in inspections, audits, improving, and gaining a deeper insight into all the IAM activities.

Storage: Vendors need to equip future IAM solutions with capabilities needed to ensure secure storage and maintenance of identity information and their relationships. The solutions should enable a company to retrieve the information easily.

3. Identity Normalization, Federation, and Virtualization

Future IAM solutions will further consist of identity normalization, federation, and virtualization. Virtualization and federation are based on the premise that no single agency, organization, government, or company can only be the final authoritative source relating to objects and their interactions.

Future identity management will include identity federation as a core component since it will extend to lower frictions, especially where the number of objects keeps growing exponentially. Through federation, organizations will manage to grant access to shared resources or applications without requiring to adopt the same technologies to be used in security, directory services, and authentication. As such, it is worth noting that federation will be beneficial since companies will manage to retain directory control, and at the same time, extend their reach beyond the local authentication.

Also, identity federation will eliminate the need for developing proprietary solutions. As a result, organizations will enjoy reduced costs when developing and deploying IAM solutions. The main aim of all IAM deployments is to authenticate and identify users, enhance security, and lower the risks which result from using identity information for multiple authentications. Also, implementing federated IAM solutions will enable companies to strengthen their privacy compliance efforts. This is because they will provide centralized and effective control of user access to identity stores and information sharing. It will further facilitate an improved user experience since it will also eliminate the need for registering new accounts.

Despite the advantages brought by federated IAM systems, there is the possibility of losing centralized control. The obstacle results from the need to accept identity credentials from sources not within the confines of an organization. Where the authorization risks are restricted to low-value data, a company might accept them. However, high-risk or high-value information might require direct authentication and management. Trust issues bring the main problem of accepting authentication from outside sources. Is the federated user as truthful that he is who he claims to be?

4. Blockchain-Based IAM

Other technologies are also influencing the future of IAM. These include identity systems based on blockchain technology. The systems’ main focus is to provide access to requested services and resources by gaining explicit consent to share information with specific entities.

The future of such IAM deployments includes a self-sovereign, distributed identity approach designed to empower individuals and risk mitigation efforts for companies collecting the information. It can be likened to micro-services but for identity management. It can be viewed as a self-sovereign entity where the owner can control it in multiple ways.

Blockchain is an integral part of future identity models. It will also play a key role in developing and supporting IAM systems based on self-sovereign identity. Blockchain consists of distributed ledgers that can provide enhanced discoverability of the identity and provide secure connections to required data for a transaction to be complete. Blockchain technology will also support future IAM deployments through anchored identifiers linked to identifying various hubs encoded with the semantic data.

5. Passwordless Authentication

With the adoption of authentication services such as Windows Hello and Trusona and the proliferation of connected tokens and smartphone-based authentications, it is now possible for security personnel to migrate away from password-based only authentication.

Alternatives that will influence future IAM processes are biometrics (fingerprints, voice, and face), push notifications that users can access through mobile devices, risk-based authentication, behavioral biometrics, and risk-based authentication, and FIDO WebAuthN. Such forms of passwordless authentication will enable companies to direct their attention to device registration and initial onboarding processes to enhance them.

6. Multimodal and Multitarget IAM Services to Support All Workloads

Despite cloud adoption rates increasing every year, some organizations still rely on on-premise applications, processes, user directories, and legacy systems. The traditional systems still might not go away in the next coming years, which might lead to the development of hybrid IAM deployments or architectures. These will support both the on-premise and cloud workloads. Such architectures will support the IAM security needs of legacy and on-premise applications such as ERP and HRIS. This will nevertheless require the use of connectors and the integration of SSO (single-sign-on).

Moreover, some businesses remain reluctant to store PII and user information in cloud storage services. Hybrid IAM deployments will support hybrid environments and applications by integrating SaaS and on-premise apps and supporting IAM deployments in many configurations. These include managed services, cloud IDaaS, or on-premise offerings.

7. Behavioral Biometrics to Perform Identity Verification

Companies will increase the use of biometrics in performing identification verification to ensure a continuous process of user authentication. Cyber adversaries are currently no longer required to target system endpoints to harvest passwords and other identity or authentication credentials. They can easily hack an Active Directory or password vault and access all stored passwords. As such, it is no longer sufficient to make a single authentication decision using passwords only, especially where a business uses a single-sign-on approach.

Companies hence need to include multifactor or behavioral device profiling. For example, organizations can deploy behavioral biometrics to assess a user’s behavior as a means of identity verification when customers respond to fill out forms when enrolling. Future IAM will hence consist of an expanded authorization and authentication processes, which will shift from the current one-time decision to a continuous process of monitoring and establishing user profiles and corresponding activities.

Future IAM Architecture Requirements for Operational Efficiency and Security

1. Data Encapsulation and Protecting its Identity

Organizations must track the data identity to protect their availability or integrity. Data identity means the metadata used to describe the data itself, which can provide information such as the owner who created it, individuals that can access the data, and users with authorized permissions for deleting it. Systems embed data identity within the data asset, making it a crucial component of realizing a secure and zero-trust environment.

More so, the data identity can provide information regarding its usage patterns. As a result, cyber adversaries can leverage the metadata, irrespective of whether systems encrypt it or not, to learn more about a specific user’s activities.

To counter this, it is essential to manage and tie data identity to the employee access permissions, effectively protecting data theft and reducing threat surfaces. IAM solutions need to be capable of assigning access privileges to users in their entire identity lifecycle.

2. Leverage Machine Learning Capabilities

Future IAM solutions should leverage machine learning (ML) capabilities as a means of intercepting anomalous patterns and access requests. In the current IMG (identity management and governance) solutions that utilize user data stored in a directory, businesses can identify and enforce specific user access privileges. Nevertheless, organizations cannot use such strategies to establish threats presented when user access permissions spike more than normal. Including machine learning in IMG tools can equip them with analytic capabilities for providing a deeper insight into user requests, entitlements, and obtained permissions.

