• Courses
    • Oracle
    • Red Hat
    • IBM
    • ITIL
    • PRINCE2
    • Six Sigma
    • Microsoft
    • TOGAF
    • Agile
    • Linux
    • All Brands
  • Services
    • Vendor Managed Learning
    • Onsite Training
    • Training Subscription
  • Managed Learning
  • About Us
    • Contact Us
    • Our Team
    • FAQ
  • Enquire

OUR BLOG


Category: Cybersecurity

Governments and Schools are Targets of a Sharp Increase in Cyberattacks

Posted on March 13, 2023 by Marbenz Antonio

Cyberattacks Are Up. The Feds Must Help Schools Cope, Watchdog Agency Says

A recent report indicates that the government sector experienced a significant surge in cyberattacks during the latter half of 2022 as compared to the corresponding period in 2021. The COVID-19 pandemic accelerated the digitization of government institutions, resulting in a substantial rise in remote system access. This expansion of the attack surface provided more opportunities for malicious actors to engage in cyber warfare, which they used to target other nations.

The public sector, encompassing schools and local government offices, remains vulnerable to cyberattacks. These attacks can be motivated by politics or finance, both resulting in significant damage. Unfortunately, the frequency of attacks is increasing.

A Worrisome Trend

As per the CloudSEK XVigil report, cyberattacks aimed at government agencies rose by 95% in 2022 as compared to the corresponding period in the previous year. These attacks mainly focused on government institutions located in India, the United States, Indonesia, and China, accounting for around 40% of all incidents.

Government agencies usually collect and store vast amounts of data, including sensitive personal information about citizens that can be easily sold on the dark web. Additionally, there exists a possibility that hostile nation-states or terrorists could access and misuse national security and military data.

The report highlighted an increase in hacktivist attacks or politically motivated hacking during 2022. Cyberattacks are no longer primarily financially driven, as hackers now act in favor of or against political, religious, or economic events and policies.

In all, 9% of reported incidents against the government sector were the result of hacktivism. Moreover, ransomware gangs accounted for 6% of all attacks, which is a sizable portion. LockBit, which has the capacity to self-produce and spread on its own, was the ransomware operator with the highest level of activity.

It seems that the recent increase in government-sponsored cyber attacks can be attributed to the easy availability of services such as initial-access brokers and Ransomware-as-a-Service. This means that cybercrime is becoming more sophisticated and professional, with such services readily accessible to anyone.

Countries Most Attacked

The most targeted countries in the past two years have been India, the USA, Indonesia, and China, according to the report. It also highlights that China was the country that received the highest number of cyber-attacks in 2021.

According to CloudSEC, the significant rise in attacks targeting the Chinese government is due to the activities of various advanced persistent threat (APT) groups. One of these groups, AgainstTheWest, was identified as responsible for nearly 96% of the attacks against China. These attacks were part of Operation Renminbi’s campaign, believed to have been launched in response to China’s actions against the Uyghur community and Taiwan.

In 2022, India was the country that experienced the highest number of cyber attacks, with a significant increase reported by the Indian government. The report suggests that this surge was due to the efforts of the hacktivist group Dragon Force Malaysia, specifically their #OpIndia and #OpsPatuk campaigns. Other hacktivist groups supported these campaigns, which are believed to have set the stage for future cyber attacks.

Cyberattacks on Education and Local Governments

Cyber attacks are not limited to the government sector; the education sector is also a target. The Emsisoft report shows that in 2022, 89 educational organizations were hit by ransomware attacks. The number of schools that could have been affected by these attacks increased significantly compared to the previous year, with 1,981 schools potentially impacted in 2022 compared to 1,043 in 2021.

The Emsisoft report indicates that a total of 45 school districts and 44 colleges and universities were impacted by these incidents. Furthermore, in 2022, data was exfiltrated in a higher proportion of cases, with 65% of attacks resulting in data theft, as compared to 50% in 2021.

Emsisoft’s report also revealed that in 2022, ransomware attacks impacted 106 state or local governments or agencies, a significant rise from the 77 attacks recorded in 2021. It is important to mention that these figures were influenced considerably by a single incident in Miller County, Arkansas. In this incident, a compromised mainframe infected endpoints across 55 different counties with malware.

Out of the 106 ransomware attacks that occurred in 2022 against state or local governments or agencies, 25% resulted in data theft. However, if we exclude the Arkansas attack, this percentage jumps to 53%. In comparison, in 2021, 47% of the 77 reported ransomware attacks on governments resulted in data theft.

Third-Party Cyber Victims Affect the Public Sector

Cyber attacks targeting third-party providers can have a significant impact on entire sectors, including the public sector. For instance, on December 26, Cott Systems, a cloud-based solutions provider, notified its customers in Rockland County, New York, that it had been the victim of an “organized cyberattack” on its servers. In an attempt to contain the breach, the company disconnected its servers.

Cott Systems plays a crucial role in managing government data related to public records, land records, and court cases. The company provides services to over 400 local governments in 21 states and has established connections with several national and international organizations. As a result of the server outage caused by the cyber attack, hundreds of local governments were forced to use manual processes. This resulted in delays in the processing of birth certificates, marriage licenses, and real estate transactions, according to ISMG.

According to Scott Rogers, the assistant manager of Nash County, “Everything is at a much slower pace” following the cyber attack on Cott Systems. As a result, at least six counties in North Carolina were unable to access their vital records systems and had to resort to manual record-keeping. This information was reported by WRAL-TV.

According to a worker in Livingston Parish, Louisiana, where Cott provides e-services, the workaround to deal with the aftermath of the cyber attack has been to use pens to timestamp new filings and search through piles of physical copies to find valuable records. This information was reported by the WAFB9 news agency. Additionally, county clerks from Connecticut and Mississippi have also reported similar slowdowns in services over the past week, as the systems remained offline.

Cybersecurity on a Budget

The public sector often faces constraints on its budgets, which can limit its ability to build robust cyber defense systems. In order to stay ahead of the constantly evolving threat landscape, it’s crucial to make a continuous effort toward education and training. Although many organizations do provide cybersecurity training to their employees, it is not uncommon for such training to be infrequent or based on outdated information.

Equipping your team with thorough and current cybersecurity training can assist in safeguarding your company against ransomware and other cyber threats. Incorporating training and testing modules for phishing and social engineering attacks can prove to be especially effective in reducing the frequency of such incidents.

Here are some other security tips to consider:

  • Ensure that all systems, applications, and platforms are running the latest versions to keep all security patches current.
  • Back up your files to both a cloud service and a hard drive, so that you have a copy of your files in case of ransomware. Be sure to disconnect the hard drive after each use.
  • Whenever possible, use strong passwords and multifactor authentication.
  • Replace default usernames and passwords on all devices and establish a system for periodic password changes.

