Actionable Security Operations Tools for Educational Institutions

Security has never been more important for educational institutions.

And yet a significant rise in global cybersecurity threats has led to an unparalleled amount of ransomware attacks, stolen student data, and disrupted learning.

According to a recent Google Cloud survey, the education industry faced more ransomware attacks than any other industry, leading to being the overall #1 most targeted industry in the US and the #3 in the UK.

While these attacks only grow more devious and sophisticated, there are time-tested solutions that equip and enable educational organizations to stay safe, ensure compliance, and maximize learning.

Our own VP of Channel Development Jason Sloderbeck recently joined a discussion around higher-ed security best practices, drawing on experience solving real-world problems with our own customers. Check out the conversation below and let us know how we can help enable your organization to pass the test when it comes to security operations.

Have a follow-up question you’d like to ask? 

Join us for a LIVE Q&A with Jason this Thursday at 2 PM PST. Register below and include your question for discussion.


Google Cloud Security Talks - Fireside Chat Replay

Google Cloud Security Talks – Fireside Chat Replay

Google Cloud recently hosted the latest edition of their Cloud Security Talk series featuring our CEO Robert Herjavec, and Eric Foster, President of CYDERES. During these sessions, Robert and Eric participated in a fireside chat with Google Cloud’s Head of Solutions Strategy Dr. Anton Chuvakin and Head of Autonomic Security Iman Ghanizada discussion why all organizations need to pursue Autonomic Security Operations.

Learn more about how we are partnering with Google on their latest cybersecurity initiatives in their recent blog post, and then check out the replay of the Google Cloud Security Talk fireside below.

 

If you would like to learn more, fill out the form to be connected with one of our experts.


CYDERES’s First Code-a-Thon: Collaboration and Competition

Last November, CYDERES hosted its first-ever internal code-a-thon and the response was overwhelmingly positive — almost the entire Engineering team participated and had a great time doing it. Don’t know what a code-a-thon is? In its simplest form, a code-a-thon (or hackathon) is friends and colleagues collaborating toward a defined goal. You probably are familiar with at least one famous outcome of an internal hackathon: Facebook’s like button.

Our talented developers and engineers enjoyed getting to stretch their skills and hang out together and, for that, they can thank CYDERES Director of Engineering Cassandra Varvel. We recently asked Cassandra a few questions about the event she organized with help from others in the organization.

Keep reading to learn more about the 2021 CYDERES Code-a-Thon and plans for the next one.

Q: What is a code-a-thon?

A: A code-a-thon is a two-day team-building event that brings individuals together to work collaboratively on an idea and/or build something in 24 hours without interruption that benefits the org. It can be an idea they’ve always wanted to work on or maybe something that interests them but hasn’t yet been prioritized for the company.

Q: Why did you host one here at CYDERES?

A: First, to build team unity – it gives the team an opportunity to spend time together and build relationships while flexing collaboration skills. Second, it allows the team to come up with an idea and then spend an entire day focused on that idea with no distractions or other initiatives to get in the way. The work produced is exceptional. Third, it allows the team to be recognized for their hard work and creativity, to showcase their incredible ideas and skills, and to be rewarded for it.

Q: Have you participated in a code-a-thon before?

A: I had not, however many of our Engineering team members had, so they had lots of great ideas and do’s and don’ts to provide. Researching how other organizations have had success in their code-a-thons helped as well.

Q: What are the benefits of working collaboratively this way?

A: Day-to-day, team members’ roles are already defined and work is chosen by priority for the organization. A code-a-thon allows individuals to be innovative and work on something that motivates and excites them. A lot of these ideas end up bringing great value to the organization. One of the awesome parts about it is that groups are often formed between individuals who don’t work together daily. This allows for fresh perspective and new ideas and discussion, as well as the opportunity to build relationships with members from other teams.

Q: What were the parameters and timeline?

A: Our code-a-thon was a two-day event. Leading up to the event, teams were asked to submit their ideas and member names. The first day was the “24-hour” coding portion where teams were able to discuss their ideas or build them out. During that day, we had snacks, meals delivered, a happy hour, and repetitive 90’s music (we eventually switched the Pandora station but it made for good laughs). The second day, the teams spent time presenting their ideas to the CYDERES executive leadership team who voted in the following categories: Business Value, Innovation, and Delivery and Enthusiasm. The top three winning teams picked from an awesome pool of prizes, graciously purchased by our organization.

