Cyber Security: 4 Questions to Help You Simplify Cyber Security

Virtually Simple: A Guide to Simplifying Cyber Security

One of my favorite modern-day public figures is Sir Richard Branson (I know this is a cyber security site, but stay with me). This is a man who has made an insane amount of money, achieved global fame and done amazing acts of charity. Recently, I read an article of his and was struck by a sentence, which I will paraphrase: “Any idiot can make something complicated, but it takes a genius to simplify something.” I was moved by this, especially since it came from someone as successful as Branson. The common theme I get from what he said is that the more complex we make something look or seem, the more it is falsely perceived as brilliant. This is very common, especially in the world of cyber security.

Simplifying Cyber Security

The industry loves to throw around big words of fear, uncertainty and doubt, buzzwords such as “cloud” and “big data” and technical terms that have nine syllables in them. What this ultimately does is confuses and turns off the people who really need to know the most about cyber security: the everyday end users. As was clear in the Target breach, you can have the best tools to thwart a cyber attack, but if the end user doesn’t have basic cyber security “survival skills,” it is all for naught.

“You can’t boil the ocean” or “You can’t eat an elephant in one bite” are phrases often used to describe taking a large problem and making it manageable. I believe this to be true as it pertains to information security. With that said, I think this issue would be easier to understand if I draw the comparison of the virtual world to the physical world. In my years of working in information security, the people who “get it” are the ones who can draw these comparisons to make information palatable for the everyday user and C-level folks who don’t necessarily understand it.

A Real-World Comparison: Questions to Help You Simplify Security

For example, on my house, I have five doors that serve as direct entrance points into my home. When I am not at home, I lock the doors of my house to deter a burglar from just walking in. I have different locks on the doors, so there isn’t one single point of entry. I don’t leave keys on the front porch for someone to come in, nor do I give the keys to a random neighbor and say, “Hey, come in whenever you want.” In my house, I have assets that are very important to me. I have a safe full of important documents, cash and family heirlooms that is hidden out of clear sight. I don’t leave the safe open in front of my window for all to see. I also have five of my most important assets: my wife and four children. I have to make sure that they know if someone rings our doorbell, they should look through the peephole and ask the person to identify himself or herself before they open the door.

I highly doubt that I would find anyone who would challenge any of the concepts or theories that I have presented here on how to keep your house safe. So, the question is, why is it different for the virtual world? We should ponder the following questions to try to simplify the matter at hand:

• How do we lock our doors (laptops, servers, domain controllers) when we are away from them?
• Do we have different keys to get in the “house” or one key for everything (multiple passwords for multiple functions)? Do we give our keys to random people, allowing access to everything we own (password sharing)?
• Do we have our most critical assets out for all the world to see, such as files and drives of sensitive information stored on a desktop or unsecured thumb drive?
• Are we protecting the people in our house? Do our end users know when it is safe to “let someone in” or when to share information?

From my experience, by simplifying and correlating the virtual and real-world experience, security professionals can have better conversations with people that allow them to see the seriousness of cyber security.

_______________________________________________________________
VSS helps organizations to reduce their risk exposure across all areas of the enterprise including its people, data, applications, network and servers. By having skills that cover the entire organization, VSS can integrate the best security products and practices to provide clients with an enterprise-wide solution. Learn more here.

The post 4 Questions to Help You Simplify Cyber Security first appeared on Security Intelligence Author: Paul Robinson

Remote Wiping of Mobile Devices & Implications for Incident Response

Today's Blog Courtesy of IBM Security Intelligence

An interesting news story caught my eye on the BBC website. It highlighted how police in the United Kingdom are mystified as to how smartphones and tablets that have been seized from criminals and suspected criminals are being remotely wiped while being held within police custody. The story made me think about how incident response teams should deal with computer security incidents relating to Bring Your Own Device (BYOD) devices such as smartphones and tablets.

The growth in the use of mobile devices by employees is becoming more widespread across many organizations. In his blog post “State of BYOD and Mobile SecurityReport: Latest Insights, Trends and Stats” , Yishay Yovel raises a number of interesting points from a survey conducted within the Information Security Group on LinkedIn. The items that struck me most were that over 60 percent of those surveyed say their organization tolerates employees using personal devices to access corporate data such as email and documents. While these statistics highlight how improved technology can enable workers to be more productive, we also need to accept that this technology has introduced a new level of risk into the organization. Not least of which is how an organization should gear up its incident response capabilities should an investigation involve mobile devices.

In the traditional approach to incident response one of the key steps in that process is to capture a forensically sound image of the device. This is often done by taking physical control of the computer in question, isolating it from the network and then using forensic software to capture the required evidence from the computer.

With BYOD, one of the key issues is whether or not the organization will have access to the mobile device. After all, it is the employee’s personal device and the organization may have no legal rights to seize or access it. This is where good planning regarding the organization’s BYOD policy comes into play.

Even if the organization can seize and access the mobile device there are a number of key considerations that we can learn from the UK police forces.

Just because you have physical control of the device does not mean you have logical control of it. Most mobile devices have many ways to connect to various networks such as the mobile phone network over which data and commands can be transmitted, the device may be configured to connect to the Internet using WiFi networks and many devices will have Bluetooth enabled on them. So it is essential to ensure that all connectivity for the device is turned off before conducting any investigations. For good measure the device should be sealed in a Faraday bag or cage. If there is no Faraday bag or cage available, the device could be stored in a microwave until one becomes available.

Most mobile devices are connected to the cloud and are configured to automatically back up data to the cloud. So while you may have physical control of the mobile device you may not have complete control over your data. There is also the risk that the information you may rely on in court could be modified in the cloud and when the mobile device next synchronizes with the cloud, the data stored on the device could be modified or overwritten.

There are a number of security and privacy apps available that are designed to securely wipe a device should it not be accessed by the device owner within a certain period, or if it cannot connect to the Internet within a specific time period. It is important when examining the device to be able to identify such Apps and take actions to circumvent them or to gather the data required before the App operates as it is designed to.

BYOD can bring many benefits to an organization, but it also changes the landscape for incident response. Make sure to regularly review the tools, technology, processes, training and skills available to your incident response team to ensure they can meet those challenges.

First Appeared November 2, 2014 | www.securityintelligence.com
Author: Brian Honan

Video: Threat Intelligence and Behavioral Analytics

"An ounce of prevention is worth a pound of cure:" This video series is dedicated to that exact idea applied to security, security breaches and today's evolving world of security threats. Let's not forget the power of prevention.
Join us each week as we deliver a short video geared towards: Intelligence & Analytics, Fraud Detection, Risk Management, Forensics, Compliance and Data Security.

IBM Data Security solutions help keep data safe. New technological capabilities come with new vulnerabilities. As a result, cybercriminal organizations are looking to feast on vulnerable systems--some may have penetrated your organization already, waiting for the right moment to strike. IBM Security helps provide confidence that you can protect your business.

_______________________________________________________________

VSS helps organizations to reduce their risk exposure across all areas of the enterprise including its people, data, applications, network and servers. VSS works with best of breed technologies including IBM Security, IBM InfoSphere, CheckPoint, Ping Identity and cloud security partners. By having skills that cover the entire organization, VSS can integrate the best security products and practices to provide clients with an enterprise-wide solution. Learn more here.

ORIGINALLY POSTED ON AUGUST 31, 2015

Sourced From IBM's Security Intelligence  http://securityintelligence.com/