3. Feed Identity and Cyber Threat Intelligence in IAM Platforms

The current methods used to secure against cyber threats in siloed environments usually provide insufficient and partial defenses. However, IAM vendors need to devise measures that can provide optimized protection. The measures include developing IAM solutions capable of analyzing and integrating different types of identity data, including device fingerprints, IP addresses, password and username combinations, and sites targeted by hackers.

4. Tweak Authorization to be Based on Activity and Context

Although access certification procedures minimize violations in the separation of duties and enhance an organization’s security posture, most employees perceive it as a nuisance in their productivity.

IAM vendors need to minimize the burden on IMG procedures through developing externalized authorization deployments capable of dynamically tuning authorization decisions in running applications. This is through basing IAM on the context like geolocation or device fingerprint during device access and activities such as resource user access in the application. Other techniques create point values for resource access, which mandates whether the running tally of a user matches the accessed resources.

Ethical Hacking – A Complete Guide

Joseph Ochieng

-

March 14, 2020

0

Ethical hacking is the science of testing your computers and networks for security vulnerabilities and plugging the loopholes you find before guys with malicious intentions get a chance to exploit them.

Ethical, for the sake of professional security testing techniques covered in this article, has been used to mean conforming to accepted professional standards of conduct. All the tests included in this text require obtaining written permission from the owner(s) of the system.

Defining Hacker

Traditionally, a hacker is someone who likes to tinker with electronic systems, software, or computers. Hackers enjoy learning and exploring new techniques on how to maneuver through a system. They are often passionate about discovering new ways to exploit vulnerabilities.

Recently, the term hacker has taken a new meaning: An individual who maliciously breaks into a network or computer system for personal gain. Hackers are, therefore, cybercriminals or crackers with ill intentions. They aim to steal valuable information, modify stored data, or delete data and code to frustrate their targets.

Many hackers strive to compromise any system that they think is highly vulnerable. Others prefer well-protected systems as it increases their ranking and status in the hacker community.

Ethical Hacking

Ethical hacking protects against hacker shenanigans. Ethical hackers possess the mindsets, skills, and tools of a hacker – and they can be trusted. Ethical hackers break into systems as a security test for the laid cyber-defense infrastructure. Penetration tests carried out on a system are legal and are only performed with the target’s permission.

Ethical hacking, also known as white-hat hacking, aims at exploring loopholes that a black-hat hacker could target. The intent is to provide the ultimate protection for a system by exploiting vulnerabilities from a malicious hacker’s viewpoint. It is a proactive risk management approach that provides for ongoing security enhancements of your system. An ethical hacker MUST, therefore, thinks as the bad-guy hacker does.

Why do you need to hack your systems?

With the rapid development in technology, there will come a time when nearly every system will be compromised to a certain degree. Therefore, there is a need to possess hacker skills to see how vulnerable and exposed your systems are. These skills will also help you to provide security for your system beyond known common vulnerabilities.

Virtual private networks (VPNs), firewalls, and encryption can provide a false sense of security. These systems only protect against high-level vulnerabilities such as traffic and viruses but do not affect hacker activity. Therefore, to provide extra security for your systems, you need to self-hack to identify and eliminate vulnerabilities before back-hats exploit them to compromise your system. This is the only certified way of hardening your security infrastructure.

You can’t protect your system from every threat unless you unplug your entire system and keep it out of reach from anyone. But it would be best if you strived to know how hackers could navigate through security systems and how to counter their activities. Ethical hackers should grow knowledge-wise, directly proportional to the rate at which black-hats expand their know-how.

Your overall goal as an ethical hacker should be as follows.

Use nondestructive hacking methods.
Identify and prove to the system owner that vulnerabilities exist.
Eliminate the loopholes and enhance the system’s security.

Understanding the threats to a system

it is crucial to understand the specific threats and attacks against your system as it guides how to pen-test your network security. For instance, a weak SQL Server administration password, a server hosted on a wireless network, and a default windows OS configuration may not be significant security concerns separately. However, an attempt to exploit all three vulnerabilities at once maybe lead to serious mayhem. Below is a shortlist of some of the well-known attacks that your system may experience.

Network-infrastructure attacks

Hackers can quickly attack network infrastructure since they can remotely access them through the internet. Below are some of the network infrastructure attacks.

Exploiting an insecure 802.11b wireless configuration to piggyback onto a network.
Denial of service attacks by sending multiple requests to a network
Exploiting weaknesses in NetBIOS and TCP/IP or any other network transport mechanism with vulnerabilities.
Using a rogue modem attached to a computer behind a firewall to connect into a network.

Nontechnical attacks

The human factor is the most significant vulnerability within any network or computer infrastructure. People can be easily manipulated. Generally, human beings are trusting in nature, and this can be exploited by hackers who lure the target to get information for malicious purposes. This type of attack or threat is referred to as a social-engineering exploit.

Another effective means of attacks are physical. They include hackers forcefully breaking in their way into computer storerooms or isolated areas with sensitive and valuable information.

Dumpster diving is also another common type of physical attack. It involves hackers rummaging through dumpsters and trash cans for valuable information, network diagrams, intellectual property, and so on.

Application Attacks

Applications are a rich haven of vulnerabilities and are a target for hackers. In the last few years, web applications and e-mail server software have been one of the main attack surfaces.

Applications such as Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol, which allow for full access from the internet due to ill-configured firewalls, are frequently attacked by hackers.
Junk e-mails or spam may contain malware and wreck your system’s storage space.
Malicious software can clog networks and can take a system down. These include Trojan horses, spyware, viruses, and worms.

Ethical hacking helps reveal the vulnerabilities in your system and expose the possible attacks against your system.

Operating-system attacks

Operating systems can be found in every computer, which makes it a suitable platform to launch attacks. Hackers prefer hacking OSs due to several well-known vulnerabilities that can be easily attacked. Occasionally operating systems such as BSD UNIX or Novell NetWare get compromised as they have had out-of-box security vulnerabilities. Linux and windows have well-known vulnerabilities that are widely attacked.

Some of the attacks on operating systems include.

Breaking security of file-system
Attacking default authentication systems
Cracking encryption and password systems
Exploiting specific weaknesses within protocol implementation

Ethical Hacking Commandments

An ethical vulnerability hunt must be based on a few commandments. If not, undesirable results and consequences may arise. I have personally witnessed some of these commands being ignored during the execution of pen-tests, and I can assure you that the results are never positive.

