Businesses need to take their cyber security seriously. There are huge financial implications for being hacked, not just from the perspective of lost revenue and weakened reputation, but also in the form of stricter regulations from laws such as the General Data Protection Regulation (GDPR). However, there are a number of myths about cyber security that make it difficult for companies to know what the best course of action is. Here are four myths about cyber security that are still affecting British businesses.
Myth #1: Cyber security is purely dealt with by the IT department
One commonly held myth that can actually put businesses at risk is the idea that cyber security is something that the IT department (and only the IT department needs to be concerned about). Of course, it is necessary to provide your IT team with the budget and resources to defend your business against the risk of a cyber-attack.
Amazon Web Services (AWS) offers a huge variety of benefits for businesses, and organisations are increasingly opting for cloud solutions for their data, website, and applications. However, there are still some businesses using AWS that have not put the proper cyber security controls in place. Here we take a look at ten great tips to improve your AWS cyber security.
- Understand your responsibilities
When you work with any kind of web services provider you need to understand what you are responsible for and what will be managed by the provider. This is absolutely true in terms of AWS – where Amazon runs its so-called ‘shared responsibility model’. In this model AWS is responsible for protecting the infrastructure of the AWS cloud system including hardware, software, and networking.
On the other hand, you as the customer is responsible for customer data, identity and access management, firewall and anti-virus configuration, and issues such as data encryption. It can sometimes be necessary to work with outside agencies to manage your own cyber security.
According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023. The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has targeted elections and critical infrastructure. The establishment of the COC is a natural evolution in how to address cyber attacks in a more timely manner by integrating cyber actions with more conventional military capabilities. In early 2014, after notable cyber incidents were a part of international incidents that occurred in Estonia in 2007 and Georgia in 2008, the Alliance updated its cyber defense policy to classify digital attacks as the equivalent of kinetic attacks under its collective security arrangement under Article 5 of the treaty.
In those particular instances, Russia was suspected in orchestrating or at least tacitly supporting the cyber attacks that afflicted both states. Since then, Russia’s alleged cyber activities have only become more brazen in their scale and aggressiveness. From suspected involvement in launching cyber attacks against Ukrainian critical infrastructure to launching a variety of cyber operations to meddle in the elections of foreign governments, Russia has taken advantage of the uncertainty of cyberspace where there is little consensus on key issues such as Internet governance, cyber norms of state behavior, or the criteria by which cyber attacks escalate to a point of war.
With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process. Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016. The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference. Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.
Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention. After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered. In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.
Cryptocurrency appears to be gaining traction among governments seeking to establish their own digital currencies, despite questions regarding the potential volatility associated with it. Currently, the countries that have already created digital currencies include China, Ecuador, Senegal, Singapore, and Tunisia, with Estonia, Japan, Palestine, Russia, and Sweden potentially following suit. Even a small country like the Marshall Islands has announced its intent to create its own digital currency in order to boost its economy, and will be on part with the U.S. dollar as a form of payment. What seemed like a novel thought exercise as to whether cryptocurrency could be a legitimate alternative to the established norm appears to be an option that governments are more closely considering. In fact, some have speculated that further adoption of the country-specific cryptocurrencies could have serious implications for the established international monetary system.
Whether that transpires remains another intellectual exercise in the possibilities of what “could-be” one thing is clear – states on the receiving end of stringent economic sanctions are turning to cryptocurrency as a way to assuage these penalties. One of these countries is Iran, who is reported to be very interested in creating a digital currency, a major shift from its initial stance on banning banks from dealing in cryptocurrency . According to one news source, the Secretary of Iran’s Supreme Council of Cyberspace envisaged the use of cryptocurrencies to “smoothen trade” between Iran and its partners in the wake of renewed U.S-imposed sanctions. The same individual revealed that a state-backed cryptocurrency was accepted as an industry in the government and related organizations such as the Ministry of Communications and Information Technology, the Central Bank, the Ministry of Energy, the Ministry of Industry, Mining, and Trade, and the Ministry of Economic Affairs and Finance.
