Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ Tue, 03 Sep 2024 10:10:28 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.1 https://www.eccouncil.org/cybersecurity-exchange/wp-content/uploads/2022/04/cropped-fav-icon-3-32x32.png Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ 32 32 From Drowning to Thriving: The Evolution of Vulnerability Management https://www.eccouncil.org/cybersecurity-exchange/network-security/advanced-vulnerability-management-approach/ Fri, 30 Aug 2024 06:44:23 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82318 The role of a CISO leading the security team in a technology company demands continuous vigilance and a proactive response to a relentless tide of security threats and incidents. With security teams continuously searching for vulnerabilities, each day of threat management resembles an incident response crisis. During these processes, it is essential for CISOs and…

The post From Drowning to Thriving: The Evolution of Vulnerability Management appeared first on Cybersecurity Exchange.

]]>

The role of a CISO leading the security team in a technology company demands continuous vigilance and a proactive response to a relentless tide of security threats and incidents. With security teams continuously searching for vulnerabilities, each day of threat management resembles an incident response crisis. During these processes, it is essential for CISOs and security teams to have a reliable risk monitoring and scoring mechanism or an industry standard that can assist in prioritizing and mitigating vulnerabilities with limited time and resources.

However, as the threat landscape evolves to present more complex and sophisticated threats, the traditional risk rating vulnerability managementindicators and protocols fail to process these threats accurately. Traditional vulnerability scoring is well-known to security teams and threat actors across the cybersecurity landscape. As a result, threat actors are increasingly focusing on exploiting vulnerabilities with relatively lower scores that can still have a high impact.

These changes call for a more advanced and reliable vulnerability management system that incorporates more factors in calculating risk/vulnerability scores, providing more accurate outputs for vulnerability management. This article highlights some of the existing challenges and discusses alternative solutions that address these challenges.

Current Trends and Challenges in Vulnerability Scoring

Consider a scenario where an organization’s security team has performed scans across hundreds of its applications, devices, and databases and unearthed thousands of vulnerabilities. Although the goal of fixing all these vulnerabilities is clear, the immediate problem lies in prioritizing these threats with limited resources and time.

The first instinct of any security practitioner is to rely on the industry standard, which dictates focusing on “High” and “Critical” vulnerabilities based on a risk/vulnerability score. Since 2005, CVSS (Common Vulnerability Scoring System) has been the guiding light for determining the score of vulnerabilities; however, lately, it tends to fall short of the requirements of the current threat landscape.

CVSS rates vulnerabilities on a scale from 0 to 10, with higher scores reflecting greater severity, and classifies them as Low, Medium, High, and Critical. While it is a straightforward system, in today’s complex threat landscape, it is akin to using a sundial to navigate modern-day oceans. Some of the prominent limitations of CVSS are listed as follows:

Growing Cyber Threats

In 2023, over 29,000 security vulnerabilities were reported worldwide (Petrosyan, 2024), which shows growth over the years. More than 57% of vulnerabilities in the National Vulnerability Database (NVD) are categorized as either “High” or “Critical” (National Institute of Standards and Technology., n.d.). This overwhelming number of critical alerts makes it increasingly difficult to discern genuine threats from less significant ones.

Limited Resources

According to studies, organizations address only about 10% of their open vulnerabilities each month (Baker, 2023). Additionally, nearly 60% of known exploited vulnerabilities remain unmitigated beyond their deadlines (BitSight, 2024).

Unreliable Metrics

One of the most sensational and impactful ransomware attacks, ‘WannaCry’ caused nearly billions of dollars in damages and had a seemingly lower CVSS score of 8.8. Meanwhile, other vulnerabilities with a perfect ten score on the CVSS metric haven’t been exploited to a similar degree (National Institute of Standards and Technology, 2024).

Quantity vs. Impact

Should the security team mitigate hundreds of vulnerabilities categorized as “High” or prioritize just a few categorized as “Critical”? This is a common dilemma in vulnerability management. What if a seemingly low-threat vulnerability combines with another to create a bigger problem? For example:

  • Vulnerability 1: CVE-2017-8283 in Ubuntu VMs (10,000 instances)—This vulnerability might seem to have a critical impact due to the large number of affected assets. However, this vulnerability might not be exploitable if an organization hasn’t modified Ubuntu in their systems during setup. Mitigating it might lead security teams to a complex, potentially unnecessary workload.
  • Vulnerability 2: CVE-2021-44228 (log4shell) in a Java-based web application (1 instance)—This might affect only one server, but if exploited, it can greatly impact the entire enterprise’s operations.

Consider the scenario of CVE-2017-8283 and CVE-2021-44228, where the former has a greater number of instances comparatively. However, it is advisable that rather than focusing on the number of affected assets, prioritizing vulnerabilities based on exploitability and potential impact is much more efficient. Thus, in this scenario, CVE-2021-44228 (log4shell) is a bigger threat, even though it affects fewer systems.

By understanding these nuances, security teams can make informed decisions about vulnerability management and avoid wasting resources on irrelevant mitigations. However, even this is time-consuming and still contributes to a high number of unaddressed known exploits. Even if an organization can successfully mitigate all the “High” and “Critical” vulnerabilities religiously, they must account for a fraction of known exploits remaining unaddressed. Thus, the CVSS scoring metric, which was once a guiding light for security teams, now seems like a flickering candle amid the storm of emerging vulnerabilities.

Advanced Metrics for Comprehensive Security Review

To address the above challenges, some new scoring systems have emerged as guides for the industry amidst growing threats from evolving attack vectors. Metrics such as Known Exploited Vulnerabilities (KEV), Exploit Prediction Scoring System (EPSS), and Stakeholder-Specific Vulnerability Categorization (SSVC) adopt real-time exploitation and compliant protocol approach to address some of the challenges posed by CVSS.

Known Exploited Vulnerabilities

CISA’s Known Exploited Vulnerabilities (KEV) is a database for intelligence on active vulnerabilities being actively exploited in real-world environments. Launched in November 2021, this initiative by the Department of Homeland Security of the U.S.A. aims to assist security teams and applications in securing networks against current and immediate threats. Hence, it is imperative to prioritize CVEs from this database for instant mitigation of imminent threats.

Source: (CISA, 2024)

Exploit Prediction Scoring System (EPSS)

This system servs as a predictive tool for an organization’s risk analysis capabilities, as it assesses real-world exploitation attempts and offers a more accurate perspective on possible exploitation of specific vulnerabilities. Introduced by FIRST in 2019, the EPSS (Exploit Prediction Scoring System) represents a groundbreaking approach by evaluating over 6 million observed exploitation attempts and incorporating data from multiple threat intelligence sources, CISA’s KEV catalog, and various vulnerability characteristics.

The results have been remarkable. Where the traditional approach of addressing all high and critical issues tends to overwhelm the security teams, EPSS on other hand, when incorporated into risk analysis with a reasonable threshold, significantly reduces the workload, easing the burden on staff. The EPSS score is based on the following factors (Shetty, 2023):

  • Exploitation activity observed in the wild by reputable security vendors
  • Publicly disclosed exploits, such as those listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerability (KEV) catalog, Google’s Project Zero, and Trend Micro’s Zero Day Initiative (ZDI)
  • Publicly accessible exploit code from sources like GitHub, Exploit-DB, and Metasploit
  • Intelligence gathered from open-source security tools
  • Mentions on social media
  • References with specific labels
  • Keyword descriptions of vulnerabilities
  • Common Weakness Enumeration (CWE) identifiers
  • Vendor-specific labels
  • Age of the vulnerability

Figure:

The EPSS model has over 100 variables, and the figure provides the mean absolute contribution scores of the top 30 variables (Haydock, 2022).

