1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • SME CyberShield
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/7/2017

0 Comments

Why Lack of Qualified Cyber Security Workforce is a Critical Vulnerability for Many Businesses

 
Women - cyber security workforce

Why Lack of Qualified Cyber Security Workforce is a Critical Vulnerability for Many Businesses

​There’s WannaCry. There’s Petya. There’s NotPetya. These cyber threats have hugged the headlines in the past few days. There’s one cyber threat that remains as a critical vulnerability for many businesses: lack of qualified cyber security workforce.

Cyber Attacks Outpace Cyber Defense

​According to Symantec, 430 million new unique pieces of malware were discovered in 2015. At the close of 2015, Symantec added, 191 million records were exposed as a result of cyber attacks.
 
“Attacks outpace defense, and one reason for this is the lack of an adequate cyber security workforce,” said the Center for Strategic and International Studies in its study called “Hacking the Skills Shortage: A study of the international shortage in cyber security skills”.
 
A report from Frost & Sullivan and ISC² found that by 2020, more than 1.5 million global cyber security positions will be unfilled. Frost & Sullivan and ISC² revealed that 45 percent of hiring managers reported that they’re struggling to fill additional information security positions despite the increase of security spending across the board for technology, rising average annual salaries and high rates of job satisfaction.
 
Five years ago, cyber threat wasn’t part of the top 10 risks (it only ranked 12th) prioritized by corporate boards according to Lloyds’ 2011 annual risk survey.
 
Corporate attitude towards cyber security has drastically changed in recent years. A Forbes report found that four financial institutions – J.P. Morgan Chase & Co., Bank of America, Citigroup, and Wells Fargo – spent more than $1.5 billion on cyber security in 2015. In a live interview on Bloomberg in 2015, Bank of America CEO Brian Moynihan said that cyber security is the bank’s only business unit with no budget limit.
 
In 2017, PwC’s global CEO survey found that cyber threat is the top five risks on CEOs’ minds, behind only to availability of key skills, volatile energy costs and changing consumer behavior.
 
Delay of Hiring Cyber Security Workforce Leaves Businesses Vulnerable to Cyber Attacks
The 2017 state of cyber security survey by ISACA (Information Systems Audit and Control Association) found it takes six months or longer to fill priority cyber security and information security positions in more than 1 in 4 companies around the globe.
 
“When positions go unfilled, organizations have a higher exposure to potential cyber attacks. It’s a race against the clock,” said Christos Dimitriadis, ISACA board chair.
 
For its part, the Center for Strategic and International Studies said, “The continued skills shortage creates tangible risks to organizations.” In the study conducted by the center, 1 in 4 respondents said their organizations have lost proprietary data as a result of their inability to maintain adequate cyber security staff.

Lack of Qualified Applicants

​The ISACA report showed that compared to other corporate job openings, which garner 60 to 250 applicants, cyber security opening receives fewer applicants.
 
Fifty-nine percent of the organizations surveyed by ISACA reported that for each cyber security opening, they only receive at least 5 applicants, and only 13 percent receive 20 or more applicants. Sixteen percent of North American respondents in the ISACA survey indicated that cyber security opening receives at least 20 applicants.
 
Compounding the problem of lack of applicants for cyber security opening is the problem of qualified applicants. ISACA board chair said, “As enterprises invest more resources to protect data, the challenge they face is finding top-flight security practitioners who have the skills needed to do the job.”
 
Sixty-four percent of the respondents of the ISACA survey said half or less of their applicants for cyber security position are qualified, while 35 percent of the survey respondents said that less than 25 percent of applicants are qualified.
 
When asked to identify the most important attributes of a qualified applicant, respondents of the ISACA survey ranked practical verification or hands-on experience as the most important; reference/personal endorsement is ranked second; certifications is ranked third; formal education is ranked fourth; and specific training is ranked fifth.

Security Fatigue

​Making things worse is the “security fatigue” of non-cyber security personnel. The National Institute of Standards and Technology (NIST) defined security fatigue as a “weariness or reluctance to deal with computer security”.
 
A NIST study found that a majority of computer users experienced security fatigue that often results in risky computing behavior in the workplace and in their personal lives.
 
