Directors & Senior Management Cyber Report (£)

Uploaded on 2016-03-14 in Directors Reports

All forms of electronic connection, communication and attack have become digitised and radically transfigured into a new digital revolution, where different types of computers are becoming the new brain child of our culture. 

Just as the mechanisation of agriculture and then production took over the muscle and body of our workers so the computer begins to replace our brains but this process has taken nearly two hundred years and goes back to Charles Babbage, who designed the first computer along with Ada Lovelace, the daughter of Lord Byron the poet, who created the first computer program.

The concept of CyberScape, the Internet or CyberSpace, is used to describe the systems and services directly or indirectly connected to telecommunications, electronic systems and IT computer networks. However it also offers us ways to understand and communicate with different communities, commercial activities and to have global conversations allowing us opportunities to change activities and to alter what we, and the organisations we work for and with, will become in the future. 
CyberScape and the Internet can be visualized as a vital electronic layer similar to a nervous system running through national and international sectors, enabling everything from electricity, power supplies, water systems, transportation, IT digital infrastructures and the Web, to electronically communicate, operate and function. 
Cyberspace has transformed many areas of an organisation’s operational and commercial engagement. The process is evolving from a technical and often complex ecosystem, into a range of global, tactical actions and strategic planning requirements. 

This cyber process now requires broader management engagement thoughtful planning, tactical implementations, far more electronic security, thoughtful analysis and consideration of the potential commercial opportunities than it did even a few years ago. 

These cyber systems and their engagement require far more management and employee understanding and this involvement cannot be left just to technologists. Senior management must engage and understand the strategic plans, commercial opportunities and security implications. 

The very nature of the Internet creates global collaboration that is changing the way in which we view social connections and national borders. Now the modern globalised society is increasingly dependent on an array of organised and sometimes randomly interrelated electronic infrastructures. 

Many organisations are now beginning to see Cyber as a growing intellectually connected strategic and tactical policy network that has current and evolving opportunities, but with significant security issues that can be used to steal and monitor an organisational copyright and financial and personnel data.

The changes that this technology brought to individual analysis processes has been incredibly significant, however the revolution really occurs once inter-connectivity through networking occurs and we have the Internet with all the analysis, opportunities, connections and security threats that this has created.

The affects and solutions to these issues are now strategically and tactically influencing and changing all aspects of any organisations operations. And these issues need to be understood and engaged with at a senior management level and also with those who are not necessarily completely engaged with IT issues. 

The opportunities for analysis of current data, client and customer trends and beliefs, market and competitive information is also important and growing at a considerable rate. Lack of engagement with this data and analysis will have very negative impacts on any operations stability and growth. 

These electronic networks leave "exhaust" data, which relates to the activities and transactions of network traders and collaborators, which in turn tells us forensically much about what happened with our data’s use. We are unable to trap and reutilise this in the real world. But in the cyber world we can and this powerful data can be used to make networks more efficient, customers better served and companies more commercially knowledgeable. It is also a huge source of insecurity, and we have traded off these disadvantages against the upside until we can do so no more

Cyber Security Planning and Cyber Audit Teams

CyberSecurity teams should be create that includes the CIO/IT/HR and Marketing Directors and these must regularly report to the CEO and senior management and the main Board’s of organisations for them to fully understand and engage with the expanding Cyber security implications, threats and opportunities, which include theft of personnel data, brand reputation protection and response after an attack. 

From an operations perspective we proposes that independent teams should be used to review and randomly check security processes, procedures and data and market opportunities on an irregular and regular basis. 
The security teams would be similar in concept to the Annual Financial Audits that are now legally required by most organisations. The Cyber Security Audits team would be independent of the IT department and its day-to-day operations. It should act as an independent Audit Team on an irregular basis throughout the year and frequently report back to senior management on changes to security and current and future Cyber plans and the team should produce current Cyber Security Audit Reports.

The Growing Influence of Cyber that the Teams should Review 

Cyber issues have entered most of the areas of any organisation’s systems and often, routine working methods and communications. Therefore the whole operational process requires far more strategic management involvement and much more sophisticated Cyber security engagement from very senior levels of an organisation’s management. The process also requires far more technical planning and precise tactical understanding than these issues did even a few years ago.