Q: What were the winning projects?

A: All three winners are in the works for the organization. SaaSy is on our product roadmap, Action Figures is almost ready to be deployed, and Jira Jenie is in the works too. All three initiatives have had attention since the code-a-thon, and we’re super excited to work on them.

  • SaaSy – Ryan Williams, Jesse Reichel, John Irle
    Allows for self-service deployments of our custom data integrations.
  • Action Figures – Alex Harder, Blake Kobel, Troy Robertson
    A client-facing dashboard for displaying event and escalated case data to our clients.
  • Jira Jenie – Michelle Artist
    Templating and automated responses within our issue tracking platform.

Q: Any plans for another code-a-thon?

A: We wanted to test drive our first code-a-thon by keeping it within the Engineering group, but, after seeing its success, I would love to extend it out to our entire organization. It would be a great opportunity for even further cross-team relationship building and collaboration. There were lots of laughs throughout the event and tons of great memories made. Everyone would like to have another code-a-thon.

If you would like to learn more about CYDERES, fill out our form to be connected with one of our experts.


Shark Tank Star Joins Forces with Cybersecurity Visionary to Form New Industry Powerhouse

FOR IMMEDIATE RELEASE

Contacts: Jennie Hanna, jennie.hanna@fishtech.group and Aaron Jamieson, ajamieson@herjavecgroup.com

Shark Tank Star Joins Forces with Cybersecurity Visionary to Form New Industry Powerhouse

Kansas City / Toronto / London (December 30, 2021) — Award-winning cybersecurity solutions providers Fishtech Group (“Fishtech”) and Herjavec Group (“Herjavec”) are pleased to announce their merger, backed by funds advised by Apax Partners LLP (the “Apax Funds”). The two innovative companies will operate as a single entity under a new brand to be announced in early 2022. The Apax Funds will hold a majority stake in the new company while Robert Herjavec, Founder & CEO of Herjavec Group and star of ABC’s Emmy award winning ratings giant “Shark Tank,” and Gary Fish, Founder and CEO of Fishtech Group, will each maintain significant equity in the new business.

The deal brings together the complementary strengths of both organizations, resulting in an industry powerhouse with a broad, holistic suite of best-in-class managed detection and response capabilities (MDR), professional services, and identity offerings with a global perspective to address enterprise customers’ increasingly complex information security needs. Joining the forces of Herjavec, a market leader in cloud and tech-enabled co-managed SIEM, with Fishtech, a market leader in enterprise MDR, will allow the new company to provide customers with unparalleled security and cloud expertise, driving security maturity as a competitive differentiator via advanced technology and services across the industry landscape.

At the time of the merger, the new organization brings together more than 600 security professionals operating out of 6 security operations centers (SOCs): Kansas City, Toronto, London, Ottawa, Arkansas, and Bangalore. The combined company will have one of the largest managed security engineering teams under one roof – entirely dedicated to delivering innovative solutions to enterprise clients.

Robert Herjavec, founder of Herjavec Group, will serve as Chief Executive Officer of the combined entity. Gary Fish, founder of Fishtech Group, will serve as Chairman of the Board. They will actively work to continue their track record of customer-focused success. The financial terms of the transaction are not disclosed.

Founded in 2003 and acquired by the Apax Funds in February 2021, Herjavec has been recognized as one of the world’s most innovative cybersecurity firms and is currently ranked as the #1 MSSP in the world (Cyber Defense Magazine 2021 Top 100 MSSPs List). Fishtech was founded in 2016 to bring security to the cloud while identifying vulnerabilities and introducing next-generation solutions to help organizations minimize risk.

“We’re exceptionally proud of our results to date and even more excited about the growth to come,” said Gary Fish, CEO of Fishtech. “We’re honored that so many organizations trust Fishtech to be their managed solutions provider. With complementary offerings from Herjavec, we will transform the security industry globally.”

“We could not be more thrilled to join forces with industry pioneer Gary Fish, whom I have known for decades,” said Robert Herjavec, CEO of Herjavec Group. “We are very impressed by Fishtech’s MDR offerings and its proprietary platform built on Google Chronicle, which we consider highly differentiated. Jointly, we want to double down on the investment behind this market-leading solution and strengthen what are already deep partnerships. Having built one of the strongest tech teams in the industry and a leading portfolio of services, our customers will benefit from enhanced operations, getting stronger as we help accelerate their digital transformation.”

