Day: August 19, 2018

Posted on

Cybersecurity is a Proactive Journey, Not a Destination

Cybersecurity continues to grab spotlight and mindshare as it pertains to computing and social trends.

The topic itself is broad and expansive, and the true impact of this segment of computing will be around for generations to come. For strong perspective on where the industry stands in its current state, ISACA’s State of Cybersecurity 2018 research is a must-read. This report provides a great assessment of what needs to happen in the cybersecurity field to move from reactive to proactive.

Challenges around cybersecurity are not new and have actually been around since the dawn of computing. However, it is now a topic that everyone talks about. It is a board topic, it is a public safety and livelihood topic, and it is a personal topic. Hitting this trifecta of impact has finally created the sense of urgency and the attention that is needed. Now, the key is that as an industry, as a country, and as a world of over 7 billion people, we need to effectively address these industry challenges to preserve the computing environment for the future.

Today, most cybersecurity efforts are focused on what is referred to as the “EMR” model of educate, monitor, and remediate. This approach is effective but is essentially like the game of “whack-a-mole,” where the core underlying risks and issues are never solved and keep popping up.

So, how does the governing of cybersecurity become proactive?

While EMR is essential, the core foundation of a more secure and trustworthy computing experience requires being more proactive. Proactive means ongoing, real-time, continuous self-testing and self-assessment, and a laser focus on education as it pertains to best practices. This, combined with a continued evolution on the new SaaS (security-as-a-service), will help mitigate and ensure more trust in the future. Still, it will be very difficult to solve all cybersecurity challenges due to the technical debt that exists and will exist for the immediate future.

Safe and secure computing can occur with a connected, comprehensive approach to security embedded in each of the leading digital disruption levers, from the Internet of Things, to conversational artificial intelligence, to blockchain and distributed ledger technology, to wearables and mobility. Industry focus, industry standards, close adherence to best practices, and the constant ability to randomize to protect digital identities is on the horizon and needs to continue to gain acceleration.

However, first and foremost, security best practices begin at the code level. As software engineers and as an innovation industry, we must make sure this is well-executed in each and every opportunity we have.

Author’s note: Mike Wons is the former CTO for the state of Illinois and is now serving as Chief Client Officer for Kansas City, Missouri-based PayIt. Mike can be reached at mwons@payitgov.com

Mike Wons, Chief Client Officer, PayIt

[ISACA Now Blog]

Posted on

The AI Calculus – Where Do Ethics Factor In?

While artificial intelligence and machine learning deployment are on the rise – and generating plenty of buzz along the way – organizations face difficult decisions about how, where and when to introduce AI.

In a session Tuesday at the 2018 GRC Conference in Nashville, Tennessee, USA, co-presenters Kirsten Lloyd and Josh Elliot laid out many of the ethical considerations that should be part of those deliberations.

The pair detailed several instances of high-profile AI events over the past decade that highlighted the need to give ethical components of AI deployment a high level of focus early in a product or service’s design, as opposed to risking unforeseen fallout. The examples included the development of a controversial algorithm that predicted higher rates of recidivism for black defendants in the judicial system and a Stanford University study exploring how often AI could determine a person’s sexual orientation based on photos of their faces.

Yet, for all of the questionable or even potentially malicious use cases of AI, Lloyd and Eliot highlighted an extensive list of powerfully compelling uses for AI, such as advancing new medical treatments, preventing cyber attacks, improving energy efficiency and increasing crop yields. Elliot, Booz Allen Hamilton’s director of artificial intelligence, noted that AI also may prove transformative in missing person crises, such as being able to swiftly locate missing children in AMBER Alert child abductions.

Whether the potential ethical implications of AI and machine learning outweigh the good that can be accomplished is very much a case-by-case judgment call, Elliot said, requiring a holistic evaluation of the possible outcomes through a risk management lens. Successful, ethical implementation of AI and machine learning also call for strong governance, with emphasis on benefits realization, risk optimization and resource optimization. Elliot and Lloyd said organizations should identify and engage key stakeholders in AI projects, including the creation of an ethical review board and a chief ethics officer. Some high-impact deployments might also require direct access to the C-Suite for input on risk considerations.

Elliot and Lloyd suggested that organizations consider the following questions when deciding how they might want to deploy AI and machine learning:

  1. What are our goals?
  2. How much risk are we willing to tolerate?
  3. What is the state of our data assets?
  4. What talent assets do we have?
  5. What are our values?

From a people talent standpoint, Elliot noted there is a serious shortage of professionals with the expertise to help enterprises effectively and securely implement AI and machine learning, causing many organizations to turn to the ranks of academia and research to fill in the personnel gaps. Lloyd, an AI strategist with Booz Allen Hamilton, acknowledged the workforce worries many harbor regarding the potential for AI and machine learning to displace large numbers of practitioners, but said that there will remain an enduring need for humans’ critical thinking skills, while machines continue to introduce process improvements in computational thinking.