Uphold Privacy

Let confidentiality and respect prevail in the course of executing your test. All information collected for the test must be treated with utmost privacy, from clear-text files to web-application log files. Do not use the obtained credentials to gain access to private lives or administrative platforms of corporates. If there is a need to access certain accounts, it’s more appropriate to share the information or seek permission from the account holder or manager. Ethical hacking is a “watch the watcher” process. Therefore it involves relevant persons to build trust and gain support as you execute your hacking project.

Working ethically

Hack with professionalism. As ethical hackers, we must have firm principles based on upright moral values. Ensure that your strategies and tools used are in line with the company’s security policy. Whether performing a penetration test for a personal computer or on an organization’s system, your executions should be aboveboard and support the given system’s security policy and goals. No malicious intentions are allowed.

For a good-guy hacker, trustworthiness is the ultimate tenet. This is what differentiates you from the blackhats. How you handle sensitive information after being granted access to a computer system defines what category of hacker you are. Bad-guy hacker misuses vital data and exploits identified loopholes within the system while good-guy hacker works for the good of the system.

Not crushing your systems.

One of the main challenges most people face while hacking their systems is the risk of inadvertently crushing the system. Some hackers make this mistake due to poor planning on how to execute their tests. Before intruding into any system, proper planning is needed. Planning should encompass 90% of the process, while execution should encompass just 10%. Take ample time to read through the documentation. Understand the usage and power of the security tools and techniques you intend to use.

Running several tests at the same time may lead to a DoS condition on your system when testing. Performing many tests simultaneously can cause system lockups. I have experienced this situation firsthand. Trust me that it is frustrating to lock yourself out of your system. Do not assume that a specific host or network can handle the beating that vulnerability tools and network scanners can dish out. Be patient, know the capacity of your target system, and don’t rush things.

Most security assessment tools can adequately regulate the number of tests carried out on a system simultaneously. This regulation is vital, especially if you plan to run tests during working hours or on production systems that are always functioning.

Ethical Hacking Process

The ethical hacking process should be well-planned before execution, just like any other IT or security project. There should be a firm basis for the process where strategic and tactical issues are outlined and agreed upon. Planning is elementary for all levels of tests and should be included as part of the hacking process. It should come before any implementation. It is necessary for any test, from a simple password-cracking test to a sophisticated pen test on a web application. Below is a brief look into the five major steps that compose ethical hacking.

1. Formulating your plan

Let decision-makers know what you are doing. Inform them of your plans as this may help in obtaining sponsorship for the project. Approval for ethical hacking is elemental, and you need someone to back you up if something goes haywire. Otherwise, there may be severe legal implications.

You need a comprehensive plan, not voluminous testing procedures. Your plan should be detailed and precise. A typical plan may include;

What systems are to be tested
Anticipated risks
Schedule for the tests
Methodology to use for every task
Your level of know-how about the systems before running the tests.
Response plan to identified vulnerabilities
The specific deliverables such as reports entailing countermeasures to be deployed for the given vulnerabilities deployed

I recommend that you always begin your tests with the most vulnerable systems. For example, you may start with social engineering attacks or test computer passwords before digging deep into more sophisticated systems.

Also, remember to have a contingency plan in case things go awry. What if you take down a web application while trying to assess it? This can cause a denial of service and, in return, a lowered employee productivity or system performance. In extreme situations, a mistake may cause loss of data, loss of data integrity, bad publicity, or even the entire system’s collapse.

2. Selecting tools

It is nearly impossible to accomplish any task without the right tools in place. But having all the right tools does not guarantee that you’ll find all the vulnerabilities. Identify technical and personal limitations as several security assessment tools could incorrectly identify vulnerabilities. Some tools may generate false positives, while others may miss vulnerabilities. For instance, weaknesses are often overlooked when performing a physical-security assessment or social-engineering assessment.

Always ensure that you are using the right tool for the right task.

For simple test such as the cracking-password test, you can use John the Ripper, pwdump or LC4
For more advanced analysis such as web application tests, a more sophisticated web application assessment tool such as WebInspect will be more appropriate.

Hackers often misunderstand the capability and functionality of certain hacking tools, leading to negative results. Therefore, ensure that you familiarize yourself with these complex tools before you start using them. You can achieve this by;

Reading online help with your tool.
Going through the user’s manual guide for your given commercial tool
Formal classroom training from the security tool vendor

3. Executing the plan

Time and patience are key elements for a successful ethical hacking execution. Be extremely careful while hacking your system as the bad-guy hackers are always on the lookout for knowing what’s going on within their cyber niche or space.

It is impossible and impractical to ensure the total absence of hackers on your system before you commence your activity. Therefore, your role is to ensure that you remain as silent and private as possible. Storing or transmitting your test results may cause havoc if the wrong person accesses the results. You must keep such critical data safe by password-protecting and encrypting.

Plan execution is more of a reconnaissance mission. It would be best if you aimed at harnessing as much information as possible. Start from a broad perspective and narrow down your focus on your organization or system.

Start by getting adequate background information about your organization, your network system names, and IP addresses.
Narrow down your scope. Pin-point the specific systems you are targeting.
Narrow your focus more, concentrate on a specific test, and execute scans and other detailed tests.
If you are convinced enough after the pre-survey, perform attacks.

4. Evaluating results

Assess your results to get more in-depth know-how on what you uncovered. This is where to exercise your knowledge of cybersecurity. Analyzing the results and correlating the specific vulnerabilities discovered is a skill, and it gets better with experience. If properly done, you will have a perfect understanding of your system, better than average hackers, and as good as any other competent IT expert would.

Share your findings with the relevant stakeholders to assure them that their effort and money are well spent.

5. Moving on

After getting your results, proceed to the implementation of appropriate countermeasures mechanisms recommended from the findings.

Conclusion

New security vulnerabilities continually appear. Technological advancements are becoming more diverse and complex. Security vulnerabilities and hacker exploits are uncovered daily. You are always going to uncover new ones!