Cybersecurity for Larger Government Entities

A zero-trust approach is an effective way to ensure the security of data, particularly for larger government organizations. The U.S. Government has demonstrated its confidence in this approach by announcing its government-wide zero trust goals in January 2022, indicating its intention to implement it as soon as possible.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in Cybersecurity, Zero TrustTagged Cyberattacks, cybersecurity, Zero TrustLeave a Comment on Governments and Schools are Targets of a Sharp Increase in Cyberattacks

Cyberattacks are Unprepared by Public Safety Groups

Posted on March 1, 2023 by Marbenz Antonio

Cybersecurity in Education: What Teachers, Parents and Students Should Know  | Berkeley Boot Camps

Public safety organizations are frequently targeted by cyberattacks, but according to a recent survey by Verizon, only 15% of these organizations feel that they are adequately prepared to defend against them. This survey coincides with a report from Resecurity, which highlights a rise in a malicious activity specifically targeting law enforcement agencies during the second quarter of 2022.

The potential impact of any incident on community welfare and public safety cannot be overlooked. However, the challenge lies in improving security with limited public budgets. Fortunately, implementing a few straightforward tactics can significantly enhance security measures.

Not Well Organized

The Verizon study indicates that less than 50% of respondents believe that their agency is adequately prepared to handle a cyberattack. Additionally, only 15% of respondents feel that their agency is “very prepared” to tackle such an attack.

Law enforcement agencies appear to be more confident in their security measures. In the case of a cyberattack, 58% of police departments feel that they are somewhat prepared, and 20% feel very prepared. However, EMS departments are the least confident, with only 12% feeling very prepared in the event of a cyberattack.

Continued Reports of Attacks

According to the Resecurity report, during the second quarter of 2022, law enforcement email accounts were targeted by malicious actors for illicit reasons. A recent malicious trend involves the sending of counterfeit subpoenas and Emergency Data Requests (EDRs) to businesses in order to obtain confidential information. The threat actors aim to acquire sensitive data such as billing history, addresses, phone call records, and text history, among others, which can be used for extortion purposes.

In May 2022, a notable EMS provider in New York was the victim of a ransomware attack, which led to the compromise of the information of more than 300,000 patients. The attackers employed a typical double-extortion tactic: they extracted files, encrypted systems, and then demanded a ransom, threatening to release the data if their demands were not met.

Even fire departments are not immune to cyber-attacks. In September 2022, attackers purportedly stole paychecks from a fire department in South Carolina. Authorities reported that the intruders managed to obtain remote access to the Assistant Chief’s email and employee payroll accounts. Subsequently, the criminals manipulated the direct deposit details of the employees, rerouting the payroll earnings to prepaid debit card accounts controlled by the attackers.

Reducing Risk on a Budget

Certainly, public service organizations operate within a constrained budget. Therefore, what measures can they take to enhance their security stance?

As per CISA, there are particular strategies that can be highly effective in enhancing security without incurring significant costs. Some of the approaches that public safety organizations can adopt to fortify their defenses against cyber-attacks include:

  • Multi-factor authentication (MFA): It is recommended to apply this security measure across all department accounts, and there are low-priced or free applications available for this purpose. Enforcing multi-factor authentication (MFA) substantially increases the difficulty for a cyber-criminal to gain unauthorized access to your system.
  • Software updates: Make sure to verify and apply any available updates on all essential software, and enable the automatic update feature. This is important for maintaining the security of mission-critical systems.
  • Employee training: Most cyber-attacks that are effective commence with a phishing email. It is essential to educate staff members on how to identify phishing attacks and prioritize recurrent training sessions to refresh their knowledge on this topic.
  • Utilize robust passwords or a password manager tool to create and save distinctive passwords, which can serve as an additional defense against attacks.

Keeping Public Safety Safe

Cyber-attacks targeting police, fire, and EMS departments are particularly alarming due to their potential to disrupt crucial services and result in tangible harm. Therefore, it is crucial that these organizations intensify their measures to prevent cyber incidents.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged Cyberattacks, cybersecurityLeave a Comment on Cyberattacks are Unprepared by Public Safety Groups

The Challenges of Securing Our Digital World Today

Posted on February 22, 2023February 22, 2023 by Marbenz Antonio

Action Plan 2023 - Internet Society

Is it possible for an organization to achieve complete protection against cyberattacks? Former US FBI Director Robert Mueller’s statement that “There are only two types of companies: those that have been hacked and those that will be” suggests otherwise. No organization can guarantee complete immunity from cyberattacks, and even if an attack has not yet occurred, it is probable that it will in the future. Furthermore, companies that have already experienced a hack may not become aware of it right away.

The detection of data breaches in 2021 took an average of 287 days, indicating that many organizations struggle with identifying complex cyberattacks and crimes.

In light of the contemporary cybersecurity landscape, it is crucial to establish strong governance, possesses a comprehensive understanding of cybersecurity, and foster a culture of awareness regarding cybersecurity. These measures are necessary to promptly detect and effectively manage cyber risks.

From Good Governance to Good Cybersecurity

The significance of effective IT/cybersecurity governance and leadership in achieving robust cybersecurity cannot be ignored. To establish such governance, organizations can refer to various models, frameworks, and standards such as the US National Institute of Science and Technology (NIST) Cybersecurity Framework (CSF), the US Federal Financial Institutions Examinations Council (FFIEC) Cybersecurity Assessment Tool, the International Organization for Standardization (ISO) standard ISO 27000, and COBIT®. These resources outline the responsibilities of top management, highlight the importance of aligning IT strategies with organizational objectives, emphasize the significance of management support, underscore the need for preparedness to face IT and cybersecurity challenges, and stress the importance of effective IT risk management and reporting. Established organizations should have the flexibility to tailor these guidelines to fit their specific cybersecurity governance and management needs.

Cybersecurity vs. Information Security and Why it Matters

Some senior managers may not distinguish between information security and cybersecurity, which may result in a lack of recognition of the need to establish appropriate frameworks to handle challenges in both domains.

Although both cybersecurity and information security are grounded in the well-established confidentiality, integrity, and availability (CIA) triad, the majority of professionals tend to use the term cybersecurity even when referring to what is technically information security. Cybersecurity entails mitigating risks that jeopardize digital assets such as data or spreads through digital channels such as the internet. On the other hand, information security deals with risks that threaten assets, including information. For instance, cybercriminals may pilfer data that does not inherently possess a logical meaning and, at first glance, may seem unusable. However, from a cybersecurity perspective, the data could still be utilized to plan or execute additional attacks.

Distinguishing between cybersecurity and information security is crucial in tackling emerging threats, such as the widespread use of diverse digital devices (e.g., computers, tablets, smartphones, smart devices, and Internet of Things devices) for delivering or accessing digital services, and the rapid shift to remote work spurred by the COVID-19 pandemic.

Creating a Culture of Cybersecurity

Given that guaranteeing the CIA triad underpins both information security and cybersecurity, how can organizations ensure its implementation? While the people, process, and technology (PPT) framework may offer some assistance, what if we reversed its approach?

