Know Thy Enemy: Thinking Like a Hacker can Boost Cybersecurity Strategy
- Many organizations engage in penetration testing to comply with regulations but don’t assess the range of reasons for which they could be targeted in the first place, leaving them vulnerable.
- Security experts are advocating for CISOs and their security teams to use threat intel, security frameworks, and red team skills to think like a hacker and use that insight to shape security strategies. This means considering motives and mentalities, reviewing possible pathways attackers may take, and considering what exactly they want – all of which could be different or broader than assumed. That insight should then shape the direction of a threat-based defense-in-depth security.
- Despite the benefits of “hackerthink”, many organizations lack the resources to do so. These resources range from people to justifying funding and even appropriately shifting skillsets away from solely a defensive perspective. This article looks at the benefits of hackerthink and how to start thinking like a hacker for your organization.
90% of Organizations Have Microsoft 365 Security Gaps
- According to a study by CoreView of 1.6 million Microsoft 365 users, 90% of organizations have gaps in essential Microsoft 365 security protections. These gaps were in 4 key areas – MFA, email security, password policies, and failed logins.
- Additionally, nearly every organization is leaving the door open for cybersecurity threats due to weak credentials, particularly for administrator accounts. The report noted that 87% of organizations have MFA disabled for some or all of their admin accounts.
5 Free Resources From CISA
- CISA is in charge of enhancing cybersecurity and infrastructure protection in both the public and private sectors. To assist organizations, CISA offers a variety of free cybersecurity services.
- Of the 5 tools noted in this article, CISA’s cyber hygiene services provide the most tangible benefit. CISA offers free vulnerability scan, web application penetration testing, and phishing testing.
- The other 4 services noted include the Cybersecurity Evaluation Tool (CSET) which allows organizations to assess their security postures, a cybersecurity implementation checklist, a known exploited vulnerabilities catalog, and the Malcolm network traffic analysis tool.
Been Doing It the Same Way for Years? Think Again.
- Despite the constant change and improvement in technology, some things just get done the same ineffective way without any real thought behind it because “that’s the way it’s always been done.”
- The article specifically looks at an organization’s patching process as an example; however, the inability of many organizations to adapt is prevalent in a variety of other IT/Security processes as well.
- IT practitioners should stay aware of changing practices and watch out for better ways to do things. Within reason, we need to question whether our everyday practices reflect best practices.
How Remote Working Impacts Security Incident Reporting
- With companies growing more accustomed to implementing security technologies and processes better attuned to mass remote working, incident reporting has the potential to become a major stumbling block.
- With a feeling of disconnect from the office and a lack of convenient, remote-friendly communication channels and instructions, businesses are likely to suffer from poor reporting from workers outside of the office. Likewise, much of the issue may simply come from either not knowing who to contact during an incident or which method should be used for reporting an incident (Teams, phone call, email, etc).
- The article discusses the importance of having clear and effective security incident reporting policies as well as training and awareness programs that address heightened concerns with remote workers.
Hackers Modify Popular OpenVPN Android App to Include Spyware
- The threat actor Bahamut has been luring victims with fake VPN software for Android devices that is a trojanized version of the legitimate software SoftVPN and OpenVPN. Researchers say that the campaign is “highly targeted” and aimed at stealing contact and call data, device location, as well as messages from multiple apps.
- Bahamut repackaged SoftVPN and OpenVPN with malicious code. By doing this, they ensured that the apps would still operate as VPNs while data was exfiltrated. To further enhance credibility, Bahamut made a website that spoofed the name of another VPN service, SecureVPN.
- It has been noted that Bahamut is a well-funded cyber espionage group. Likewise, review of the malicious code suggests that the group is still actively developing its malicious VPN services.
9 VOIP Security Best Practices to Consider for Your Business
- Voice over IP (VOIP) systems handle critical communication features and are especially important in remote working environments. However, there are security risks associated with VOIP.
- Common VOIP security risks include data theft and call eavesdropping, the reduction of accessibility for legitimate users, DDoS attacks, and use as a foothold within a network.
- The article highlights nine VOIP best practices. Of the nine, several to highlight include utilizing end-to-end data encryption, segmenting the networks that VOIP is on, mandating strong authentication credentials for VOIP devices, and ensuring the VOIP software is up-to-date and patched appropriately.
Overcoming Unique Cybersecurity Challenges in Schools
- A school’s ecosystem is far different from that of the typical enterprise. Not only does a school district face the monumental task of educating our upcoming generations, but they must do it at the scale of a Fortune 500 enterprise with a fraction of the budget. Likewise, unlike organizations, schools don’t get to choose their students – who have diverse backgrounds and, at the K-12 level, vary greatly in their age and overall life experience. In addition to students, schools must consider the access of their teachers and staff as well.
- Unfortunately, students and staff often make themselves vulnerable through the re-use of passwords across dozens of platforms, devices, websites, and applications within the school. According to a recent study, 40 percent of school districts have at least 10,000 digital identities, with most users employing six or more accounts for applications.
- The article highlights the importance of providing comprehensive security awareness programs and flexible identity and access management (IAM) to reduce the threat of credential-related issues. While school employees are important, they aren’t the only possible attack vector for malicious actors. Awareness training of some kind is encouraged, regardless of users’ role (either student or staff).
- Maintaining the productivity of the learning process, while increasing security, is key when maintaining a budget-minded cybersecurity program.