“The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life,” cognitive psychologist and co-author of the NIST study Brian Stanton said.
 
“Years ago, you had one password to keep up with at work,” computer scientist and co-author of the NIST study Mary Theofanos said. “Now people are being asked to remember 25 or 30. We haven’t really thought about cyber security expanding and what it has done to people.”
 
The NIST study found that security fatigue results to feelings of resignation and loss of control. This weariness or reluctance to deal with computer security, the NIST study found, can lead to choosing the easiest option among alternatives, behaving impulsively, and failing to follow security rules.

How to Remedy the Cyber Security Workforce Shortfall

Here are three recommendations on how to remedy the cyber security workforce shortfall:
​
1. Accept Non-Traditional Sources of Education
The Center for Strategic and International Studies study suggested that hiring managers should put less emphasis on degree requirements especially for entry-level cyber security positions, and instead place greater emphasis on hands-on experience and professional certifications.
 
2. Diversify the Cyber Security Workforce
A number of studies have shown that women and minorities are underrepresented in the field of cyber security. Opening this field to women and minorities will diversify the cyber security workforce and will also expand the talent pool.
 
3. Automate
The Center for Strategic and International Studies study revealed that organizations are looking to automate cyber security functions to offset the skills shortage. Cyber security automation generates efficiencies. Efficient processes allow cyber security personnel to focus their talent and time on cyber threats that need human intervention.
0 Comments

7/1/2017

0 Comments

Here is why Petya is not a Typical Ransomware

 
Petya ransomware

Here is why Petya is not a Typical Ransomware

This week, another ransomware called “Petya” attacked major companies around the globe. 

The Victims

​Petya attacked the computers at the Chernobyl nuclear plant, forcing workers to manually monitor the plant’s radiation. The ransomware also attacked the computers of major global companies including Russian oil and gas giant Rosneft, Cadbury and Oreo-maker Mondelez, British advertising giant WPP, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck, real estate subsidiary of French bank BNP Paribas and multinational law firm DLA Piper.
 
Microsoft, in a blog post, said that than 70% of the computers attacked by Petya were in Ukraine, while computers in other countries were also affected in significantly lower volumes. Microsoft added that the majority of Petya infections were observed in Windows 7 computers. 

How Does Petya Spread and Infect Computers

​Cyber security firms Kaspersky Lab and Symantec, and even Microsoft confirmed that Petya ransomware uses the Eternal Blue – a Microsoft Windows’ exploit believed to be originally developed for the use of the U.S. National Security Agency (NSA). The Eternal Blue is the same exploit used in WannaCry – another ransomware that affected hundreds of thousands of computers worldwide less than two months ago.
 
“Similar to WannaCry, Petya uses the Eternal Blue exploit as one of the means to propagate itself,” Symantec said. “However it also uses classic SMB network spreading techniques, meaning that it can spread within organizations, even if they’ve patched against Eternal Blue.”
 
In addition to exploiting Microsoft Window’s vulnerability, Symantec said this latest ransomware spreads by acquiring usernames and passwords and spreading across network shares. According to Symantec, the Petya ransomware that started propagating last June 27 is a variant of an original Petya – a malware known to be in existence since 2016 – that not just encrypt files, it also overwrites and encrypts the master boot record (MBR).
 
Kaspersky Lab, for its part, said that this latest ransomware is significantly different from all earlier known versions of Petya, as such the cyber security firm calls it “ExPetr” or “NotPetya”.
 
In the new Petya – the term we use here as the world media adopted this name – cyber criminals demand from each of their victims to pay $300 in bitcoins to recover files. The following ransom note is displayed on the victim’s infected computer: 
Petya ransomware screen
​Cyber criminals behind the Petra ransomware attack use an email from the German email provider Posteo as a means to contact their victims. Upon learning that its email platform was used by cyber criminals, Posteo blocked the email account used by the Petra perpetrators on the same day that the ransomware was released to the wild.
 
As a result of Posteo’s email blockade, Petra’s victims will have no way to contact the people behind the latest ransomware attack. The Posteo’s email was supposed to be a venue where the victims would contact the blackmailers, telling them whether they’ve sent the bitcoins and from which they would receive decryption keys.