“We are truly excited by the combination of Herjavec and Fishtech,” said Rohan Haldea, Partner at Apax. “By putting together two best-in-class organizations, we are confident that the combined platform will become an undisputed leader in cybersecurity services in the enterprise segment and have an opportunity to redefine the market category.”

The Apax Funds, in partnership with the newly formed company’s management team, will help build on the companies’ impressive growth rates to date by enhancing international expansion efforts, continuing to invest behind differentiated technology and augmenting the talented team with additional threat intelligence and identity resources.

Polsinelli serves Fishtech Group as legal counsel and Kirkland & Ellis LLP is serving as legal counsel to Herjavec Group and Apax Funds. Momentum Cyber is serving as financial advisor to Fishtech Group and BKD, LLP as tax advisor in connection with the transaction.

About Fishtech Group­­­­
Fishtech Group is a leading current-generation service provider enabling secure business transformation. Fishtech’s experienced cybersecurity professionals plan, produce, and implement innovative solutions that ensure security and success. Fishtech focuses on threats so you can focus on your business. Founded and led by CEO Gary Fish, Fishtech Group includes the Security-as-a-Service division CYDERES (Cyber Defense and Response). Visit Fishtech.Group or contact us at info@fishtech.group.
About Herjavec Group
Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. Herjavec Group has been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Herjavec Group has expertise in comprehensive security services, including Advisory Services, Technology Architecture & Implementation, Identity & Access Management, Managed Security Services, Threat Hunting & Management, Digital Forensics and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom, Canada and India. For more information, visit HerjavecGroup.com or contact at info@herjavecgroup.com.
About Apax
Apax Partners LLP (“Apax”) is a leading global private equity advisory firm. For nearly 50 years, Apax has worked to inspire growth and ideas that transform businesses. The firm has raised and advised funds with aggregate commitments of more than $60 billion. The Apax Funds invest in companies across four global sectors of Tech, Services, Healthcare and Internet/Consumer. These funds provide long-term equity financing to build and strengthen world-class companies. For further information about Apax, please visit www.apax.com.

###


CYDERES Insider Threat Profiles: The Corporate Spy

Trusted insiders can harm an enterprise in all kinds of ways, including intellectual property theft, financial fraud, sabotage and even unwittingly allowing external actors to gain network access through account compromise. Among the more damaging acts is insider-assisted espionage, especially of the cyber variety.

Many people think of spying as being primarily between the foreign intelligence services of nation-state governments. One of the best-known examples is that of Robert Hanssen, a Federal Bureau of Investigation (FBI) agent who spied for Soviet and Russian intelligence against the U.S. from 1976 to 2001, and who is currently serving 15 consecutive life sentences without the possibility of parole.

But the threat of spying is a prevalent and growing threat in the private sector as well. China in particular reportedly manages what may well be the most systematic and pervasive program of corporate cyber-espionage in the world. It stands accused of stealing data across many sectors, from quantum computing and nanotechnology to agriculture and utilities, and then exploiting the information for military and commercial advantage.

The Cybersecurity and Infrastructure Security Agency (CISA) under the U.S. Department of Homeland Security has published a joint analysis with the National Security Agency (NSA) and FBI warning that China “leverages cyber operations to assert its political and economic development objectives.”

The CISA analysis notes that: “Chinese state-sponsored cyber actors aggressively target U.S. and Allied political, economic, military, educational, and critical infrastructure personnel and organizations to steal sensitive data, emerging and key technology, intellectual property, and personally identifiable information (PII).”

China regularly uses the social media career platform LinkedIn to recruit insiders as spies, and has hacked Marriott, United Airlines, Yahoo, Anthem, Equifax and clandestine dating sites like Ashley Madison to glean compromising travel, health, financial and other highly personal information that can then be used to blackmail individuals into spying.

Nor is China alone in the world of espionage. Iran, for example, has increasingly been targeting the suppliers and manufacturers of industrial control systems used in electric utilities, manufacturing and oil refineries. And Russian intelligence services have reportedly gone after everything from Swedish vehicle makers to American stock exchanges.

These examples illustrate how private industry has become one of the top espionage targets. Making matters worse, the huge increase in telework spawned by the coronavirus pandemic has opened vast new opportunities for foreign spying at every level of the workforce.