The EPSS score, ranging from 0 to 1 for each published CVE, indicates the likelihood of exploitation within the next 30 days (Forum of Incident Response and Security Teams, n.d.). The score is updated daily as new data emerge.

The traditional approach of fixing all “High” and “Critical” vulnerabilities required security teams to mitigate a large volume of vulnerabilities in an inadequately prioritized approach. It would lead to fixing more than 80% of known vulnerabilities at the expense of great resources and time. However, in comparison, using the EPSS v3 with a threshold score of 0.01+, i.e., mitigating vulnerabilities scoring higher than 0.01, will allow organizations to achieve roughly the same outcome, while the amount of workload would have been reduced to resolving only ~2.7% of all known CVEs.

Source: (Forum of Incident Response and Security Teams, n.d.).

This approach requires only about 4.7% of the effort of that of the CVSS 7+ threshold (calculated as 2.7%/57.4%). By adopting this method, you could increase the efficiency of effort input by your overworked staff by 96.4% (100% – 4.7%), allowing them to better manage the numerous security tools and thousands of other security issues within your organization.

SSVC and the Future of Vulnerability Management Beyond EPSS

Despite the efficacy of Exploit Prediction Scoring System (EPSS) as a tool for vulnerability assessment, the process might not entirely consider the distinctive elements involved in an organization’s environment. Thus, a Stakeholder-Specific Vulnerability Categorization (SSVC) may provide the assessment with a more tailored approach.

Collaboratively developed by Carnegie Mellon University and CISA, the Exploit Prediction Scoring System (EPSS) utilizes a decision trees-based learning model to guide vulnerability analysis based on key factors such as exploitation status, impact, and prevalence (Shetty, 2024).

In order to make informed decisions based on the parameters suggested in the above image, security teams need to have a thorough understanding of vulnerability exploitation, its potential impact, and its prevalence within their organizations. The relevant expertise can be acquired through certification and training for vulnerability management.

Leveraging EC-Council Courses for Effective Vulnerability Management

EC-Council’s security education programs and certifications equip security aspirants with the technical skills to detect, identify, and understand vulnerabilities, as well as manage and mitigate them. The Certified Ethical Hacker (C|EH)also equips participants with skills to exploit vulnerabilities, allowing them to better assess exploitability and potential impact, whereas Certified Network Defender (C|ND)provides essential knowledge and understanding of the prevalence of vulnerabilities within a network. Along withCertified SOC Analyst (C|SA)Threat Intelligence Analyst (C|TIA), EC-Council’s certifications cover a broad range of security topics, including vulnerability management, risk management, and incident response, which equips aspirants with means to effectively assess, prioritize, and manage vulnerabilities.

Role of Security Leaders in Vulnerability Management

Security analysts and CISOs play a pivotal role in SSVC by leveraging the RACI (Responsible, Accountable, Consulted, Informed) matrix. Their leadership ensures that the organization makes informed decisions regarding prioritized vulnerability management and mitigation strategies.

The C|CISO program offered by the EC-Council provides crucial insights into the business aspects of information security. This broader understanding enables CISOs to effectively communicate security risks to senior management and advocate for the necessary resource allocation for vulnerability management.

By integrating SSVC practices with the expertise gained from EC-Council courses, security teams can move beyond a one-size-fits-all approach, and develop a robust, tailored strategy that meets their specific needs.

Reference

Baker, W. (2023, August 04). The Pithy P2P: 5 years of vulnerability remediation & exploitation research. Cyentia. https://www.cyentia.com/pithy-p2p/

BitSight. (2024, May 01). Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA’s KEV Catalog. https://www.bitsight.com/press-releases/bitsight-reveals-more-60-percent-known-exploited-vulnerabilities-remain-unmitigated

CISA. (2024, July 25). Known Exploited Vulnerabilities Catalog. [Illustration]. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Forum of Incident Response and Security Teams. (n.d.). The EPSS Model. [Diagram]. https://www.first.org/epss/model

Haydock, W. (2022, February 28). Exploit Prediction Scoring System (EPSS): A deep dive [Graphs]. Stackaware. https://blog.stackaware.com/p/deep-dive-into-the-epss

National Institute of Standards and Technology. (n.d.). National Vulnerability Database. https://nvd.nist.gov/general/nvd-dashboard

National Institute of Standards and Technology. (2024, May 29). CVE-2017-0145 Detail. https://nvd.nist.gov/vuln/detail/cve-2017-0145

Petrosyan, A. (2024, August 20). Common IT vulnerabilities and exposures worldwide 2009-2024. Statista. https://www.statista.com/statistics/500755/worldwide-common-vulnerabilities-and-exposures/

Shetty, V. (2023, October 23). CISO’s Dilemma: Why Focusing on High and Critical CVSS Is an Inefficient Effort for their team. Varindia. https://www.varindia.com/news/cisos-dilemma-why-focusing-on-high-and-critical-cvss-is-an-inefficient-effort-for-their-team

Shetty, V. (2024, January 17). Beyond Vulnerable: Understanding the Nuances of Exploitability in Vulnerability Management. LinkedIn. https://www.linkedin.com/pulse/beyond-vulnerable-understanding-nuances-exploitability-vinyl-s-16ifc/

Tags

About the Author

Vinyl Shetty

Senior Security Solution Architect

Senior Security Solution Architect Vinyl Shetty is a highly experienced Senior Cyber Security expert with over 16 years of expertise, focused on the Asia Pacific Japan region. As a Sr. Security Solution Architect, he is instrumental in guiding clients to develop robust security strategies that address modern threats. Vinyl’s proficiency covers Security Architecture and Design, Risk Assessment and Management, Cloud Security (AWS, Azure), Security Operations Centers (ArcSight/Splunk), Identity and Access Management, and Security Auditing. Beyond his professional role, Vinyl hosts the widely-followed podcast “10 Mins of Wisdom,” where he engages with industry veterans to explore current and critical cybersecurity topics. His dedication to cybersecurity and passion for knowledge-sharing have made him a respected figure in the cyber community.

The post From Drowning to Thriving: The Evolution of Vulnerability Management appeared first on Cybersecurity Exchange.

]]>
Reassessing Incident Response Strategies in Light of CrowdStrike Challenges  https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/crowdstrike-incidence-response-strategies/ Wed, 28 Aug 2024 12:26:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82273 Date: August 28, 2024 Time: 8:30 AM CDT | 9:30 AM EDT | 7:00 PM IST Topic: Reassessing Incident Response Strategies in Light of CrowdStrike Challenges Watch Now  Abstract: The CrowdStrike event in July 2024 resulted in service disruptions globally across many industries, including nearly 60% of the Fortune 500 companies and more than half…

The post Reassessing Incident Response Strategies in Light of CrowdStrike Challenges  appeared first on Cybersecurity Exchange.

]]>

Date: August 28, 2024

Time: 8:30 AM CDT | 9:30 AM EDT | 7:00 PM IST
Topic: Reassessing Incident Response Strategies in Light of CrowdStrike Challenges

Watch Now

 Abstract: The CrowdStrike event in July 2024 resulted in service disruptions globally across many industries, including nearly 60% of the Fortune 500 companies and more than half of the Fortune 1000. Non-CrowdStrike users who relied on providers for critical business processes also suffered gaps in service delivery.

A central tenant in incident response is learning lessons from an incident. This session will focus on areas that an organization may consider improving its incident response process, including:

Key takeaways:

  • Infrastructure considerations to reduce the probability of a similar occurrence,
  • The importance of a solid and well-tested business continuity program to include dependencies and
  • How an organization defines an incident and other governance considerations can have significant regulatory and other business repercussions.

