IT Security RSS Feed for 2024-12-21

Posted on 2024-12-21 Edited on 2025-04-03 In IT Security Word count in article: 43k Reading time ≈ 39 mins.

IT Security RSS Feed for 2024-12-21

LockBit ransomware gang teases February 2025 return

Published: Thu, 19 Dec 2024 12:56:00 GMT

LockBit Ransomware Gang Teases February 2025 Return

The notorious LockBit ransomware gang has released a statement suggesting that they will be returning to active operations in February 2025. This announcement has raised concerns among cybersecurity experts and law enforcement agencies.

Background of LockBit

LockBit is a prolific ransomware gang that has been responsible for numerous high-profile attacks in recent years. They have targeted organizations across various industries, including healthcare, education, and government entities. LockBit is known for its sophisticated encryption techniques and aggressive extortion tactics.

The Announcement

In a statement posted to their dark web portal, LockBit claimed that they are “taking a break” and will cease operations until February 2025. They provided no specific reason for their hiatus but stated that they are “preparing for something big.”

Implications

The announcement by LockBit has raised several concerns:

Resurgence of Attacks: The gang’s return in 2025 could lead to a renewed wave of ransomware attacks, potentially targeting new victims or returning to previous targets.
Technological Advancements: During their hiatus, LockBit may develop new and more sophisticated ransomware variants, posing a significant threat to organizations.
Increased Severity: As the ransomware landscape evolves, LockBit may adopt even more aggressive tactics, such as data exfiltration and denial-of-service attacks.

Law Enforcement Response

Law enforcement agencies around the world are monitoring the situation closely. While LockBit’s hiatus may provide some respite, it is crucial to remain vigilant and continue efforts to combat ransomware threats.

Recommendations for Businesses

Organizations should take proactive measures to mitigate the potential impact of LockBit’s return:

Enhance Cybersecurity Defenses: Implement strong security measures, including network segmentation, intrusion detection systems, and regular software updates.
Implement Data Backups: Regularly back up critical data and store it securely offline or in a cloud-based backup service.
Conduct Incident Response Planning: Develop and test an incident response plan to minimize downtime and data loss in the event of a ransomware attack.
Stay Informed: Monitor cybersecurity news and alerts to stay abreast of the latest ransomware trends and mitigation techniques.

By taking these steps, organizations can reduce the risk of falling victim to ransomware attacks, including any potential threat posed by LockBit’s resurgence in February 2025.

Latest attempt to override UK’s outdated hacking law stalls

Published: Thu, 19 Dec 2024 11:10:00 GMT

Latest Attempt to Override UK’s Outdated Hacking Law Stalls

The UK government’s latest attempt to update the country’s outdated hacking laws has stalled due to concerns raised by privacy advocates. The proposed legislation, known as the Online Safety Bill, has been in development for several years and aims to tackle harmful content and protect users online.

Outdated Hacking Laws

The current hacking law in the UK, the Computer Misuse Act 1990, is widely regarded as outdated and unfit for the modern digital landscape. The act was passed in an era before the widespread use of the internet and does not adequately address modern hacking techniques.

Proposed Changes

The Online Safety Bill seeks to address these shortcomings by introducing new offenses for hacking-related activities. These include:

Unauthorised access to computer systems
Attempting to access computer systems without authorization
Unauthorised modification of computer data
Unauthorised distribution of malware

Privacy Concerns

Privacy advocates have raised concerns about the potential for the bill to be misused to target legitimate security research and ethical hacking activities. They argue that the broad language of the proposed offenses could criminalize actions commonly used by security researchers to identify and fix vulnerabilities in computer systems.

Stalled Progress

In response to these concerns, the government has agreed to make amendments to the bill to address privacy issues. However, progress has been slow, and the bill remains stalled in the legislative process.

Impact on Security Researchers

The stalled progress of the Online Safety Bill has left security researchers in a state of uncertainty. They are concerned that the broad nature of the proposed offenses could have a chilling effect on their work and make it more difficult for them to identify and address vulnerabilities in critical infrastructure and online services.

Expert Opinions

Experts in the cybersecurity field have expressed concerns about the potential impact of the bill on security research. They argue that the government needs to strike a balance between protecting national security and preserving the rights of ethical hackers.

“We need clear and proportionate legislation that does not stifle innovation and research,” said Dr. Steven Murdoch, a security researcher at the University of Cambridge.

