Keith Smith - My Blog : Security

Cybersecurity predictions for 2025

Tue, 31 Dec 2024 04:32:38 +0000

AI-Powered Threats and Defenses

Adversarial AI Attacks: Cybercriminals are increasingly using AI to automate and refine attacks, creating more sophisticated phishing schemes and bypassing traditional defenses.

AI-Augmented Security: Organizations leverage AI and machine learning to detect anomalies, predict threats, and automate incident response.

Rise in Ransomware-as-a-Service (RaaS)
More Sophisticated Ransomware: Ransomware becomes harder to detect and decrypt, with attacks targeting critical infrastructure and high-value targets.

Negotiation Disruption: Governments and businesses may establish stricter regulations against paying ransoms, leading to prolonged recovery periods.

Expansion of Zero Trust Architectures
Widespread Adoption: The zero-trust model becomes the standard for enterprise security frameworks, driven by the shift to remote and hybrid work.

Challenges in Implementation: Organizations face hurdles in fully adopting zero-trust due to legacy systems, resource and staff constraints.

Quantum Computing Threats
Cryptographic Vulnerabilities: The growing capability of quantum computers threatens current encryption standards, forcing organizations to accelerate the adoption of quantum-resistant algorithms.

Quantum-Safe Solutions: Industries like banking and healthcare lead the charge in deploying quantum-proof systems.

IoT Security Under Siege
IoT Botnets: Increased attacks on connected devices, such as smart homes and industrial IoT systems, create larger botnets for DDoS attacks.

Stricter Regulations: Governments enforce stricter security standards, requiring device manufacturers to implement robust security measures by design.

Targeted Supply Chain Attacks
Focus on Software Supply Chains: Attackers continue exploiting third-party software vulnerabilities to compromise multiple organizations simultaneously.

Enhanced Vendor Scrutiny: Companies demand more rigorous security audits and compliance from suppliers.

Cybersecurity Talent Gap Widens
Demand for Skills: The growing complexity of cyber threats exacerbates the shortage of qualified cybersecurity professionals.

Investing in Upskilling and Automation: To remain competitive, companies must prioritize training initiatives and leverage automation to effectively address workforce challenges. This strategic approach not only enhances employee skills but also drives efficiency and innovation in the workplace.

Growth of Digital Identity Verification
Biometric Adoption: Biometric authentication (e.g., facial recognition, voice analysis) becomes mainstream for both personal and enterprise use.

Privacy Concerns: Users and regulators scrutinize the storage and handling of sensitive biometric data.

Proliferation of Cyber Insurance
Stricter Requirements: Cyber insurers demand stringent security protocols and regular audits before issuing policies.

Premium Hikes: The rising frequency and severity of cyberattacks drive up the cost of cyber insurance.

Regulatory Overhauls and Global Collaboration
Unified Cyber Laws: Nations collaborate on international frameworks to combat cybercrime and impose penalties on attackers.

Localized Regulations: Countries enforce stricter data privacy and cybersecurity laws tailored to regional needs.

-End

Though for my day: Things we can do to protect staff working remotely

Wed, 22 Apr 2020 21:05:20 +0000

Things we can do as IT pro's to protect staff working remotely

Identifying Weaknesses in Remote Connectivity
- Security Review: Ensuring workers using personal devices to connect to organization resources are properly protected to ensure the organizations network is not exposed to outside threats.
- Home Network Review: Reviewing remote worker home internet speed or hardware to get the best experience possible, especially over wireless.
Reviewing Workstation & Server Security
- On Premise Security Review: If your staff is working remotely, is your office protected from outside threats? It's important to have multi-factor authentication into all systems when working remotely.
- Regular Network Maintenance: Continued patching and maintenance of network hardware ensures your systems aren’t exposed to threats.
- Regular Device Maintenance: Workers on organization owned devices should have data encryption enabled, anti-virus installed and be fully patched with windows and third party updates.
Maximizing Work from Home Efficiency
- External Hardware Review: Identifying opportunities for remote workers to use additional hardware like printers and multiple monitors.
- Communications Review: Ensuring phone, messaging and remote meeting access is available to allow for efficient communications.
Controlling Costs
- Licensing Review: Checking for unused licensing and software usage on monthly subscription costs can yield instant results to the bottom line with the IT budget.
Reminding Employees of Security Awareness
- Remote Patching Reminders: Reminding remote workers of the importance of following the normal method for ensuring updates are installed on their organization owned device and personal devices.
- Email Security Review: Running phishing campaigns to expose training needs for staff in relation to handling malicious emails that harvest personal and organization data.
IT Business Process
- Business Continuity Planning: Create or refresh plans to continue access to key IT business resources and consider how that impacts keeping your business running if key staff are out sick or otherwise unavailable.
- Password Management Review: Determine the current processes in place for sharing and storing passwords to ensure that other individuals have credentials in the case someone is out sick or unavailable.
- Communications Review: Identify additional methods and tools you can use beyond email to communicate with workers

-End

Why you should review your ISP Advertising and Marketing Preferences

Sun, 11 Mar 2018 04:32:38 +0000

I was recently asked by a colleague of my mine if it was possible that Comcast could be targeting ads based content that was viewed while using the services. I said “it’s possible if you haven’t opted out of anything preferences” typically service providers automatically opt-in customers into data collection practices now. My colleague logged into the account —> went into settings then clicked on communications & ad preferences to find 4 very interesting area’s under “Advertising Preferences” and “Marketing Preferences”

My colleague clicked on the edit for the cable targeted advertising and was shocked to see that the opt in box was checked and immediately switched to Opt out for advanced advertising preferences: activity data and ad groups. On the same page we saw links to the privacy notice and the FAQ for advanced advertising preferences, the privacy policy clearly stated that

We also collect information about your account and your use of the Services, which may include:
   •   your account number;
   •   billing, payment, and deposit history;
   •   maintenance information;
   •   the types of Services to which you subscribe;
   •   the device identifiers and network addresses of equipment used with your account;
   •   voice commands;
   •   video and audio recordings;
   •   records indicating the number and types of devices connected to our network;
   •   technical information about your Service-related devices, including customization settings and preferences;
   •   network traffic data;
   •   information about your use of the Services and their features, including video activity data, as well as Internet or online information such as web addresses and other activity data in order to render Internet service; and
   •   additional information about the Service options you have chosen.

