20 percent of external cyber attacks were carried out through mobile malware, Forrester Analytics Global Business Technographics Security Survey 2018 finds
Mobile devices are becoming a top target of attack, a trend that in many ways is rooted in poor vulnerability management.
Android fragmentation has been a discussion in the security community for a number of years because many mobile manufacturers either stop supporting devices when new versions come out, or are slow to make updates available — leaving consumers believing they are up to date when they check for the latest updates. To truly understand the scope of this issue, according to Google’s developer site, over 50% of Android devices are running Marshmallow, which was released in 2015, or something even older.
Privacy-minded employees often reject MDM solutions. Mobile enabled employees are happier and more productive, which has a direct impact on your business. Unfortunately, many organizations that have tried to deploy MDM solutions found that privacy concerns limit adoption. In fact, Forrester surveyed one large manufacturing company and found that 40% of employees rejected this control.
Ensure employees have access to an anti-malware solution
Earlier this year, Check Point determined that mobile malware that had the ability to evolve was coming pre-installed on phones, loading variants of itself for campaign-level control. Recognizing the productivity gains of a mobile workforce, we need to provide employees with a solution that will leave them comfortable that you can’t snoop on the photos, contacts, and personal details on their personal devices. Providing them with access to a mobile anti-malware solution that is not managed by your organization will alleviate these concerns while ensuring a mitigation of risk against the coming tide of mobile malware.
No matter if it’s private communication or business, your emails contain practically all the information there is to know about you
From your emails, anyone can learn about your work, our relationships, our vacations, and our medical problems. Someone in control of your email account could impersonate you and scam your friends and business partners, as well as reset passwords to any account linked to the email address.
Email security is of high importance, and while perfect anonymity and security might seem unachievable, it is rather easy to secure your account against some of the most equipped adversaries — and without too much cost.
Strong passwords protect your account from hacking
To make sure that no one else has access to your account, simply change your password. The most important characteristic of your password is that it should be unique. This means not only do you not use this password on any other service, nobody uses this password on any service.
You should also enable two-factor authentication for your email account. Two-factor authentication works by sending a secondary, one-time password by text message to a registered phone, making it far harder for anybody to access your account, even if they have your password.
Regular housekeeping on your account is essential for good security. Make sure that no one has set any redirects or filters that automatically forward your email to another account.
Also, check your previous logins and see if you find anything suspicious. Some email providers allow you to link your account to other apps or platforms. Make sure that all of these integrations are trustworthy and needed.
Don’t load images and be careful about tracking links
To track the reach and effectiveness of their emails, many companies, especially newsletter providers, will track the links in their emails. This is done to see how many people, and even who exactly, read the email, clicked on certain links, or forwarded the email.
When you hover your mouse over a link, your browser should show you its destination, which you can copy it into a text editor for further inspection. You could open the link in the Tor Browser to disguise your location, although this would still reveal the time you opened the link.
Another strategy used to track you is to include images into your emails. When you open the email, you automatically load the image from a remote server. This can contain a tracking code, and reveal to mailing list administrators who opened the message. You can most likely configure your email provider to not load external images by default, thus disabling the tracking code.
Links might not only track you, but rather send you to sites that host malware, or phishing sites.
Be careful opening attachments
Attachments can contain all kinds of malware, such as cryptolockers or trojans. Only click on files that you expect, and whose senders you trust.
It is advisable to open commonly infected formats such as pdf, xls, and doc using the built-in functionality of your webmail provider, or to open them in a virtual machine. Either way, make sure your computer is up to date. Antivirus software helps but is not a guarantee of a virus-free computer.
Always use TLS
TLS stands for Transport Layer Security, and it ensures your connection to a website is encrypted as well as verifying the integrity of the server you are connecting to. TLS is also used to encrypt your connection to an email server and connections between email servers.
When you use an external email client, such as Outlook, Apple Mail, or Thunderbird, always make sure your emails are fetched over an encrypted channel.
Go into your settings and ensure “STARTTLS” or “SSL/TLS” is activated.
- Some software may call this connect only through encrypted channels
TLS ensures that emails are encrypted between your computer and the email server, so they cannot be easily intercepted.
It is important to encrypt emails not only between your computer and your email server but also between email servers.
This is also done with TLS. You can use the tool CheckTLS to see if your email server encrypts between servers.
Simply enter your email address (or that of anyone else) into CheckTLS.
Your test results should look like this. Everything is green, indicating all emails are encrypted when sent between servers, and the certificates are valid.
