2024 Synergy in Cyber

2024 Synergy in Cyber

by | May 22, 2024 | News

SYNERGY IN CYBER

Dr. Mike Saylor, CEO of Blackswan Cybersecurity and Professor at The University of Texas at San Antonio, is honored to be included in the 2024 Synergy in Cyber event with Texas Legislators, policymakers, and business leaders. This exclusive event will be held on May 23, 2024, at The Ranch at Las Colinas (invitation-only).

The primary objective of the event is to bring together leaders in the cybersecurity field to promote collaborative cyber education and initiatives throughout the North Texas region. The agenda includes discussions on the current state of the regional cybersecurity workforce, addressing real-time communication challenges among stakeholders, and presenting Dr. Saylor’s latest research and recommendations for standardizing job titles and roles within the cybersecurity industry.

Keywords: cybersecurity, cyber education, cybersecurity industry, North Texas cybersecurity, regional cybersecurity workforce, real-time communication challenges, cybersecurity job standardization, cybersecurity event.

CISO’s Guide to Presenting Cybersecurity Metrics to Board Members

CISO’s Guide to Presenting Cybersecurity Metrics to Board Members

by | May 9, 2024 | Blogs

How to Use 3 Key Vulnerability Assessments to Present Cyber Security Threats

Board members are increasingly recognizing cybersecurity as a top concern. Harvard Business Review surveyed 600 directors and found that 76% of board members believe they have made adequate investments in cybersecurity. Still, a growing consensus is that many boards need more cybersecurity expertise to provide proper oversight. There’s an increased awareness of the need for board communication in cybersecurity to play a more active role in oversight, with cybersecurity conversations now considered the most crucial topic for the board after strategic planning. CISO QUOTE

In a CNBC article, cybersecurity thought leader Larry Whiteside said: ​​”Many CISOs have grown up as technologists and are accustomed to speaking very technically. And that’s not a bad thing for the right audience, which is usually the cybersecurity or IT team. However, in a boardroom, speaking in a language and utilizing terms that the board will understand is crucial to getting their point across in a meaningful way.” Chief Information Security Officers (CISOs) must translate technical language into business terms by demonstrating how cybersecurity efforts contribute to the organization’s overall risk management strategy, financial stability, and compliance with laws and regulations.

This requires presenting cybersecurity metrics and initiatives in a way that highlights their impact on business objectives and risk mitigation. This is important for two main reasons:

  • Align security with business goals

CISOs help board members understand how these efforts protect critical assets, ensuring the company’s digital operations align with its overall business objectives.

  • Supports informed decision-making

CISOs use cybersecurity metrics as a powerful tool to justify new costs and investments essential for an organization. They alleviate concerns about unnecessary expenses on security measures or prioritizing one investment over another.

These metrics offer a comprehensive view of the organization’s cyber health, informing strategic decisions about resource allocation, third-party risks, incident recovery, and employee training.

 

The Role of Cybersecurity Metrics in Business Strategy: Understanding the Board’s Perspective

Reporting and providing context on cybersecurity metrics is an essential job for CISOs. “Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs).” – Harvard Business Review. CISOs must take intricate and technical aspects of information security metrics and transform them into a digestible format that aligns with the board’s strategic objectives and concerns. Knowing their three primary concerns is an excellent place to start:BOARD CYBER CONCERNS

  1. Regulatory Compliance
  2. Risk Management
  3. Financial Impact

By communicating in a simple manner, the board can get an understanding of:

  • How the organization is protecting itself from cyber threats
  • What could happen to the business if risks are not handled
  • Congruence with regulations and compliance standards

It’s making cybersecurity not just an IT issue, but a boardroom priority. 

 

 

Presenting Cybersecurity Threats: Bridging the Gap Between IT and Business Strategy

 

1.    Connect Cyber Risks to Business Impact

The goal of your presentation is to resonate with board members. To do that, you must relate the cyber security risks to the organization’s overall business impact. IBM discovered that the average cost of a data breach in the United States in 2023 was $4.45 million. By highlighting risk management, regulatory compliance, and the financial impact of a cyber incident, you can effectively communicate how cyber security plays a role in sustaining a thriving organization. Some ways may include:

  • How cyber threats can interrupt business operations, leading to direct financial losses and affecting long-term strategic goals.
  • Financial penalties and operational restrictions result from failing to adhere to industry regulations, impacting the company’s market position and legal standing.
  • Direct costs associated with data breaches, such as incident response expenses, alongside indirect costs like customer churn due to diminished trust.