By reversing the PPT pyramid, the people aspect assumes the top position, and the stability of the pyramid hinges on the behavior of individuals (as illustrated in figure 1). As with cybersecurity, one misstep by an employee can severely compromise the pyramid’s stability. Hence, organizations should foster a cybersecurity culture by embracing the notion that everyone bears responsibility for cybersecurity. To this end, providing regular cybersecurity training, promptly identifying risks, and regularly assessing employees’ proficiency in their respective fields are vital measures.

Establishing and maintaining a cyber-resilient culture within organizations, and steering employees toward making informed decisions regarding cybersecurity requires effective leadership. Although it’s feasible to implement suitable hardware and software cybersecurity risk management solutions, the level of cybersecurity protection ultimately hinges on the awareness, attentiveness, and conduct of each employee.

Figure 1
Figure 1—Importance of Cyberculture

Everyone’s Responsibility

The topic of cybersecurity is complex. Spreading the idea that security is everyone’s responsibility can be one of the strongest mitigation strategies for organizations without a specialized cybersecurity team. Organizations must adhere to cybersecurity frameworks and best practices when executing this approach, and security awareness training that is thoughtfully created and enthusiastically delivered should be a bare minimum need.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on The Challenges of Securing Our Digital World Today

Prevent Being a Downstream Victim of Service Provider Attacks

Posted on February 20, 2023February 20, 2023 by Marbenz Antonio

Credit Savvy - Most common types of cyber attacks & preventative strategies

The number of downstream victims is increasing as attacks on service providers become more prevalent.

At the beginning of the year, several DigitalOcean customers received emails instructing them to reset their passwords, even though they hadn’t forgotten them. It was discovered that their email addresses had been compromised in a data breach, but the attack did not originate at DigitalOcean. Instead, it began from a MailChimp account.

DigitalOcean, like numerous other companies, depends on a third-party email service to send out email confirmations, password reset notifications, and alerts to its customers. Recently, an unauthorized individual accessed DigitalOcean’s Mailchimp account by exploiting MailChimp’s Internal Tooling. This enabled the cybercriminal to add an unapproved email address to the account and then pilfer the email addresses of DigitalOcean’s customers. It’s worth noting that accounts that had multi-factor authentication (MFA) enabled remained uncompromised. However, due to the security breach, DigitalOcean was unable to communicate with its customers for several days, which caused many people to express concerns about the safety of their personal information.

Even though the attack was initiated by a third-party organization, its impact was not limited to Mailchimp alone. Mailchimp suffered setbacks in its operations and lost customers as DigitalOcean switched to another email service provider. On the other hand, DigitalOcean faced a period of downtime during which it was unable to communicate with its customers, and this could have caused a loss of trust from its customers.

The MailChimp security breach is a clear illustration of an alarming trend. Frequently, security breaches not only affect the primary victim but also have a ripple effect on secondary victims. In this particular case, MailChimp was the primary target, while the customers of DigitalOcean became secondary victims. By aiming their attacks at key vendors, hackers are able to extend the reach of their attacks and inflict greater harm. Nonetheless, businesses can take measures to prevent themselves from becoming downstream victims.

Why Downstream Attacks are Increasing

As cybersecurity tools and techniques become more advanced, cybercriminals are forced to explore fresh methods to maximize the impact of their attacks. With a downstream attack, companies are often unable to rapidly identify the root cause of the breach. Sometimes, the breach goes unnoticed for days, or even months. Alternatively, a downstream victim may become aware of the issue but find it challenging to trace its origin.

In addition, downstream attacks enable cybercriminals to amplify the extent of damage and disruption caused by a single attack. By targeting vendors who work with businesses that have a broad customer base, hackers can gain access to a significantly larger volume of customer data. As more companies adopt Software-as-a-Service (SaaS) solutions, vendors are becoming a more appealing target for cybercriminals due to the greater potential for downstream victims.

During a phishing attack, hackers were able to gain unauthorized access to Twilio’s customer engagement platform via its customer support console. With access to the platform, the cybercriminals were able to infiltrate Twilio’s customer base, which included Signal, a secure messaging service with roughly 40 million monthly users. As a result, 1,900 Signal users were impacted, and their phone numbers were compromised or their SMS verification codes were exposed. The most worrisome aspect of the attack is that the hackers were able to bypass Twilio’s multi-factor authentication (MFA) protocols to gain entry.

The surge in downstream attacks implies that companies must be vigilant not only about their own cybersecurity but also about the security of every other company they are linked with. This means that businesses are exposed to the risks of every vendor they work with. For instance, an organization that uses a cloud service provider, a customer relationship management (CRM) system, and an email marketing platform is only as secure as each of its vendors. As more companies rely on SaaS and digital tools, this risk is expected to escalate.

Steps to Avoid Becoming a Downstream Victim

Below are some methods to minimize the risk of your organization falling prey to a downstream attack:

  • During vendor onboarding, perform a security audit. Your organization’s security is only as strong as that of your weakest vendor. Every time you engage in business with another company, you inherit their risk, and most importantly, you pass that risk on to your own customers.
  • Request security-related contact details. Inquire about potential vendors’ security measures and procedures for informing customers following a breach. DigitalOcean encountered difficulty after the MailChimp breach when it was unable to contact MailChimp for information after being notified that its account had been disabled due to security concerns. Several organizations offer a dedicated support line or channel for addressing cybersecurity issues immediately.
  • Contemplate implementing a zero-trust framework. By utilizing a zero-trust approach, your organization assumes that all apps, devices, and users attempting to gain access are unauthorized until their legitimacy is established. By combining this with micro-segmentation, which limits network access to the smallest possible section, you can decrease the extent of damage inflicted by a breach.
  • Employ MFA (multi-factor authentication) on corporate accounts whenever possible. Ensure that all vendors your organization deals with provide MFA and mandate that employees use MFA on all vendor logins that are part of their job responsibilities. As evidenced by the DigitalOcean attack, MFA can prevent certain types of breaches. Although the Twilio attack demonstrated that MFA can still be compromised, the utilization of MFA can still considerably lessen the risk for organizations.
  • Could you clarify what you mean by “backup plan for vendors”? Do you mean a plan to switch to an alternative vendor if the current vendor is disrupted, or something else?

Navigating Interconnected Risk

The proliferation of SaaS and PaaS has led to greater interconnectedness among companies. As service providers grant access to their clients, cybercriminals can now impact more individuals with a single attack. However, by recognizing the risk that each new vendor poses to your organization, you can take proactive measures to minimize any potential exposure and increase confidence that you are fulfilling your responsibility of safeguarding your customers’ privacy and data.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged CyberattacksLeave a Comment on Prevent Being a Downstream Victim of Service Provider Attacks

What Tasks Are Assigned to a Malware Analyst?