If you see a red Fail under TLS, you need to urge your email provider to configure their servers correctly, or switch providers. (Yes, the U.S. Military does not encrypt its email!)
In many cases, you will see a result like the one above. The Cert OK fail indicates that while the nsa.gov email servers do use encryption, they do not have a valid certificate, making them vulnerable to man-in-the-middle attacks. If you encounter this problem, reach out to your email provider, system administrator, or look out for a new one.
Encrypt your emails with PGP
It is possible to encrypt emails to protect them from being snooped on, intercepted, and altered by even the most skilled and well-funded adversaries.
Pretty Good Privacy (PGP), also called GNU Privacy Guard (GPG), is free software that encrypts the contents of your email in a way that means only the intended recipient can see it. However, it does require the recipient to use the software as well.
When using PGP, both you and your contacts will create a keypair on your devices, which includes a public and a private part. You can exchange the public key, verify its authenticity, and encrypt your emails with this key. To decrypt the information the private key is necessary, which never leaves the computer.
Though very secure, PGP does still leave some information out in the open, called metadata. The metadata includes the email addresses of the sender, recipient, time the message was sent, and the approximate email size.
Avoiding metadata is difficult and might entail not using emails at all. For an example, have a look at Off-the-record (OTR) , an encrypted chat protocol. OTR encrypts your messages, but also creates a new key for each conversation, to make it more difficult to link them.
This article teaches you how to set up an anonymous jabber account, enable OTR encryption, and route your chats through the Tor network.
New Zealand tech stars are leading a global team in launching the world’s first ever blockchain platform for the multi-billion-dollar global online ratings and review industry
Kiwi tech business experts including 2017 New Zealand Chief Executive of the Year award winner Leigh Flounders and NZTech and FintechNZ chair Mitchell Pham are at the forefront of the launch of Lina.review which is ground-breaking and disrupting the online review world.
The blockchain platform was soft-launched in Bangkok recently to an audience of more than a thousand investors from around Asia, Europe and the US, a week before the scheduled ICO (Token Generation Event) that took place in Geneva on January 15.
Pham says that to do something on a global scale, Kiwis have to get out there and join global teams, work with a diverse range of people from around the world. We are too small to do global things on our own.
“We can even lead these international teams in some instances.
‘We saw a great idea being developed internationally that will change an entire global industry and demonstrate how blockchain can solve real world problems.
“So, being can-do Kiwis, we joined them in taking it to the world.
New Zealand has a relatively immature online review industry with little recent innovation, Pham believes
“Except for TradeMe, consumer.co.nz and Canstar, there is little in the way of a central, reliable, easily accessible New Zealand ledger for ratings and reviews.”
Pham says Lina is not just a website but is a blockchain-based platform that everyone can build their own review system to develop community and manage their own businesses.
All Lina-based review channels are globally connected, he says.
“With Lina review being a truly global product, Kiwis can interact with Lina for international product and service websites and domestically.
“Being part of a global review platform will also make it easier for Kiwi businesses to market their products globally.
“Lina can also be integrated into existing platforms such as ecommerce and bookings platforms through the upcoming Lina API.
“Kiwis can now get value from trustworthy, transparent reviews, whilst being able to monetise their involvement with the Lina platform by providing quality content and engagement,” Pham says.
Blockchain, a continuously growing list of records, called blocks, which are linked and secured using cryptography or coding, is a relatively new technology that is being used to solve problems in an increasing number of industries.
Pham says Lina is the first and only fully functioning blockchain platform for a multi-billion-dollar industry through understanding some of the fundamental weaknesses of the existing industry and how blockchain technology can fix these issues.
Other Kiwis involved with Lina.review in prominent roles include successful serial tech entrepreneur Greg Kushnir, world-class blockchain and cryptocurrency expert advisors Mark Pascall and Paul Salisbury.
“This is a great example of NZ tech entrepreneurship, expertise and leadership being applied on the world stage, to change an entire global industry,” Pham believes.
“Consumers love using online reviews pre-purchase, yet over half of online consumers say they don’t trust online reviews or ratings.
“So, what happens when a consumer reads a review about a product or service and they don’t trust the content? They either stall their purchase, or worse: do not buy at all.
“Lina is the first and only blockchain platform built specifically for the multi-billion-dollar online ratings and reviews market. It has been built to restore trust again into this industry and provide tangible value for all participants in the review and ratings ecosphere.”