A complete technical analysis is available from the US-CERT, published on July 1, 2107.

Wiper vs Ransomware

​According to Kaspersky Lab, even without the email blockade, there’s still no way that victims can recover their files as the ransomware was designed in such a way that it’s impossible for victims to recover their data. To decrypt files, cyber criminals need the installation ID. Kaspersky Lab said other ransomware such as the old Petya, Mischa and GoldenEye have installation ID for file recovery.
 
In the new Petya, even the cyber criminals themselves can’t decrypt the victims’ files. The installation key shown in the new Petya ransom note, Kaspersky Lab said, is just a random gibberish, “which means that the threat actor could not extract the necessary information needed for decryption.”
According to Symantec, the encryption performed by Petya is twofold:
  • First encryption happens as soon as the attack occurs, encrypting specific file types in user-mode; and 
  • After a computer system reboot occurs, a second encryption – a disk encryption begins, and the ransom note is displayed to the user. A randomly generated Salsa20 key is used for disk encryption.
Symantec said that the "installation key" referred to in the ransom note is a randomly generated string that’s displayed to the user. The problem though, according to Symantec, is that the installation key and Salsa20 key have no connection at all, making it impossible to decrypt the files in the infected computer. “This demonstrates that Petya is more accurately a wiper rather than ransomware,” Symantec said.
 
“Either it was a sophisticated actor who knew what they were doing – except screwed up horribly on the part where they actually get paid or it wasn’t about the ransom in the first place,” said Nicholas Weaver, a researcher at the International Computer Science Institute and a lecturer at the University of California, Berkeley, told the New York Times.
 
“They are no longer collecting a ransom [referring to the new Petra ransomware],” Justin Harvey, managing director of global incident response at Accenture Security, told the New York Times. “They are just being destructive.”
 
If the main motive of the ransomware is money, Harvey said, cyber criminals typically set up multiple avenues to collect funds from their victims. The recent ransomware attack uses a single email address and a single bitcoin wallet for electronic payments.

How to Prevent Ransomware Attacks

Here are some of the ways to prevent ransomware attacks like the new Petya:

1. Use the latest operating system and make sure that most current updates are installed
It’s worthy to note that according to Microsoft, most of the Petya victims use Windows 7. Microsoft said that Windows 10 and its new streamlined operating system Windows 10 S block this type of attack by default.
 
2. Back up your data
Early this month, Nayana, a web hosting company in South Korea, agreed to pay more than $1 million to ransomware criminals to unlock its servers. This is believed to be the biggest ransomware payout on record. Backing up your data either offline or in the cloud protects your business from ransomware attacks. Cyber criminals will have no leverage on your business if you can easily retrieve your data somewhere else.

Businesses must backups and most importantly test the backups by performing test restores. Home users could protect their data by subscribing to one of many cloud storage and file sharing services.

Since the most important thing to protect your data against ransomware is to make sure that the operating system are always up to date,  always ask your IT department to demonstrate that they have a solid vulnerability and patch management solution to keep the information safe. 

Connect with us today, and our experts will answer your questions.
0 Comments

6/14/2017

0 Comments

7 Steps to Prioritize Cyber Security Threats & Threat Remediation

 
cyber security threats

7 Steps to Prioritize Cyber Security Threats

​Today’s businesses are under constant threat of cyber attacks. The recent WannaCry ransomware attack, which affected major businesses and institutions around the world, showed the importance of prioritizing cyber security threat remediation.     
 
Here are 7 steps on how to prioritize cyber security threat remediation within your organization:
Cyber security threat detection and remediation process

Step 1. Involve Business Stakeholders in the Process

​Cyber security threat remediation is often left to the “IT people”. Business stakeholders, which include those in the senior management positions and those possessing unique perspectives, experiences and skills that IT may not possess, are invaluable in prioritizing cyber security threat remediation.
 
A survey conducted by Info-Tech Research Group showed that organizations that were able to engage business stakeholders in cyber threat identification were 79% more successful in identifying all threats compared to organizations where business stakeholders’ participation was minimal. Another Info-Tech survey found that 97% of organizations that involved business stakeholders in the cyber risk assessment process reported success.
 
