Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/27/2018
11:30 AM
Robert Block
Robert Block
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Every Week Is Shark Week in Cyberspace

Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.

Your odds of being attacked by a shark are zero if you never venture into the ocean — which is far lower than the odds of being cyber hacked even if you never go online. After all, you could still become a victim of identity theft without ever wading unto Internet waters.

The point is this: Fear the cyber shark far more than the great white, tiger, or bull shark, whose majesty was celebrated this week during the Discovery Channel's Shark Week, as it has every year since 1987.

So, what can Shark Week teach us about cybersecurity? Here are four areas to focus on in honor of Shark Week.

1. Assume the Role of a Lifeguard
An organization's ocean is the Internet. Some if it equates to shallow waters such as internal networks, but much of is deep and uncharted via the cloud. No matter the depth of the water, you still need to assess the risks of venturing into potentially perilous territory. A CISO is a company's lifeguard, which means being aware of, adapting to, taking precautions against, and assuming control of the threats that attackers present. With threats always evolving, it's imperative to keep improving your organizational lifeguarding skills.

2. Guard Against Phishing Attacks and Save the Whales
Phishing attacks — and, specifically, mobile phishing attacks — continue to rise. In fact, the SANS 2017 Threat Landscape Survey reported that phishing remains the most significant threat to organizations, with 74% of cyberattacks beginning when a user clicked on a malicious attachment or link contained in an email.

Spearphishing attacks are also increasing, rising to 50% in the last quarter of 2017. This technique has been used to devastating, well-documented effect over the past few years. Spearphishing takes the form of an email that appears to be from the recipient's friend or colleague. The email encourages the recipient to click on what are in reality malicious links or attachments or persuades that person to reply with sensitive professional or personal information. These attacks are difficult to identify on the surface because they combine the most common attributes of successful social engineering.

Social engineering tactics are also heavily leveraged in an even more insidious method of phishing known as pretexting, business email compromise (BEC), or "whaling" attacks. These attacks create the believable pretext of a fabricated persona in which the victim — most often a C-level executive — develops a false sense of trust in the hacker. Once the relationship has been established, money-transfer fraud and/or outright data theft quickly follows.

Prevention measures for all phishing, spearphishing, and whaling attacks are widely known and essentially the same. Yet despite anti-phishing methods such as reporting suspicious emails and routinely changing passwords, attacks are still increasing. Modern authentication techniques can be great tools for preventing the repercussions of stolen credentials. Performing security audits and providing user education and training are also solid prevention methods.

2. Safeguard Your Waters with Modern Authentication Methods
Many threats are false positives; the dorsal fin of a friendly, curious dolphin can look like the dorsal fin of a shark that's circling the waters. Similarly, an access attempt might not look suspicious until it's too late. With 80% of breaches being caused by valid yet stolen or misused credentials, it is imperative to validate every access attempt — ensuring that the good guys get in (without hindering user experience and productivity) while keeping the bad guys out. Today's available solutions add intelligence and analytics to authentication methods. These risk-based solutions, available from many vendors, focus on the user's profile and tendencies. They can include techniques such as geographic analysis, device recognition, and IP address-based threat services.

3. Continually Assess Your Environments
Threats are everywhere, in the water and online. They're usually hidden. They sometimes don't appear until it's too late. But that shouldn't keep humans from swimming in the ocean or conducting activity online, especially in the age of digital transformation. Safety counts, and precautions matter.

During Shark Week, we witnessed humans taking shelter in shark cages and avoiding seal-populated areas and shark-infested waters. As organizations continue to engage in Internet activities, remember to follow identity and security best practices, keep your senses alert for phishing emails and have a remediation and response plan when an attack does occur.

Related Content:

Learn from the industry's most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Register by July 27 and save $700! Click for more info

As Senior VP of Identity Strategy at SecureAuth and Core Security, Robert Block is responsible for executing strategic vision of preventing the misuse of stolen credentials. Block has over 19 years of IT experience — of which 15 years have been focused on identity and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
seanmajece
50%
50%
seanmajece,
User Rank: Apprentice
8/2/2018 | 5:46:40 AM
Cyberspace
By the way, my father is working with cyberspace. So I know a lot about it
amarre
50%
50%
amarre,
User Rank: Author
7/31/2018 | 1:58:20 PM
The danger is real
Too often, even after a risk is actualized by a real or simulated attack, people continue to ignore the threat and pretend that it is exaggerated.  This comparison to shark infested waters will perhaps make it more real.  People are irrationally afraid of low-likelihood shark attacks; we need them to be rationally afraid of these attacks.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:52:37 PM
Threats
Threats are everywhere, in the water and online. They're usually hidden. They are mainly hidden in our logs, we can find them with automation. We mainly miss real threats but deal with false positives or negatives.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:50:17 PM
False positive
Many threats are false positives; the dorsal fin of a friendly, curious dolphin can look like the dorsal fin of a shark that's circling the waters. This is where most of our security analyst time is wasted. So we need to change it with automation.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:47:15 PM
Human factor
Yet despite anti-phishing methods such as reporting suspicious emails and routinely changing passwords, attacks are still increasing. It is because it exploits human factor, that is what it is effective
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:45:34 PM
Phishing
Phishing attacks and, specifically, mobile phishing attacks continue to rise. I agree, Phishing is major and effective way of executing an attack,
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
7/29/2018 | 12:43:19 PM
Nice analogy
An organization's ocean is the Internet. I like the analogy, effective and CISO as lifeguard, all the employees should do their part.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...