Digital learning skills, smarter homes and medical drone deliveries will be major tech developments that will significantly impact lives of Kiwis, a leading New Zealand tech expert says
NZTech Chief Executive Graeme Muller says while the tech talk is often about issues such as robots stealing jobs or virtual reality worlds New Zealanders may sometimes overlook some of the advances that are happening already that will be important for Kiwis in the coming days of 2018.
“Possibly the biggest tech trend is the growth in demand for people with skills in digital technologies.
“These skills are not hard to learn and come with a median salary that is twice the national average,” he says.
“The nationwide Digital Skills Study released at the end of last year found digital jobs are increasing twice as fast as graduates are being created.
“The median annual salary is now $82,000, almost twice that of the average Kiwi.
“Learning how to write software, design processes, manage data or any of the hundreds of other tech jobs in demand is the way to go for anyone looking to develop a secure income in 2018.
“This year we will also see the launch of the digital technology curricula in all New Zealand schools where students from year one will start to learn how computers work and how to control them.
“The second trend that will sweep across key parts of New Zealand are smarter homes.
Usually smart homes talk is about fridges that order your food but this is more important.
“Last year’s House Condition Survey found that about half of New Zealand homes suffer from under heating, damp and mould, all of which are contributing to poor health for many Kiwis.
“In fact, one study last year estimated that 1600 deaths during last winter could be attributed to cold damp housing.
“A simple solution, developed by Kiwi social enterprise Whare Hauora, is a low-cost sensor which lets people know the temperature and dampness of their rooms and it can even be set up to monitor mould levels.
“All houses should have healthy home sensors if we want to reduce strain on the health budget and improve the lives of Kiwis.
“Finally drone deliveries are going to a major cost saver to the country and will eventually decrease traffic on our roads.
“When Dominos New Zealand delivered a pizza by drone in 2016 we were told to expect the service to be a commercial reality by 2018.
“The technology is ready, with drone delivery trials successfully occurring all over the world; however regulations remain the sticking point.
“Globally, New Zealand’s regulatory environment for drones is considered progressive compared to those in the northern hemisphere who face greater security considerations.
“Last year New Zealand’s Civil Aviation Authority cleared the way to conduct autonomous beyond line of sight drone trials in the country’s newest 874 square kilometre restricted airspace, dubbed incredible skies, in Northland.
“Trials are being conducted by Medical Drones Aotearoa for the delivery of prescription medicines to rural communities.
“It might be another couple of years before we see hundreds of flying delivery vehicles over our cities, but 2018 should see the launch of the first specialised services,” Muller predicts.
These and other tech trends and how they can make New Zealand a safer, cleaner and healthier country by 2030 will be discussed at the upcoming Digital Nation Summit with International experts and local business and social leader in Auckland Feb 19-20.
Tomas Izo, a lead engineering director in machine perception at Google Research, will speak at the biggest global tech summit ever held in New Zealand in Auckland on February 19 and 20.
The event, Digital Nations 2-30, is an international meeting coinciding with the visiting ministerial and business delegations from the world’s leading Digital Nations and the D5 meeting in Wellington next month. The D5 is a network of the world’s most advanced digital nations.
Izo leads a Google team of engineers and scientists researching digital issues which contribute to a wide range of products across Google and Alphabet, such as video understanding for YouTube and Cloud Platform APIs.
Recent work from the team includes improving YouTube thumbnails, motion stills apps on android and iOS for machine intelligence-enabled micro-video creation and learned image super-resolution.
NZTech Chief Executive Graeme Muller says the summit is the biggest and most important international tech conference ever to be staged in New Zealand and will help pave way for faster advances in the Kiwi economy.
“Changes and tech developments are happening globally at a phenomenal and unprecedented rate.
“Last year we saw the launch of a self-driving vehicle firm in New Zealand, face-detecting systems to authorise payments, the creation of new solar devices that could create cheap and continuous power and the relentless push to add connectivity to home gadgets,” Muller says.
“As self-driving cars become common in this country, we need to gauge if New Zealand is living up to its reputation as a standout digital nation.
“The Digital Nations 2030 Global Future summit, organised by NZTech and Conferenz bringing together the tech sector and the government, will put the spotlight on Kiwi tech advances.”
Technology, business, social and government leaders from across New Zealand are on the agenda including Simon Moutter, chief executive, Spark; Carolyn Tremain, chief executive, Ministry of Business, Innovation & Employment; IanTaylor, chief executive of Animation Research; Te Aroha Moreehu, general manager for digital transformation, Ngati Whatua Orakei Whai Maia.
Muller says the conference will cover every aspect of how New Zealand and global digital economies are shaping.