Speaker:
Greg SchafferGreg Schaffer , Principal, vCISO Services, LLC

Bio: With over 34 years of experience in information technology and security, Greg is a seasoned information security executive proficient in the information security program and project management, information security risk assessment and mitigation, vendor risk management, policy, and standards creation and implementation, and disaster recovery and business continuity. He is the founding principal of vCISO Services, LLC, an information security consulting firm providing small and midsized businesses with strategic information security expertise. He hosts The Virtual CISO Moment podcast and is the author of the bestselling book Information Security for Small and Midsized Businesses. He is also a contributor to NowMedia’s Be Productive television show and has spoken at numerous conferences over 20-plus years.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)

The post Reassessing Incident Response Strategies in Light of CrowdStrike Challenges  appeared first on Cybersecurity Exchange.

]]>
Navigating the Digital Crime Scene: Tools & Techniques in Digital Forensics   https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/digital-forensics-tools/ Fri, 23 Aug 2024 16:19:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82211 Date: August 23, 2024 Time: 9:30 AM EDT | 8:30 AM CDT | 7:00 PM IST Topic: Navigating the Digital Crime Scene: Tools & Techniques in Digital Forensics Watch Now Abstract: In today’s evolving threat landscape, where cyber threats are more rampant and sophisticated than ever, digital forensics have become crucial for responding to cyber…

The post Navigating the Digital Crime Scene: Tools & Techniques in Digital Forensics   appeared first on Cybersecurity Exchange.

]]>

Date: August 23, 2024

Time: 9:30 AM EDT | 8:30 AM CDT | 7:00 PM IST
Topic: Navigating the Digital Crime Scene: Tools & Techniques in Digital Forensics

Watch Now

Abstract: In today’s evolving threat landscape, where cyber threats are more rampant and sophisticated than ever, digital forensics have become crucial for responding to cyber attacks. An effective forensic capability enables businesses to identify the cause of a breach and leverage the actionable information obtained to enhance their threat intelligence, improving both detection and mitigation capabilities. The current webinar aims to understand the essential knowledge, tools, and practical skills needed to investigate and respond to digital crimes effectively. The webinar also highlights critical aspects of forensic policies and processes, such as industry standards, service level agreements, shared responsibility, legal and regulatory considerations, and much more. Join us as we explore digital forensic techniques across various environments and devices to gain a solid foundation in digital forensics principles and practices.

Key takeaways:

  • Understanding the basics of the digital forensics process
  • Navigating the digital crime scene and key challenges
  • Overview of industry-standard digital forensics tools
  • Methods for analyzing various types of digital evidence
  • Data recovery methods: extraction and restoration
  • Legal and ethical considerations in digital forensics
  • The impact of new and upcoming technologies on digital forensics

Speaker:
Bennie L. Cleveland Jr.Bennie L. Cleveland Jr.,AVP, Cyber Incident Management

Bio: Bennie L. Cleveland Jr. is a distinguished cybersecurity leader with over two decades of experience in Cyber Incident Management, Enterprise Security, and Risk Management. Holding certifications such as CHFI, CCISO, CISM, CISA, CRISC, and CIPM, Bennie has demonstrated exemplary leadership in Incident Response, Forensics, and Threat Intelligence. Currently serving as AVP of Cyber Incident Management at Chubb, he specializes in identifying high-risk vulnerabilities and mitigating ransomware. Bennie has a proven track record of accelerating incident resolution and enhancing business continuity. He is also a Cybersecurity Adjunct at Valley Forge Military Academy & College, where he teaches Digital Forensics. His strategic oversight ensures robust compliance and comprehensive security measures.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)


The post Navigating the Digital Crime Scene: Tools & Techniques in Digital Forensics   appeared first on Cybersecurity Exchange.

]]>
Proactive Protection: Applying Threat Intelligence to Emerging Tech Trends https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/applying-threat-intelligence-to-emerging-tech-trends/ Thu, 22 Aug 2024 16:05:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82206 Date: August 22, 2024 Time: 4:30 PM EAT | 9:30 AM EDT | 7:00 PM IST Topic: Proactive Protection: Applying Threat Intelligence to Emerging Tech Trends Watch Now  Abstract: Increased associated security threats frequently accompany the growth and innovation in digital technologies. The same could be said for emerging technologies such as AI, IoT, cloud,…

The post Proactive Protection: Applying Threat Intelligence to Emerging Tech Trends appeared first on Cybersecurity Exchange.

]]>

Date: August 22, 2024

Time: 4:30 PM EAT | 9:30 AM EDT | 7:00 PM IST
Topic: Proactive Protection: Applying Threat Intelligence to Emerging Tech Trends

Watch Now

 Abstract: Increased associated security threats frequently accompany the growth and innovation in digital technologies. The same could be said for emerging technologies such as AI, IoT, cloud, blockchain, and 5G that aim at reshaping our digital environment. From a security perspective, the adoption of these technologies has further expanded the attack surface and scope of threat intelligence. With the growth in the quality and quantity of cyber-attacks, threat intelligence capabilities have become increasingly crucial. The current webinar aims to understand the importance of dynamic and agile threat intelligence frameworks for anticipating and mitigating threats in architectures with new technologies. Join us as we learn how to leverage threat intelligence to safeguard against vulnerabilities introduced by these cutting-edge technologies.

Key takeaways:

  • Understanding the impact of emerging tech on security
  • Framework for developing and establishing advanced threat intelligence
  • Role of emerging technology in threat intelligence development
  • Proactive security strategies for advanced detection and predictive analysis
  • Future-proofing an organization’s security posture

Speaker:
Alameen Karim MeraliAlameen Karim Merali, Cybersecurity Specialist, Safcomms Limited, United Kingdom

Bio: Alameen Karim Merali is a Tanzanian Information Security Expert and Public Figure hailing from Arusha, Tanzania. He has obtained several cybersecurity certifications from EC-Council, CHFI from Cybrary, CompTIA, A+, and ITF+. Currently, he is pursuing an ISC2 CC. He is well known for his cybersecurity publications on ResearchGate and articles he’s written on Medium and Substack, which mostly focus on topics such as cybercriminals, in-depth malware analysis, threat intelligence, and more. Some of his articles on hacking have inspired the Information Security Community and have provided him with notability in the field. Alameen is a hacking instructor at Udemy, having instructed part of the C|EH V12 Content in his course on hacking mobile devices as well. Currently, he’s pursuing a BSc. Degree in Computer Science from UoPeople alongside pursuing the CompTIA Network+ and Security + certifications.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)

The post Proactive Protection: Applying Threat Intelligence to Emerging Tech Trends appeared first on Cybersecurity Exchange.

]]>
Security Audit Essentials: Tips for Effective Governance and Risk Management https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/security-audit-essentials/ Tue, 20 Aug 2024 17:31:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82183 Date: August 20, 2024 Time: 2:30 PM GMT+1 | 9:30 AM CDT | 7:00 PM IST Topic: Security Audit Basics: Tips for Effective Governance and Risk Management Watch Now  Abstract: Data security is paramount for businesses in terms of information security compliance with regulatory requirements. Safeguarding organizational assets and data in compliance with government regulations…

The post Security Audit Essentials: Tips for Effective Governance and Risk Management appeared first on Cybersecurity Exchange.

]]>

Date: August 20, 2024

Time: 2:30 PM GMT+1 | 9:30 AM CDT | 7:00 PM IST
Topic: Security Audit Basics: Tips for Effective Governance and Risk Management

Watch Now

 Abstract: Data security is paramount for businesses in terms of information security compliance with regulatory requirements. Safeguarding organizational assets and data in compliance with government regulations mandates that organizations implement comprehensive security policies throughout their operations and supply chains. However, the diverse data security and governance standards worldwide necessitate that businesses develop and adopt an agile, flexible security policy framework. This framework should effectively encompass all compliance requirements holistically or through a segmented network approach. This webinar aims to explore the latest trends and challenges in compliance management within information security, along with techniques for implementing compliant policies. Join us as we explore principles and techniques crucial for developing and implementing a compliant security framework and strategies for identifying risks and establishing governance to ensure a robust security posture.