Security tests should be treated as a snapshot of your system’s security posture. It should detail out your degree of security at that given time. This is because the security landscape can change anytime, and especially after adding a computer system into your network, a software upgrade, or after applying a patch. Make the pen-test a proactive process. Let it be part of your security policy for you to counter costly cyberattacks.

Top 20 Cybersecurity Practices that Employees Need to Adopt

George Mutune

-

February 25, 2020

0

Top 20 Cybersecurity Practices that Employees Need to Adopt

People are a company’s most valuable asset. However, they can also be the company’s most significant security vulnerability. According to a report by Verizon data breach investigation, 27% of the total cyberattacks were caused by human error and negligence. The report also revealed that cyberattacks were not only a lurking threat to large companies and government organizations but also small businesses. Hackers targeted 70% of cyberattacks towards small businesses.

Indeed, companies can reduce their vulnerabilities by properly educating their employees on online and computer safety. Below are the best 20 cybersecurity practices that employees need to adapt to protect their companies better.

1. Avoid unknown emails, links, and pop-ups

Phishing is the act of hackers sending seemingly legitimate emails and links in hopes of gaining access to systems. If you are not aware, you may give an attacker access to your company’s system by clicking on malicious pop-ups and links.

Employees should take caution with attachments and links in emails from unrecognized senders. Phishers could quickly gain access to a company’s computer network system by tricking unaware employees into clicking on emails and links with malware embedded into them.

A simple rule to follow is avoiding entering any crucial or personal credentials or information in unknown emails, pop-ups, or links. Most attacks nowadays are orchestrated through hackers impersonating employees. By double-checking the legitimacy of any incoming online communication, you can better protect your company from cyber threats.

2. Be cautious with unvetted USB

As USB becomes the most common mode of data transfer, employees, or even the company itself receives USB drives from numerous sources. According to the Accounting MBA Online, a program at St Bonaventure, all USB should be treated as if they contain viruses or malware, no matter where they come from. Whether the USB devices come from the store or business-related functions, you should not directly plug them into computers that have access to the company’s computer network.

Some of the malware that might be on a USB is a keystroke detector or the USB killer that destroys any computer that the when you plug in the USB.

A good practice is to have the IT department double-check all USB devices before using them within the company. This is prudent because the devices could host hidden malware or virus that cause harm to the company’s systems.

3. Keep your mobile device safe

With the ever-changing technological advancement, mobile phones have become mini-computers, and a ton of sensitive information can be accessed from them. As manufacturers try to make almost everything as lightweight and portable as possible, the size of mobile phones and laptops is rapidly shrinking.

This trend makes it even harder to keep track of these devices, and a good number are consequently lost. If an attacker gets his hands on such a device, he may easily infiltrate a company’s system by posing as the employee-owner of the device.

As an employee, it is essential to ensure you are always aware of the position of your mobile devices. Leaving them in the open not only puts you at risk of cyberattacks but also the company to whose system your devices are configured to access.

4. Use strong passwords

As obvious as it sounds, it is imperative to use clever and strong passwords in accessing your company’s system or your own devices. Simple passwords are easy to figure out. If a hacker manages to figure out your passwords, he/she may gain access to your saved credentials and possibly access your company’s system.

Password bypassing software and tools are becoming more sophisticated day by day. It is, therefore, more important than ever to use well thought out and complex passwords to protect your devices. Other secure password practices include:

Using strong passwords that contain at least ten characters
Password characters should consist of upper and lowercase letters, numbers, and symbols or special characters
It is also very crucial to change these passwords regularly
Changing and remembering all previously changed passwords is a cumbersome task; therefore, a password manager tool comes in handy.

5. Using secure WI-FI

Most office wi-fi networks are well encrypted and safe. Public wi-fi networks, on the other hand, are unmanned and unsafe. a significant is because of their open access and minimal security features.

When working remotely, and you must use a public wi-fi network, it is crucial to ensure the safety of your company’s data by utilizing Virtual Private Networks (VPN). This is a good measure to keep your remote access to your company’s system hidden and secure. With hidden and untraceable online activity, it is almost impossible for anyone to tap into your device and access your remote transactions with your company system.

There are several useful VPN providers and software in the market that can be obtained for little or no fee. But it is important to note that free software is limited in terms of overall performance and features.

6. Ensure data protection

Just as much as we take caution not to share any overly personal or private information in social media, the same caution should be extended to work. By carelessly uploading information online, you might end up sharing details that might be used against your company. This could be bits of information that hackers may assemble and gain access to the company’s system. These bits could also be company sensitive information that other competitive companies could use to their advantage.

Users can deploy several security measures to mitigate this risk. Primarily, employees should always double-check on videos or photos of their workplace before sharing them on social media. Failure to practice this measure, they may unknowingly hint an attacker of the company access credentials by sharing a photo with a computer screen or whiteboard in the background. Employees should, therefore, take extreme caution on the information they upload online.

7. Install security software updates

Internet security service providers regularly update their software to match the continuously sophisticated malware and cyberthreats. If an instruction is sent by your company management to update software applications, it is your job as an employee to install the updates on your devices immediately.

Internet security service providers are always on the job to counter-attack any new cyberthreats and keep their clients safe. They, therefore, send software update notifications to subscribers of their services regularly. Not being at par with the latest protection software can leave you vulnerable to newly designed cyberattacks. This cybersecurity practice also applies to any IoT or personal devices that are used at or for work.

8. Use firewall protection at work or home

Similar to a perimeter fence, a firewall restricts unauthorized access to a network. A firewall is the first line of defense technique to bar cybercriminals from accessing websites and data storage sites of a company.

Employees can take this security measure a notch higher by also considering firewall protection for their home networks. Hackers can be cunning and determined. Access of a company’s network system can be initialized by hacking into home networks that connect to the system network. By installing home network firewalls, employees ensure better protection of their companies against the cybercriminals.

Employees can contact an internet security service provider to get more information on the available types of network firewalls. The most common types are:

Next-generation firewalls,
Proxy firewalls,
Network address translation and
Stateful multilayer inspection firewalls.