Posted on February 20, 2023February 20, 2023 by Marbenz Antonio

What is Hacking? Info on Hackers, Hacking and Prevention

Malware breaches can originate from various sources. For instance, several fake antivirus applications on the Google Play Store were found to be infected with malware. In a separate incident earlier this year, malware transmitted through satellites caused modems in Ukraine to shut down. It is worth noting that the average lifespan of destructive malware attacks is 324 days, with 233 days taken to identify them and another 91 days to contain them. This is longer than the global average of 277 days for all types of cyberattacks.

Malware attacks can also be expensive. The 2022 IBM Cost of a Data Breach report reveals that destructive malware attacks cost an average of $5.12 million per incident, which is higher than the average cost of $4.35 million per incident for all types of cybersecurity attacks. Furthermore, destructive malware attacks accounted for 17% of all breaches, with ransomware being responsible for 11% of these incidents.

Each day that malware goes undetected on a system represents an opportunity for the malware to cause more damage and exfiltrate credentials. However, detecting malware can be extremely difficult as cybercriminals often design it to look like legitimate code. To speed up the process of identifying and removing malware, organizations are increasingly turning to malware analysts who specialize in detecting and analyzing malware on their systems.

What Role Does a Malware Analyst Play?

Companies in the cybersecurity industry often hire malware analysts, also known as reverse engineers, to verify that their products can detect and defend against malware. However, companies outside of the cybersecurity industry may also hire malware analysts to minimize their exposure to malware attacks.

As the number and cost of cyberattacks continue to rise, the need for skilled malware analysts is also growing. Although the position of a malware analyst is still relatively new, companies are recognizing the benefits of having an expert who can stay up-to-date on the latest malware trends and techniques. Many aspiring malware analysts begin their careers in cybersecurity and gradually transition to this specialized role as they gain more experience in dealing with malware.

While some companies may rely on on-demand services to analyze potential malware, having a dedicated malware analyst who is well-versed in code and infrastructure can often be more effective at identifying and detecting suspicious activity.

Companies that are hesitant about the costs associated with hiring a malware analyst should consider comparing the annual salary of such an expert with the average cost of a malware breach, which is around $5.12 million. By preventing even one successful attack, a dedicated malware analyst can save a company a significant amount of money, making the cost of their salary a worthwhile investment. Individuals who are interested in transitioning into a malware analyst role within their current company can emphasize the value of having a specialist who can help prevent the costly consequences of a malware attack.

Responsibilities of a Malware Analyst

To be effective, a malware analyst must be able to anticipate and respond to threats. Staying informed about the latest malware strains and anti-malware technology allows the analyst to recommend the most effective strategies for protecting the organization against new threats. By being aware of recent attacks and malware strains, the analyst can suggest adjustments to the organization’s processes and technology.

The role of a malware analyst involves both proactive and reactive approaches. By keeping abreast of the latest malware strains and anti-malware technologies, the analyst can advise the organization on the most effective ways to protect against current malware threats. The analyst’s knowledge of recent attacks and strains helps them identify vulnerabilities and implement the necessary changes in processes and technologies.

Pursuing a Career as a Malware Analyst

Although there are no specific degree programs for becoming a malware analyst, many organizations prefer candidates with a solid background in cybersecurity. Some companies may require a bachelor’s degree, while others may look for individuals with relevant certifications or digital badges. Malware analysts should possess strong technical abilities, particularly knowledge of AI tools and proficiency in zero trust. In addition, they should have excellent writing skills to produce documentation and collaboration skills to work with staff in resolving malware attacks.

The most valuable asset of a malware analyst is their ability to keep up with the latest developments in malware. To protect their organization effectively, analysts need to study the latest attack strategies and strains. Given the constantly changing nature of malware, analysts must continuously learn on the job and refine their skills based on the latest techniques of cyber criminals. In addition to technical skills, it is essential for malware analysts to be inquisitive and have a keen interest in ongoing learning.

Despite appearing to be a narrow specialization, individuals who consider pursuing a career as a malware analyst will have ample employment prospects in both the short and long term. The demand for malware analysts is high due to the advanced level of skills required for the role. Moreover, the skills and knowledge acquired as a malware analyst can be applied to other positions in the technology and cybersecurity industries. As long as malware remains a persistent threat to modern organizations, the need for malware analysts will persist.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on What Tasks Are Assigned to a Malware Analyst?

Six Basic Tips for Automating Compliance Monitoring

Posted on February 20, 2023 by Marbenz Antonio

The Three Elements of Incident Response: Plan, Team, and Tools

In virtually every field and industry, compliance is essential for achieving business success and organizational resilience. This is true regardless of whether they’re talking about large banks, pharmaceutical companies, heavy industries, or even the smallest online shops. Effective management and compliance monitoring mean adhering to various laws and regulations, such as GDPR, PCI-DSS, HIPAA, ISO/IEC 27001, SOC 2, etc.

To conduct regular operations, it’s typically necessary to have robust compliance monitoring in place. Failing to comply with applicable laws and regulations can come with a steep price tag, resulting in revenue losses that average more than $4 million. Additionally, managing and monitoring compliance can be both challenging and expensive. In fact, around 50% of organizations report that they devote between 6-10% of their revenue to compliance-related expenses.

Since compliance monitoring can be both resource-intensive and time-consuming, automating the monitoring process represents one potential solution. In this post, it will be exploring the following topics:

What is compliance monitoring?

Compliance involves conforming to laws, regulations, standards, policies, and procedures. Compliance monitoring is an ongoing process that aims to verify that an organization is fully compliant by consistently following all required policies and procedures. In essence, compliance monitoring is a way of ensuring that an organization meets both its internal and external regulatory obligations.

Numerous authorities and regulatory bodies around the world, including the US Department of Treasury, the UK’s Financial Conduct Authority, and the International Organization for Standardization (ISO), mandate compliance monitoring. When seeking approval from these entities, a detailed compliance monitoring plan is typically a requirement.

Typically, an organization’s compliance teams are responsible for conducting compliance monitoring as a component of the broader compliance management system.

What is compliance automation?

Compliance automation involves using technology tools and systems, such as dedicated software and artificial intelligence (AI), to automate compliance management processes like compliance monitoring. These tools and technologies enable organizations to automate time-consuming manual processes such as monitoring, auditing, reporting, testing, control analyses, and corrective action planning.

It’s essential to keep in mind that compliance is not optional. For instance, it’s impossible to handle credit or debit card transactions unless the organization complies with the Payment Card Industry Data Security Standard (PCI DSS).