Often this espionage leverages the privileged access enjoyed by corporate insiders who attain positions of trust and then are exploited for their access to technology systems and data – either indirectly through coercion, blackmail or bribery, or directly as in the case of a foreign national or American with birth ties to another country.

Regardless of whether they are willing participants or have been forced into their roles, can these insider-spies be identified before they commit damaging acts of espionage?

At CYDERES, a business unit of cybersecurity pioneer Fishtech Group, we believe the answer is yes. Our 24/7 managed service, Insider Threat Detection & Response (ITDR), is optimized to pinpoint any insider behavior that is malicious, negligent or even unwitting. That includes potential spies as well as IP thieves, fraudsters, saboteurs and compromised accountholders.

At the heart of the ITDR service is a model that ‘reasons’ like a team of insider threat experts and uses statistical probability, machine learning and other AI techniques to proactively identify high-risk individuals.

The model analyzes a broad set of data sources, including network security logs, printer and badge records, performance evaluations, travel records and publicly available third-party information to paint a detailed and contextualized picture of insider workforce risk.

In the case of potential spies, ITDR applies data as evidence to the model to identify employees who, for example:

  • Disregard company policies about installing personal software or hardware.
  • Clear their security logs to hide actions taken.
  • Attempt to find, alter or remove monitoring tools.
  • Attempt to gain access to sensitive areas without authorization.
  • Download unusually large files or print long documents.
  • Conduct probing activity on networks.
  • Work odd hours without authorization.
  • Travel to high-threat countries, trade shows or border cities.
  • Exhibit signs of financial stress.
  • Appear to live beyond their means.
  • Openly express anti-U.S. government sentiments or support known U.S. adversaries.

A few of these behaviors on their own can appear innocuous but, when combined with additional network or non-network data and run through the model, they create early indications of insider espionage.

ITDR’s model outputs are ingested, validated and triaged through the CYDERES Cloud Native Analytics Platform (CNAP) and the results are delivered to our customers in the form of detailed incident alerts and associated evidence, optionally coupled with recommendations for mitigation actions and policy or procedural changes.

Armed with this intelligence and insight, corporate security analysts and decision-makers can launch investigations, comply with the legal and auditing requirements associated with such activity and implement policy and control changes to bolster their insider risk mitigation programs – giving them a fresh advantage in the face of increasingly sophisticated threats of insider espionage.

 

#   #   #

 

Note: This post concludes our five-part series of CYDERES Insider Threat Profiles. Previous posts in the series can be found here:

The IP Thief

The Compromised Accountholder

The Fraudster

The Saboteur


CYDERES Insider Threat Profiles: The Saboteur

In mid-June 2018, a process technician at electric vehicle-maker Tesla was fired and then immediately sued after allegedly committing sabotage and stealing proprietary data while working at the company’s Gigafactory in the Nevada desert.

Tesla CEO Elon Musk had written an all-hands email two days earlier claiming that an unnamed employee had been “making direct code changes to the Tesla Manufacturing Operating System under false usernames” and “exporting large amounts of highly sensitive Tesla data to unknown third parties.”

The technician, Martin Tripp, admitted in court to some of the allegations but portrayed himself as a whistleblower – highlighting production inefficiencies and delays at the Gigafactory and “lies [Musk] told to the public and investors” – rather than as an insider threat. But a Nevada district court judge sided with Tesla on most counts, even while brushing aside the company’s claim of $167 million in market capitalization damages resulting from the incident. Still, Tripp was ordered to pay $400,000 to Tesla.

The world’s most valuable car company is far from alone in suffering incidents of IT sabotage, with similar examples easily found in the finance, healthcare, technology, retail and hospitality industries, to name a few. (While some sabotage is physical in nature – damaging machinery at an assembly plant, for example – IT sabotage tends to be more prevalent, costly and difficult to recover from, and is the sole focus of this post.)

Experts at Carnegie Mellon University (CMU) have studied IT sabotage as a subset of their ongoing research into all things insider threat-related. CMU maintains a running list of cases like the following:

  • A systems architect who received a termination notice after transmitting unauthorized material, then used remote access to delete data and reset servers, and then used on-site access to disable computer cooling systems. The employer, an energy firm, reported over $1 million in lost revenue and recovery fees.
  • A systems administrator rendered their former employer’s network unusable in under 30 minutes. The employer, an IT firm, needed 30 days to recover from the attack. If the insider’s replacement hadn’t made additional system backups before the attack, the organization never would have been able to recover its network.
  • Shortly before a major holiday, a recently promoted technical staff member received a poor performance review from their employer, a financial institution. In retaliation, the insider used their on-site, authorized access to transmit malicious code outside of normal business hours. In less than two minutes, the insider caused 90% of the employer’s domestic network to fail.
  • An employee of a telecommunications company, when asked to resign, responded by sabotaging company IT systems, shutting down its telecommunication system and blocking 911 services in four major cities.