You can also inquire from your company if they offer firewall installation software.

9. Communicate with your IT department

Most companies have internal cybersecurity mitigation teams or IT departments. Employees need to work closely with the IT departments in order to better protect themselves and their workplaces against cyber threats.

Rapidly reporting any suspicious online activity and security warnings from the internet security software to the IT guys is crucial to mitigating any cyber threats on time. In case you hit a snag with any computer operations like software updates, it is very important that you consult with the IT department. The IT personnel may not be aware of every potential cyber risk that poses any security threat to your company. They, therefore, depend on the employees to provide them with the intel on any unusual online activities. It is also prudent to keep in touch with IT even you are working remotely.

For employees in companies that do not have internal IT departments, it is very easy to fall prey to false online IT or tech support. Take caution as hackers may pose as online tech support providers and render you a victim of phishing.

10. Embrace cybersecurity training and education

Most companies take their time to create cybersecurity awareness workshops and coaching to train their employees. They do this in a bid to reduce cyberattacks caused by human error and employee negligence. Any employee should be aware of the impacts of cyber threats and risks to sensitive information.

By willingly attending such training and workshops, an employee can spot and sort phishing emails and pop up webpages. Gaining knowledge about cyber threats enhances an employee’s skill to identify dangerous email attachments and as a result, prevent data breaches.

The educative training sessions also update employees on the newly developed types of frauds and ransomware. It is the responsibility of an employee to know and understand the company’s cybersecurity policies and accurately implement them. It helps a lot to be a little tech-savvy. This knowledge comes in handy when you remotely contact the IT department, and they need you to access the devices and provide some information.

11. Use Multifactor Authentication (MFA)

Multifactor authentication is a security feature that adds a secondary barrier to accessing accounts. Just as in the case of door locks, the more there are, the harder it becomes to break in. Therefore, it becomes thrice as hard for hackers to infiltrate your data.

Despite its benefits, 90% of Gmail users do not use MFA. As per Verizon in their 2017 data breach report, 81% of cyber-attacks result from weak and stolen passwords. MFA greatly minimizes data breaches caused by password related vulnerabilities.

Nevertheless, the popular phone numbers two-factor authentication is no longer safe; hence it is better to use MFA that do not involve SMSs. Employees play a huge role in ensuring minimal cases of cybersecurity of their company is not compromised. Using physical MFA such as Yubico Security Keys, employees can ensure that their accounts and devices are not used to infiltrate the company’s network system.

12. Be wary of Business Email Compromise (BEC) and CEO attacks

Attackers may also pose as an authority in the company. By replicating the emails of top authority such as CEO, the hackers may fool unaware employees into giving out sensitive company transactions or information. The unscrupulous cybercriminals posing as CEO may contact employees requesting urgent tasks, money transfers or even gift purchases.

To avoid exposing or sharing sensitive business information, employees should never reply to such emails. Instead, when you identify a suspicious character in email addresses, double-check for the legitimacy of the address domains. Hackers replicate email address domains in ways that are hard to detect immediately. Inconspicuous differences such as 0ffice.com instead of office.com are not easily spotted. Another safety measure against BEC attacks is to verify the legitimacy of such requests physically. This can be done by phoning the authority.

13. Create data backups

A backup solution is the best measure to keep personal and business information safe. One of the biggest threats to data is ransomware. Ransomware is a malicious program whose deployment is triggered by an employee clicking on malicious links or a computer getting infected from other computer networks. The program, once deployed, takes hostage the data storage sites. Data is deleted or rendered inaccessible unless the victim pays a ransom. Although the most common targets of ransomware are businesses, there has been an increase in the number of private user victims.

To prevent such scenarios, employees can ensure the safety of their data by incorporating continuous backups of their critical information. You can either use the cloud backup solution or the physical hard drive backup. The cloud backup creates a copy of your data on a server and hosts it in another separate location. Data can, therefore, be restored in case systems are corrupted or hacked.

14. Use malware and virus protection software

The use of anti-virus programs is a sure-fire technique to prevent intrusion of malicious programs into your computer network system. These malware and virus protection should not only be implemented in the office but should also be implemented on personal devices. In order to screen out malicious websites and messages, these programs should be installed in mobile devices, desktop computers, and laptops. The software continuously scans and weeds out suspicious files and messages from computer systems, ensuring a fulltime protection from cyber threats and malware. By understanding how to operate the programs, employees can minimize the volume of malware operating within the business environment. This reduces the chances of employees compromising the security of business information while accessing it from their devices.

15. Ensure proper device operations

To properly implement the company’s cybersecurity policies and strategies, an employee should ensure proper and adherent device deployment. By configuring business operation devices in line with the IT policies, cybersecurity measures are put well into use. To curb cybercriminals’ intrusion to company systems via connected devices, employees must deploy devices following manufacturers’ recommendations.

FTP and discovery capabilities of devices should be disabled if the IT department does not allow for such services. It is also prudent to disable device services that are not needed or currently being used. This minimizes the footprint or points of vulnerabilities to cyberattacks.

16. Verify the legitimacy of software

Contrary to the common misconception, not all software from trusted brands is safe. Carelessly downloading or installing software can pose a considerable number of security threats to the computer system and overall to the company. Prudently choosing what site you download from is just as important as selecting the brand of software you download. With numerous sites on the internet from which you can download free software, it is now easier than ever to fall prey to malicious programs posing as utility tools. Many variations of popular software are now available, most of which are trojan embedded.

An employee should understand and strictly follow the company’s laid out download protocols. Downloads should be limited to business computers as much as possible. Additionally, all downloaded files and programs should be run through an anti-virus and malware program to verify its legitimacy.

17. Be aware of social engineering

Rather than taking advantage of vulnerabilities in software and installed operating systems, social engineering takes advantage of the untraceable human error. Cybercriminals publicly gather information about their victims through social platforms to impersonate them. The attackers psychologically manipulate and trick their victims into handing out sensitive information. By use of well-structured research on the intended victim’s data and background information, the perpetrators can gain the trust of their victims. After malicious actors provide a seemingly harmless reason, employees innocently give away sensitive information about their company.