The Digital Nations conference is expected to attract more than 450 people including D5 Ministers and their delegations, invited international experts and New Zealand digital leaders and influencers representing all sectors.
Communications minister Clare Curran says she wants to step up tech development in New Zealand with the appointment soon of a Chief Technology Officer who will be responsible for preparing and overseeing a national digital architecture, or roadmap, for the next five to ten years.
Last year was a rough one for cybersecurity with large, brazen phishing attacks negatively impacting governments and companies around the world – and this year promises more of the same.
Even some of the most supposedly cyber-secure organizations such as Google, Yahoo, Verizon, Virgin America and Equifax fell victim to large data breaches in the past year.
The onslaught of threats exploiting email phishing as the primary attack vector is highly likely to continue in 2018 as hackers become more sophisticated, legacy technologies struggle to provide adequate security and even cyber-aware humans remain susceptible to chicanery.
Such are the primary reasons that 90 percent of all cybersecurity attacks start with email phishing, says anti-phishing solutions provider Ironscale.
According to the 1st Half 2017 Phishing Activity Trends Report by the Anti-Phishing Workgroup, there were roughly 100,000 unique phishing email reports per month (2H 2017 data not yet available).
The report also found that “several hundred companies are being targeted regularly, at least every few weeks.”
Once hackers gain access to the right information, they can penetrate even the most advanced security systems.
Here are the top 5 phishing-related challenges that will impact cybersecurity in 2018:
1. More SMS text and social media phishing
Phishing attacks against mobile devices are on the rise and are expected to increase in 2018.
Also known as “smishing,” SMS-based phishing aims to gather sensitive information from mobile users via text messaging.
With more than 2 billion smart phone users worldwide sending 20 billion text messages per day and opening most of them in an average of 3 seconds, it’s a prime opportunity for hackers.
Hackers are perpetrating more text attacks because there aren’t many tools to protect SMS messages.
Many mobile users also aren’t aware that phishing scams can come via text, thus they’re more likely to click on fake links in a text than they are in an email.
Social media attacks are also on the rise.
Proofpoint noted in a recent report that social media phishing attacks rose more than 500 percent in the last quarter of 2016.
One growing trend is for attackers to use fraudulent accounts and pose as customer service for big name brands.
Attackers are also using phishing bots and automated technologies to scrape social media for information to be used in targeted attacks.
2. Traditional email security safeguards will fail
As phishing scams become more complex, traditional email security will become even more obsolete in 2018.
Business Email Compromise (BEC) scams reached record levels in 2017, fueled by email impersonation, spoofing and spear-phishing.
According to the FBI, documented BEC scams increased 2,370 percent between January 2015 and December 2016 and have so far resulted in more than $5.3 billion in losses.
Most traditional email security systems cannot detect the latest socially-engineered attacks because they mainly rely on content scanning and signatures to analyze messages.
But some attackers don’t even need to use malicious links if they assume the identity of a trusted person.
Such emails often appear to come from clients, co-workers and managers and can be almost impossible for people or technology to recognize.
Mailsploit, a phishing vulnerability that gained popularity in 2017, can spoof email addresses to both the user and the email server, making email filters all but obsolete.
3. Cyber-criminals and nation states will perpetrate more cloud-based attacks
Due to rising adoption of the cloud, more cloud-based phishing attacks are expected in 2018.
A white paper by Avanan noted that impersonation is easier with SaaS platforms.
Since users are constantly being asked to authenticate their account, and the uniformity means hackers can open their own account to test methods until they can bypass filters.
Gmail suffered a mass phishing attack in the summer of 2017 with an authentic-looking email that asked for permission and opened access to their email accounts and documents.
The attack was unique in that it exploited Google’s OAuth protocol to phish for information.
While organized criminals will perpetrate many of these attacks, Experian’s 2018 Data Breach Industry Forecast noted financially-motivated nation states will increase attacks in the coming year.
North Korea has been accused of initiating a number of attacks in recent years, including the WannaCry ransomware attack and the 2014 hack of Sony Pictures Entertainment, among others.
4. Legacy technology won’t keep pace
Sophisticated phishing attacks are being designed to bypass security, and legacy systems simply can’t keep pace.
These increasingly complex scams can now bypass firewalls, gateway security scans and spam filters with ease.
Outdated systems have been blamed for a number of security failures in recent years, and studies indicate that old systems in government and in private sector industries such as healthcare and financial services are leaving organizations exposed.
Organizations will need to upgrade in 2018 and tap into machine learning capabilities to fight the continuing complexity of phishing attacks.