We can discern some consistent defining characteristics of IT saboteurs from CMU’s list and cases like Tesla’s. For example:

  • They are mainly technical employees, including system and network administrators, software developers and programmers and some individuals with privileged access. That means they have both the access required to infiltrate an IT system and the technical skills needed to inflict damage once there.
  • Their most frequent targets are the systems they already work on.
  • Unlike their colleagues, they additionally harbor a desire to do harm. In fact the defining trait of the saboteur is disgruntlement, and the intent behind most acts of sabotage is revenge.
  • Most saboteurs plan their activities in advance, and more than a quarter of the time others have information about their plans.
  • The attack typically is arranged prior to their departure but executed after termination using remote access.

In 2016 CMU researchers studied over 100 IT sabotage incidents and found that of the malicious insiders who held technical positions, “19% held active administrator or privileged access at their organization at the time of the incident. An additional 20% of these technical insiders were former employees whose access had not be deactivated, enabling them to commit sabotage. The remaining insiders held authorized, unprivileged access (15%), unauthorized or revoked access (25%), or unknown access (21%).” The insiders who had unauthorized or revoked access in some instances compromised existing accounts to gain system access, as well as back doors and shared user accounts.

The actual attack may involve only a few lines of code and thus can be difficult to detect. Luckily for the corporate security team, however, a disgruntled employee generates higher-than-normal amounts of threat signals prior to an act of sabotage. On the network, unauthorized access attempts are one indicator, as is the mere fact that the employee is in IT.

But even more signals come from non-network data. The saboteur tends to be ruled by emotion and thus is less likely than, say, a patient and self-possessed data thief to conceal their unhappiness and their intentions. This means that reports of prior disputes with staff or managers are relevant clues, especially if they escalate easily or become a pattern.

Further evidence of disgruntlement can be found in anonymous leaks to the press, public-facing social media posts and angry or accusatory communications from the employee to management. Clues also can be found by analyzing access badge logs for signs the employee is working shorter hours or attempting to gain unauthorized access to sensitive rooms at the facility or office.

From a procedural standpoint, it is equally important to heighten security awareness just before an employee receives a poor performance review or learns that a demotion or termination is imminent – and of course to immediately suspend all network and device access and change group-wide login passcodes once the employee learns what is about to happen.

Deploying a technology solution that casts a wide net for threat signals embedded in both network and non-network data is crucial to early detection of the would-be saboteur, since network detection systems alone may not identify the sabotage until it is too late.

That’s the reason CYDERES has equipped its Insider Threat Detection & Response (ITDR) managed service with the ability to analyze a diverse array of corporate data sources. ITDR detects unauthorized or suspicious data access and activity and makes key correlations on file actions and transfers, focusing on ‘crown-jewel’ data in the cloud, apps, databases, file-shares and disks. It also has the capability to analyze non-network data from incident reports, personnel reviews, badge and printer logs, travel records and much more.

By being able to regularly ingest new data and apply it as evidence to a probabilistic model of the major types of insider threat behavior, the ITDR services team can filter out the majority of false-positive or ‘noisy’ alerts that overwhelm so many SIEM and UEBA platforms, while prioritizing the high-risk individuals that do emerge from analysis of a broader range of behaviors.

This additional context can make all the difference between helping an enterprise secure itself against insider sabotage and forcing it to scramble after the fact to repair costly damage to systems, data, finances, operations and public reputation.

 

#   #   #

 

Note: ITDR is one component of CYDERES’s 24/7 security-as-a-service solution set. Learn about the full range of CYDERES offerings, including our Cloud Native Analytics Platform (CNAP), Enterprise Managed Detection & Response (EMDR), Global Security Operations Center (GSOC) and more by visiting our web page.