Taking the long view, Elliot and Lloyd said AI and related disciplines have transitioned from their previous state of simple task execution to the current era of pattern recognition, with a future that will be reshaped by added capabilities of contextual reasoning. Elliot said many of today’s common uses, such as robotic process automation (RPA), are a mere “gateway drug” to more sophisticated technologies and applications that are being aggressively researched in Silicon Valley and beyond.

[ISACA Now Blog]

Posted on

Four Unit 42 Vulnerability Researchers Make MSRC Top 100 for 2018

Palo Alto Networks Unit 42 is proud to announce that four of our researchers were named to the Microsoft Security Response Center (MSRC) “Top 100 Security Researchers List” for 2018. This is the third year Unit 42 researchers have been included in this prestigious list, which is announced every year at Black Hat. This year’s Unit 42 winners are:

 

Rank Name
10 Gal De Leon
13 Hui Gao
73 Tao Yan
79 Jin Chen

 

Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, Android and other ecosystems. By proactively identifying vulnerabilities, developing protections for our customers, and sharing them with Microsoft for patching, we are removing weapons used by attackers that compromise enterprise, government and service provider networks.

Below is the full list of this year’s top 100. To better understand how this recognition is both important and an honor, this posting by Phillip Misner of the MSRC gives you an idea of what’s behind the program.

[Palo Alto Networks Research Center]

Posted on

In OT Environments, Security Must Not Be an Afterthought

The dream of a cloud-enabled operational technology, or OT, environment is becoming a reality thanks to daily innovations in technology, which have the potential of turning legacy control systems into integrated IIoT instances. These changes are happening at a fast pace, and are often extraordinary in scale. Large scale ICS SCADA systems, such as those found in oil and gas are evolving; however, one thing remains constant: poor security.

 

Why Security Is a Challenge

As IT security professionals know, security must adapt to an ever-changing threat landscape. A fluid model does not play well with most current ICS and SCADA systems. These systems depend on availability first, making the application of security measures challenging to implement and even harder to maintain. For OT operators, security must support a model that allows technicians to connect devices first to configure and fine-tune them, and then later lock them down. There must be enough security in place to protect both the business and the process control environment from attacks, but with just enough protection that it neither overcomplicates the automation groups workflows nor stops, blocks or disrupts production.

Purpose-built and expensive to update or replace, these systems and networks do not conform to the equipment lifecycle of an IT network. The majority of oil and gas field networks and remote process control networks are archaic, but also happen to be the systems we take for granted on a daily basis. Attackers know that, when and if these systems fail, they can affect our daily lives.

 

What’s Next?

It is time we change our beliefs on what a secure network looks like and how it should work? As organizations adopt cloud-based infrastructures and other IIoT technologies, security does not have to be an afterthought. Our Security Operating Platform secures control system networks in several ways, including automatically preventing new and unknown threats, providing virtual network segmentation and offering role-based network access.

Learn more about how to protect your controls environment against sophisticated cyberattacks by downloading our Cybersecurity for Oil and Gas Solutions Brief.

[Palo Alto Networks Research Center]
Posted on

Threat Brief: Cyber Attackers Using Your Home Router To Bring Down Websites

In recent research, Palo Alto Networks found attackers were targeting home routers to take control and use them for attacks against other websites that can bring them down. Here we explain this type of attack and what you should do.

 

Why should I care, what can it do to me?

These attacks could affect you in two ways:

  1. They can slow down or disrupt your internet connection,
  2. They can also make you an unwitting participant in attacks against other websites.

 

What causes this kind of attack?

Weak passwords and out-of-date software can both enable attackers to take complete control of your home router.

 

How can I prevent it?

Attackers target home routers like this by targeting default passwords and out-of-date software on the routers. An easy thing you can do is restart your router once a week (typically by unplugging it).

You can also stay safe by changing the password on your router and updating the software. If you’re not sure how to do this, contact your Internet Service Provider (ISP) that gave you the router for help.

 

How does it work?

When devices (in this case, the routers) are under someone else’s control like this, the collection is referred to as a “botnet”, a network (-net) of remotely controlled systems or devices (bot-).

When attackers have complete control of your home router, they can install attack software that they control, turning the device into a “bot”. Attacks can make all the controlled routers in a botnet do anything they want, including sending huge amounts of data to try and bring websites down.

These kinds of attacks are called “Distributed Denial of Service” or “DDoS” attacks. Attackers use them to take down websites for several reasons:

  • Personal or political reasons
  • To blackmail websites to pay money or face attack
  • To act as a diversion for other more serious attacks
  • Simply to create mischief

 

About

Threat Briefs are meant to help busy people understand real-world threats and how they can prevent them in their lives.

They’re put together by Palo Alto Networks Unit 42 threat research team and are meant for you to read and share with your family, friends, and coworkers so you can all be safer and get on with the business of your digital life.

Got a topic you want us to write about for you, your friends, or your family? Email us at u42comms@paloaltonetworks.com.

[Palo Alto Networks Research Center]

English
English
Exit mobile version