Despite the fact that organizations are spending billions worldwide on IT security, the results aren’t getting any better. That’s because our adversaries know exactly which systems are vulnerable and methodically work to compromise them. Meanwhile, IT teams are overwhelmed by the amount of security events they face along with competing internal priorities: things are overlooked, systems go unpatched. Check out the infographic below for what we’re up against and how we can make a change …Continue Reading →
November is almost over and here’s your essential roundup of five captivating stories in cybersecurity this month—everything from kiddo hackers to the gender gap in security and an easy way to protect legacy applications, and more. Read on …
You don’t have to be a chief information security officer (CISO) to fear having accounts compromised; however, being a CISO takes worry to another level altogether.
How do you sort through all the log information that applications, networks and people are generating on a daily basis? Do you even track all your personal logins? Imagine doing this for a major enterprise!
Hackers, for the most part, are not spending a lot of time “guessing” your corporate passwords. They simply do not invest that much time on their targets; instead, they automate using your compromised passwords to find where they can gain access to your system.
Other areas that interest hacktivists or cybercriminals are phishing scams, Trojan horses and using open Wi-Fi services, to name a few.
With all of the talk these days about how much security has changed, you’d think something extraordinary has happened.
I’ve worked in the security industry for 16 years. Way back in 2000, we were already past the initial viruses that created the industry for companies like Symantec and McAfee. There were also a lot of virus writers pursuing underground fame. That changed, and more hackers then worked to steal.
While the bad guys’ intent evolved, what they attacked and how they attacked stayed relatively similar. In fact, recent reports by Verizon, HP and others about exploited vulnerabilities highlights that the approaches taken by the bad guys don’t need to change because the environments they attack don’t change. There is plenty of innovation going on, but for the vast majority of attacks, they still use the same old stuff.
Recently there has been what is likely the beginning of a wave of break-ins and financial exfiltrations via the SWIFT Alliance. Reports vary a bit, but between vendor/operator mistakes, weak security controls, lack of integrated forensics, and some not-so-best practices we have ended up witnessing the theft of over $80 million dollars. (It could have been over $950 million dollars but for the successful identification of typos by some astute bank operators.)
I spent some time going through the SWIFT Alliance’s publication ‘Security Guidance for Alliance’ published on 18 March 2016 (current version is 29 April 2016) to understand what their baseline security recommendations and architecture are and then thought about how I would re-implement them to protect against some of the more malicious threats we are seeing today.
TLDR; the document is a fairly comprehensive approach to securing SWIFT against the types of attacks that were prevalent a decade ago. Times have changed, their model does not seem to have adapted to the threat landscape we are facing today. If you operate a SWIFT infrastructure or just find armchair quarterbacking and 20/20 hindsight to be fun to read – please continue! I’ll do my best to make this entertaining and hopefully informative.
July 14, 1789. If you’re a history buff, you recognize the date. In France, the Storming of the Bastille. In our industry, July 14, 2015 was just as historic; it marked the official end of support by Microsoft for Windows 2003. The date was called out well in advance by the trade press with multiple recommendations for remediation, as the threatening negative security consequences for running critical apps on W2003 were communicated globally.
So how serious was the problem, how much of it has been solved nearly one year later, and what opportunities still exist for Skyport Channel Partners? Some quick facts:Continue Reading →