Ongoing Debate

The debate over the proposed hacking law is ongoing, and it is unclear when a compromise will be reached. The government faces the challenge of balancing the need to protect online users with the importance of safeguarding free speech and security research.

The Data Bill: It’s time to cyber up

Published: Thu, 19 Dec 2024 09:42:00 GMT

The Data Bill: It’s Time to Cyber Up

The Data Bill, currently under consideration by the European Commission, aims to strengthen the European Union’s (EU) cybersecurity capabilities and protect critical infrastructure from cyber threats. This comprehensive legislation outlines a set of measures to address the rapidly evolving digital security landscape.

Key Provisions of the Data Bill:

Cybersecurity Certification Framework: Establishment of a harmonized cybersecurity certification framework to ensure that products and services meet minimum security standards.
Incident Reporting and Cooperation: Mandatory reporting of cybersecurity incidents to national authorities and improved collaboration between member states.
Investment in Research and Innovation: Increased funding for cybersecurity research and development to foster innovation and develop cutting-edge solutions.
Strengthening Cybersecurity Agencies: Expansion of the powers and resources of EU cybersecurity agencies, such as ENISA (European Union Agency for Cybersecurity).
Regulation of Critical Infrastructure: Enhanced measures for protecting critical infrastructure sectors, such as energy, transportation, and healthcare, from cyberattacks.

Benefits of the Data Bill:

Enhanced Cybersecurity Preparedness: The Data Bill provides a comprehensive framework for addressing cybersecurity threats, helping to protect critical infrastructure, businesses, and citizens.
Reduced Cybercrime: Mandatory incident reporting and cooperation measures make it easier to identify and prosecute cybercriminals, deterring future attacks.
Increased Vertrauen: The harmonized cybersecurity certification framework instills trust in digital products and services, fostering innovation and economic growth.
Alignment with International Standards: The Data Bill aligns with international cybersecurity best practices, strengthening the EU’s position in the global fight against cyber threats.

Challenges and Concerns:

Implementation Complexity: The bill’s comprehensive nature may pose challenges in implementation and enforcement.
Data Privacy Implications: Balancing cybersecurity measures with data privacy rights is crucial to avoid excessive surveillance.
Resource Constraints: The bill’s ambitious goals may require significant investment and resources, which may not be readily available.
Cybersecurity Skills Gap: The EU faces a shortage of qualified cybersecurity professionals, which could hinder the effective implementation of the bill.

Conclusion:

The Data Bill is a crucial step towards strengthening the EU’s cybersecurity posture amidst an ever-evolving threat landscape. By investing in research, improving cooperation, and regulating critical infrastructure, the bill seeks to protect the digital realm and foster trust. However, careful consideration of implementation challenges, privacy implications, and resource constraints is essential to ensure its success. By embracing the spirit of “cyber up,” the EU can enhance its cybersecurity capabilities and safeguard its digital future.

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Published: Thu, 19 Dec 2024 09:10:00 GMT

Innovation: The Driving Force

Embrace emerging technologies: Explore advancements like AI, ML, and blockchain to enhance cybersecurity capabilities.
Foster a culture of experimentation: Encourage teams to test and refine new ideas, embracing a “fail fast, learn faster” mindset.
Collaborate with cross-functional teams: Partner with business units to understand their risks and develop innovative solutions.

Insight: The Foundation for Informed Decisions

Establish a comprehensive risk management framework: Identify and prioritize threats, assess vulnerabilities, and implement appropriate controls.
Harness data analytics: Utilize tools to analyze cybersecurity data, identify trends, and predict emerging risks.
Enhance threat intelligence capabilities: Stay abreast of industry trends, threat actor tactics, and geopolitical developments to inform decision-making.

Influence: The Power to Create Change

Communicate effectively: Share security insights with board members, executives, and employees to raise awareness and drive action.
Advocate for security investments: Justify the need for cybersecurity funding and resources to protect critical assets.
Establish industry thought leadership: Participate in conferences, publish research, and engage with peers to influence cybersecurity practices.

The CISO Playbook for 2025 and Beyond

Evolving Threats and Trends

Increasingly sophisticated cyberattacks: Adversaries will employ AI, ML, and social engineering to target vulnerabilities.
Growing regulatory compliance requirements: Governments and industries will impose stricter cybersecurity regulations, increasing compliance burdens.
Cloud and IoT adoption: The expansion of connected devices and cloud services will create new attack surfaces.