Employees can easily avoid such psychological traps by being extra cautious and aware when venturing into all cyberinteractions. Avoid all deals and offers that sound to good to be true. Most of them are scams

18. Use a Managed Service Provider (MSP)

Human error, although abatable, is inevitable. End-user errors, primarily, can be successfully managed through employing services of an MSP. By using the services of an MSP that offers Mobile Device Management (MDM), you can be able to locate or remotely wipe your lost device memory to prevent any data breach through the lost device. Hackers execute many attacks after gaining crucial pieces of information through lost devices. By obtaining information on the location of your device, you can manually reach it and involve the necessary authorities concerned with such cases.

19. Use data encryption

Data encryption prevents any unauthorized person from gaining access to data. Users can encrypt data to transform it into another form that only the person with the decryption key can access the message. Data encryption is currently one of the most popular data protection techniques used by companies. The aim of encrypting data is to protect the confidentiality of digital data. Employees can embrace data encryption as they transmit data to cloud storage. By encrypting crucial information and files in emails, employees can ensure the safety of the files during transit.

20. Avoid a messy desk

As obvious and simple as it may sound, a messy desk can be a source of many tiny crucial bits of information. During a typical business day, a lot of paperwork with important information may land on an employee’s desk. Notes from your boss, pieces of papers with passwords scribbled on them, and invoices are some of the vital information sources that may be easily left lying around on a messy desk. Furthermore, it can be tough to notice a missing file or paper on a messy desk. Therefore, it would take ages to connect a password breach to an employee’s messy desk.

Some of the best desk management practices for cybersecurity are very simple to follow. Do not leave any flash drives or digital storage devices lying around. Lock your cabinets or drawers. It is essential to ensure that you do not leave confidential papers on your desk for extended periods. When well-practiced, desk management can have a large impact on strengthening business cybersecurity.

Conclusion

Given the magnitude of key roles of employees in managing cybersecurity of their companies, it is vital to ensure that employees are well aware of the risks and impacts of cyberthreats to a business. There are many possible ways of minimizing instances of cyberattacks (most of which were mentioned above). By understanding that no one is immune to cyber threats, it imperative to work together as employees and the business administrators to fight the common threat. Simple practices by employees can go a long way in preventing the occurrence of cyber risks. Also, simple careless mistakes by an employee, like clicking on an unknown link, can be the cause of a company’s downfall. The vulnerability of a company is directly influenced by how well its staff is aware of the potential risks.

Virtualization Security – A Complete Guide

Joseph Ochieng

-

February 23, 2020

1

Virtualization Security – A Complete Guide

Despite being a concept born fifty years ago, virtualization has advanced and can satisfy complex applications currently being developed. Half of all servers run on Virtual Machines (VMs), and the IDC predicts that close to 70% of entire computer workloads will run on VMs by 2024. As virtualization components increase and the virtualized environment expands, the main concern becomes how to maintain safe security levels and integrity. Below is a brief look into some of the differences, issues, challenges, and risks caused by virtualization. This paper also provides some recommendations to ensure that the network is secure to the required degree.

Security benefits due to virtualization

The introduction of virtualization to the environment will lead to the following security benefits:

It is possible for a properly configured network to share systems without necessarily having to share vital data or information across the systems. This flexibility provided by a virtual environment is one of its core security benefits.
Virtualized environments use a centralized storage system that prevents critical data loss in case of a stolen device or when the system is maliciously compromised.
VMs and applications can be properly isolated to minimize the chances of multiple attacks in case of exposure to a threat.
Virtualization improves physical security by reducing the number of hardware in an environment. Reduced hardware in a virtualized environment implies fewer data centers.
Server virtualization allows servers to return to revert to their default state in case of an intrusion. This enhances incident handling since an event can be monitored right from before the attack and during an attack.
Hypervisor software is simple and relatively small in size. Therefore, there is a smaller attack surface on the hypervisor itself. The smaller the attack surface, the smaller the potential for vulnerabilities.
Network and system administrations have a higher level of access control. This can improve the efficiency of the system by separating duties. For instance, someone may be assigned to control VMs within the network’s perimeters, while someone else may be assigned to deal with VMs in the DMZ. The system can be further integrated such that individual administrators specifically deal with Linux servers while others deal with the Windows servers.

Notice that I have frequently used the terms “if set up or configured appropriately”. This is to emphasize the complexity of virtualization. Therefore, it must be appropriately secured to gain the stated benefits.

Security challenges and risks

We can now proceed to some of the challenges, risks, and other relevant issues that influence virtualization.

Sharing of files between Hosts and Guests

A compromised guest can remotely access a host file, modify, and/or make changes when a file-sharing is used. The malicious guest may modify directories used to transfer files.
When API is used for programming or when guests and hosts use clipboard sharing to share files, there are higher chances of substantial bugs present in the area, compromising the entire infrastructure.

Hypervisor

VMs attached to hypervisors are affected when the ‘host’ hypervisor is also compromised. The default configuration of a hypervisor is not efficient enough to provide absolute protection against threats and attacks.
As much as the hypervisors are small, provide relatively smaller exposure surface areas, and virtually controls everything, they also endanger the system by providing a single point of failure. An attack on a single hypervisor can put the whole environment in danger.
Because hypervisors control almost everything, administrators can adjust and share security credentials at their will. The administrators have keys to the kingdom, which makes it difficult to know who did what.

Snapshots

Current configurations or any modifications are lost when snapshots are reverted. For instance, if you modified the security policy, it implies that the platforms may become accessible. To make it worse, audit logs are also likely to get lost; hence, no records of changes can be traced. Without all these, it can be challenging to meet the expected compliance requirements.
Like physical hard drives, snapshots, and images to contain PII (Personally Identifiable Information) and passwords, new photos or snapshots may be a cause for concern, and any previously stored snapshots that had undetected malware can be loaded at a later date to cause havoc.

Network storage

iSCSI and Fibre Channel are susceptible to man-in-the-middle attacks since they are clear text protocols. Attackers can also use sniffing tools to monitor or track storage traffic, which they can use in the future at their convenience.