Key takeaways:

  • Understanding the importance and approach of security audit
  • Overview of major security frameworks and their implementation
  • Audit planning, preparation, and execution
  • Risk assessment and management
  • Integrating audit findings into security policies
  • Security governance and compliance best practices

Speaker:
Sami RifkySami Rifky, Vice-President & Immediate Past President, ISACA Casablanca Chapter

Bio: With over 20 years of experience in auditing, IT governance, and risk management, Sami has earned numerous international certifications, including CISA, CRISC, CDPSE, CSX, CRMA, ITIL, ISO27001LI, C|CISO.

Throughout his professional career, Sami has actively contributed to enhancing IT auditing and governance practices in Morocco and across Africa. He was elected vice-president of the Institute of Internal Auditors (IIA) Morocco and president of the ISACA Casablanca Chapter, where he currently serves as vice-president.

Sami’s experience is characterized by a collaborative, results-driven approach as an audit and risk business partner, helping organizations achieve measurable and attainable goals while ensuring compliance in the industrial and banking sectors. He has also implemented several digital solutions to increase efficiency and drive digital transformation in GRC activities, including internal audit, risk management, internal control, and data analytics.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)


The post Security Audit Essentials: Tips for Effective Governance and Risk Management appeared first on Cybersecurity Exchange.

]]>
AI-Powered Threat Hunting for Ethical Hacking  https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/ai-powered-threat-hunting-for-ethical-hacking/ Fri, 09 Aug 2024 14:15:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82166 Date: August 8, 2024 Time: 2:30 PM WEST | 9:30 AM EDT | 7:00 PM IST Topic: AI-Powered Threat Hunting for Ethical Hacking Watch Now  Abstract: In the rapidly evolving threat landscape, the traditional methods for detection and response to threats struggle in the face of sophisticated cyberattacks. Hence, security experts weigh the benefits of…

The post AI-Powered Threat Hunting for Ethical Hacking  appeared first on Cybersecurity Exchange.

]]>

Date: August 8, 2024

Time: 2:30 PM WEST | 9:30 AM EDT | 7:00 PM IST
Topic: AI-Powered Threat Hunting for Ethical Hacking

Watch Now

 Abstract: In the rapidly evolving threat landscape, the traditional methods for detection and response to threats struggle in the face of sophisticated cyberattacks. Hence, security experts weigh the benefits of adopting AI-driven threat hunting and security intelligence for data protection. The first episode of this webinar series delves into understanding the cutting-edge capabilities of AI-powered threat hunting and the significance of advanced tools leveraging AI competencies for effective security operations. AI-powered threat-hunting tools enhance accuracy and enable proactive risk detection and faster responses. These tools, equipped with machine learning capabilities, not only automate ethical hacking tasks but also learn from existing data sets to identify potential vulnerabilities and threats. Join us as we explore the revolution of artificial intelligence and how security teams can protect their organizations with the help of AI.

Key takeaways:

  • Need for AI in threat hunting and ethical hacking,
  • Role of AI and ML in improving threat detection and response,
  • Benefits of leveraging AI in threat hunting and ethical hacking,
  • Best practices for integrating AI tools into your security strategy.

Speaker:
Sergey ChubarovSergey Chubarov, Security Expert

Bio: Sergey Chubarov is a Security and Cloud Expert, and Instructor with more than 15 years of experience in Microsoft Technologies. His day-to-day job is to help companies securely embrace cloud technologies. He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC-Council’s C|EH, C|PENT, L|PT, C|CSE, C|EI, CREST C|PSA, C|RT and more. Sergey often speaks at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin’ Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, etc.

This is the first webinar of the C|EH webinar series with Sergey Chubarov.

Stay tuned for the 17th September webinar, the next webinar of the series.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)

The post AI-Powered Threat Hunting for Ethical Hacking  appeared first on Cybersecurity Exchange.

]]>
Combating Ransomware Attacks: Strategies for Detection, Prevention, and Response https://www.eccouncil.org/cybersecurity-exchange/cyber-talks/combating-ransomware-attacks-strategies-for-detection-prevention-and-response/ Tue, 06 Aug 2024 10:25:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82138 Date: August 6, 2024 Time: 3:30 PM CEST | 9:30 AM EDT | 7:00 PM ISTTopic: Combating Ransomware Attacks: Strategies for Detection, Prevention, and Response Watch Now  Abstract: With the evolution of the Information Technology (IT) landscape, new digital avenues and environments have emerged to address data operation and storage demands. In response to this…

The post Combating Ransomware Attacks: Strategies for Detection, Prevention, and Response appeared first on Cybersecurity Exchange.

]]>

Date: August 6, 2024

Time: 3:30 PM CEST | 9:30 AM EDT | 7:00 PM IST
Topic: Combating Ransomware Attacks: Strategies for Detection, Prevention, and Response

Watch Now

 Abstract: With the evolution of the Information Technology (IT) landscape, new digital avenues and environments have emerged to address data operation and storage demands. In response to this rapid shift, security threat elements such as ransomware attacks have surged in frequency and sophistication, posing significant threats to organizations of all sizes across industries. Thus, the need for understanding and combating ransomware attacks has become eminent. This webinar aims at understanding the critical strategies required to safeguard systems and networks against devastating cyber threats. It will offer valuable insights into the lifecycle of ransomware attacks – from the initial intrusion to the execution of the ransom demand. Further, the webinar will discuss the latest ransomware Tactics, Techniques, and Procedures (TTPs) employed by cybercriminals, along with the methodology for detecting, preventing, and mitigating these threats. Join us as we explore how industry security professionals view, analyze, and mitigate ransomware trends in the current threat landscape.

Key takeaways:

  • Current ransomware trends across the threat landscape
  • Understanding ransomware TTP’s and their impact
  • Ransomware combating strategies: detection, prevention, and response
  • Developing and implementing ransomware security policies
  • Security best practices for preventing ransomware attacks

Speaker:
George DobreaGeorge Dobrea,Co-founder and CEO of XEDUCO Institute

Bio: Co-founder and CEO of XEDUCO Institute, George Dobrea, is a cybersecurity expert and a well-known technical instructor with over 35 years of business experience delivering consulting services and training programs to military, commercial, and public organizations in 30+ countries.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)


The post Combating Ransomware Attacks: Strategies for Detection, Prevention, and Response appeared first on Cybersecurity Exchange.

]]>
EC-Council Supports White House Initiative to Create Cybersecurity Job Opportunities for Veterans https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/creating-pipelines-into-cybersecurity-careers-for-veterans-with-the-office-of-the-national-cyber-director-oncd/ Fri, 02 Aug 2024 18:53:07 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82255 Earlier this week, members of the EC-Council team, including CEO Jay Bavisi, attended the White House’s “Workshop on Good-Paying Cyber Jobs for Veterans and Military Spouses.” Hosted by Director Harry Coker of the Office of the National Cyber Director and co-hosted by the Department of Labor Veterans’ Employment & Training Service, the workshop focused on…

The post EC-Council Supports White House Initiative to Create Cybersecurity Job Opportunities for Veterans appeared first on Cybersecurity Exchange.

]]>

Earlier this week, members of the EC-Council team, including CEO Jay Bavisi, attended the White House’s “Workshop on Good-Paying Cyber Jobs for Veterans and Military Spouses.” Hosted by Director Harry Coker of the Office of the National Cyber Director and co-hosted by the Department of Labor Veterans’ Employment & Training Service, the workshop focused on expanding pipelines to meaningful jobs in cyber for separating service members, veterans, and military-connected families.