Interview with Tim MalcomVetter, CYDERES Chief Technology Officer

There have been a lot of exciting developments on our CYDERES team over the past year, most notably with our 2.0 release of the CYDERES Cloud Native Analytics Platform. With so much going on, it can be hard to keep up. To help give visibility into what our CYDERES teams have been up to, and to help pass along information to organizations looking to start or improve their security programs, we sat down with CYDERES Chief Technology Officer Tim MalcomVetter to cover a lot of ground of what we accomplished in 2021, and to provide insight for priorities moving forward in 2022. Let’s get started!

No SIEM, No SOC? No Problem!

Many organizations that are just starting to develop their security programs may be tentative to engage outside organizations for vulnerability assessments or penetration testing without a proper SIEM or SOC in place. We can assist with out either of these so that you can move forward with important information on your vulnerabilities to get your program started on the right foot.

Why Unlimited Ingestion Changes Everything

Unlimited ingestion has not been the norm in the past for organizations looking to analyze their data for threats. With our partnership with Google Cloud Chronicle, we’re making unlimited ingestion a reality. Here from Tim why this new approach changes everything.

Bring All Your Data! (And How We Normalize It)

We’re not only expanding data ingestion from a raw storage standpoint. We have also developed our solutions to allow for our customers to bring in data from all of their disparate sources, and create an easy-to-use platform to allow an incredible amount of visibility, enabling our customers to have full insight over their digital domain.

Why Should Organizations Trust MSSPs?

Some organizations don’t have the resources to fully bake out a security program internally. MSSPs can be a much needed boost in people, process, and technology where an organization may otherwise be lacking.

Critical Questions When Securing Endpoints

Traditionally, endpoint security has been focused mainly on ingress security controls, or what’s coming into the network. A more modern approach may need to focus more on egress security controls, or what’s leaving. Tim talks about this, and other critical questions when security endpoints.

How to Get the Most Out of MITRE?

At CYDERES, we’re really big fans of the MITRE ATT&CK framework. Hear Tim talk more about how to get the most out of MITRE.

CNAP 2.0 – What’s the Point?

CYDERES CNAP, or our Cloud Native Analytics Platform, has recently received a 2.0 update, bringing with it new features that are create immense value for our customers. Tim talks about the origins of CNAP, and some of the new features that have been brought on board with 2.0.

What Limits the Best Blue Teams in the World?

Tim comes from the Red Team world and offers up some of his past experiences to highlight what limits the best blue teams in the world, which may not be what you think!

How Adversary Tactics are Evolving

Adversary tactics have been changing from early days of credit card breaches, which may require an immense amount of work and learning your environment, to newer tactics which allow financially-motivated actors to reach their end goal of getting paid faster. Tim explains some of these tactics in detail.

Priorities for 2022 and Beyond!

As the year begins to come to a close, you may be thinking about what your security priorities will be for 2022. Tim dives into a few areas that he has seen gaining steam with our customers.

Check Out Our Job Openings

Interested in joining our team? Check out our job openings on our Careers page!

Do you have any questions about CYDERES and our managed security solutions? Fill out the form below to be connected with one of our experts.


Black Friday / Cyber Monday Safety Tips

Black Friday and Cyber Monday have both continued to grow over the years and have really cemented themselves as staples of the holiday season. Not only that, but their influence is felt far beyond their respective days.

Case in point: try counting the number of Black Friday commercials on any given evening throughout the month of November. The promotions are starting earlier, the discount codes are being given away like candy… We’re even starting to see officially named “PRE-Black Friday Deals”, allegedly unrelated to the discounts to come.

Companies have also refined how they operate their sales, especially given the events of last year. Black Friday has taken cues from its illustrious younger sibling and offered better and more robust options for online shopping, as opposed to the in-person doorbuster deals of years past.

With all of these cyber deals taking the forefront from in-person shopping, it’s important to review best practices for shopping online. Cybercriminals continually take advantage of this time of year, using the increased activity to their benefit. Should you choose to do your deal hunting online, take a moment before the rush to brush up on some easy ways to keep yourself safer before you push “purchase”.

In today’s blog post, we have put together a few tips to help you protect yourself as you shop from the comfort of your couch. Here are a few Black Friday / Cyber Monday Safety Tips:

1) DON’T USE DEBIT CARDS

Using a debit card allows cyber criminals direct access to your bank accounts. Using payment options with added layers of protection is key to reduce your risk while you shop. Try using a credit card or a third party like PayPal or Venmo.