7 Reasons to automate compliance

Below are seven key reasons why an organization may choose to automate all of its compliance processes:

  1. Improved efficiency and reduced costs – Automated systems and processes are significantly less labor-intensive and thus more cost-efficient than their manual counterparts.
  2. Decreased compliance risk – The greater the degree of automation, the fewer mistakes are likely to occur, which in turn lowers the risk of non-compliance penalties such as fines.
  3. Enhance compliance monitoring – With automated compliance processes, up-to-date compliance data including reports, audits, and status can be readily accessed and reviewed continuously. This enhances the efficiency and effectiveness of compliance monitoring.
  4. Allow compliance teams to focus on the big picture. Through the elimination of repetitive tasks, automation can free up compliance teams to concentrate on more critical matters, which can further enhance the effectiveness of compliance monitoring.
  5. Augmented visibility and transparency – Improved and effective compliance monitoring enables you to obtain a comprehensive overview of your entire ecosystem, from internal servers to supply chain partners.
  6. Better risk management – Since all pertinent and current data is continuously available, risk management choices can be made based on real-time data.
  7. Greater collaboration and uniformity – Employing automated tools that provide a real-time perspective of compliance status enables all stakeholders to collaborate more effectively and ensures consistency in compliance management throughout the organization.

6 overlooked tips to automate compliance monitoring

1. Consider the use case first

If you’re planning to automate your compliance monitoring, the initial step is to assess the specific use cases that apply to your organization. This will provide a solid foundation for comprehending what’s required to devise your strategy, choose the optimal and most appropriate compliance monitoring solution, and integrate it into your organization.

Some typical use cases include:

  • Monitoring for important vulnerabilities and comprehending the consequences for the company.
  • Identifying and correcting misconfigurations before they become business risks.
  • Ensuring that your compliance program complements the services you provide for business.
  • Monitor the onboarding risk and the needs of HR policies.
  • Ensuring that privacy standards for customers are met.

2. Shortlist compliance monitoring tools on the market

By automating compliance monitoring, conventional compliance management tools like spreadsheets, email communications, file storage systems, etc., can be substituted with robust, comprehensive, automated tools.

Different compliance management software solutions are available that can automatically and continually collect all pertinent information from various systems, examine it, and present it in a centralized manner. This enables you to perform efficient compliance monitoring effortlessly and continuously.

Could you provide the list of items that should be kept in mind when making the shortlist of the best compliance monitoring tools?

  • The most effective compliance solutions come with built-in compatibility features that are relevant to specific standards, including:
    • The Health Insurance Portability and Accountability Act (HIPAA)
    • The Federal Information Security Management Act (FISMA)
    • The Payment Card Industry Data Security Standard (PCI-DSS)
    • The EU’s General Data Protection Regulation (GDPR)
    • ISO/IEC 27001, and more.
  • Ensure that the tools you consider for adoption are compatible with the most relevant standards for your organization.
  • Considers and examine all needed features, such as:
    • Connection to other tools.
    • Communication, sharing, and collaboration.
    • Task management.
    • Data analysis.
    • Progress reports.
    • Risk analysis.
  • Ensure that the solution is comprehensive and covers multiple aspects, including data gathering, compliance monitoring, reporting, auditing, compliance training, and other relevant areas.
  • Ensure that the compliance solution you consider is comprehensive and covers multiple aspects, including data collection, compliance monitoring, reporting, auditing, and compliance training.
  • Could you please rephrase your last request? It seems to be the same as the previous one.

3. Communicate the new processes and procedures to staff while emphasizing the benefits of automation and training. 

Implementing new processes, tools, and procedures often involves challenges, particularly in training employees on their execution. This can be daunting, as the effort required to learn and adopt new information can be significant. Compliance monitoring is no exception and comes with its unique challenges, as many employees view it as an obstacle to completing their tasks quickly and effectively.

Effective communication is crucial when introducing and implementing new processes, tools, and procedures to employees, particularly when it comes to compliance monitoring. Many employees may see compliance monitoring as an obstacle to performing their tasks quickly and effectively. Therefore, it’s essential to focus on communicating the transfer effectively. Remind employees of the benefits of automating compliance monitoring, such as the removal of tedious manual tasks, making their work more manageable.

Demonstrate how an automated compliance training platform can facilitate the implementation process, emphasizing that such a tool can improve compliance management and lead to increased efficiency. Emphasize the benefits of using this training tool and how it can help employees become more proficient, ultimately reducing unnecessary efforts.

Effective communication can help engage and motivate employees toward the compliance automation process, leading to improvements in their work and overall compliance.

4. Integrate the compliance monitoring tool with other systems

Effective integration of the compliance monitoring tool with all other systems is critical, both for compliance and the organization’s workflow. Properly gathering all relevant data is vital for compliance management and monitoring, and this cannot be achieved if the compliance monitoring tool is not fully integrated with other tools and systems. In addition, good integration ensures that any modifications that may result in non-compliance are immediately flagged.

Efficient integration with common working tools, like Jira, Slack, and Microsoft Teams, enhances compliance monitoring and facilitates faster and smoother implementation and adoption. This integration empowers compliance teams to manage tasks more effectively while allowing everyone else to keep using the tools they are familiar with.

5. Ensure you are monitoring your supply chain

Trusted Software Supply Chain

Automating compliance monitoring for your entire supply chain is a great opportunity to address one of the most overlooked aspects of compliance monitoring, particularly for larger organizations – the monitoring of supply chains.

Given that automation makes the compliance monitoring process easier, faster, and less labor-intensive, it is essential to ensure that it includes all suppliers in the chain.

6. Utilize training tools to keep staff up to date with compliance 

The human factor is often overlooked as managers focus on the technical aspects of purchasing, implementing, and integrating the most advanced technological tools. However, it’s important to remember that any system is only as good and effective as the people using it.

Similar to any system, the effectiveness of compliance monitoring depends on the people who use it. Many managers concentrate on the technical aspects of acquiring, implementing, and integrating advanced technological tools and may overlook the human factor. Therefore, it’s crucial to make use of advanced training tools such as an automated, smart security awareness training platform to improve your organization’s cybersecurity and compliance and keep your staff up-to-date with all the compliance requirements.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on Six Basic Tips for Automating Compliance Monitoring

Analysis of the RomCom RAT Attack: Faking It to Make It

Posted on January 13, 2023January 13, 2023 by Marbenz Antonio

The RomCom RAT has been circulating – initially in Ukraine, targeting military installations, and now in some countries that speak English such as the United Kingdom.

Initially, the RomCom attack was spread through spear-phishing, but it has since progressed to include techniques such as mimicking legitimate domains and downloads of popular and trustworthy products.

This article, will examine the current situation with RomCom, delve into the issues with digital impersonation, and provide guidance on how to secure software downloads.

RomCom Realities

Contrary to its name, the RomCom RAT is not a light-hearted romantic comedy but a serious cyber-attack where unknown attackers mimic trusted software solutions to gain access to networks. According to The Hacker News, RomCom may be associated with the Cuba ransomware and Industry Spy attacks, as all three use a similar network configuration link. However, this could also be a tactic used by the attackers to distract from their true intentions. Once installed, the RAT has the capability of gathering information, taking screenshots, and sending them to a remote server.