 

2.    Visual Aids

Visualizations like charts and graphs simplify board communication in cybersecurity. These tools turn complicated data into easy-to-understand images, making it quicker for board members to see what’s at stake and decide on actions. For example, you might use:

  • Graphs that show the trend and risk of different cyber threats over time.
  • A dashboard that compiles various cybersecurity metrics (such as the number of attempted attacks, successful breaches, and unresolved vulnerabilities).
  • A chart that compares the organization’s cybersecurity metrics against industry averages or benchmarks can highlight where the company stands in comparison.

 

3.    Use Simple Language

When talking to the board, leaving out the tech talk is critical. Use easy-to-understand terms and comparisons that they can quickly get. This way, they can catch on to complex security topics and make intelligent choices without getting lost in IT talk. For instance:

  • Use “Secure Wi-Fi” instead of “Encrypted Wireless Networks.
  • Use “Unauthorized Software” instead of “Shadow IT.”

Making these changes helps clarify your points and helps board members see why managing cybersecurity risks matters.

 

4.    Vulnerability Assessments to Identify Security Weaknesses

Your board wants to hear about the risks you’re currently facing in your organization. If an investment in new technology or tools is needed, these risks will allow your board to understand and justify investing in change. A vulnerability assessment is a step-by-step process that involves identifying, quantifying, and ranking different cyber vulnerabilities. It involves scanning a system, software, or network to find out the weaknesses and loopholes that attackers can exploit.

WHY IS A CYBERSECURITY VULNERABILITY ASSESSMENT IMPORTANT?

 

Three Key Vulnerability Assessments to Present Cyber Security Threats to Board Members

TAKE THE FREE QUICK ASSESSMENT

1.    Wireless Assessment

A wireless assessment identifies, analyzes, and evaluates vulnerabilities within wireless networks. It looks at wireless security measures and detects vulnerabilities that can be exploited by cyber attacks. Such as:

  • Unauthorized access points
  • Weak encryption methods
  • Susceptibility to attacks like eavesdropping or spoofing

 

2.   Network Assessment

A network assessment is the process of scanning devices on a network from a remote location to identify vulnerabilities. This assesses the security posture of network devices. Such as:

  • Routers
  • Switches
  • Firewalls
  • System connected to the network

The goal of a network assessment is to detect security weaknesses that could be exploited by cyber attackers. These are scans that typically use automated tools to examine the network for vulnerabilities. And they provide a comprehensive view of any current security risks.

 

3.   Host Assessment

A host assessment identifies cyber vulnerabilities of individual hosts. Such as:

  • Servers
  • Workstations
  • And other network devices

It identifies security weaknesses that cyber attackers could exploit by examining the operating system, the software installed, and how the system is configured. Unlike network-based scans, host-based scans provide a detailed view of the vulnerabilities within each host. Including security weaknesses that might not be visible or accessible from the network. These scans are critical for uncovering vulnerabilities such as:

  • Unpatched software
  • Insecure system settings
  • Permissions that could allow unauthorized access or privilege escalation.

CISO DUTIES

 

How to Use Vulnerability Assessments to Present Cybersecurity Metrics to Board Members

Systems are getting more and more complex each day. This leads to more vulnerabilities that CISO’s need to stay on top of. It’s better to find out what your vulnerabilities are in advance. Because attackers will use any vulnerabilities to exploit systems. Vulnerability assessments provide CISO’s detailed information board members need to make informed decisions. A list of security weaknesses in order of risk and recommendations for improvements to present to board members.

The Strategic Value Of Vulnerability Assessments in Cyber Security Metrics

Cybersecurity is a complex and dynamic issue since the possibility of a cyber incident is not an “if” but a “when.” Board members and CISOs need to stay vigilant and see eye-to-eye with emerging cyber threats. It’s crucial to bridge this communication gap to ensure the board understands and acknowledges the significance and value of cybersecurity.

 

Take Your First Step Toward a Vulnerability Assessment

Our free Quick Assessment tool evaluates how prepared you are to secure your data against threat actors and your ability to respond when they do attack. The best part? It doesn’t take more than 30 seconds.

YES — I WANT MY FREE QUICK ASSESSMENT

North Korea Leveraging Weak DMARC Policies

North Korea Leveraging Weak DMARC Policies

by | May 8, 2024 | Threat Advisories

North Korea Leveraging Weak DMARC Policies

DOWNLOAD PDF

 

SUMMARY

The NSA and FBI warn of North Korean APT43 (a.k.a. Kimusky) exploiting weak DMARC policies for spear phishing.  APT43’s objectives are to gather geopolitical intelligence.

 

TECHNICAL DETAILS

APT43 uses spoofed emails from trusted sources to gain access to private documents and communications. Their goal is to collect intelligence on geopolitical events and adversary strategies. Since 2018, they have targeted organizations in the US, Europe, Japan, and South Korea, impersonating journalists and academics. They supply the North Korean government with stolen data and significant geopolitical information by infiltrating policy analysts and other professionals. These successful breaches allow Kimsuky to create more believable and impactful spear phishing emails, which they can use against more valuable and sensitive targets.