In manufacturing for instance a number of remarkable technologies are converging from sophisticated software, innovative materials, robotic manufacture, cognitive computing and pioneering industrial processes, one example of which is three-dimensional printing and where these areas interconnect with an organisation’s IT systems which might give hackers ways into the organisation’s private data and copyrights. 

Tactical Cyber Security

Global research suggests that cyber attacks become much more costly and problematic when they are not detected and stopped quickly as the focus and intensity of the crime increases.

At present some of the most serious threats are as follows (however these will change over time and system changes):

A: Corporate Connections and Acquisitions 

When your business engages with other companies and connect some of their IT systems with your own and, more importantly, when your company buys a new business and incorporates it within your existing operations then cyber analysis must be undertaken before the connections are made and this should be done with the assistance of an independent cyber analysis team.

We have come across more issues of systems failure and hack attacks on systems that the company did not know were a problem because the new connections were not properly checked.

Unfortunately as senior management you should not believe IT when they say their systems are in place and working well. We are sorry to say that this of course applies to all senior managements statements claiming that their departments are within budget or are on top of tactical and strategic development.
     

B: Cyber Threat – Denial to Hacks

The Cyber-threat landscape has also significantly evolved in recent years moving from a denial of service and website disruption to far more advanced hacking. Hackers (Hackers are named as such in the IT security arena as someone attempting to steal and or exploit weaknesses in a computer system or network) are now using sophisticated and more complex technologies to achieve data, financial and political benefit. 

This new global revolution has influenced almost all aspects of modern society and has opened a mass of new developments and opportunities. It has created a knowledge society that personalises many areas of the economy and across markets it is changing jobs and specialisations and globally it is substantially increasing our ability to use enormous amounts of data and knowledge. 

C: Fast Flux - which is a Domain Name System (DNS) 

The Fast Flux concept is to have a lot of IP addresses connected to one domain name. Then the IP address is often altered, by changing the DNS information.
Fast Flux is used by Botnets to conceal malware delivery to web sites. This can also be used in criminal phishing attacks. The effective way of countering Fast Flux is to shut down the domain name but registrars often do not want to shut down domains, as this can be their main source of income. 

D: Trojan Horses and Zombie Computers

A Trojan Horse is a computer program that contains malicious code that allows data to be stolen. 
Zombie computer is one linked to the Net that has been hacked. It has possibly been attacked by a trojan horse or has contracted a digital virus via malware, so that it can be controlled and used to work for a remote operator without the knowledge of the legal owner.

E: Social Engineering - gaining computer information by deception

This begins with focusing on a hacker tactic in both the physical and digital worlds of social engineering. Before the computer age, this meant creeping past a company’s defenses with clever verbal discussion on a telephone line as opposed to a shrewdly worded email, which is now used to gain access. 
Currently aspects of social engineering have moved into networks, like Facebook, Twitter and LinkedIn.

F: Zero Day Virus

A zero day virus or malware is a digital virus which has currently no software solution that can identify the virus or have a solution or antivirus that will solve the problem of the attack. 
In code analysis, the machine code of the file is analysed to see if there is anything that looks suspicious. Typically, malware has characteristic behaviour and the code analysis attempts to detect this if it is present in the code however zero day has no obvious identification.
One approach to overcome the limitations of code analysis is for the antivirus software to run suspect sections of code observe the behaviour. 