It’s beneficial to involve business stakeholders as they can put forward perspectives that IT departments may have overlooked, and they can bolster IT’s knowledge regarding particular risks and their overall effect on the organization.

Step 2: Identify Cyber Security Threats

In identifying cyber security threats, determine the threat categories, threat scenarios and threat events.

Threat Categories

​Threat categories are advanced groupings that label threats relating to major IT functions. The following are some of the identified categories:
  1. Operations risks
  2. Hardware risks
  3. Software risks
  4. Project risks
  5. Personnel risks
  6. Data risks
  7. Vendor risks
  8. Disaster & business continuity risks
  9. Compliance & security risks
Cyber security risk categories

Threat Scenarios

​After identifying the threat categories, identify the threat scenarios or common situations for each category. For instance, in the data risk category, threat scenarios could be data theft, data integrity, data confidentiality and data availability.

Threat Events

​Threat events refer to specific vulnerabilities under a particular threat scenario. An example of threat event under data integrity includes data recovery/loss within system.

Step 3: Determine the Threshold for Acceptable and Unacceptable Risk

​Establish a threshold that sets what comprises as an acceptable and unacceptable risk for the organization. This threshold should be in a concrete dollar value, and should be based on the ability of the organization to absorb financial losses and its tolerance towards risk. For instance, an organization's threshold could be $100,000. A cyber threat costing below $100,000 is acceptable, while above $100,000 is an unacceptable threat.

Step 4: Create a Financial Impact Assessment Scale

Cyber threat has a corresponding financial consequence. It’s difficult for senior management to make intelligent decisions about cyber security threats if they don’t know what their financial impact will be. For each identified threat event, it’s critical to create a scale to assess the financial impact. Typically, financial risk impacts are assessed on a scale of 1 to 5 or low to extreme. Make sure that that the unacceptable risk threshold is reflected in the scale. Let’s say,  
  • Financial loss of $10K to $34K falls under Scale 1 (Negligible)
  • Financial loss of $35K to $59K falls under Scale 2 (Low)
  • Financial loss of $60K to $99K falls under Scale 3 (Moderate)
  • Financial loss of $100K (this being the threshold) to $249K falls under Scale 4 (High)
  • Financial loss of $250K falls under Scale 5 (Extreme)
 
In the financial impact assessment, include project overruns and service outages. For instance, a cyber security project that runs for 20 days, with 8 employees, average cost of $300 per day and a total estimated cost of $48,000, falls under the low impact scale. Another example is a service outage that runs for 4 hours, with $10K loss of revenue per hour and an estimated cost of $40,000, falls under the low impact scale. 

Step 5: Create a Probability Scale

For every threat event, create a scale to assess the probability that the event will happen over a given period of time. Make sure that the probability scale has the same number of levels as the financial impact scale. Let’s say,
  • 1 to 19% probability falls under Scale 1 (Negligible)
  • 20 to 39% probability falls under Scale 2 (Low)
  • 40 to 59% probability falls under Scale 3 (Moderate)
  • 60 to 79% probability falls under Scale 4 (High)
  • 80 to 99% probability falls under Scale 5 (Extreme) 

Step 6: Threat Severity Level Assessment

​For all threat events, assess the severity level. To calculate the severity level of each threat event, multiply the financial impact cost with the probability of occurrence. A threat event with a probable financial impact cost of $250K or "high" multiplied with the probability of occurrence which is 10% or "low" generates a $25K or "medium" threat severity level.

Step 7: Determine the Proximity of the Threat Event

​Over a period of time, the financial impact and probability of occurrence of a threat event often fluctuate. The relationship between threat severity and time is called threat proximity. These fluctuations are every so often unpredictable. Some threat events are, however, predictable. The risk severity of losing key personnel is constant. The risk severity of data breach leading up to new product launch is confined at a particular point in time. The risk of severity of project overrun after staff layoffs either increases or decreases after a particular point in time.
 