At a time when the cybersecurity industry faces an ongoing skills gap and veterans in some cases struggle to fine sustainable, meaningful careers after leaving the service, providing pathways into cybersecurity jobs represents a win-win scenario. Not only will it reward veterans with meaningful employment after their time in the military, but it also increases the pool of vital cybersecurity talent that is currently needed to protect the world from cyberattacks.

During the workshop, attendees discussed the unique challenges veterans and military spouses face in pursuing long-term, meaningful careers after completing their time in the service, and how careers in cybersecurity can help address these challenges. All in attendance agreed that providing tangible, meaningful education opportunities that lead to real prospective jobs with willing employers, and provide funding for that education to ensure either low cost or free to the service member, is key to solving this challenge at scale.

Cybersecurity jobs demand skilled cyber professionals, meaning skills-based learning approaches like those offered by EC-Council must be a core component of this effort moving forward. By creating pathways for veterans to gain cybersecurity skills from the essentials up through more advanced skillsets like pen testing, digital forensics, incident handling, EC-Council is helping the ONCD in its work towards this goal.

We as an organization are as committed as ever to democratizing cybersecurity education, closing the cybersecurity skills gap, and building the desperately needed cybersecurity workforce of tomorrow.

We are proud to have joined the ONCD in this discussion, and look forward to working with them and all others who share our vision for a more secure world, safe from cybercrime. 

The post EC-Council Supports White House Initiative to Create Cybersecurity Job Opportunities for Veterans appeared first on Cybersecurity Exchange.

]]>
GenZ IAM: Transforming Identity and Access Management with Gen-AI https://www.eccouncil.org/cybersecurity-exchange/network-security/imagine-genz-iam-with-gen-ai/ Fri, 02 Aug 2024 14:26:28 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82238 In today’s digital landscape, identity and access management (IAM) and regulating access to sensitive data and resources are paramount for any organization. From a zero-trust framework to a cybersecurity mesh architecture, the identity fabric is the core and is considered the most critical element in defining your security strategy. It is and was IAM that…

The post GenZ IAM: Transforming Identity and Access Management with Gen-AI appeared first on Cybersecurity Exchange.

]]>

In today’s digital landscape, identity and access management (IAM) and regulating access to sensitive data and resources are paramount for any organization. From a zero-trust framework to a cybersecurity mesh architecture, the identity fabric is the core and is considered the most critical element in defining your security strategy. It is and was IAM that enabled businesses to function, keep their lights on, and run during the pandemic, with a secured remote workforce login and adaptive access management concepts.

However, traditional IAM techniques and technologies often struggle to adapt to the dynamics and complexity of modern applications and technology. There is a need for the next version of advanced and scalable IAM technologies with a core foundation. As digital platforms become more popular and advanced, the blooming generation, commonly referred to as GenZ, enthusiastically embraces and appreciates them.

Gen-AI (Generative Artificial Intelligence) and IAM together hold immense potential to strengthen IAM processes, simplify the integration and administration complexities, act on threats in near real-time through predictive analysis, improve user experience, and provide additional features and functionality, alongside greater agility and efficacy, for enhanced operation.

Artificial intelligence is breaking myths in the tech sector every day, changing the definition of sales from ‘What is Seen Sells’ to ‘What is Trending Sells.’ Millennials are descending, and GenZ will ascend as the new customer base in the near future. It’s time we started brainstorming about GenZ IAM.

Are IAM and Gen-AI Big Bets for Organizations? What Do Market Analysts Say?

According to a market analysis report from Blueweave Consulting group, during the forecast period between 2023 and 2029, the global IAM market is to grow at a significant CAGR of 15.45% and reach a value of USD 43.1 billion by 2029, compared to USD 15.8 billion in 2022 (BlueWeave Consulting, 2023).
IAM and Gen-AI Organizations of Market Analysts
Source: BlueWeave 2023.

The interesting point to note is that the major drivers include the integration of IoT (Internet of Things) and AI with IAM. Along with this, rising awareness of regulatory compliance, growing dependence on digital platforms, automation, and cloud adoption are still strong points for IAM adoption. Based on the current trends, it can also be inferred that businesses are interested in solutions powered by AI, which includes advanced identity analytics, user and entity behavior analytics (UEBA), dynamic security controls enforcement, guided authentication and proofing, advanced application onboarding, and risk-based real-time/near-real-time features like AI access & assist. Not only this, but the trajectory of banking is also set for an accelerated shift due to the inclusion of artificial intelligence.

AI-driven modifications align seamlessly with financial institutions’ customer-centric approach, enhancing connectivity and delivering a superior digital experience. Key AI strategies include natural language processing (NLP), deep learning, reinforcement learning, generative adversarial networks (GANs), computer vision, and predictive analytics (Precedence Research, 2023).

The market is projected to have a promising growth trajectory in 2023 and is expected to soar to USD 236.70 billion by 2032 at a CAGR of 31.7% (Polaris Market Research).

GenZ IAM with Gen-AI of  Projected value

Source: Polaris Market Research.

What Are the Problems in the Existing IAM Space?

As more organizations globally adopt IAM solutions, the associated costs have become substantial, reflected in the current IAM market revenue of approximately USD 18.1B in 2023 (Grand View Research, 2023). However, traditional IAM and IAM 2.0 still have many challenges associated with them:

  • Access management reviews are still quarterly, half-yearly, or yearly events. This not only makes it difficult for decision-makers to deal with a high volume of data for reviews but also poses challenges in accurately identifying privilege escalation, data breaches, and various related threats in a timely manner.
  • For new employees, getting access and getting acquainted with their usage still takes at least a week to a month. Isn’t that unbelievable?
  • When making an access request for an entitlement or role, the end user may be unclear on whether they are eligible to request such access, which may lead to a violation.
  • Approval and request processes are very lengthy and often involve manual approvals (single/multi-level), even though manual approvals are the least privileged.
  • Just-in-Time (JIT) access and time-bound accesses are the least used options, as access assignments are more static in nature due to technological complexity.
  • There is less visibility on entitlement and role information (least privilege access for an application, description, level, and impact of access, risk category, compliance linked to the access, and target application).
  • Even after purchasing a product, application onboarding is the job of technical folks and requires extensive customization to meet organizational objectives. Maintenance, updates, and upgrades are other pain areas.
  • It takes months to identify whether a privilege escalation caused by an insider led to a data breach.
  • Adaptive access controls are not available in traditional IAM and are still underdeveloped in IAM 2.0. More data enrichment is required to make these controls robust.
  • Predictive analytics on identities is still a distant goal.
  • A converged solution for identity and data governance is unavailable, forcing organizations to rely on different products and SKUs, leading to data redundancy, unexpected complexities, and increased costs.
  • Real-time anomaly detection and acting on them in real-time is still in the development phase.
  • Overall, the user experience of using the features is cumbersome and needs improvement.

IAM Space

How Can IAM and Gen-AI Be Game-Changers Together?

Now, considering GenZ’s expectations, we can imagine these possible digital disruptions by combining IAM and GenAI. These features will not only revolutionize the IAM market but also attract GenZ to this fast-evolving technology.

AI access assist

AI-powered access assistance can provide end-users with adequate information, including the level of access, risk levels, breach impact, and modus operandi. It also clarifies existing and new application access requirements, including the roles and entitlements required to perform their roles and responsibilities. This AI-powered Access Assist could be a chatbot or a GPT (Generative Pre-trained Transformer) and can function bidirectionally in voice/text mode.

Model access recommendations

“What accesses must one have as per the least privilege concept for my job role, and for which of them does an individual need to raise an access request?”. This is the biggest unsolved question in any organization. With AI and supervised learning, we could categorize and tag these individual accesses as Org-Generic, Job-Role-Generic, Job-Function-Generic, Unique, etc., based on business and RBAC requirements along with a color code representing SOD (Segregation of Duties) and risk factors. Further, the AI model can recommend the access sets based on the requirements at various stages of an identity lifecycle.