Despite any connection, it may have to cybercrime, the RomCom RAT’s main tactic is to target individuals. By creating legitimate-looking emails from trusted brands, RomCom tricks users into clicking on download links. Additionally, the RomCom RAT actually provides the software being requested, but it also includes a hidden payload. Because the files are often larger than 10 GB, they may not trigger automatic security measures and are instead passed on to security teams for review. Given that the software appears to be legitimate, it may be overlooked. This means that the staff members become both the first line of defense and the primary way for the attack to spread.

The RomCom RAT is malware that primarily targets individuals by disguising itself as legitimate emails from trusted brands. It tricks users into downloading software that contains a hidden payload. The large size of the files, often larger than 10 GB, may allow them to bypass automatic security measures and be overlooked by security teams. This makes the staff members the first line of defense and the primary way for the attack to spread, regardless of any connection it may have to cybercrime.

The Danger of Digital Doppelgangers

To distribute the RomCom RAT effectively, hackers impersonated several legitimate companies such as SolarWinds, KeePass, PDF Technologies, and Veeam by creating decoy websites with similar domain names to the real ones, and offering malware-infected software bundles that appeared to be the legitimate company’s application.

The impersonation of legitimate companies, such as SolarWinds, which recently agreed to pay $26 million in a settlement for the 2020 compromise of its Orion network management platform, and KeePass, which is a tool for keeping passwords safe, is particularly problematic. For example, the hackers created a spoofed version of the KeePass installer site, which offered multiple versions of the software for download, but these versions contained the “hlpr.dat” file that had the RomCom RAT dropper and a Setup.exe file that launches the dropper.

The key tactic used by RomCom is to bundle legitimate services with malware payloads. This makes it difficult for users to detect the malware, as the download includes the tool they requested. Unlike other attacks that may be flagged when the downloaded content is found to be different from what was expected, RomCom ensures that employees receive the solution they requested, but also receive a RAT with it.

In practice, this tactic creates a twofold issue. Firstly, the emails and websites appear legitimate, which may cause staff and security teams to not suspect them as malicious. Secondly, the inclusion of actual software along with the RAT tool may prolong the time between the infection and its detection.

Securing Software Downloads

The most straightforward way to avoid RAT infections would be to avoid downloading and installing any software. However, this is not a practical solution as many tools like SolarWinds, and KeePass requires regular updates to maintain their functionality. Additionally, teams rely on downloading solutions like PDF Reader Pro and other digital media managers to enhance their operational efficiency.

Therefore, businesses need to implement strategies to lower the security risks associated with software downloads, regardless of their origin or intended use.

The first strategy is to enable automatic updates for existing tools. This minimizes the risk of RAT infections by eliminating the need for staff to manually seek and install new versions of software. Since these updates come directly from the software provider’s servers, it makes it harder for attackers to interfere with the process.

Another important step is to implement strict download policies that apply to all staff members without exceptions. This is crucial because the recent RomCom SolarWinds attack not only replicated the company’s free trial download page but also included links to the real SolarWinds contact forms. So, if users filled them out, they would receive a response from actual SolarWinds staff. Meanwhile, the download itself was a malware-infected version of the legitimate tool, which contained the RomCom RAT.

This makes it difficult for even tech-savvy staff to identify the spoof and avoid the download. By limiting download permissions, the attack surface is reduced.

Finally, ongoing monitoring of IT environments is crucial to identify potential issues. For example, if a software download from a seemingly trustworthy company contains both the requested app and a hidden RAT, security teams that rely on the assumption that familiar software is safe may view this download as low risk, allowing the malware to operate undetected. By adopting a zero-trust approach, which assumes that all software poses a potential risk, teams are more likely to detect and eliminate malware, regardless of how it entered the system.

Hope for a Happy Ending

The operators of RomCom RAT are using deception to gain access. By mimicking legitimate websites and disguising malware as functional tools, they aim to trick staff and infiltrate enterprise networks.

It is possible to prevent the spread of RomCom RAT. By implementing automatic updates, creating strict download policies, and adopting a zero-trust approach to detecting hidden threats, companies can keep their downloads secure.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged Cyberattacks, cybersecurityLeave a Comment on Analysis of the RomCom RAT Attack: Faking It to Make It

Six Roles That Easily Convert to a Cybersecurity Team

Posted on January 13, 2023January 13, 2023 by Marbenz Antonio

5 Secrets a Cybersecurity Audit Can Reveal - CAI

The cybersecurity industry is facing a shortage of qualified professionals and a high demand for trained experts, which can make it challenging to find the right candidate with the appropriate skill set. However, when searching for specific technical skills, it may be worth considering professionals from other industries who may be a good fit for transitioning into a cybersecurity team. In fact, certain roles may be a better match than what is typically associated with cybersecurity professionals due to their specialized skills.

This article examines six different types of professionals with the necessary skills to transition into a cybersecurity team and how they can be utilized effectively while still working within their areas of expertise.

1. Software Engineers

A software engineer is a person who specializes in designing, developing, testing, and troubleshooting software programs. They are responsible for the creation and maintenance of software applications.

Why the Skill Set is a Match

Software engineers have a wide range of technical abilities, including coding and software creation. They also have knowledge of the intricacies involved in building a secure application. This makes them suitable for various cybersecurity responsibilities. For instance, they can be employed to build applications that are more resistant to cyber-attacks by incorporating security features during the coding process.

What Additional Training do Software Engineers Need?

Software engineers have a solid foundation for cybersecurity but may require additional training in cryptography and network security to be fully equipped. It’s important for them to be aware of different cyber threats, such as malware and phishing. Furthermore, as software development is a rapidly changing field, software engineers should be ready to keep up with the latest advancements to remain competitive.

2. Network Architects

Network architects are in charge of creating, organizing, and executing computer networks. They are familiar with the intricacies of network security and methods for protecting data from external dangers.

Why the Skill Set is a Match

Network architects have a thorough understanding of networking technologies and are skilled in establishing secure networks. While not all security positions necessitate a deep technical understanding, network architects are well-suited to design secure networks and implement security measures. They can also assess existing systems for vulnerabilities and propose solutions to reduce risks.

What Additional Training do Network Architects Need?

While security is generally a core part of network architects’ expertise, it’s still important for them to be aware of the various cyber threats that exist today. They should also stay informed about the latest technologies and techniques related to cybersecurity, such as artificial intelligence (AI) and machine learning (ML). Additionally, it’s crucial for network architects to have the ability to recognize and distinguish between legitimate and malicious traffic signals.

3. IT Support Specialists

IT support specialists are responsible for identifying and solving technical problems related to computers and other electronic devices. They typically have a good understanding of different hardware and software systems.

Why the Skill Set is a Match

IT support specialists have strong analytical abilities, allowing them to quickly identify issues and come up with solutions. They are able to think critically which makes them suitable for investigating security incidents and hunting for malicious actors. Furthermore, their knowledge of different hardware and software systems is crucial in understanding the impact of cyber threats.