2) DON’T CLICK ON LINKS OR OPEN ATTACHMENTS IN EMAILS

Many cyber criminals are using the flood of Black Friday emails from retailers to send their own copycat versions with malicious links. Beware of links and attachments in the emails you receive. Hovering over links can help show you where exactly each link is sending you to.

3) DON’T SHOP ON PUBLIC WIFI

Make sure you are only shopping on a secure connection. Shopping online requires you divulge sensitive information, like credit card numbers, addresses, and more. You don’t want this information visible to outside eyes. When you are shopping online, make sure you are on a private network, or are using your cellular data plan to stay secure.

4) USE A VARIETY OF PASSWORDS

Many online retailers require you to create an account to purchase items, which includes creating a password. It may be easier to use the same password everywhere, but should that retailer be breached in the future, many of your other accounts are now susceptible. Use a variety of passwords to mitigate your overall risk.

5) ENSURE YOUR SOFTWARE IS UP TO DATE

Before shopping til you drop, make sure your device’s software is up to date. From your operating system to your web browser to your password manager and beyond, take some time to ensure you have the latest versions for security’s sake. Outdated systems are often littered with vulnerabilities, so you’ll want to fully update to block cyber criminals from gaining access.

6) ENABLE 2-STEP VERIFICATION

We’ve recently covered how to achieve better security for your organization through 2-step or multi-factor authentication, but many online retailers give individuals the option to ensure all logins (and even final order submissions) are secured through confirmation via a secondary device. Sending an authorization code to your phone or email may be a momentary inconvenience but compared to dealing with stolen credentials is a very worthwhile use of time.

With so much excitement surrounding Black Friday, Cyber Monday, and the holiday season in general, it can become easy to overlook the basic tenants of cyber safety. Follow these tips, and use common sense to stay safe as you shop. Have a happy Thanksgiving, and stay safe this weekend!


CYDERES Insider Threat Profiles: The Fraudster

Not all insider threat activity occurs at the senior management or executive levels of an organization. In fact, risk from trusted employees exists at every level.

Take insider fraud as an example. In the vast majority of cases such fraud is committed by lower-level operational and administrative staff, such as those in customer service and data entry or on IT help desks, and also among low- and mid-level managers. In all cases the employee or manager has relatively unconstrained access to the company’s customer, billing and other sensitive data.

The CERT Guide to Insider Threats defines fraud as: “An insider’s use of IT for the unauthorized modification, addition, or deletion of an organization’s data (not programs or systems) for personal gain, or theft of information that leads to an identity crime (e.g., identity theft, credit card fraud).” Not included in CERT’s definition – or this profile – is the type of enterprise-scale accounting fraud perpetrated by Enron, WorldCom, Tyco and others over the past two decades.

According to the TechTarget blog, information targeted for employee-generated fraud covers a wide range of information about an individual, including:

  • Personal identification data, such as driver’s licenses, medical identities, criminal histories and immigration applications;
  • Personal financial data, such as credit cards, credit histories, utility bills and food stamp applications; and
  • Personal medical data, such as medical records and disability claims.

For example, Anthem BlueCross and BlueShield in 2017 had to notify 18,000 of its customers who were Medicare members after an employee with one of its vendors sent their data to a personal email address and then allegedly misused the data.

Financial reasons drive most fraudsters. In some instances they are motivated by simple greed, while in others they’re facing financial stressors like mounting personal debt, medical bills or gambling losses. Another powerful predictor of workplace fraud is an employee’s dissatisfaction with his or her job, or with the work organization.

Besides the lower level of the employee, a number of other factors make fraud unique, according to the authors of the CERT guide and other insider threat experts. For one thing, it typically occurs over a much longer period of time when compared to sudden ‘big bang’ insider events like sabotage or intellectual property theft.

In the latter two cases the employee is usually headed for the exits or has already left when the attack occurs. But the fraudster tends to stay on the job for months or years, which means this type of insider can have a significant adverse financial impact on the organization.

A 2019 Cybersecurity Insiders report found that 55 percent of all malicious insider threat cases are fraud-related, a larger percentage than IP theft, sabotage or espionage. While other insider threat cases may grab more headlines, the frequency, scope and monetary impact of fraud make it a major risk factor – one requiring sustained C-suite attention and company-wide mitigation programs.

Some of the best remedies are procedural in nature. These can include regular and well-publicized audits of critical or irregular processes, stringent background checks for new staff, routine reviews of privileged access lists, training programs that educate staff on how to spot signs of fraud and employee assistance programs that try to support those exhibiting signs of financial stress.