In determining the proximity of the risk event, focus on “high” and “extreme” threats. Describe the proximity of these high and extreme threats. For instance, for a particular threat event, the threat proximity can be described in this way: “The probability of this threat event will fall when the new budget for the IT department is released.”
 
So what’s the difference between threat severity and threat proximity? The threat proximity description notifies senior management about the urgency of a cyber threat event and the importance of timely implementation of risk responses, while threat severity notifies senior management about the relative importance of each threat event.

Cyber Security Threat Remediation Equals Cost Effectiveness

Threat identification and prioritizing these threats demand time and money. But the time and money spent on these security risk management tasks can mean the difference between staying on budget and spending too much. 

When your organization needs help with assessing and prioritizing cyber security threats, give us a call and we will be happy to help.
0 Comments

5/25/2017

0 Comments

5 Cyber Security Threats To Look Out For

 
Cyber security threats - monitor

5 Cyber Security Threats To Look Out For

As the world becomes more technological, so do the cyber criminals. 

From bank details to medical records, we store our most sensitive information on the web. Savvy swindlers take advantage of this new arena with a variety of scams designed to rob you of money, information, and identity.  

Protect your business by looking out for these common cyber security threats.  

Mobile transactions

Did your dad ever warn you about the danger of paying for things on the internet? Turns out his paranoia could be valid. 

A new host of vulnerabilities are available for fraudsters to exploit. They're hidden in the complexities of online payment platforms. Weak points are lurking in virtual wallets and CNP (card not present) transactions. 

Mobile transactions are predicted to exceed $220 billion in 2017, an enticing number for a scam-artist seeking a quick win. 

Ransomware

How could we forget the recent Wannacry ransomware attack

While criminals promised to send the description keys to unlock your files, crime fighting cyber security experts released the keys free of charge. Ransomware is usually deployed to extort money, and it won't be changing any time soon. The hackers demand a ransom for locked personal or business information against the threat of deleting the precious data forever. On the flip side, vital information is 'kidnapped' until the victim pays for its release. 

These types of cyber security threats continue to increase. Avoiding suspicious links and downloads is an effective preventative against ransomware.

DDoS attacks

Distributed Denial of Service attacks are cyber security threats that aim to make a site useless. 

The hacker will infect and commandeer a network of connected devices. This "botnet" overloads the site with requests, preventing users from accessing the service. Hackers use DDoS to extort money, eliminate competition, or make a political statement. 

The increasing reliance on website traffic makes DDoS attacks devastating to modern businesses. 

IoT attacks

The Internet of Things heralds an age when your alarm clocks can instruct your coffee machine to turn on. This interconnectivity of devices can optimize your lifestyle. It can also make it vulnerable to cyber security threats. 

Hackers use IoT attacks to steal information, manipulate devices, and launch DDoS attacks.  

Phishing attacks

Most people know the risks of opening unsolicited attachments and strange links. Phishing scams have had to up their game. 

These days it's harder to spot a phishing email. They're created with an intimate knowledge of the user, which entices them to click. The dodgy link opens the gateway to malware, which steals information.

The phisher may also use your email to distribute phishing emails to your contacts list.  

How to defend against cyber security threats

While the face of cyber security threats is always changing, staying up-to-date on attack trends should be your first line of defense. Educate your staff on the appearance and symptoms of common cyber attacks.

Common password hacks are among the simplest ways for scammers to access your system. Ensure your team practices healthy password hygiene and are vigilant about locking devices.

The help of an information security specialist can help you to further fortify your systems and identify weaknesses before they become real threats. Contact us today and let's protect your business from cyber attacks. 

0 Comments
Forward

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2025
    February 2025
    January 2025
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    April 2024
    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    AI Security
    Artificial Intelligence
    ATP
    Awareness Training
    Blockchain
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cybercrime
    Cyber Espionage
    Cyber Insurance
    Cyber Security
    Cybersecurity
    Cybersecurity Audit
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    Data Privacy
    DDoS
    Email Security
    Endpoint Protection
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    Incident Management
    Insider Threat
    IoT
    Machine Learning
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third Party Risk
    Third-Party Risk
    VCISO
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
SME CyberShield
​Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2025 Driz Group Inc. All rights reserved.
Photo from GotCredit