What Additional Training do IT Support Specialists Need?

IT support specialists should be familiar with different cyber threats and how to handle them efficiently. They should also have knowledge of risk assessment methods and security architectures, such as access control protocols and identity management solutions. IT support teams usually have a general understanding of security risks, but additional training may be needed for more specialized roles.

4. AI Developers

AI developers are responsible for creating applications that use AI and ML technologies. They have a thorough understanding of data engineering and programming languages such as Python, C++, and Java.

Why the Skill Set is a Match

AI developers comprehend the capabilities of machine-learning algorithms to detect patterns in large sets of data. Therefore, they can be employed to detect and respond to security threats in real time. AI developers can utilize their specialized knowledge to create and maintain advanced penetration testing tools and develop AI-assisted security solutions.

What Additional Training do AI Developers Need?

AI developers have robust programming knowledge but may need to gain more familiarity with various cyber threats. They should be familiar with different attack surfaces and concepts, such as malware analysis and intrusion detection systems. Moreover, they should have knowledge of ethical hacking principles and network security protocols to build secure applications.

5. Cloud Specialists

Cloud specialists are in charge of overseeing cloud-based applications and infrastructure. They typically have a thorough understanding of cloud platforms and technologies, such as Amazon Web Services (AWS), Microsoft Azure, and IBM Cloud. Cloud specialists are also familiar with storage technologies, such as relational databases and big data solutions.

Why the Skill Set is a Match

Cloud specialists are familiar with the robust security services provided by cloud providers, such as identity and access management (IAM). They can utilize these services to ensure that only authorized personnel have access to sensitive information stored in the cloud. They also have knowledge of the various security risks associated with cloud technologies and can offer valuable suggestions on how to minimize them.

What Additional Training do Cloud Specialists Need?

Cloud specialists have a thorough understanding of various cloud services and technologies; but when it comes to adapting to strictly on-premise security infrastructure, they may have to enhance their skills. They should gain knowledge of on-premise security solutions, such as host-based firewalls and endpoint protection systems. Additionally, they should be familiar with different types of cyber threats and how to create secure architectures within an organization and with external parties.

6. Data Analysts

Data analysts are responsible for examining large amounts of data and providing insights into business processes. They have a thorough understanding of areas such as statistical analysis, predictive modeling, and machine learning algorithms.

Why the Skill Set is a Match

Data analysts have the ability to recognize patterns in datasets that might not be obvious to the human eye. They can use this skill to detect and respond to advanced cyber threats such as zero-day exploits or insider threats. Data analysts can also create predictive models that help organizations anticipate future security risks and take preventive measures accordingly.

What Additional Training do Data Analysts Need?

Data analysts may require additional training in areas such as data privacy regulations and compliance standards. They should be familiar with various security tools and procedures to ensure that data is securely stored, transmitted, and processed. Furthermore, they should have a thorough understanding of threat models and attack vectors to detect malicious activity as early as possible.

The Demand for New Cybersecurity Workers Remains High

In summary, transitioning from various positions, such as AI developers, cloud specialists, or data analysts, into cybersecurity is feasible. With appropriate training and expertise, professionals from these backgrounds can become valuable cybersecurity team members. With attackers becoming increasingly sophisticated, organizations require individuals with a strong combination of technical knowledge and analytical abilities to stay ahead of the curve. Organizations can develop and expand their cybersecurity teams without facing a shortage of highly specialized professionals.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on Six Roles That Easily Convert to a Cybersecurity Team

The Methods Used by Security Teams to Combat False Information

Posted on January 13, 2023 by Marbenz Antonio

Seven ways to protect yourself against misinformation | Knowledge Enterprise

“A lie can travel halfway around the world while the truth is still putting on its shoes.” The quote is often attributed to Mark Twain, however, he never said it. The quote’s origin is unknown, but the concept that lies spread quickly while truth spreads slowly is an old one.

The quote attributed to “Twain” illustrates the distinction between misinformation and disinformation. Misinformation is an error that is spread unintentionally, while disinformation is false information disseminated with the intent to deceive or harm.

In contrast, disinformation is a deliberate deception. Its aim is to deceive, cause harm or gain an advantage by spreading false information. As long as spreading lies is profitable and effortless, businesses must be able to adapt quickly.

Disinformation’s Negative Effects

It all comes down to the intent behind spreading the information. The goal of the person or group sharing the data is crucial. Real-world examples demonstrate the harm caused by these falsehoods and the potential for future abuse they create.

In 2019, scammers utilized AI technology to impersonate the voice of a CEO of a European energy company. They made a phone call using the artificial voice and urgently requested an employee to transfer €220,000 ($243,000) to a Hungarian vendor within 60 minutes. The scammers, anxious as the money did not arrive as quickly as they expected, made two more calls. This raised the employee’s suspicion. However, by then it was too late to recall the funds, and the scammers were able to obtain the money. Fortunately, the company was protected from financial loss by fraud insurance.

Though minimal harm was caused, this incident served as a warning of potential future danger. This was the first recorded instance of AI being used to imitate a voice for fraudulent purposes. Cybersecurity experts anticipate that the next development will be the use of AI to replicate both voice and facial expressions. If the imitation appears and sounds genuine, it will raise no suspicions, making the scam harder to detect and hence more profitable.

Disinformation as a Service

Disinformation can have multiple objectives and the COVID-19 pandemic provided a significant opportunity for scammers. A scam from 2021 highlighted the trend of Disinformation-as-a-Service, where an external party pays for social media influencers to spread and promote disinformation. Fazze, a PR agency that appears to have Russian government backing, approached successful YouTubers to criticize the Pfizer vaccine. Offering large sums of money, the company asked the influencers to spread disinformation, not to disclose their sponsorship, and to present themselves as if they were sharing information. The scheme was exposed when a few YouTubers went public about the strange offer. The BBC reported speculation of Russia’s connection to the scheme to promote their own vaccine, Sputnik V, illuminating how nation-state attacks often initiate disinformation campaigns.

Small and medium-sized businesses (SMBs) can also be targeted. Disinformation spread through the fake review market has a significant impact on small, local businesses. A study on the direct impact of fake reviews on online spending estimated that fake reviews caused businesses to lose $152 billion globally in 2021. The study cites an example of an Australian plastic surgeon whose business decreased by 23% in a single week following a fake review. Similarly, a plumbing business based in California lost 25% of its business when a rival posted a fake review. In New York, two busing companies discovered that fake positive reviews effectively redirected business from one company to the other.

How to Fight Disinformation and Misinformation

Disinformation can be financially rewarding, making it a challenge for businesses of all sizes to deal with. Fortunately, there are actions that can be taken when facing a disinformation or misinformation attack.