Administrator access and separation of duties

In an ideal physical network, network administrators exclusively handle network management while server admins deal with the management of servers. Security personnel has a role that involves both the two admins. However, in a virtualized environment, network and server management can both be delegated from the same management platform. This provides a novel challenge for the separation of duties that will effectively work. In most cases, virtualization systems grant full access to all virtual infrastructure activities. This normally happens when the system is hacked, and yet the default settings were never changed.

Time Synchronization

A combination of VM clock drift and other normal clock drifts can make tasks run early or late. This makes the logs lose any elements of accuracy in them. With inaccurate tracking, there will be insufficient data if the need for forensic investigation arises in the future.

Partitions

For multiple VMs running on the same host, they are isolated such that they cannot be used interchangeably to attack other VMs. Despite the degree of isolation, the partitions share various resources such as CPU, memory, and bandwidth. Therefore, if a partition consumes an extremely high amount of one, both, or all of the resources due to a threat, say the virus, other partitions may likely experience a denial of service attack.

VLANS

For VLANs to be used, VM traffic must be routed from the host to a firewall. The process may lead to latency or complex networking that can lower the performance of the entire network.
Communication between various VMs is not secured and cannot be inspected on a VLAN. And if the VMS is on the same VLAN, then malware spreads like a wild bush fire, and the spread from one VM to another cannot be stopped.

Virtualization common attacks

Below are some of the three common attacks known with virtualization:

Denial of Service Attack (DoS)

In case of a successful denial of service attack here, hypervisors are likely to be completely shut down and a backdoor created by the black hats to access the system at their will.

Host Traffic Interception

Loopholes or weakness points present in the hypervisor can allow for tracking of files, paging, system calls, monitoring memory, and tracking disk activities.

VM Jumping

If a security vulnerability such as a hole exists in a supervisor, a user can almost seamlessly hop over from one VM to another. Unauthorized users from a different VM can then manipulate or steal valuable information.

TRADITIONAL SECURITY APPROACHES TO VIRTUALIZATION

Most of the current security challenges encountered in virtualization can be partly addressed by applying existing technology, people, and process. The main setback is their incapability to protect the virtual fabric composed of virtual switches, hypervisors, and management systems. Below is a look into some of the traditional approaches used to provide security to virtualization and some of their shortcomings.

Firewalls

Some security personnel imposes traffic between the standard system firewalls and VMS to monitor log traffics and send feedback back to VMs. Virtualization being a new technology, firewalls do not provide a well-tailored infrastructure to accommodate security-related issues. Firewalls came way earlier before virtualization was incorporated and adopted within data centers and enterprises. Therefore, the pre-installed management systems cannot handle current security threats to virtualization as they seem complex for the system. Such setbacks can lead to the deployment of manual administrations, which comes along with errors due to the human factor.

Reducing the number of VMs assigned to physical NICs/per Host

this method reduces the number of VMs to be placed on a host and assigns a physical NIC to every VM. This is one of the most efficient means to secure the firm though it does not allow the organization to enjoy ROI related to virtualization and other cost benefits.

Detection of Network-Based Intrusions

When there is multiple VMs residing on a host, the devices do not work well. This is mainly because the IPS/IDS systems cannot efficiently monitor the network traffic between the VMs. Data can also not be accessed when the application is moved.

VLANs

VLANs are extensively used for booth environments with a good degree of virtualization and those without any form of virtualization. As the number of VLANs expands, it gets harder to counter manage the resulting complexities related to access control lists. Consequently, it also becomes difficult to manage compatibility between the virtualized and non-virtualized aspects of the environment.

Anti-virus

The use of an agent-based anti-virus approach entails mapping a complete copy of anti-virus software on each VM. It is a secure method but will require a large amount of financial input to load copies of anti-virus across the entire VMs in the environment. The software is large and therefore increases hardware utilization. As a result, it causes negative impacts on memory, CPU, storage, and a decrease in performance.

A larger percentage of firms still rely on traditional mechanisms for their network security despite the above-mentioned drawbacks. Virtualized environments are highly dynamic and rapid change with the advancements in technology and IT infrastructure. To get the best protection for such an unpredictable environment, it’s recommendable to use the good aspects of the current security approach in addition to the below-listed recommendations for a virtualized environment.

Best practices and recommendations for a secure virtualized environment

Network security

Eliminate loopholes into the system by disconnecting any inactive NIC.
Secure the host platform that connects guests and hypervisors to a physical network by setting up logging and time synchronization, placing things in place to regulate users and groups, and setting file permissions.
Use authentication and encryption on each packet to secure IP communications between two hosts.
Eliminate the use of default self-signed verifications to avoid possible interference by man-in-the-middle attacks.
Strategically place virtual switches into a promiscuous mode for traffic tracking purposes and allow the filtering of MAC addresses to prevent possible MAC spoofing attacks.
Ensure that every traffic is encrypted, including those between hypervisor and host using SSL, between clients and hosts, between hypervisor and management systems.

Disaster Recovery

Have a proper change control so that the main site and the backup sites are kept as identical as possible.
PEN test and auditing should be separately done for your DR site and the main site but with the same frequency and significance.
Logging and other records sourced from the DR site should be treated with the same importance as those from your primary site.
Ensure that your production firewall is active and with a good security posture at the disaster recovery site. Conduct regular audits at the main site if the firewall is disabled or until ab event occurs.
Replica of valuable data or information should be encrypted and appropriately stored.
Create a unique storage matrix

Separation of duties and Administrator access

Server administrators should be provided, specifically, with credentials of the respective servers they are in charge of.
Admins should be given the power to create new VMs but not to modify already existing VMS.
Every guest OS should be assigned a unique authentication unless there is a compelling reason for two or more guest OS to use the same credentials.
Contrary to common thought, security personnel have found out that the larger the virtualized environment, the easier it allocates responsibilities across functions. An admin can’t carry out the entire management process singlehandedly.

Desktop security

Below are some of the four effective measures that can be used to eliminate unauthorized and unsecured virtualization in an environment.

Clearly outline acceptable use policy.