Critical Capabilities and Strategies

Enhanced detection and response: Implement AI-driven tools and automated playbooks to detect and mitigate threats in real-time.
Resilient infrastructure: Adopt a zero-trust approach, segment networks, and implement disaster recovery plans.
Empowered workforce: Train employees on cybersecurity best practices and empower them to identify and report threats.

The Role of the CISO

Strategic advisor: Provide cybersecurity guidance and support to business leaders, enabling informed decision-making.
Change agent: Advocate for a culture of cybersecurity awareness and drive organizational transformation.
Trusted partner: Collaborate with internal and external stakeholders to build trust and foster a strong cybersecurity posture.

By embracing innovation, fostering insight, and leveraging influence, CISOs can position their organizations to navigate the evolving cybersecurity landscape and achieve success in 2025 and beyond.

What is a public key certificate?

Published: Thu, 19 Dec 2024 09:00:00 GMT

Public Key Certificate

A public key certificate is a digital document that binds a public key to an identity, such as a user, an organization, or a website. It serves as a trusted third-party verification of the public key’s authenticity and ownership.

Key Elements of a Certificate:

Public Key: The cryptographic key used to encrypt messages or verify digital signatures.
Identity: The name or entity associated with the public key.
Certificate Authority (CA): A trusted third party that issues and signs the certificate.
Signature: The CA’s digital signature that verifies the legitimacy of the certificate.
Validity Period: The start and end dates during which the certificate is valid.

Purpose of a Certificate:

Authentication: Verifies the identity of individuals or organizations in online transactions.
Secure Communication: Enables secure communication by encrypting messages using the public key in the certificate.
Digital Signatures: Provides a way to verify the authenticity and integrity of digital documents or software updates.

Types of Certificates:

SSL/TLS Certificates: Used for securing websites, ensuring that data exchanged during browsing is encrypted.
Code Signing Certificates: Verify the authenticity of software code, ensuring that it has not been tampered with.
Email Signing Certificates: Digitally sign emails to prove that they came from the claimed sender.

Uses of Certificates:

Secure online banking and e-commerce transactions
Secure website browsing (HTTPS)
Signing and verifying software programs
Encrypting and decrypting emails
Establishing secure VPN connections
Digital document authentication

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

Published: Thu, 19 Dec 2024 06:53:00 GMT

A French court has refused to expedite the trial of Thomas Herdman, the alleged distributor of the Sky ECC encrypted communications platform, despite a request from his defense team.

Herdman, who was arrested in Belgium in March 2021 and extradited to France in June 2022, is accused of being part of an international criminal network that used Sky ECC to facilitate drug trafficking and other crimes. He has denied the charges.

His defense team had requested that his trial be expedited, arguing that he had been in pre-trial detention for more than a year and that he was eager to clear his name. However, the court ruled that it was not possible to expedite the trial without compromising the rights of other defendants in the case.

The trial is now scheduled to begin on October 17, 2023.

Sky ECC was a popular encrypted communications platform used by criminals around the world. It was founded in 2010 by Jean-François Eap, a Belgian entrepreneur. The platform used a variety of encryption protocols to protect its users’ communications from interception.

In March 2021, Europol and the FBI launched a joint operation against Sky ECC. The operation, which was codenamed Operation Trojan Shield, involved the infiltration of Sky ECC’s network. This allowed law enforcement to access the platform’s users’ communications.

The operation led to the arrest of more than 800 people around the world. The arrests included members of criminal networks involved in drug trafficking, money laundering, and other crimes.

The takedown of Sky ECC was a major blow to criminals around the world. It demonstrated that law enforcement is becoming increasingly sophisticated in its ability to disrupt encrypted communications platforms.

The Security Interviews: Martin Lee, Cisco Talos

Published: Wed, 18 Dec 2024 07:14:00 GMT

Interviewer: Welcome to the Security Interviews, Martin. Thank you for taking the time to speak with me today.

Martin Lee: It’s my pleasure.

Interviewer: You’re the Head of Threat Intelligence at Cisco Talos. Can you tell us a bit about your role and responsibilities?

Martin Lee: As the Head of Threat Intelligence, I’m responsible for leading a team of analysts who identify, investigate, and track cyber threats. We provide our customers with timely and actionable intelligence that helps them protect their networks and systems.

