If Not Us, Who?

By cliangNo Comments
This blog is part 2 of 2. Most of the time, people expect cybersecurity practitioners are experts to deal with cybersecurity matters.  Yes, they are and take the lead but this is only a small part of the game. For a holistic cybersecurity posture, every one plays an important role in the entire jigsaw.  This is because we are all living in the world flooding with information.  This is highly integrated into our daily life.  Every one has the responsibility to secure information in the cyber space not just as an individual but also helps the counterparts that interacted with. So if not us, it's every one....
Read More

If Not Now, When?

By cliangNo Comments
It has been used in S4x13 theme. This blog is part 1 of 2. Most often, security technology sales send security alerts to top management to demonstrate their value preposition. Top management is likely forward this "intel" to cybersecurity management team simply with "Please handle" to relieve their obligations from getting intel but do nothing. Cybersecurity management team obtains this directive, then drives the ICT/ICS workforce to apply the recommended work around (change system configuration, apply security patch) and compiles a dashboard for reporting completion status. The ICT/ICS workforce dare not to say no but to accommodate such executive order at extra work load from routine work. This isn't an effective cybersecuruty management. The proper means is to assess the threat, current protection and business consequence. The "Now, Next, Never" in S4x19 best describes the correct attitude. So, if not now, could be next or even never....
Read More

Treat or Trick

By cliangNo Comments
Halloween is coming and the tradition is once annually.  It is a children's custom of calling at houses at Halloween with the threat of pranks if they are not given a small gift. In cyber world, this happens every now and then.  You get an email saying you are being selected for award (free air ticket, free miles, lottery, an estate etc.) but you need to register or pay admin fee to claim.  If you trust such too good to be true, you are phished leading to various consequence ranging Leakage of you PII (Personal Identifiable Information) Leakage of access credential of email, ebanking or any registered web portal Financial loss Collateral damage to those you know as using your identity will increase the trust level at the 2nd degree phishing attack against your friends Criminal act as activities are executed under your identity Therefore, it's treat AND trick in cyber world.  Strengthening human awareness cannot be overlooked....
Read More

Assumption #2 (2nd topic)

By cliangNo Comments
No matter individual or enterprise, there are information stored in the cloud. The pre-requisite to use cloud is the communication line from your end point to the hosting location. Most rely the as-built cyber protections like TLS, 2-step authentication offered by the provider. No doubt, these are deemed secure. But if your information is of high value, you need to consider the appropriate level of extra layers, e.g. single tenancy, dedicated hosting location with physical access control,  further end-to-end communication encryption, database level encryption or tokenization, periodic security assessment, regular situation awareness to keep your people from being victim of spear phishing attack. All these don't mean 100% security but to demonstrate your due diligence to secure your data....
Read More

Cyber Footprint

By cliangNo Comments
We are living both in the physical and cyber worlds and these worlds are closely coupled. We have left lots of cyber footprints - posts in social media, emails to others, auto-toll road, facial recognition via video analytics by surveillance camera, RFiD cards in the pocket, cell phone IMEI with location service, electronic identity of many, purchase preference, web browsing habit, medical & education history ... not to mention those event logging.  All these can be traced back to an individual, if intended. An individual might also locate the peers from cyber world to reach out physically.  Common example is proposed contact by social network via your connected friends. Machines are also controlled by automation where these controls are "living" in the cyber world. Performance of machines are feeding back to machine learning to improve physical operational efficiency. Unless you stay in the wild completely off the grid, hunting and farming for food, using natural fuel, living in a closed & trusted community without electronic...
Read More

Supporting System

By cliangNo Comments
Mostly, people put focus cybersecurity on critical infrastructure. We must not forget the cybersecurity for supporting systems are equally important as they are also network connected for information exchange or control from the control center. These systems automate protection for the core system. Examples are those commonly known like facility management (or FM such as fire fighting, CRAC, access control, UPS), SIS (Safety Instrumented Systems). If these systems fail, it will impact to the core systems. There is recent incident for cyber attack on SIS. Imagine, if the FM fails, the information processing facility will fail too. More severe impact is the SIS failure, it will affect environment or human safety....
Read More

Penetration

By cliangNo Comments
Cybersecurity is becoming commodity skill and therefore same terminology will have different interpretation by different parties. Pick penetration test (pTest) as an example. For beginners they simply pick up automated scanner then scan the network and hosts. Whatever reported in the scanner and recommendations are their findings and that's all. A more skillful pTester will review the reported finding, validate its applicability with owner for a practical and achievable follow up before reporting. A professional pTester will go beyond further. Before engagement Understand what is the target of evaluation Advise owner the risk of doing automated scan rather than blindly perform the scan because others say so Agree on approach of execution to set expectation Agree on picking representable samples to manage resources (for both sides) Determine where to place the scanner - before or behind any network perimeter Before execution Load scanner with updated signature and agree on types of test (brute force password attack? DoS test?) Validate target node is accessible ...
Read More

Threat Hunting

By cliangNo Comments
Suddenly, new market jargon "threat hunting" is spreading around under cybersecurity domain. It is a kind of proactive measure to uncover if your environment has already been penetrated and critical info are being exfiltrated. This kind of exercise is best executed by 3rd party periodically, because: If this is due to insider threat, it won't be surfaced In-house workforce might have assumption for certain things that won't go wrong Periodic check is for assurance because the threat hunting only spots situation at a particular point in time and its past, it cannot predict the future A more holistic approach is to augment this threat hunting exercise with workforce and business process strengthening to identify vulnerabilities for effective risk reduction....
Read More

Spam

By cliangNo Comments
Everything in the world is relative. For some, spam mails are annoying and try to filter them off the mailbox as spams usually associate with unsolicited sales or phishing attack. But for others, spam are considered as valuable resources. Honeypots are setup to collect spams, analyze and understand the trend, the TTP (Tactics, Techniques, and Procedures) of phishers in order to bring up awareness and counter-measures....
Read More

Stepping Stone

By cliangNo Comments
Systems and components are connected in the cyber space. Some have misconception that my setup are for development, or its failure does impose significant impacts, why do I bother to secure it? Because if these systems or components are insecure, they could be deployed as gateway for hacker to penetrate into other internal infrastructure. This lateral network movement contributes to many high profile data breach incidents. Other infrastructure/facilitiy elements are often mostly neglected, e.g. UPS, CRAC (Computer Room Air Conditioner), BMS, IP-camera, IP-KVM etc. As long as they are connected in your network, you should care....
Read More