Space Force picture, an independent military branch by 2020. The move is designed to counter the weapons that China and Russia have already developed that threaten U.S. satellites. The U.S. Vice President quickly assured that the force did not and would not be created from the ground up, but would leverage the personnel and material resources already existing in the service elements. The goal is to streamline efforts and maximize efficiency, a noble endeavor given the difficulties that invariable arise when mission responsibilities traverse and overlap so many different organizations.
The protection of U.S. civilian and military space assets are considered a national security concern. In December 2017, U.S. Department of Defense officials expressed concern that the United States’ anti-satellite capabilities were not up to par as some of its adversaries. In contrast, adversary adoption of anti-satellite weapons been documented in the news. In April 2018, a report detailing global counterspace capabilities (that include direct ascent weapons, co-orbital, directed energy, electronic warfare, and cyber warfare) underscores how adversarial nations are actively pursuing the development of such weapons and the threat that they pose to U.S. space interests. The report reveals that such investment by these states started in the mid-2000s.
In late July 2018, the Department of Homeland Security (DHS) announced the creation of the National Risk Management Center, a new organization dedicated to threat evaluation particularly as they pertain to potential hacking against the U.S. critical infrastructure. According to news reports, the center will initially commence with narrowing its focus on the energy, finance, and telecommunications sectors. This new initiative is designed to improve risk assessment across the critical infrastructures and serve as the primary “one-stop shop” to help private companies manage their cyber security risks.
Coinciding with this announcement is the Congress-lead “DHS Cyber Incident Response Teams Act of 2018” that seeks to create permanent incident response and threat hunting teams in the DHS. Such a bill further empowers DHS to help improve cyber security via trained professionals to mitigate and remediate cyber incidents against Federal entities and critical infrastructure entities. The bill passed the House of Representatives on March 19, 2018 and goes to the Senate for its consideration.
In 2018 the number of cyber threats is rising every day, but there are still many gaps that needs to be filled in the world of cybersecurity. There is definitely a talent shortage as many people still think that there is no place for women in information security. Currently, women represent only 11 percent of the cybersecurity force worldwide.
As we already hear and read news related to cyber warfare and espionage on a daily basis, maybe it’s the right time for women in cybersecurity to step in and help to solve more related cyber problems. Although some people may say that the lack of interest is the main reason why there isn’t many women in InfoSec there is a huge potential for this to change in the future. We from CyberDB have created a list with some of the top women in cybersecurity so you can learn more about them and their accomplishments. Feel free to check it out!
Internet of Things (IoT) security is the latest product category to emerge in cybersecurity. Even though this is a relatively new segment of the security market, it has already diversified and includes multiple vendors.
What is IoT?
IoT is the latest group of Internet-enabled devices to be added to the technology world. At first there were mainframes, then desktops and laptops, and finally mobile devices came along. All of these products are well-defined and require no further explanation.
IoT, however, is comprised of every Internet-connected device that is not mentioned above, including smart home appliances, water meters, security cameras, smart-city devices and many more. These devices are basically miniature computers running on Linux devices, with some computing power and the ability to communicate via web protocol (i.e. they have an IP address).
Smaller, less sophisticated connected devices are also part of the IoT landscape. These often function as sensors, are equipped only with short range communication capabilities and are deployed in a mesh configuration, meaning that they communicate with the Internet using an IoT gateway, which is an industrial modem with some compute power.
Thus far, there has been no confirmed retaliatory cyber strikes conducted by a victimized government against a suspected aggressor state. There has been some speculation that after the Sony Pictures attack, the United States “knocked” North Korea off the Internet for a brief period of time, although this has never been corroborated. Despite being a cyber power, the United States has demonstrated restraint in punishing against those transgressor states it believes to have been orchestrators of cyber attacks against its interests, preferring to level sanctions as a punitive alternative.
The question that governments ask is how to deter hostile acts in cyberspace? And while an important question to raise, perhaps the reality is that there is no viable answer. There is a reason why international efforts continually fail when trying to gain consensus on cyber norms, Internet governance, and the legalities and criteria of hacking back – there is lack of a fundamental desire to actually find a solution. Governments willing to agree to the standards and principles of any of these issues are stating their willingness to abide by them, and while that may fit the current situation, the dynamism of cyberspace has proven unpredictable. Being cuffed to such an agreement that no longer has relevance while other governments operate without constraints is not an ideal situation. Therefore, without an agreement in place, the status quo remains.