UEBA-based access control and identity proofing

With the advancement of technology and AI, passwordless authentication techniques using face ID and voice authentication are not safe. Deep fake and voice modulation techniques are belting these factors ruthlessly. It’s high time we focused more on breach-resistant MFAs, which complement adaptive access techniques. Using the same Gen AI, we could create supervised and unsupervised learning models that are identity-specific and focused on user entity behavior parameters. These models can be integrated into the MFA enforcement and decision-making logic of access control solutions to neutralize unauthorized attacks in real or near-real time. This integration will also help applications track and challenge impromptu identity behavior through identity proofing in near-real time.

Guided random passwordless authentication

Authentication pattern is the most confidential decision within an organization and the prime focus for the attackers during reconnaissance. Using AI, you can allow an end user to enroll multiple factors of passwordless authentication (Like all fingerprints, retina, TOTP (Time-based One-time Password), magic email links, soft token, and hard token) and challenge an end user to authenticate randomly using a chain of these factors based on their configured preferences. This random guided pattern of authentication is not easy for an attacker to crack because of its dynamic presentation to the end-user and the complexity of hacking the entire possible pattern.

Unified anomaly and threat detection followed by risk-driven reviews and attestations

Most of the governance solutions available in the market are collecting changes through a scheduled collection. Due to this, there is a high possibility of missing incidents taking place at targets within a certain time window. AI and ML can help here by learning critical status and error codes from integrated apps and machines, and based on that learning, they can help immediately notify or take action, which can help businesses overcome the visibility issues that exist at present.

Questionnaire-based application onboarding

Application onboarding is always a hot topic in IAM, and why shouldn’t it be? Onboarding an application from authentication, authorization, and governance has its own life cycle and prerequisites. But, if you dive deeper, the use cases remain the same in all these cases; it’s just the logic is different. It is also seen that the standard best practices used across the industry are the same, with some tweaks involved. AI can help here as well by integrating a logic factory with standard and generic connectors. A business owner can answer the questionnaire, select the OOTB logic required for business (From the logic factory powered by AI), and submit the requirement through a questionnaire. In the backend, the product should be able to adapt that logic and deliver the integration on the go in simulation mode. Once the business owner approves the simulation-based outcome, it should be deployed and brought into real action (i.e., Production).

Advanced analytics, dashboarding, and reporting

AI and ML models can help here by intelligent reporting with actionable insights, highlighting critical issues, trends, and potential vulnerabilities. It can help optimize access to control privilege escalations. AI-driven solutions can provide accurate and robust authentication as they reduce the dependencies on elements that are frequently prone to hacking and phishing (EMR Claight, 2024). For individual users, AI can help them with a personalized dashboard with risk scores and suggest recommendations that can allow them to stay compliant and help them make decisions about their self-access, which will further aid the overall certification process.

Integrated gamified security training

AI and ML can help create interactive and engaging content with gamification tailored to IAM business use cases. This will help end-users make quick decisions during critical times and strengthen overall security.
Integrated gamified security training

Conclusion

Implementing a GenZ IAM system enhanced with GenAI capabilities offers revolutionary and transformative benefits across industries, including Banking. For Banking, an AI-enhanced IAM streamlines customer access, fortifies fraud detection in near-real-time, ensures compliance with mandatory regulatory standards, and thus enhances customer trust, experience, and operational efficiency. Also, by integrating AI with IAM, organizations can adapt to evolving threats, learn from user behavior, and provide proactive security measures. This convergence represents a significant leap toward smarter, more secure, and more responsive IAM solutions—enabling organizations to thrive in a rapidly changing digital landscape.

Reference

BlueWeave Consulting. (2023, November 20). Global Identity and Access Management (IAM) Market Size Zooming 2.7X to Touch USD 43.1 Billion by 2029. https://www.blueweaveconsulting.com/press-release/global-identity-and-access-management-iam-market-size-zooming-2-7x-to-touch-usd-43-1-billion-by-2029
EMR Claight. (2024). Global Identity and Access Management (IAM) Market Outlook. https://www.expertmarketresearch.com/reports/identity-and-access-management-market
Grand View Research. (2023). Identity And Access Management Market Size, Share & Trends Analysis Report By End-use (BFSI, Education), By Component (Directory Service, Provisioning), By Deployment (Cloud, On-premise), And Segment Forecasts, 2023 – 2030. https://www.grandviewresearch.com/industry-analysis/identity-and-access-management-iam
Precedence Research. (2023 July). Generative AI In Banking And Finance Market Size, Share, and Trends. https://www.precedenceresearch.com/generative-ai-in-banking-and-finance-market
Polaris Market Research. Artificial Intelligence in Banking Market Size Worth USD 236.70 Billion By 2032 | CAGR: 31.7%. https://www.polarismarketresearch.com/press-releases/artificial-intelligence-in-banking-market

Tags

About the Author

Anand Kumar Jha

Cybersecurity Evangelist

Anand Kumar Jha is a cybersecurity evangelist specializing in IAM, Data Security & administration, information security, and application security with over 13 years of experience in product engineering, product management, product marketing, enterprise architecture, and operation security. He has held various positions throughout his career, from developer to solution implementer, cybersecurity operations specialist, and product manager. His relentless pursuit of knowledge is reflected in his passion for leveraging modern technology to solve complex problems, vital to excelling as an IAM expert and enterprise architect for security capabilities. Anand has a proven track record in executing big ideas, solving complex problems, and driving successful planning and strategy through teamwork and feedback. Anand’s views on a strategic approach to enterprise security capabilities emphasize innovative solutions, quality deliverables, and quick adaptation to minimize risks. He has volunteered for multiple social and community activities and contributed to NIST CSF V2 Draft creation and Cloud Security Alliance initiatives related to blogs on Zero-Trust and CCSKV5. He is also a core member of the CSA Bangalore chapter, focused on security awareness and training, and firmly believes in continuous learning and education.

The post GenZ IAM: Transforming Identity and Access Management with Gen-AI appeared first on Cybersecurity Exchange.

]]>
The Rise of IoT Attacks: Endpoint Protection Via Trending Technologies https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/the-rise-of-iot-attacks-endpoint-protection-via-trending-technologies/ Wed, 31 Jul 2024 15:55:00 +0000 https://www.eccouncil.org/cybersecurity-exchange/?p=82247 | Dr. Shekhar Pawar | Ethical Hacking Information technology (IT) handles data and communication, whereas operational technology (OT) manages physical operations and machinery. OT is the hardware and software used in industrial control systems, like SCADA, to monitor and manage physical processes. The Internet of Things (IoT) is a network of interconnected devices and sensors…

The post The Rise of IoT Attacks: Endpoint Protection Via Trending Technologies appeared first on Cybersecurity Exchange.

]]>

Information technology (IT) handles data and communication, whereas operational technology (OT) manages physical operations and machinery. OT is the hardware and software used in industrial control systems, like SCADA, to monitor and manage physical processes. The Internet of Things (IoT) is a network of interconnected devices and sensors that collect and exchange data over the internet. IoT security is concerned with protecting connected devices and their data, while OT security is concerned with systems controlling physical industrial processes (Pawar & Palivela, 2022; Pawar & Pawar, 2023; Pawar & Palivela, 2023).

The rise in IoT attacks is alarming for security professionals and organizations globally. In 2022, there were approximately 112 million IoT cyberattacks, up from about 32 million in 2018. The incidence of IoT malware increased by 87% year-over-year in the most recent year monitored (Petrosyan, 2023). In March 2021, hackers breached Verkada, a cloud-based video surveillance service, compromising access to private information and live feeds from over 150,000 cameras. Over 100 employees with “super admin” privileges accessed thousands of customer cameras, highlighting the risks of overprivileged users (BBC, 2021).