"When you use the Services, our cable system automatically generates, transmits, and collects much of this information as part of providing the Services to you. For example, we receive information about the use of set-top boxes, remote controls, program guides, video players, applications, and other devices and software connected to our cable system (“video activity data”). The video activity data includes, for example, which channels, programs, and advertisements are viewed and for how long. It may also include information about navigation through program guides and applications, and use of devices like remote controls and tablets. If you select various features of our equipment, such as voice commands or search, we also will collect and process the data needed to fulfill your requests."

As we continued to review the notices and policies we saw more of information which led to me suggest the use of a VPN service, there are many providers of this service now and most of in the IT field have started suggesting this more frequently.

-End

Applying a “Defense-in-Depth” Strategy

Mon, 22 May 2017 10:27:36 +0000

IT Teams and Staff can effectively maintain physical and information security with a “defense-in-depth” approach that addresses both internal and external threats. Defense-in-depth is based on the idea that any one point of protection may, and probably will, be defeated. This approach uses three different types of layers (physical, electronic, and procedural) and applies appropriate controls to address different risks that might arise in each.

The same concept works for both physical and network security. Multiple layers of network security can protect networked assets, data and end points, just as multiple layers of physical security can protect high-value physical assets. With a defense-in-depth approach:

• System security is purposely designed into the infrastructure from the beginning. Attackers are faced with multiple hurdles to overcome if they want to successfully break through or bypass the entire system.

• A weakness or flaw in one layer can be protected by strength, capabilities or new variable introduced through other security layers.

Typical defense-in-depth approaches involve six areas: physical, network, computer, application, device and staff education.

1. Physical Security – It seems obvious that physical security would be an important layer in a defense-in-depth strategy, but don’t take it for granted. Guards, gates, locks, port block-outs, and key cards all help keep people away from systems that shouldn’t touch or alter. In addition, the lines between the physical security systems and information systems are blurring as physical access can be tied to information access.

2. Network Security – An essential part of information fabric is network security and should be equipped with firewalls, intrusion detection and prevention systems (IDS/IPS), and general networking equipment such as switches and routers configured with their security features enabled. Zones establish domains of trust for security access and smaller virtual local area networks (VLANs) to shape and manage network traffic. A demilitarized zone between public resources and the internal or trusted resources allows data and services to be shared securely.

3. Computer Hardening – Well known (and published) software vulnerabilities are the number one way that intruders gain access to automation systems. Examples of Computer Hardening include the use of:

• Antivirus software

• Application whitelisting

• Host intrusion-detection systems (HIDS) and other endpoint security solutions

• Removal of unused applications, protocols and services

• Closing unnecessary ports

Software patching practices can work in concert with these hardening techniques to help further address computer risks that are susceptible to malware cyber risks including viruses and Trojans etc.

Follow these guidelines to help reduce risk:

• Disable software automatic updating services on PCs

• Inventory target computers for applications, and software versions and revisions

• Subscribe to and monitor vendor patch qualification services for patch compatibility

• Obtain product patches and software upgrades directly from the vendor

• Pre-test all patches on non-operational, non-mission critical systems

• Schedule the application of patches and upgrades and plan for contingencies

4. Application Security – This refers infusing system applications with good security practices, such as a Role Based Access Control System,Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible which locks down access to critical process functions, force username/password logins, combinations, Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible and etc.

5. Device Hardening – Changing the default configuration of an embedded device out-of-the-box can make it more secure. The default security settings of PLCs, PACs, routers, switches, firewalls and other embedded devices will differ based on class and type, which subsequently changes the amount of work required to harden a particular device. But remember, a chain is only as strong as its weakest link.

6. Staff Education - Last but not least it’s important to talk to staff about keeping clean machine, the organization should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Following good password practices is important a strong password is a phrase that is at least 12 characters long. Employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.

Educating Employees at least once a year is important

Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online.

Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.

-End

Full list of Failure Reasons for event 4625

Wed, 19 Apr 2017 00:01:56 +0000

Windows Domain Controller - Event Viewer Security Status and Sub-Status values

SUB_STATUS

	DESCRIPTION
0XC000006D	This is either due to a bad username or authentication information
0XC000006D	This is either due to a bad username or authentication information
0XC000006E	Unknown user name or bad password.
0XC000006E	Unknown user name or bad password.
0XC0000193	account expiration
0XC000006E	Unknown user name or bad password.
0XC000006D	This is either due to a bad username or authentication information
0XC000006D	This is either due to a bad username or authentication information
0XC000018C	The logon request failed because the trust relationship between the primary domain and the trusted domain failed.
0XC000005E	There are currently no logon servers available to service the logon request.
0XC00000DC	Indicates the Sam Server was in the wrong state to perform the desired operation.
0XC0000224	A user is required to change password at next logon
0XC0000192	An attempt was made to logon, but the netlogon service was not started.
0XC0000413	Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine.

-End