G: APTs

These attacks are known as Advanced Persistent Threats (APTs). They are highly sophisticated and carefully constructed. The intention behind APT attacks is to gain access to a network and steal information quietly. They take a low-and-slow approach that often makes them difficult to detect, giving them a high likelihood of success.
Being aware of social engineering is important because it can be the precursor for a sophisticated attack meant to breach the wall of your organisation. 
The last few years saw a number of high-profile attacks such as Gauss, which is a Trojan Horse-attack malware, which has been named Gauss, after German mathematician Johann Carl Friedrich Gauss. This can take social network, browser history and passwords and has done this to Citibank, PayPal, Amex and Visa among a lot of other banks and networks.
Gauss seems to be linked to Stuxnet and some specialists believe that it was, probably, created by the same producers as Stuxnet. American and Israel engineers have been blamed. Also Flame, which attacked other computer systems throughout the Middle East, including those in Iran, is also blamed with the same ‘genetics’. 
Additionally, APTs need not always target well-known programs, such as Microsoft Word; they may also target other vectors, such as embedded systems. In a world where a growing number of devices have Internet protocol addresses, building security into these systems has never been more important.
APTs will continue as governments and other well-funded organisations look to cyber-space to conduct their espionage. 

H: Internal Threats

Some of the most insidious and damaging attacks come from an organisation’s disgruntled employees. These attacks can be the most devastating, due to the amount of access a privileged internal user has and the private information they can access. 
In research funded by the US Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon found that cyber attacking employees inside the financial industry often go undetected for nearly three years at least. 
There is also the more general and often larger problem of employee misuse and failure to secure their own processes and procedures purely because they are unaware of their own failure to follow secure procedures. They open mail that appears to be of interest but a second thought and review would suggest that the email is scam or an attempted hack. 
Employee engagement and presentations with clear explanations will reduce systems failures and attacks considerably.

I: BYOD – Bring Your Own Device

The issue of security of course comes up in the mobile world, with many operations striving to get the sensible mixture of technologies and policies that includes the bring-your-own-device (BYOD) to the office. Office workers find it simple to use the PC or Mac that they use at home to do some business. 
However these open BYOD policies are opening businesses up to web-hacks and data attacks. This BYOD policy means that there are massive amounts of iPhones, Google Android phones and other devices going into the workplace. For instance a smartphones has a camera and microphone and so conversations can be monitored and recorded. The threat level with BYOD goes up unless security measures are enforced and checked regularly.

J: HTML5 - Fifth version of the HyperText Markup Language

Just as the adoption of cloud computing has changed the vulnerability surface, so will the adoption of HTML5. It is a core technology markup language of the Internet used for structuring and presenting content for the World Wide Web. As of October 2014 this is the fifth revision of the HTML standard of the World Wide Web Consortium. The previous version, HTML 4, was standardised in 1997.
In 2014, it was noted at the Black Hat conference, a place where security pros can get a sign of attacks to come, that HTML5′s cross-platform support and integration of various technologies opens up new possibilities for attack, such as abusing Web Worker functionality. Even with an increasing amount of attention being paid to HTML5 security, the newness of it means that developers are bound to make mistakes as they use it, and attackers will look to take advantage. So, expect to see a surge in HTML 5 oriented attacks next year, hopefully followed by a gradual decline as security improves over time.

K: Botnets  

A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks.
But even though the arms race between researchers and attackers favors innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. While the legal takedowns being launched by companies such as Microsoft succeeded in temporarily disrupting spam and malware operations, it is naïve to assume attackers aren’t taking what they have learned from those takedowns and using it to shore up their operations. Botnets are here to stay.

L: Precision Targeted Malware 

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems
Malware is used to steal data and or to spy on a computer system and this can be for long periods of time without the user or system being aware of the attack monitoring. Hackers are learning from the processes researchers take to analyse their malware, and techniques were recently demonstrated that can help render analysis ineffective by designing malware that will fail to execute correctly on any environment other than the one originally targeted. 
Examples of these attacks include Flashback and Gauss. In the coming years attackers will continue to improve and implement these techniques and make their malware more dedicated so that it only attacks specific computer configuration. 

