All posts by Michelle Drolet

Towerwall to join Sophos and Twinstate in GDPR Webinar – 1/24

Countdown to GDPR: Get the Competitive Edge

Webinar featuring Sophos, Twinstate and Towerwall

When:

Wednesday, January 24, 2018
12:00 – 1:00 PM EST

About the Webinar

The deadline for the new European General Data Protection Regulation (GDPR) is four months away, and it is likely to affect most companies around the world in one way or another – even ones not based in Europe. Join our friends from Sophos in this session to learn more about the GDPR and get suggestions for what to look out for in your preparations. Register now for this webinar brought to you by Twinstate Technologies, Towerwall and Sophos!

Click here to to register >

 

4 Steps to Launch a Security Awareness Training Program

Policies and software are not enough to secure your data, staff must be regularly trained.

 

Your organization might have the most robust security program in the world. You may have stringent policies, and the latest and greatest security software tools. You might think your data is safe, but if your employees don’t have the right training or a working understanding of your policies and the potential risks, then all your magnificent defenses can be easily side-stepped.

As many as 81% of hacking-related breaches over the last year leveraged stolen or weak passwords, according to Verizon’s 2017 Data Breach Investigations Report, and 1 in 14 users admitted being tricked into following a link or opening an attachment they shouldn’t have.

The sad truth is that your employees are the weakest link in your cyber defenses. They are vulnerable to phishing scams and ransomware. They also make mistakes. Sometimes they don’t fully understand compliance requirements and sensitive data is mishandled.

A security awareness training program is vital and we’re going to lay out some of the steps required to launch one.

 

1. Assessing your needs and developing content

Evaluation is an essential first step in developing your wider security program and it applies to security awareness training too. Assess the major risks that you want to tackle. If you’re in a regulated industry, then you’ll want to include compliance requirements. Work out precisely what training is required to meet those requirements.

You may also want to consider phishing attacks, or perhaps low-tech tailgating where someone sneaks into an office behind an employee that just used their badge to gain entry. If you’ve had problems of that nature, then train staff to be aware and ask for credentials when they don’t recognize someone.

When you develop training content, make sure that you lay out some clear real-world examples. Show them exactly what an attack looks like and spell out precisely what they should do if they think they’ve fallen victim to one. It’s vital to define security incidents and lay out a reporting procedure. Communicate your key policies so staff know what’s acceptable on mobile devices, social media, and ethically. If in doubt, ask – is a good rule to drill into them.

 

2. Scheduling and delivering training

Most companies will start with an annual training program and training specifically for new hires is the minimum that should be done. Make sure you schedule monthly activities. Weekly may be too much, quarterly is not enough. You should mix the content up and make content relevant to seasonal threats where applicable. For example, e-cards can prove to be a tempting click to make right around Valentine’s Day, so make sure your staff know what suspicious signs to look for.

It’s a good idea to deliver your training via several different methods. Email lists are an easy way to send out content. You should have websites or intranets that staff can refer to when they need to, but it’s crucial that these resources are kept up to date. It’s also very important to have face-to-face meetings. Staff will often resist because they’re busy, but small group sessions are a great way to teach and offer an invaluable opportunity for employees to ask questions.

 

3. Testing the effectiveness of your training

When you put in place a new security system, you always want to test to make sure it’s working properly; you should think about security awareness training in the same way. You may want to include tests as part of your training content. Ending each section with a test to determine if your staff have garnered the key information can be very useful. It’s also a good idea to have the odd impromptu test. You might consider sending out a mock phishing email a few weeks after your training to see who falls victim to it, for example.

 

4. Tracking and acting accordingly

Testing the impact of your training is important, but you also want to track who completes the training you send out, how much time they spent on it, then measure the impact it has on actual security incidents. If people don’t complete training or fail tests, then they need to be sent for further training and repeated fails should trigger a face-to-face meeting.

If your program is truly effective, then you should see a drop in the number of security incidents. If there isn’t a correlation there, then you may need to rework your training materials and tweak your approach. When new threats emerge, you must be ready to work them in and update your training accordingly on a continuous basis.

Train your staff properly and equip them with the knowledge they need, and you will see a significant improvement in your overall cybersecurity.

 

This article was originally posted in CSOOnline >

Join us for a Dinner Seminar with Darktrace – Wednesday, January 17, 2018

Towerwall & Darktrace Dinner Seminar

Hosted by Towerwall

When:

Wednesday, January 17, 2018
6:00 PM to 8:00 PM

Where:

Il Capriccio
888 Main St, Waltham, MA 02453

To Register:

Contact Kelley Gallo atkelleyg@towerwall.com

About DarkTrace

Darktrace is the world’s leading machine learning company for cybersecurity. Created by mathematicians from the University of Cambridge, the Enterprise Immune System uses AI algorithms to automatically detect and take action against cyber-threats within all types of networks, including physical, cloud and virtualized networks, as well as IoT and industrial control systems. A self-configuring platform, Darktrace requires no prior set-up, identifying advanced threats in real time, including zero-days, insiders and stealthy, silent attackers. Headquartered in San Francisco and Cambridge, UK, Darktrace has 24 offices worldwide.