5. The threat of ransomware will grow
Ransomware remains one of the most dangerous cyber threats facing organizations and consumers and that’s expected to continue in 2018.
According to McAffee Labs 2018 Threats Prediction Report, the coming year will see more growth in malware and ransomware as criminals exploit it for financial gain.
A report by Cybersecurity Ventures noted that ransomware damages are expected to exceed $11.5 billion annually by 2019, up from only $5 billion 2017.
Because phishing can be so successful, hackers are turning to it as the primary means of injection.
Sophos noted in its 2018 malware forecast that attacks are being driven by growth in RaaS (ransomware as a service) which offers malware kits that anyone can use, regardless of skill.
You do want to improve your threat intelligence strategy, right?
I mean, who wouldn’t?
Isn’t it every CISOs wildest dream to run a ship so tight that not a single exploit, APT, or hacktivist threat could ever hope to make it through?
Well … yes, it probably is. But it shouldn’t be.
The problem is that as someone gets closer and closer to the idea of optimising their threat intelligence strategy, they lose sight of the big picture.
The collection, dissemination, and use of threat intelligence has only one real purpose:
To reduce operational risk in order to maintain or improve profitability
Of course, that’s no easy feat.
Breaches are increasingly common, and with the troubling new trend toward data destruction the risk of long-term damage has never been higher.
So what’s my point?
Simply this. Threat intelligence is a massive subject, and it’s natural to want to produce the most comprehensive range of intelligence possible … but that’s not always useful — in fact it’s usually not.
By concentrating intelligence efforts on highly specific business objectives (eg to maintain or improve profitability), this broad subject can be narrowed down to the point where a small amount of highly valuable intelligence is produced.
With this principle firmly in mind, let’s look at some ways to enhance your threat intelligence strategy.
Go beyond passive intelligence gathering
Broadly speaking there are three primary means of gathering cyber threat intelligence:
- Signals intelligence (SIGINT) results from intercepting and analyzing signals, usually those used for communications. This includes monitoring of all signals incoming to your networks.
- Open source intelligence (OSINT) comes from publicly available information. Technically this includes all sorts of books, publications, radio, television, and so on … but for our purposes it’s intelligence sourced from the Internet, whether through search engines or focused “crawling” technology.
- Human intelligence (HUMINT) is a little different. Where SIGINT and OSINT are primarily passive forms of intelligence collection, often taking the form of automated software, HUMINT is largely active. It could, for example, include human sources within threat actor communities.
So which is best?
Well, threat intelligence is useful because it enables us to take a proactive approach to security, so essentially this comes down to a breadth versus depth argument.
Passive threat intelligence gathering will turn up huge amounts of intelligence, which will inform the bulk of counter-measures … but active intelligence can shed light on specific threats that might otherwise cause massive damage.
Unsurprisingly, the ideal solution would be to utilise both.
There’s just one problem. Whilst nation states continue to invest heavily in HUMINT, most organizations simply don’t have the resources to do so.
It’s tempting, then, to rely solely in OSINT. It’s freely available in huge quantities, it yields some excellent results, and there are a plethora of excellent platforms available to exploit it.
But that would be a mistake.
Firstly, by investing time and resources in the analysis of your own incoming traffic (SIGINT) you’ll spot anomalies that relate specifically to you. Clearly, this is invaluable in the ongoing fight to maintain or enhance profitability.
Secondly, HUMINT data is not as elusive as it might seem. In fact, human “tip” data is evident throughout the Internet, it’s just difficult to aggregate and correlate it all into a useful format. This is where threat intelligence platforms really shine.
Strictly speaking this is a crossover between OSINT and HUMINT, but let’s not split hairs.
By investing in a quality threat intelligence product, you can gain access to a broad array of usable HUMINT sources without investing huge amounts in active intelligence gathering.
Isn’t it a beautiful time to be alive?
To build or not to build? Bite the bullet and choose
The thing about threat intelligence is that you never seem to have enough.
Most companies start out small. Maybe a few of the “tech guys” start regularly checking security blogs, forums, and exploit databases looking for clues to help them secure the organization’s networks.
And of course, the more they look, the more they find.
After a while the job gets too big, and something has to be done. With a bit of time and effort a basic threat intelligence program is built … and for a while all is well.
A few months pass. Inevitably, the platform’s shortcomings are exposed, and further development is required.
You can see where this is going, can’t you?
Eventually a point is reached where further development is simply not feasible. Either the platform needs to be rebuilt from the ground up, or it needs to be replaced with a vendor-built alternative.
Yup, that age old question: Build or buy?