  1. Train your employees. There is a possibility that your business will be targeted by malicious actors. Your CSOs and CISOs need the necessary technical and social expertise to counter disinformation. As disinformation is both a security and communications concern, it is also important to provide training to your communications and marketing teams.
  2. Make a plan. IT teams prepare recovery plans for natural and human-induced disasters, and a similar plan is required for a disinformation crisis. Establish team roles and the steps that should be taken when disinformation occurs. Utilize probable scenarios to evaluate the plan and identify weaknesses so that everyone is prepared when the crisis occurs.
  3. Bring in outside forces. Sometimes it can be too overwhelming to handle the PR and communications issues internally. Your IT and security teams may not have the knowledge on how to handle these types of attacks. Bring in external teams that are experienced in resolving technical and PR problems caused by disinformation. Research these companies beforehand so you know who to contact in case of an attack.
  4. Use social media monitoring tools. These tools may not be able to prevent an attack, but they can provide early warning of an impending attack, giving you a few hours or days to activate your plan and minimize the damage.

How to Prevent Disinformation Attacks

Preventative measures are more straightforward and less expensive than trying to combat a disinformation campaign that has spiraled out of control. There are various preventative actions that can be taken to enhance your protection.

  1. Stay vigilant for potential risks and vulnerabilities. Understand the different ways threats can occur. Does your company have a high-profile CEO? Does your brand have a stance on contentious topics? Are you a small business that relies heavily on reviews? These are all factors that can lead to attacks. Identify weaknesses and take steps to strengthen your defenses as soon as possible.
  2. Be proficient in social media. Monitoring tools can provide advance warning of an attack, but social media can also be used as a defensive tool. Keep an eye on what people are saying about your organization. Monitor social media conversations surrounding your brand that you are not initiating. If any activity raises concerns, the communications team can address it.
  3. Take a proactive approach. PR, communications, and marketing teams should engage in ongoing and genuine interactions with customers. This establishes trust and makes customers more likely to approach you with questions before spreading false information. Encourage interactions with partners and vendors for the same purpose.\
  4. Adopt good information practices. Never circulate unverified information. Identify reliable sources and learn how to recognize compromised, hacked, or spoofed sources. Educate employees on how to protect against threats such as phishing and social engineering. Set guidelines for appropriate behavior during company-related activities and how employees should communicate without putting the company at risk. Additionally, provide training for the C-suite on reputation management and how to handle situations where their actions may be recorded and shared.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on The Methods Used by Security Teams to Combat False Information

Railway Operators Must Comply with New Federal Cybersecurity Requirements

Posted on January 10, 2023January 10, 2023 by Marbenz Antonio

A glimpse into the world of railway cybersecurity, CIOSEA News, ETCIO SEA

In recent years, the U.S. government has prioritized increasing cybersecurity in sectors that are critical to the country. This focus intensified after the ransomware attack on the Colonial Pipeline, a major fuel pipeline, which caused significant gas shortages and highlighted the need to protect U.S. infrastructure. In response to this threat, officials have emphasized the importance of strengthening the security of these industries.

In March 2022, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This law applies to agencies, organizations, and businesses whose service disruptions could harm economic security or public health and safety. Railways are one of the industries that are considered critical infrastructure under this act.

Railways Targeted by Cyberattacks in Recent Years

Railways have been the subject of several major attacks in recent years, including a data breach at China Railways (CR) in 2019 and breaches of 146 million records in the database of Network Rail and service provider C3UK, as well as a malware attack on Sadler, a railway equipment manufacturer. In October, President Biden released the Enhancing Rail Cybersecurity Directive from the Transportation Security Administration for critical infrastructure, which includes directives for railway companies.

TSA administrator David Pekoske said, “The nation’s railroads have a long track record of forward-looking efforts to secure their network against cyber threats and have worked hard over the past year to build additional resilience, and this directive, which is focused on performance-based measures, will further these efforts to protect critical transportation infrastructure from attack.”

Requirements of the Enhancing Rail Cybersecurity Directive

The new directive includes four main requirements:

  1. Designate a Cybersecurity Coordinator – Under this directive, railways must designate a cybersecurity coordinator who is responsible for implementing cybersecurity practices, managing cybersecurity incidents, and serving as a point of contact between the railway and both the TSA and the Cybersecurity and Infrastructure Security Agency (CISA) on cybersecurity matters. The coordinator must be available 24/7, so railways must also appoint a backup coordinator. Both coordinators must be U.S. citizens and eligible for security clearance.
  2. Report Cybersecurity Incidents to CISA – Under this directive, railways must report all cybersecurity incidents, including unauthorized access, malware, and DoS attacks, to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of the event. The railway must provide detailed information about the incident, as well as its impact on the railway and the railway’s response to the incident.
  3. Develop a Cybersecurity Incident Response Plan – The directive requires railways to develop a plan that outlines how they will identify, isolate, and segregate infected systems and protect backed-up data. The plan should also establish processes and governance for isolating systems. Railways must adopt their plan within 180 days of the directive and must also conduct regular testing of the plan.
  4. Assess Cybersecurity Vulnerability – The directive requires railways to conduct an assessment to identify any gaps in their cybersecurity and document remediation measures. Railways must complete this assessment within 90 days of the directive.

The directive requires railways to identify any weaknesses in their cybersecurity and document steps to fix these issues through an assessment. This assessment must be completed within 90 days of the directive.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Posted in CybersecurityTagged cybersecurityLeave a Comment on Railway Operators Must Comply with New Federal Cybersecurity Requirements

Posts navigation

Older posts

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • March 2020
  • December 1969

Categories

  • Agile
  • APMG
  • Business
  • Change Management
  • Cisco
  • Citrix
  • Cloud Software
  • Collaborizza
  • Cybersecurity
  • Development
  • DevOps
  • Generic
  • IBM
  • ITIL 4
  • JavaScript
  • Lean Six Sigma
    • Lean
  • Linux
  • Microsoft
  • Online Training
  • Oracle
  • Partnerships
  • Phyton
  • PRINCE2
  • Professional IT Development
  • Project Management
  • Red Hat
  • SAFe
  • Salesforce
  • SAP
  • Scrum
  • Selenium
  • SIP
  • Six Sigma
  • Tableau
  • Technology
  • TOGAF
  • Training Programmes
  • Uncategorized
  • VMware
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

home courses services managed learning about us enquire corporate responsibility privacy disclaimer

Our Clients

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.

Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
  • Level 14, 380 St Kilda Road, St Kilda, Melbourne, Victoria Australia 3004
  • Level 4, 45 Queen Street, Auckland, 1010, New Zealand
  • International House. 142 Cromwell Road, London SW7 4EF. United Kingdom
  • Rooms 1318-20 Hollywood Plaza. 610 Nathan Road. Mongkok Kowloon, Hong Kong
  • © 2020 CourseMonster®
Log In Register Reset your possword
Lost Password?
Already have an account? Log In
Please enter your username or email address. You will receive a link to create a new password via email.
If you do not receive this email, please check your spam folder or contact us for assistance.