Define the required approvals and the exact conditions under which a virtualization software can be installed.

Reduce the ratio of VMs to Users

Not every user will require VMs on their desktop. Restrict installation of freely available software’s on corporate laptops and desktops.

Implement security policies that second virtualization

Ensure that our system does not have conflicting security policies with the existing virtualization platforms.

Have a library of Secure VM builds

Set up a repository of VM builds for keeping security software, patches, and configuration settings that users can easily access for use or re-use if need be.

Virtual Machine Security

Management networks connected to hypervisors should not be used to store VMs.
Using processor-intensive screensavers on physical servers overwhelm the processor needed to serve the VMs.
Only create VMs as per the requirement. Unused VMs in the environment can form potential entry points for black hats.
The kennel or host resources, such as storage networks, should be easily accessed by VMs.
Disable all unused ports, such as USB ports present on VMs.
Encrypt data being conveyed between the Host and VM.
Traffic segmentation can be achieved by employing VLANs within a single VM switch.
Have a comprehensive plan I place on how to plan, deploy, patch, and back up the VMs.
Place workloads of different trust levels in different physical servers or security domains.
Dormant VMs should be routinely checked or have restricted access.

Management System

Enable SSH, SSL, and or IPSec protocols to secure communication between host and management systems. This is elemental in eliminating any chances of man-in-the-middle attacks, loss of data, or eavesdropping.
To avoid double-checking reports or analysis, installing a single unifying security policy and management system for both virtual and physical environments is necessary.
Database servers and management servers should be distinctly separated.
Restrict access to the management server. It should not be accessible from every workstation.

Hypervisor Security

Install new updates and patches as they are released. Installing sound patch management helps to mitigate hypervisor vulnerabilities.
Eliminate unwanted services like file sharing
Hypervisor logs should be analyzed consistently to weed out any weak points from the system.
Employ the use of a multi-factor authentication process for the hypervisor functionalities.
The management interface of the hypervisor should not be exposed to the LAN.

Remote Access

Remote access management should be performed by a small set of authorized management system IP addresses.
There should be a strong password policy for every remote access. For high-risk areas or attack-prone environments, a 2-factor authentication is most preferred or the use of a one-time password.
Any data or information being sent to management systems should be encrypted.

Backups

No root accounts should be used for backups.
Disk backups are equally as important in the virtualized environment as they are in the traditional one.
Perform a full system back once a week and frequent or daily backup of OS and data
Encrypt every data sent to a disaster recovery over the network.

Conclusion

Virtualization is a dynamic and rapidly growing technology that has presented new challenges to most security firms. Therefore, existing mechanisms and the process cannot effectively provide security to the virtual environment and all its components. This is because virtualization is a hybrid of a physically centered network and a new logical or virtual environment. To ensure a strong security posture, additional protection and considerations must efficiently be put in place. The firm needs to plan and have prior preparations on how to handle the security perspective of the new virtual infrastructure and all its components. Virtualization security should be a priority and not an afterthought.

CybrerExpertsThe Greatest Minds in Cybersecurity

CybrerExpertsThe Greatest Minds in Cybersecurity

CybrerExpertsThe Greatest Minds in Cybersecurity

Know where your business is exposed, what matters most, and what to fix first.

Most small businesses know cybersecurity matters. Very few know what to fix first.

How it works

Start with a checkup. Continue with monitoring.

AI Small Business Cyber Checkup

AI Cyber Hygiene Monitor

What CyberExperts does — and does not do

See your biggest cybersecurity gaps in plain English.

Top 20 Ways to Avoid Cyber Risks when Working from Home

Prevalent cyber risks when working remotely

1. Insecure remote working setups

2. Employees use multiple devices

3. Sharing information using insecure networks

4. Logistical challenges

5. Insecure endpoints

6. VPN manipulation

7. Unpatched applications

Tips for avoiding cyber risks

1. Understand threats to the organization

2. Develop proper guidance and communication

3. Deploy required security capabilities

4. Maintain effective password hygiene

5. Regular system and software update

6. Secure the Wi-Fi access points

7. Encourage use of VPNs

8. Prioritize education awareness

9. Don’t mix work with personal matters

10. Secure video conferencing tools

11. Multi-factor authentication

12. Encrypted communication

13. Avail adequate IT support

14. Update incident response policies

15. Avoid free networks and internets

16. Observe strong physical security

17. Install antivirus and antimalware tools

18. Observe a clear desk policy

169 Avoid sharing URLs for virtual meetings

20. Log off once done

The Impact of the Coronavirus on the Cybersecurity Industry

Current and Future State of Identity Access Management (IAM)

Why your Business Needs IAM

1. Manage Customer Preferences, Identities, and Profiles

2. Offer Secure, Adaptive Access to Protected Information

3. Enhance Customer Relationships Through Leveraging Identity Data

4. Maintain Privacy Preferences

5. Support Zero-Trust Processes

Current and Future IAM Trends

1. Smart Device and Robotics Identification

2. IAM as a Utility

3. Identity Normalization, Federation, and Virtualization

4. Blockchain-Based IAM

5. Passwordless Authentication

6. Multimodal and Multitarget IAM Services to Support All Workloads

7. Behavioral Biometrics to Perform Identity Verification

Future IAM Architecture Requirements for Operational Efficiency and Security

1. Data Encapsulation and Protecting its Identity

2. Leverage Machine Learning Capabilities

3. Feed Identity and Cyber Threat Intelligence in IAM Platforms

4. Tweak Authorization to be Based on Activity and Context

Ethical Hacking – A Complete Guide

Defining Hacker

Many hackers strive to compromise any system that they think is highly vulnerable. Others prefer well-protected systems as it increases their ranking and status in the hacker community.

Ethical Hacking

Why do you need to hack your systems?

Your overall goal as an ethical hacker should be as follows.

Understanding the threats to a system

Network-infrastructure attacks

Nontechnical attacks

Application Attacks

Operating-system attacks

Ethical Hacking Commandments

Uphold Privacy

Working ethically

Not crushing your systems.

Ethical Hacking Process

1. Formulating your plan

2. Selecting tools