There are so many variables to address and questions to ask in order to make this decision, so I’m afraid I can’t tell you what to do.
Will the platform need to scale? Do you have the skills and manpower to build your own? Can you do it better than anyone else?
These are questions you’d ask of any IT project. There are, however, two questions that I believe must be asked when it comes to your threat intelligence platform:
- Is your organisation so different that existing vendor-built platforms won’t suffice?
- Will a homegrown platform survive the constantly evolving threat landscape?
If you’re in a position to build and maintain a comprehensive threat intelligence platform, which will continue to function for 3-5 years, it may be worth your while to do so.
Equally, if your organisation is radically outside the norm, and vendor-built platforms won’t do the job, you may be forced to build your own.
If, however, you don’t fall into these categories, vendor-built platforms have many advantages.
The threat landscape is progressing at a tremendous rate, and vendors focused specifically in this area are constantly developing and refining their platforms.
So while it might be a greater investment than you were hoping to make, trusting the specialists could well be a decision you look back on fondly.
Get some context
I know, I know.It’s tempting to focus exclusively on the latest threats, and pore over the last week’s incoming signals data trying to identify nefarious (micro) trends.
But if you get lost in the minutiae you risk falling prey to other, more enduring threats.
Let’s not forget, most breaches aren’t the result of cutting-edge malware or state-sponsored cyber espionage. Most breaches result from completely mundane events, such as lost passwords, careless online activity, and petty theft.
So shouldn’t we instead focus on larger time periods? Can we successfully defend ourselves simply by identifying macro threat trends and preparing for them?
Here’s the problem. Unlike most forms of analytics, threat intelligence must identify both macro and micro threat trends in order to be useful, because a single breach can cause massive long-term damage to even the largest organizations.
Take 2014, for example.
Anyone paying attention to the threat landscape around that time would have noticed a sudden and marked increase in destructive cyber attacks against high-profile organizations. Taking a purely macro approach to threat trend analysis at that time would have placed an organisation in great short-term danger of suffering a breach they weren’t prepared to deal with.
But fast-forward to 2016. Destructive cyber attacks are still a serious threat, and would clearly fall under the umbrella of macro trends.
We’re also seeing a big move towards increasingly sophisticated phishing and spear phishing attacks, and away from payload-based malware attacks. Knowing this, we’re much better able to allocate our resources in line with business objectives.
So what does all this tell us?
Basically, your threat intelligence must cover both macro and micro time periods in order to minimise the risk of suffering a serious breach.
But there’s a silver lining.
By understanding macro threat trends, it’s much easier to spot (and respond to) anomalous threats within a smaller time period. In other words, macro threat trend analysis provides the context for micro threat trend analysis.
Or, as Levi Gundert puts it in his white paper “Aim Small, Miss Small”:
In addition to addressing defensive control improvements, analysts should be using collective data points to prognosticate on perceived future threats.
If the majority of threat actors are doing one thing, but you start to see something wildly different in your incoming signals data, you might want to sit up and take notice.
It’s not what you know … it’s what you do with it
Remember the golden rule?
Your threat intelligence strategy must help the organization stay profitable.
It’s a sad fact, but one of the most common issues with threat intelligence is not the collection or processing of intelligence. It’s the communication of intelligence between different areas of the organization.
Red teams, security operations centers (SOCs), incident response (IR), vulnerability management … these are all areas that can benefit dramatically from high-quality threat intelligence.
Not only that, if they’re involved early enough they can inform on which specific aspects of threat intelligence will help them to do their jobs, which in turn helps the organization stay profitable.
This may seem like stating the blindingly obvious, but I can’t stress the importance of this point enough.
If the only thing you do after reading this article is investigate the way intelligence is disseminated within your organization, it will have been worth your time.
I can almost guarantee you’ll find someone who isn’t receiving the intelligence they need … and they might not even be aware of it.
Breach the knowledge gap
When it comes to threat intelligence there is a wide (and widely publicised) knowledge gap, and it’s roughly the size and shape of the average C-suite.
This needs to change.
But before you start bemoaning the state of C-suite cyber knowledge, I’m afraid I have some bad news. The knowledge gap isn’t necessarily the fault of C-suite members … it’s the fault of cyber specialists who lack the ability to translate these very real cyber threats into language that leaders can understand and act upon.
Thankfully, rectifying this is simple, so long as C-suite members are willing to listen.
Engage with them. Ask them what they need, and how they need it. These are exceptionally busy people, and they need poignant, useful information in a format they can digest and understand easily.