But processes, procedures and controls alone are not enough – which is where fraud detection tools come in.

Popular technologies include SIEM and UEBA platforms that analyze network and device activity for signs of any kind of insider threat. However, the effectiveness of such tools is hampered by the fact that fraudsters are engaged in the same online activities they perform in their assigned roles, and they carry out their fraud on-site and during normal working hours. In other words, they behave like they’re just doing their jobs.

Given that fraud is a malicious act – as opposed to one caused by unwitting or negligent behavior – an effective technology solution should include data sources with information that relates to financial stressors, employee dissatisfaction and other behavioral indicators of risk that can’t be detected on networks.

The CYDERES Insider Threat Detection & Response (ITDR) managed service is a case in point, because it relies on a combination of analyzing network security data through the CYDERES Cloud Native Analytics Platform (CNAP) and also on a patented model-based approach that supplements the network signals with diverse non-network data from HR and other internal sources. The result is a more contextualized view of individual fraud risk.

Once data is applied as evidence the probabilistic model produces a list of potential fraud actors, prioritized by risk score. CYDERES then ingests, validates and triages the results and delivers detailed incident alerts to its customers along with the related evidence needed to launch an investigation.

It is this context-driven ‘whole-person’ approach that sets ITDR apart from other detection solutions. Because it’s a managed service, there’s no software to buy and no need to hire more SOC analysts to find the riskiest insiders among a mountain of noisy alerts.

And because ITDR takes a more proactive approach to fraud detection, organizations have the opportunity to intervene in time to prevent the fraud from escalating – and perhaps help an employee in financial distress.

 

 

#    #    #

Note: CYDERES’s Insider Threat Detection & Response managed service was launched in July 2021. Click here to listen to our introductory webinar detailing the features and capabilities of the service, including an in-depth demo of the operational system.


Talking Security Operations with CYDERES Chief Operating Officer Mike Wyatt

Modern threats require modern security operations. This is a topic we have covered a number of times over the past year. In fact, we presented at the Google Cloud Security Summit on this very subject. In that presentation, our CYDERES Chief Technology Officer Tim MalcomVetter, and CYDERES Chief Operating Officer Mike Wyatt spoke broadly about the top security challenges modern organizations are facing, and how we’re developing and implementing proven, modern solutions for our customers.

For today’s blog post, we put together a few videos from our interview with CYDERES COO Mike Wyatt, including items that were outside of the scope of the original presentation, in order to give you an even fuller insight on what modern security operations look like, and how you can utilize our expertise to help you combat the modern threats of today. If you have any questions, fill out the form at the bottom of the page to be connected with one of our CYDERES experts. Let’s get started!

What are the Top Security Challenges of the Modern Risk Landscape?

Many organizations are hearing a lot of noise surrounding modern cyber threats, and can get lost trying to make heads or tails of where to prioritize their efforts. CYDERES Chief Operating Officer Mike Wyatt discusses some of the top security challenges of the modern risk landscape to help illuminate a few priorities to keep in mind.

Why Does As-A-Service Make Sense in Today’s Environment?

Once priorities have been established for organizations in the modern risk landscape, many are left wondering how to proceed with how to adequately protect themselves. Partnering with an MSSP can open up so many possibilities as you tap into the expertise and resources found within managed security that may be difficult to leverage in-house.

Unlocking 24/7 Response Capabilities

One of the key components that MSSPs can unlock for your organization is 24/7 response capabilities. It’s one thing to be able to detect threats, but are you able to respond to them in pivotal moments, even in off-business hours? Mike expands on the benefits of 24/7 response capabilities, and on the value our EMDR offering brings.

Learn More, Act Faster with CNAP 2.0

Mike dives into our CNAP 2.0 offering and all of the recent additions that have helped make our Cloud Native Analytics Platform a powerful tool for organizations looking to modernize their security operations.

Winning Solutions that Leading Organizations are Adopting

We get a lot of questions regarding our partnership with Google Chronicle and how that is being leveraged to create winning solutions for leading organizations. Mike expands on the capabilities of Chronicle and how that leads to better results for faster identification of threats to your environment.

We’re Growing!

Interested in joining our team? We’re growing quickly and would love to have you on board. Visit our Careers page to see our current job opportunities.

If you have any questions, or would like to know more about CYDERES, fill out the form below to be connected with one of our experts.