Suspicious

By cliangNo Comments
It is common to see such directive in subway, airport, key facilities, incident respond playbook etc. The problem is different people have different interpretation of "suspicious". Take phishing attack as an example. Email is apparently sent from the one you know. Should it be suspicious? If so, there won't be so many successful cyber attacks originated from phishing to launch ransomware, data exfiltration or remote access trojan (RAT). Therefore, more needs to be done to elaborate what is "suspicious" to raise situational awareness. Of course, it is a challenge to include so many information in a sign board. If the facility is so critical, each personnel (staff, visitor, contractor) should be briefed the threat scenario (like the safety rules before the aircraft departure) while the signage is just a reminder of what has been briefed. ...
Read More

Visibility #2

By cliangNo Comments
Placing a warning sign will avoid facilities being damanged by mistake. But what about the info is misused by threat actor to launch attack? Sometime, deceptions or decoys are used to understand the behaviors of threat actors so that appropriate counter-measures are effectively developed and applied. Ultimately, it is then all about judgment. This is from both attacker and defender perspective Whether the accessed resources are traps, orWhether the unusual activities are camouflage covering other malicious intend. Life becomes harder and harder. ...
Read More

Proper Usage

By cliangNo Comments
Roads connect different destinations in physical world. Every road user (vehicle or any kind, pedestrian or live objects) has to comply with the usage rule for safety. Network connects different hosts or systems as cyber world. Similarly, there are also rules that every user (device, human) must follow to become cyber safe. Even if you are using the information processing facility without any network connection, say a totally isolated computer, you also need to bear the same in mind. This is because it is a usage habit such that you adopt consistently. Like driving habit, you apply the same attitude no matter for work or for leisure. ...
Read More

Accountability

By cliangNo Comments
To run a business, there are always business risks. It is a matter of how much risk acceptance is comfortable. Say, shoplifter will incur revenue loss of a supermarket. Therefore, protection decision is against high value goods, e.g. adding RFiD anti-theft tag. Even CCTV and guards are deployed, there might still be a chance of incidental slipping thru on goods not protected by anti-theft tag. This is risk acceptance. The business owner is fully accountable to manage these risks. That said, there should be parties with different knowledge domains to help business owner understand the inherent risks and the ultimate risk acceptance is the business owner. For risks involving regulatory compliance, these must be addressed or else putting the organization into civil or criminal offence, temporary or even permanent suspension of business license. An example is the taxi business that needs to have vehicle license for passenger, compulsory vehicle inspection, public liability insurance, emission control of exhausted...
Read More

Certificate

By cliangNo Comments
Cyber Security practitioners need to acquire relevant certification or credential in demonstrating domain expertise or competency. Learning is life time process. Getting certified is not to fulfil employment but a personal acievement. Even if certified, upkeeping the field knowledge and practices is essential or else falling behind. No matter attending academic course or professional training, these are just opportunities to let you learn how to learn. The context involved is just a catalyst in doing so. Alternatively, helping peers or mentoring will also enable knowledge advancement. Therefore, never be complacent. ...
Read More

Deception

By cliangNo Comments
Everything on earth has good or evil perspectives, same for deception in cyber world. We heard a lot about phishing or scam that is the evil side of deception. However, there is the need for good deception in the cyber space.  To understand how threat actors penetrate or launch attacks, honeypots are established to let them take the bait.  Honeypots can be vulnerable web sites, decoy email address or decoy social network identity that are under monitoring. For vulnerable systems, researchers are able to understand the behaviors and TTP of threat actors from reconnaissance, access, ex-filtrate data, cover the track. Effective counter-measures can be developed in the cyber kill chain. For phishing, researchers are able to spot if new exploits are deployed in content rich email or attachment to masquerade the malicious attempts then alert the community. Scams from social network could also be traced to inform law enforcement agency to take down the malicious identities....
Read More

Remove, Lock, Take

By cliangNo Comments
We have lots of digital assets on the road, cell phone, notebook, removable storage media etc. There are stringent controls to secure the information inside these containers such as encryption, multi-factor authentication, location awareness, MDM, forced full tunnel VPN. Careless end users might just defeat all these controls if they are unaware they are the biggest threat in protecting information. These simple steps could help to secure: Remove your login session, i.e. logout without waiting the inactivity time out Lock your screen even if you are just turn around your head Take with you the digital asset and don't leave it unattended ...
Read More

If Not Us, Who?

By cliangNo Comments
This blog is part 2 of 2. Most of the time, people expect cybersecurity practitioners are experts to deal with cybersecurity matters.  Yes, they are and take the lead but this is only a small part of the game. For a holistic cybersecurity posture, every one plays an important role in the entire jigsaw.  This is because we are all living in the world flooding with information.  This is highly integrated into our daily life.  Every one has the responsibility to secure information in the cyber space not just as an individual but also helps the counterparts that interacted with. So if not us, it's every one....
Read More

If Not Now, When?

By cliangNo Comments
It has been used in S4x13 theme. This blog is part 1 of 2. Most often, security technology sales send security alerts to top management to demonstrate their value preposition. Top management is likely forward this "intel" to cybersecurity management team simply with "Please handle" to relieve their obligations from getting intel but do nothing. Cybersecurity management team obtains this directive, then drives the ICT/ICS workforce to apply the recommended work around (change system configuration, apply security patch) and compiles a dashboard for reporting completion status. The ICT/ICS workforce dare not to say no but to accommodate such executive order at extra work load from routine work. This isn't an effective cybersecuruty management. The proper means is to assess the threat, current protection and business consequence. The "Now, Next, Never" in S4x19 best describes the correct attitude. So, if not now, could be next or even never....
Read More

Treat or Trick

By cliangNo Comments
Halloween is coming and the tradition is once annually.  It is a children's custom of calling at houses at Halloween with the threat of pranks if they are not given a small gift. In cyber world, this happens every now and then.  You get an email saying you are being selected for award (free air ticket, free miles, lottery, an estate etc.) but you need to register or pay admin fee to claim.  If you trust such too good to be true, you are phished leading to various consequence ranging Leakage of you PII (Personal Identifiable Information) Leakage of access credential of email, ebanking or any registered web portal Financial loss Collateral damage to those you know as using your identity will increase the trust level at the 2nd degree phishing attack against your friends Criminal act as activities are executed under your identity Therefore, it's treat AND trick in cyber world.  Strengthening human awareness cannot be overlooked....
Read More