More importantly, they need information they can act upon, take to the shareholders, or use to allocate budgets.
Stop complaining that you’re not getting the support you need from above, and start proactively helping them understand what they can do to help.
Cultural change can be difficult, but it’s in everybody’s best interests.
Just keep asking yourself one question
When it comes down to it, threat intelligence is as complicated as you want it to be. There’s always something else to test, more logs to check, and new research to pore over.
But while you’re doing that, I hope you’ll keep asking yourself the same question: Will this help the organisation stay profitable?
And any time the answer is no, I hope you’ll put it down and move on.
After all, there’s plenty more where that came from.
This article was written by RFSID on February 2, 2016 and recently republished by Recorded Future
About Recorded Future
Recorded Future delivers threat intelligence powered by patented machine learning to significantly lower risk. The company’s technology automatically collects and analyses intelligence from technical, open, and Dark Web sources. www.recordedfuture.com Twitter at @RecordedFuture.
Kiwi-owned and operated VigilAir has launched its semi-autonomous aerial surveillance drone technology onto the global market.
The VigilAir software product will undoubtedly disrupt the security industry and is a product that has the potential to change the face of security worldwide.
International patents are well underway for the software that can dispatch camera-equipped drones to investigate any external security event.
The VigilAir solution will be provided as a full-service solution, with drone enclosure, installation and full ongoing support provided.
“Simply put, our software will enable drones to be the first-response security guards of the future,” says director of VigilAir, Mike Marr.
New Zealand has been at the forefront of drone/UAV (Unmanned Aerial Vehicles) regulation and VigilAir continues to work closely with the Civil Aviation Authority (CAA) to develop the equipment, systems, and processes to provide a safe and effective service.
The product and service operate under a current CAA certification, with work underway to rapidly expand the operating parameters.
The company spent years pioneering the use of drones with new technology for security purposes, including self-funding its own research and development.
VigilAir is a SaaS product that integrates drones into existing electronic security systems.
It’s suited to large outdoor sites such as retail and industrial parks, hospitals, university campuses, schools, ports, prisons, and town centres which are at risk of burglary, vandalism or security breaches. A security drone will also act as an effective deterrent.
When not flying, the drone sits in an enclosure – dubbed a nest – located on a business site. When alerted by an alarm sensor trigger, it will be dispatched to fly over the site to investigate, record and live-streame high definition video footage to whoever’s monitoring the action.
The drone may include a thermal or infra-red camera, and bright LED floodlights to illuminate any intruder and record the scene. The hovering drone may sound a siren or even talk to the intruder using a two-way communications system.
Before leaving the nest, the VigilAir SaaS system checks the weather data, then the drone flies a pre-determined flight route that’s geo-fenced to preserve neighbours’ privacy and comply with flight regulations.
A future release will allow the drone to be further manoeuvred to follow any fleeing suspects, capturing images of them and their vehicle license plate number. It then returns to its nest to recharge.
“After considerable R&D, innovation and years of trials, not to mention processing technology and software patents, to now be able to unleash the product onto the international market is really exciting.
“VigilAir’s system is all about delivering faster, safer, and more cost-effective security for organisations or businesses with large sites and security installations,” says Mr Marr.
He says to be able to fly a rapid response drone literally directly into a crime, and to record and transmit all that’s happening, has huge advantages over a traditional on-the-ground security response.
“And we’ve designed it to be user-friendly. Security guards, whether on site or operating remotely, will be able to use the system and it’s one that can already ‘talk’ to 99 percent of all existing electronic security systems.
“As you can imagine this is all a lot safer than dispatching a guard on foot to check out a security problem.
“Drones will help catch perpetrators as everything’s recorded which is gold for any eventual prosecutions. And importantly, the ongoing cost will be lighter on operational budgets,” Mr Marr says.
VigilAir has the potential to make NZ$400 million in its first year largely because the fully integrated semi-autonomous system is a world-leader.
“Its ease of operation and effectiveness has wide appeal for any organisation needing to protect its assets or people,” he says.
VigilAir is completing reseller agreements with two major international corporations, providing a channel for product export and on-going support.
“We’re very confident in its success. We’ve done exhaustive searches and cannot find anything to compare with VigilAir’s system worldwide. It’s truly a global first with unlimited potential.”
Mr Marr believes harnessing drone technology for security purposes was “somewhat inevitable” for a company that has been at the forefront of CCTV and wireless security technology in New Zealand.
VigilAir’s interest in drones doesn’t stop at security.
“While their use for aerial photography is well established, considerable potential remains in core like agriculture, construction and forestry.