Interviewer: Cisco Talos is a well-respected name in the threat intelligence industry. What do you think sets you apart from other providers?

Martin Lee: Our unique combination of expertise, technology, and global reach sets us apart. We have a team of seasoned analysts with deep expertise in different areas of cybersecurity. We also have a proprietary threat intelligence platform that allows us to collect and analyze data from a wide range of sources. And with a presence in over 100 countries, we have a global reach that few other providers can match.

Interviewer: What are some of the biggest challenges facing threat intelligence professionals today?

Martin Lee: One of the biggest challenges is the sheer volume of data that we have to deal with. There is so much information out there, it can be difficult to identify the most relevant and actionable threats. Another challenge is keeping up with the evolving threat landscape. Cybercriminals are constantly changing their tactics and techniques, so we need to be able to adapt quickly.

Interviewer: What advice would you give to organizations looking to improve their threat intelligence capabilities?

Martin Lee: First, I would recommend starting with a threat intelligence framework. This will help you to define your goals, identify your sources, and establish a process for managing and using threat intelligence. Second, I would advise organizations to invest in technology. A good threat intelligence platform can help you to automate many of the tasks involved in threat intelligence analysis, freeing up your analysts to focus on more strategic work. Third, I would recommend building relationships with other organizations in your industry. Sharing threat intelligence information can help you to stay ahead of the curve and better protect your organization.

Interviewer: Thank you for sharing your insights, Martin. I’m sure our readers will find them valuable.

Martin Lee: You’re welcome. It was a pleasure speaking with you.

Look to the future: How the threat landscape may evolve next

Published: Wed, 18 Dec 2024 06:48:00 GMT

Evolving Threat Landscape

Increased Sophistication and Automation:

Advanced threat actors will leverage AI, machine learning, and automation to enhance their attacks, making them more difficult to detect and mitigate.

Supply Chain Security Breaches:

Dependence on third-party vendors will continue to expose organizations to vulnerabilities, as attackers target supply chains to gain access to critical networks.

Ransomware as a Service (RaaS):

The growth of RaaS will make it easier for non-technical attackers to launch sophisticated ransomware attacks, increasing the volume and impact of these threats.

IoT and Connected Devices Vulnerabilities:

The proliferation of IoT devices and smart connected systems will create a vast attack surface, expanding the potential for cyberattacks.

Quantum Computing:

The advent of quantum computing may break existing encryption standards, making it crucial for organizations to invest in quantum-resistant cryptography.

Nation-State Threat Actors:

State-sponsored cyberattacks will continue to pose significant threats, targeting critical infrastructure, financial institutions, and government agencies.

Emergence of New Attack Vectors:

Attackers will explore innovative ways to exploit vulnerabilities, including:
- Social engineering and phishing attacks leveraging AI
- Exploiting cloud misconfigurations
- Targeting decentralized technologies like blockchain

Cyber Extortion and Data Theft:

Organizations face increased risk of data breaches and extortion attempts, as attackers aim to steal sensitive information and demand payment for its return.

Continued Importance of Insider Threats:

Disgruntled employees or malicious contractors may pose significant internal threats, accessing sensitive data and disrupting operations.

Shifting Regulatory Landscape:

Governments worldwide will implement stricter regulations to address evolving threats, requiring organizations to enhance their security measures.

Mitigation Strategies:

Advanced Security Technologies:

Implement AI-powered security solutions, threat intelligence platforms, and vulnerability management systems.

Supply Chain Risk Management:

Conduct due diligence on third-party vendors, monitor their security posture, and implement secure supplier onboarding practices.

Comprehensive Incident Response Plans:

Develop and test incident response plans tailored to address evolving threats, including ransomware and IoT vulnerabilities.

Continuous Monitoring and Threat Intelligence:

Monitor networks and systems proactively, using threat intelligence feeds to identify and mitigate potential threats.

Employee Awareness and Education:

Provide regular cybersecurity training to employees to reduce the risk of social engineering attacks and insider threats.

Cybersecurity Partnerships:

Collaborate with industry experts, law enforcement, and government agencies to share intelligence and respond to emerging threats.

Investment in Quantum-Resistant Technologies:

Begin transitioning to quantum-resistant cryptography and other security measures that can withstand quantum attacks.