In another case, a woman died from delayed treatment after hackers attacked a hospital’s ICU system, potentially being the first fatality from a ransomware attack (Eddy, 2020). Notable IoT attacks include the attempted to poison Florida city’s water supply by altering its chemical levels (BBC, 2021), and disruption of heating in Lappeenranta, Finland, causing severe low temperatures during winter (Mathews, 2016).

The sheer increase in the number of IoT-connected devices because of technological advancement places an immense burden on security teams. To combat this escalating threat landscape, security experts look toward innovative and trending technologies that offer promising solutions. This blog discusses the IoT threat landscape and the impact that vulnerabilities can have on systems, data, and privacy. It also explores new approaches that could be considered for protecting IoT systems from evolving cyber threats.

Understanding the IoT Threat Landscape

IoT has revolutionized our daily interactions with the technology around us, significantly impacting businesses, particularly those with a solid digital presence. The IT and OT industries now rely heavily on IoT devices as a primary source for collecting data to manage and improve business operations. As the number of IoT devices continues to soar into billions, security vulnerabilities across the entire IoT network have become increasingly apparent.

Among the various vulnerabilities, the security of endpoint devices within the IoT network is a growing concern. Cybercriminals are actively targeting these weak points to gain unauthorized access and cause substantial damage. The absence of proper encryption in IoT endpoint devices makes them susceptible to breaches and privacy violations. Compromised IoT devices can be used in Distributed Denial of Service (DDoS) attacks to form botnets and launch large-scale attacks. Furthermore, inadequate device management and patching processes exacerbate the problem.

As the ecosystem of IoT endpoints expands, the threat landscape will continuously evolve, posing even more significant risks. Consequently, there is a pressing need for robust security measures, continuous monitoring, and custom security solutions to protect against potential threats.

The Vulnerabilities of IoT Networks

IoT empowers networks to offer immediate access to data and operations, enabling valuable data-driven insights. Nevertheless, this capability also attracts cybercriminals, granting them opportunities to exploit IoT devices’ broad array of vulnerabilities. Below are some prominent vulnerabilities that they may target (Fortinet, 2023; Guest, 2022; Arampatzis, 2023):

  • Weak Passwords: The utilization of weak, default, or hardcoded passwords presents the most accessible pathway for attackers to compromise IoT devices, leading to the creation of extensive botnets and the spread of malware.
  • Insecure Networks: Insecure network services on a device risk information confidentiality, integrity, authenticity, and availability. They also enable unauthorized remote-control access.
  • Vulnerable API: If the API, cloud, or mobile interfaces are insecure, they can compromise the device and its associated components. Common causes of such vulnerabilities include inadequate authentication/authorization, weak or absent encryption, and insufficient input and output filtering.
  • Outdated and Defunct Components: Failing to update the device, which neglects firmware validation, anti-rollback mechanisms, or security change notifications, becomes a significant threat vector for launching attacks against IoT devices.
  • Unsecured Data Transfer and Storage: A lack of access control or encryption, either during data transmission or at rest, threatens the reliability and integrity of IoT applications. Securing and restricting access to data in the transport and storage layers of IoT networks is crucial to prevent unauthorized access by malicious individuals.
  • Inadequate Device Management: Managing all devices throughout their lifecycle is a critical responsibility and a significant security challenge within the IoT ecosystem. Relying on default settings intended for simple device setup without considering the entire network’s security is highly insecure and provides attackers with an easy entry point. Additionally, mishandling unauthorized devices introduced into the IoT ecosystem can jeopardize access control and potentially intercept network traffic and sensitive information.
  • Lack of Privacy: As IoT devices are endpoint devices that frequently collect personal and sensitive information from the user or their surrounding environment, the concern for potential leaks and misuse of such data is significant. Inadequate security measures can also result in data leaks, compromising user privacy. Hence, neglecting to safeguard this data can expose these organizations to potential fines, damage their reputation, and lead to business loss.
  • Insufficient Physical Security: IoT devices are often deployed in remote environments instead of controlled stations, making them easy targets for attackers to access. This accessibility allows them to potentially target, disrupt, and tamper with the devices’ physical layer.
  • Inadequate Authentication Capabilities: When an IoT device lacks proper authentication and access control mechanisms to verify legitimate users, it creates a vulnerability that external attackers and insider threat actors can exploit. This flaw enables unauthorized access to IoT endpoints and systems that should otherwise be restricted and protected.

The Impact on Compromised IoT Devices

When IoT devices are compromised due to vulnerabilities at the endpoint or other network layers, they can become tools for launching significant cyber attacks like DDoS or malware attacks, disrupting IoT network operations and services. Data and privacy across the network become vulnerable, resulting in data theft and unauthorized access. Furthermore, compromised IoT devices can be utilized to propagate malware to other assets on the network. The threats listed below represent just a few examples of the numerous risks targeting IoT devices and networks (Williams et al., 2022).

Hardware Trojan

This attack involves an attacker surveilling, altering, or hindering the data or communication within a circuit using a trojan. This stealthy manipulation occurs during the circuit’s design or fabrication, introducing malevolent modifications at the physical layer.

Side Channel Attack

A side-channel attack transpires when an attacker capitalizes on the inadvertent disclosure of physical information from a system while an application is running. The adversary conducts non-invasive hardware-based attacks by observing and quantifying power consumption, electromagnetic emissions, timing data, and acoustic signals. Subsequently, the acquired information can be analyzed to extract sensitive data, such as cryptographic keys.

Tampering

Tampering denotes the act of an attacker modifying the data associated with an integrated circuit (IC) after it has been deployed in an application. Many IoT devices are often situated in environments lacking physical safeguards, making them vulnerable to unauthorized access by attackers. Such intruders can exploit physical access or wireless means to tamper with the device’s software or firmware. By installing malicious hardware or software, the attacker can manipulate the behavior of the IC or the entire device.

Botnet

Botnets, specifically IoT botnets, are extensive networks of devices, such as routers, exploited for launching attacks. These botnets consolidate numerous centrally managed devices through a command-and-control (C&C) server. Resource-constrained IoT devices’ inherently weak security measures make them susceptible to cybercriminals, who can swiftly convert them into fully controlled botnets. These compromised botnets are then utilized for DDoS attacks, wherein the attackers manipulate the internal workings of the networking protocol to obstruct users from accessing the targeted service.

Spoofing

Device spoofing involves using specialized tools to deceive systems into believing that different devices are being used. In the context of IoT networks, when an attacker’s system masquerades as a legitimate IoT device or an authenticated user in order to gain access to a network, it is called IoT device spoofing. This deceptive act often involves manipulating the genuine user’s media access control (MAC) address or internet protocol (IP) address. Another form of spoofing is voice spoofing, where adversaries employ replay attacks to exploit smart devices’ voice user interface (VUI). By doing so, they can attempt to override authentications and gain unauthorized control or access (Antispoofing, 2023).

Eavesdropping

Eavesdropping is a security concern for smart gadgets that communicate through Wi-Fi or Bluetooth, as it exposes them to potential data breaches. This attack involves intercepting data in transit, which can later be exploited in spoofing attacks. By compromising the wireless channel, attackers can analyze the data’s semantics, engage in reverse engineering, and more. The primary vulnerability in eavesdropping arises from the link between users’ daily activities and the corresponding requests that IoT devices execute, providing valuable insights to malicious actors.

Replay Attack

A replay attack is a security protocol-targeted breach where legitimate data transmission is deceitfully duplicated or delayed. In this attack, captured packets are re-transmitted, tricking honest participants into believing that they have completed the protocol on an authenticated device. The danger of replay attacks lies in their elusive nature, making them difficult to detect. Moreover, they can be effective even if the original transmission was encrypted.