“Our drones have assisted the police in search and rescue operations in hard-to-reach terrain like cliffs and crevasses. And we’ve done all sorts of work from inspecting the Auckland Harbour Bridge to looking for leaks on the roofs of central city buildings.”
As well as inspecting infrastructure and assets, smart drone technology is used for Infrared imagery to track heat-loss and to create 3D models that are dimensionally correct to a few centimetres.
VigilAir was invented and developed by ASG Technologies – a technology incubator established three years ago by TPT Group.
Mr Marr is the founder of TPT Group and remains its chief executive. He is also directly heading VigilAir which was founded last year to commercialise ASG’s drone control software.
“Our experienced VigilAir team, led by Andy Grant an ex Warfare Officer from the Navy, includes software and mechatronic engineers and a commercial pilot,” says Mr Marr.
“The team remains focused on the ongoing development of the VigilAir capability and delivering world-leading future-focused security technology.
“To now launch a semi-autonomous ‘eye in the sky’ solution, incorporating an on-site drone with cloud-based SaaS software, is a long way from how we initially viewed drones – as flying CCTV cameras to support the fixed ones.”
Ongoing security technology innovation will help with many governments’ aspirations to develop safer cities in a continually urbanising world.
And for the future: TPT is advancing robotic technology with the intent of one day launching fully autonomous ‘foot patrol’ robots to work in conjunction with its security drones.
About TPT Group
More than150 people are employed at TPT Group which has a stable of security businesses including VigilAir Ltd, ASG Technologies Ltd, Advanced Security Group, TPT Finance (NZ) Ltd, Promessa Property Group Ltd, ASGSPL Ltd, Asset Insight Ltd, and TPT Group Investments Ltd.
Mike Marr +64 29 281 0221
Recorded Future is a leading threat intelligence provider which numbers 86 percent of Fortune 100 companies among its clients.
The company announced recently that 70 percent of its customers have adopted Dark Web sourced intelligence to gain insight into their own risks from the adversary’s perspective.
They also use it to identify compromised assets, such as credentials and intellectual property.
These Dark Web sources include underground forums where threat actors discuss intrusion methods, malware, and fraud schemes outside the scope of open web search engines and marketplaces for illicit goods and stolen data.
In addition to capturing the latest dark web posts and listings in real time, Recorded Future constantly integrates this content into its massive historical archive.
This process connects “hacker chatter” into the larger context, such as pastes that appear on the web for just seconds, technical details of exploitable vulnerabilities, and security research published on the “surface” web.
Using machine learning and natural language processing, Recorded Future automatically analyses these sources to identify trends, highlight emerging threats, and score the risk of millions of vulnerabilities, domains, addresses, and executable files.
By leveraging Recorded Future’s Dark Web monitoring capabilities, customers receive:
- Hundreds of thousands of detailed threat actor profiles including behavior patterns, indicators, motivations, and targets.
- Alerts for compromised credentials and stolen data exposed in the dark web.
- Trending threat data based on machine-learning analysis conducted at a scale beyond what human analysts can do.
“Recorded Future’s threat intelligence from the Dark Web provides unique insights we utilise to help protect our clients every day,” says Bruce Biesecker, Global Director, Security Operations, Security Engineering, Client Care, and Identity Management at Verizon.
“Their distinctive approach to structuring the data and using it to enhance other open and technical-sourced intelligence makes the data more critical to more companies than other offerings in the market.
“We continue to see increasing significance as the capabilities and breadth of sources continue to grow,” he says.
Top banks, retailers, hospitals, government agencies, and other organizations around the world are using Recorded Future’s Threat Intelligence Machine™ to identify threat trends, find compromised data, and alert on threats specifically targeting their data and networks.
“Security teams may look to the Dark Web first for incident detection: are our credentials or sensitive information exposed?,” says Matt Kodama, Vice President of Product at Recorded Future.
“But operational monitoring is just one way to leverage dark web sources. We know that adversaries will find new intrusion methods and fraud schemes.
“Which technologies are emerging as targets, and how are threat actors finding exploits? By harvesting and indexing the dark web at scale, we highlight these emerging trends as a key input to an intelligence-driven security program,” he notes.
Part two: Improve Your Threat Intelligence Strategy With These Ideas will appear on this site on Friday December 1.
About Recorded Future
Recorded Future delivers threat intelligence powered by patented machine learning to significantly lower risk. The company’s technology automatically collects and analyses intelligence from technical, open, and Dark Web sources. www.recordedfuture.com Twitter at @RecordedFuture.