Securitybeat Advisors LLC

Blog

  • No Muscle in Cyber Defense

    We all have a distant memory of a bully at school that we chose to avoid during recess or after school.  We were no match for them.  Why end up in a fight for no good reason?

    The bully is back, but this time they are challenging our cyber defenses. 

    Researchers claim that 99% of us are vulnerable.  Today’s capability of our adversaries are no match for us.  The bullies are in the thousands and we have no place to hide.  Any of us could be the next Sony.

    The path forward is clear,  Each of us must hit the gym and gain a little muscle against today’s cyber threats.  At the same time, we must actively collaborate, creating strength in our numbers.

    References:

    1. https://www.cnet.com/news/privacy/thousands-could-launch-sony-style-cyber-attack-says-ex-hacker/

  • The Bleed Goes On

    It seems like forever ago that we learnt of the Heartbleed Bug, a serious vulnerability found in the backbone of network privacy – OpenSSL. The news came in a zero-day perfect storm – a public vulnerability and exploit without any means to fix it. We lacked preparation, not knowing where OpenSSL was and how to fit it. Countless software manufacturers took what seems to be an eternity to assess their implementations, advise customers of their vulnerability, and develop patches to close the loophole.

    The “zero-day” took weeks. Many grew tired of the cycles of discovery, planning, and deployment. The response took its toll – leaving the job undone.

    The majority – it appears – stopped when systems had been patched. A key missing step was dealing with their encryption keys – the information disclosure risk that started it all.

    According to Venafi, the public-facing systems of 74 percent of Global 2000 remain vulnerable, running on old PKI certificates and keys. Let’s stop the bleeding and get the job done!

    References:

  • Preparing for Cyber Crime

    Step 1: Cyber Security Awareness

    Most of us started in security when an in-depth architecture brought forward a mix of physical and logical controls aimed to demonstrate due diligence and stay ahead of the compliance police. Few had to deal with electronic crimes and none had to deal with the magnitude of the problem we face today.

    It’s time to take off your rose colored glasses and prepare with Cyber Security.

    The financial industry took notice some time ago and has offered their observations on the state of Cyber Security preparedness within the industry. Institutions must enhance your (1) Risk Management and Oversight, (2) Threat Intelligence and Collaboration, (3) Cyber Security Controls, (4) External Dependency Management, and (5) Cyber Incident Management and Resilience, with the eye to electronic crime.

    Besides, there is TOO MUCH to LOOSE not to prepare. A recent SANS survey brings the issue home. Cyber Security saves money.

    References:

    1. https://www.ffiec.gov/sites/default/files/media/press-releases/2014/FFIEC_Cybersecurity_Assessment_Observations.pdf