OnPath Attack

This refers to an attack in which the attacker positions themselves as a relay or proxy between a sender and a receiver during communication. By occupying this intermediate position, the attacker can intercept and manipulate the information exchanged between the sender and receiver. This significantly enables a MiTM attack on IoT endpoints when the link between the wireless device and the network is compromised, allowing the attacker to eavesdrop on remote devices.

Emerging Technologies for IoT Security

There are few cybersecurity standards like the National Institute of Standards and Technology (NIST)-provided standard, which provide different recommended controls for IoT and OT. Also, specific to small and medium-sized companies, there is the Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) framework, which also provides IoT, OT, and IT controls to be implemented by organizations, considering those as mission-critical assets (Pawar & Palivela, 2022; Pawar & Pawar, 2023; Pawar & Palivela, 2023).

Safeguarding against IoT vulnerabilities is vital for security teams, IT professionals, and vertical industry experts. Numerous security software solutions for IoT networks exist, effectively mitigating cyber attacks and establishing secure environments. However, with the increasing demand for IoT technology, scaling and automating security capabilities have become imperative. Consequently, several novel technologies have emerged to ensure a comprehensive security approach for integrated IoT networks and devices.

Blockchain for Secure IoT Devices and Network

Blockchain security involves various measures and technologies designed to safeguard blockchain networks, ensuring the integrity, confidentiality, and availability of data within the system.
The principal security element in blockchain technology (BCT) is proof of work (PoW), utilized for appending new blocks. BCT’s high privacy level is achieved through changeable public keys, ensuring user identity protection. These characteristics make BCT ideal for offering distributed privacy and security in IoT. Blockchain technologies empower IoT architecture and units to be self-functional and independent entities in the physical layer. When combined with decentralized network topology, this uniqueness significantly enhances network security. Individual node independence thwarts threat actors from hacking multiple devices simultaneously, safeguarding the entire network (Pu, 2020).

Cloud for IoT

Enabling the integration of IoT devices with cloud computing technology facilitates seamless end-to-end processes and services across the network. This integration creates a closed-source network with enhanced access control and identity-driven security. Cloud solutions offer many security features, including access control, authorization, authentication, encryption, secure data transfer, and storage security for IoT devices and data. IoT cloud computing has multiple connectivity options, on-demand scaling, resource management, and more. As IoT devices and automation adoption increase, cloud solutions provide companies with robust authentication and encryption protocols, ensuring reliability in their operations.

Artificial Intelligence (AI) and Machine Learning (ML)

IoT’s diverse and complex nature and the evolving security threats pose challenges for traditional security methods in safeguarding IoT devices, applications, and networks. However, leveraging AI and ML technologies for behavior analysis and anomaly detection can offer a comprehensive and efficient security solution. By employing algorithms based on network traffic patterns, data scanning during transit becomes more effective, enhancing defense against malware. These technologies involve building data-based learning models that implement threat prevention techniques through identification, classification, and predictive security approaches.

Conclusion

The growing adoption of IoT technology has led to an increased number of devices, expanding the scope for vulnerabilities and opportunities for threat actors. Although security solutions exist to address IoT vulnerabilities, scaling traditional approaches poses challenges. Integrating IoT with blockchain and cloud computing, known for scalability, can benefit large-scale operations and storage. Similarly, leveraging AI ML technologies automates security capabilities and boosts threat detection and mitigation. Organizations should also choose cybersecurity strategies that will protect different layers of the organization, making a good cybersecurity posture for the IoT.

Reference

Arampatzis, A. (2023, July 27). Top 10 Vulnerabilities that Make IoT Devices Insecure. Venafi.
https://venafi.com/blog/top-10-vulnerabilities-make-iot-devices-insecure/

Antispoofing. (2023, August 01). Anti-Spoofing for IoT. Retrieved from:
https://antispoofing.org/anti-spoofing-for-iot/

BBC. (2021, February 08). Hacker Tries to Poison Water Supply of Florida City. BBC News.
https://www.bbc.com/news/world-us-canada-55989843

BBC. (2021, March 10). Hack of ‘150,000 Cameras’ Investigated by Camera Firm. BBC News.
https://www.bbc.com/news/technology-56342525

Eddy, M., & Perlroth, N. (2020). Cyber Attack Suspected in German Woman’s Death. The New York Times.
https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html/

Fortinet. (2024). What Is an IoT Device Vulnerability? Retrieved from:
https://www.fortinet.com/resources/cyberglossary/iot-device-vulnerabilities/

Guest, T. (2022, September 14). Top IoT Security Risks and Vulnerabilities and How to Mitigate Them. BeyondTrust.
https://www.beyondtrust.com/blog/entry/top-iot-security-vulnerabilities/

Mathews, L. (2016, November 7). Hackers Use DDoS Attack to Cut Heat to Apartments. Forbes.
https://www.forbes.com/sites/leemathews/2016/11/07/ddos-attack-leaves-finnish-apartments-without-heat/

Pawar, S., & Palivela, H. (2022). LCCI: A framework for least cybersecurity controls to be implemented for small and medium enterprises (SMEs). International Journal of Information Management Data Insights, 2(1), 100080.
https://doi.org/10.1016/j.jjimei.2022.100080/

Pawar, S. A., & Palivela, H. (2023). Importance of least cybersecurity controls for Small and Medium Enterprises (SMEs) for better global Digitalised economy. In Smart Analytics, Artificial Intelligence and Sustainable Performance Management in a Global Digitalised Economy (pp. 21-53). Emerald Publishing Limited.
https://doi.org/10.1108/S1569-37592023000110B002/

Pawar, S., & Poonam, P. (2023, July 27). BDSLCCI – Business Domain Specific Least Cybersecurity Controls Implementation. Notionpress.
https://notionpress.com/read/bdslcci/

Petrosyan, A. (2023, May 03). Annual Number of IoT Attacks Global 2022. Statista.
https://www.statista.com/statistics/1377569/worldwide-annual-internet-of-things-attacks/

Pu, S. (2020, April 16). Industrial Applications of Blockchain to IoT Data. Blockchain and Crypt Currency, 41.
https://link.springer.com/chapter/10.1007/978-981-15-3376-1_3

Williams, P., Dutta, I. K., Daoud, H., & Bayoumi, M. (2022, August). A survey on security in internet of things with a focus on the impact of emerging technologies. Internet of Things, 19, 100564.
https://www.sciencedirect.com/science/article/pii/S2542660522000592

Tags

About the Author

Dr. Shekhar Pawar is Ph.D. in the cybersecurity

Dr. Shekhar Pawar

CEO, SecureClaw Inc. and GrassDew IT Solutions

Dr. Shekhar Pawar is the CEO of SecureClaw Inc., DE, USA, and has Ph.D. in cybersecurity from SSBM, Geneva, Switzerland. He has years of proven experience in security audit and also has worked with developing software solutions for IT and cybersecurity requirements. Dr. Pawar has proven experience working with capability maturity model integration (CMMI) for qualitative analysis and improvement of the security team’s performance and has authored the book “Air Team Theory.” He also has experience in software development and management in other technologies, including telecommunications, database administration, blockchain, etc., which allows him to extend his research efforts to find optimal solutions for cybersecurity issues through interdisciplinary means. Dr. Shekhar Pawar’s interest in research and continuous learning can be observed by the numerous certifications he has obtained, some of which include Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH)Computer Hacking Forensic Investigator (CHFI), ISO 27001 – Lead Auditor, PCI DSS Implementer,
Sarbanes Oxley (SOX) Certified Professional, Certified HIPPA Privacy Professional,
Diploma in Cyber Laws, Microsoft Certified Professional (MCP), and Certified Blockchain Developer, amongst others.

The post The Rise of IoT Attacks: Endpoint Protection Via Trending Technologies appeared first on Cybersecurity Exchange.

]]>