Corporate Cyber Strategy

Cyber security therefore needs to be a Main Board strategic concern and a team that includes the CIO/IT Director must report directly to the main board. An independent team must also be used to review and randomly check processes and procedures and data on a regular basis and this team should be independent of the IT department and its day-to-day operations. It should act as an independent audit team. 
This independent team should be reviewed by the Board and by internal IT management and the changes should be incorporated within the strategy and tactics.
This research made it clear that now Cyber security, and Cyber opportunities, need to be understood at the highest levels of all organisations and should be significant strategic concern. To help counter the attacks and threats Security Risks Teams should be formed that include the CIO, Strategy, IT and Development Directors and a team of independent analysts who should regularly report about Cyber directly to the CEO and Main Board. 
From a security viewpoint the independent external team must also be used to review and randomly check processes and procedures and data on a regular basis. 
The teams used would be similar to the Annual Financial Audits and this Cyber Security Audits Team should be independent of the IT department and its day-to-day operations. It should act as an independent audit team on an irregular basis throughout the year and it should use white hat hackers to delve deep into the electronic systems looking for current and potential problems. 
This team should frequently report to the Board on changes of security and should produce current Cyber Reports. 
And importantly an internal and external product/service development team should frequently review Cyber opportunities and these should be reported to the Board and changes incorporated within the organisation’s strategy and tactics.
The Board should also separately discuss worst-case scenarios with the CIO/IT Director and reviews should independently take place using outside consultants as Cyber crime is costing businesses around the world over $300 billion a year. 

Future Cyber Development 

Predictions and forecasts for Cyber development and future security will be reviewed in the next Reports and the different ways in which the technology, robotics and cognitive data analysis and invention may potential change national understanding and commercial prospects and engagement. 

The potential future prospects for Cyber will be discussed in our next Report and will include the prospects for CyberWar and crime as well as the positive ways in which data analysis and network connections may improve international innovation and global trade with the use of such things as robotics and sophisticated system analysis connections that may substantially improve the commercial use and understanding of the expanding Cyber data fields. 

For instance one aspect of future Cyber which has a real potential to develop and radically improve systems interconnection, one of which is Smart Systems, a process that interconnects and includes such elements as the Internet of: Media, Energy, People and Things. These types of inter-related systems will become far more sophisticated with the potential to radically change and innovate research, innovation and even macro-governance.

Research has also been done on commercial security in a number of large organisations and many individual employees see security as a innovation enabler as it gives confidence to allow employees to trust the security advisors and for them to be more confident in the IT systems providing them with reassurance in their use of data analysis and the systems they use.

Predictions and forecasts for Cyber development and future security will be reviewed and the different ways in which the technology, robotics and cognitive data analysis and invention may potentially change national understanding and commercial prospects and engagement. 

Finally in the next Report there will be a perspective on what we might be looking at in the near future and the effects of Cyber on the next developments of commerce.

Please contact us at CSI for more information relating to your sector, service or industry. Please ask questions.

Alfred Rolington – CSI. 

Alfred.Rolington@cybersecurityintelligence.com

« Data Analysis & CRM For 2016 (£)
'Brexit' Could Put Data Sharing in Jeopardy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Centre for Cyber Security (CFCS) - Denmark

Centre for Cyber Security (CFCS) - Denmark

The Centre for Cyber Security is the Danish national IT security authority, Network Security Service and Centre for Excellence within cyber security.

European Business Reliance Centre (EBRC)

European Business Reliance Centre (EBRC)

EBRC is a leader in integrated Data Center, Cloud and Managed Services and a Centre of Excellence in Europe in the Management of Sensitive Information.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard prevents confidential database data theft by Hackers, Rogue Insiders, 3rd Party Cyber Risks, Phishing Email Attacks, Dev Ops Exploits and SQL Injection Attacks.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Trusona

Trusona

Trusona is a pioneer and leader in passwordless two-factor authentication (2FA).

Oman Data Park

Oman Data Park

The Data Park is Oman’s premier IT Managed Services provider. We offer a superior Tier 3 Data Center network providing cyber security and cloud services.

National Cybersecurity Consortium (NCC)

National Cybersecurity Consortium (NCC)

The NCC’s mandate is to keep Canada’s cyber and critical infrastructures and citizens safe while ensuring Canada’s global competitiveness and leadership in cybersecurity.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

ProjectDiscovery

ProjectDiscovery

ProjectDiscovery is an open-source, cybersecurity company that builds a range of software for security engineers and developers.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

2021.AI

2021.AI

2021.AI serves the growing business need for full oversight and management of applied AI.