They exploit weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spear phishing attacks.  Weak DMARC policies include “p=none” configurations, allowing their emails to bypass checks and reach targets. DMARC is an email security protocol that authenticates whether an email message seemingly sent from an organization’s domain was legitimately sent from that organization’s domain.

According to a recent report by Proofpoint, Kimsuky started using this method in December 2023 as part of a larger set of initiatives.

 

RED FLAG INDICATORS

Key sectors should take note of the following activities, which could indicate or suggest malicious behavior by North Korean cyber actors:

  • Innocuous initial communication with no malicious links/attachments, followed by communications containing malicious links/documents, potentially from a different, seemingly legitimate, email address.
  • Email content that may include real text of messages recovered from previous victim engagement with other legitimate contacts.
  • Emails in English that have awkward sentence structure and/or incorrect grammar.
  • Emails or communications targeting victims with either direct or indirect knowledge of policy information, including U.S. and ROK government employees/officials working on North Korea, Asia, China, and/or Southeast Asia matters; U.S. and ROK government employees with high clearance levels; and members of the military.
  • Email accounts that are spoofed with subtle incorrect misspellings of legitimate names and email addresses listed in a university directory or an official website.
  • Malicious documents that require the user to click “Enable Macros” to view the document.
  • Follow-up emails within 2-3 days of initial contact if the target does not respond to the initial spear phishing email.
  • Emails purporting to be from official sources but sent using unofficial email services, identifiable through the email header information being a slightly incorrect version of an organization’s domain.

 

Recommendations

  • Update DMARC policies to “v=DMARC1; p=”quarantine;”” or “v=DMARC1; p=”reject;”” to block or quarantine unauthorized emails.
  • Set other DMARC policy fields like ‘rua’ (Reporting URI Aggregate) to receive aggregate reports.
  • Implement SPF and DKIM: Ensure that your domain has SPF and DKIM records properly set up. SPF verifies the authorized IP addresses for sending emails, while DKIM signs your outgoing emails to help receiving domains verify their authenticity.
Kaiser Permanente Data Breach Impacts 13.4 Million Individuals

Kaiser Permanente Data Breach Impacts 13.4 Million Individuals

by | May 3, 2024 | News

Kaiser Permanente, a prominent provider of healthcare services and coverage in the United States, has announced the repercussions of a significant data breach impacting over 13 million people. The disclosure of the incident came through a public notification released on April 25th.

According to documentation submitted to the U.S. Department of Health and Human Services on April 12th, Kaiser Permanente experienced a breach in mid-April, leading to the exposure of personal information belonging to around 13.4 million members of its health plan.KAISER BREACH

While specific details regarding the cybersecurity breach remain undisclosed by Kaiser Permanente, the company has acknowledged that the compromised data encompassed individuals’ names, addresses, email addresses, and potentially medical information and health record numbers for certain individuals. Kaiser confirmed that the incident did not involve passwords, Social Security numbers or credit card information. 

This incident stands out as one of the largest breaches reported within the healthcare sector in the U.S. concerning the number of individuals affected. Kaiser Permanente operates across eight states and the District of Columbia, serving a membership base exceeding 12 million.

In response to the breach, Kaiser Permanente is initiating notifications to all 13.4 million impacted individuals to apprise them of the breach and offer guidance on safeguarding against potential fraud or identity theft. The company is also actively reassessing and fortifying its cybersecurity protocols.

Initial assessments suggest that personally identifiable information (PII) may have been transmitted to third-party vendors through mobile applications and other web tools utilized by Kaiser Permanente. It’s noted that data collected by online trackers often finds its way to various marketers, advertisers, and data brokers. Notably, information shared with advertisers like Microsoft and Google is reported not to include sensitive details such as usernames, passwords, Social Security numbers (SSNs), financial account data, or credit card numbers.

The prevalence of third-party trackers and the inadvertent sharing of customer data with these entities creates an opportunity for the potential misuse of such data by advertisers, emphasizing the need for robust monitoring and auditing processes to mitigate risks effectively.

Given the sensitive nature of medical data involved, breaches in the healthcare sector raise significant concerns regarding identity theft, financial fraud, and unauthorized access to medical services and prescriptions.

This incident underscores the imperative for stringent data security measures across healthcare providers, insurers, and entities handling protected health information (PHI). Regulatory bodies are likely to conduct further investigations into the breach, possibly resulting in substantial fines for Kaiser Permanente if any violations of data protection laws are uncovered.

NEWS RELEASE ON PR NEWSWIRE