 

Meetup: ARMIS IoT Security – Thursday, January 11, 2018

Join us for our next InfoSec at Your Services Meetup:

“ARMIS IoT Security”

Hosted by Michelle Drolet

When:

Thursday, January 11, 2018
6:30 PM to 8:00 PM

Where:

Skyboxx,
319 Speen Street, Natick

We will discuss:

Internet of Things – IoT – the latest buzzwords conjour up images of toasters and refrigerators being controlled by iPhones and automatically adding milk to your shopping list when you run low. However, IoT is a big issue in the enterprise. Aside from the traditional user based systems, there are thousands of new devices – purpose-built computers – that are attaching to your enterprise networks. Smart TV’s, Security Cameras, Lighting Systems, Building Management Systems, Amazon Echo’s, card readers, etc… These devices are part of your network fabric, they are highly vulnerable to compromise, and they are being targeted aggressively by the hacker community.

Click here for more information and to register >

 

Scan the Dark Web for Threat Intelligence

It may be possible to glean valuable security insights by monitoring the dark web.

 

Although awareness of the importance of cybersecurity is spreading, the number of successful cyber-attacks continues to grow with every passing year. Globally, almost 1.9 billion data records were compromised in the first half of 2017, up 164% compared to the last six months of 2016, according to Gemalto’s Breach Level Index report.

Many companies are struggling to secure their data in the face of ever more sophisticated phishing scams, and the rise of a multitude of threats, from botnets to ransomware. Establishing solid visibility over your potential attack surfaces, and gathering reliable intelligence about threats is a vital step for any organization trying to close down the risk of a data breach. One avenue to valuable threat intelligence that’s not well understood is the dark web.

 

What is the dark web?

While the deep web merely refers to websites that aren’t indexed by search engines, the dark web is generally made up of sites that require anonymizing software like Tor to access. It is used by people suffering under repressive regimes, but it also hosts sites dedicated to illegal activities, such as the sale of stolen data, drugs, or weapons. You can also find tools and tutorials on how to exploit specific vulnerabilities to steal sensitive data.

If a cybercriminal hacks into your organization and exfiltrates some customer records, or a disgruntled insider decides to try and sell some stolen intellectual property, there’s a good chance they’ll turn to the dark web to do it. It stands to reason, therefore, that monitoring the dark web can help you to boost your security and identify breaches and vulnerabilities.

 

The race against cybercriminals

Cybersecurity professionals are locked into a race with cybercriminals to see if they can shut down vulnerabilities before they’re exploited and it’s a race that many of them are losing. According to some fascinating research by Recorded Future, 75% of all disclosed vulnerabilities appear online before they’re listed in the National Vulnerability Database (NVD) with a median of seven days prior notice. That’s quite a head start for cybercriminals.

By monitoring the reporting of these vulnerabilities and the development of exploits for sale on the dark web, organizations may be able to close the mitigation gap. With access to the same information as the cybercriminals, InfoSec pros are forewarned about likely angles of attack and can focus resources on effective vulnerability management and rapid patching.

Monitoring of the dark web may also uncover insider recruitment attempts or rogue employees trying to sell data or credentials. Insiders are being actively recruited on the dark web in growing numbers, according to Gartner analyst Avivah Litan. While it may be prudent to monitor employee behavior internally and using anomaly detection to flag suspicious activity, it’s also smart to keep an eye on the dark web.

 

Monitoring the dark web

Working out whether your data is being sold on the dark web is challenging, but it’s worth trying. The dark web isn’t as vast as the media sometimes makes it out to be. There are a few steps you might consider:

  • Monitor for mentions of your organization, names, email addresses, and sensitive assets.
  • Search for mentions of your wider industry, software you employ, and related data.
  • Try to infiltrate closed forums and communities.
  • Hire a firm or license a tool to monitor the dark web on your behalf.

As you might expect, there’s a great deal of secrecy on the dark web, and many forums will be difficult to access without the right knowledge. It may also be difficult and time-consuming to separate the actionable intelligence from the noise. That’s why there’s a growing number of dark web researchers and services springing up that can provide you with intelligence reports for a fee.

If you have the resources to hire in expertise and do your own dark web research, it may help you to neutralize threats more rapidly than reliance on a third-party, but expertise is in short supply. Whichever route you choose, dark web monitoring is a smart move that can help you gather tangible threat intelligence and bolster your cybersecurity defenses.