2025-30: Geopolitical influence on cyber and the convergence of threat

Published: Tue, 17 Dec 2024 16:53:00 GMT

Geopolitical Influence on Cyber

Increased international tensions and geopolitical competition: Rising tensions between major powers intensify cyber-espionage, sabotage, and information warfare.
State-sponsored cyberattacks: States continue to engage in advanced cyberattacks against adversaries, targeting critical infrastructure, military targets, and political systems.
Cyber-enabled diplomacy: Cyberattacks become part of geopolitical strategies, with states using them to influence negotiations, punish rivals, and send messages.

Convergence of Cyber Threats

Convergence of physical and cyber threats: Cyberattacks increasingly target critical infrastructure, disrupting essential services and causing physical damage.
Blurred lines between malicious actors: Cybercriminals, hacktivists, and state-sponsored attackers collaborate or use similar tactics, making it difficult to identify and mitigate threats.
Evolution of malware and ransomware: Advanced malware and ransomware variants emerge, disrupting operations, stealing sensitive information, and demanding large ransoms.

Implications for 2025-30

These trends will have profound implications for the cyber landscape in 2025-30:

Increased cybersecurity risks: Organizations and governments face heightened cybersecurity risks as threats become more sophisticated and geopolitical tensions escalate.
Demand for resilient cybersecurity solutions: Organizations prioritize investing in robust cybersecurity measures to protect against advanced cyberattacks.
International cooperation on cybersecurity: States recognize the need for international cooperation to combat cyber threats, bolster infrastructure, and establish norms of responsible behavior in cyberspace.
Cybersecurity as a foreign policy tool: States leverage cybersecurity capabilities to achieve strategic objectives, including deterrence, coercion, and influence.
Emerging technologies and the cyber threat landscape: Artificial intelligence, quantum computing, and the Internet of Things introduce new challenges and opportunities for cyber defense and attack.

To mitigate these risks, it is crucial for organizations and governments to:

Enhance cybersecurity measures: Implement robust security protocols, invest in threat intelligence, and train staff on best practices.
Foster international cooperation: Participate in international forums and collaborate with allies to share information, coordinate responses, and develop common standards.
Address the convergence of threats: Develop strategies that address the interplay between physical and cyber threats and mitigate risks posed by malicious actors.
Stay abreast of emerging technologies: Monitor the evolution of technology and its impact on the cyber threat landscape to adapt cybersecurity strategies accordingly.

Using AI to build stronger client relationships in 2025

Published: Tue, 17 Dec 2024 16:45:00 GMT

Leveraging AI to Enhance Client Relationships in 2025

1. Personalized Communication and Engagement:

AI-powered chatbots and virtual assistants will offer real-time support, provide personalized recommendations, and engage clients in meaningful conversations.
Predictive analytics will identify client needs and interests, allowing for tailored communication and targeted marketing campaigns.

2. Proactive Relationship Management:

AI algorithms will monitor client interactions and identify potential issues or areas for improvement.
Automated reminders, personalized notifications, and early intervention will prevent communication gaps and strengthen relationships.

3. Data-Driven Insights and Analysis:

AI-powered analysis of customer data will provide valuable insights into client preferences, behaviors, and areas of dissatisfaction.
This data will inform decision-making, drive strategic initiatives, and enhance the overall client experience.

4. Predictive Segmentation and Targeting:

AI will segment clients based on demographics, behaviors, and preferences.
Targeted communication and marketing campaigns will be tailored to specific client segments, increasing engagement and conversion rates.

5. Personalized Recommendations and Offers:

AI algorithms will learn from past interactions and recommend relevant products, services, or deals that align with client needs.
Personalized recommendations will foster trust, increase sales, and enhance customer satisfaction.

6. Enhanced Customer Service:

AI-powered customer service agents will provide 24/7 support, resolve issues quickly, and offer tailored solutions.
Automated sentiment analysis will identify client feedback and provide real-time insights into areas for improvement.

7. Collaborative Client Relationship Management:

AI will enable collaboration between multiple teams within the organization, ensuring a consistent and cohesive client experience.
Shared dashboards and real-time communication will foster teamwork and improve client outcomes.

8. Data Security and Privacy:

AI-powered data protection measures will safeguard client information, ensuring compliance and protecting privacy.
Clients will trust businesses that prioritize data security, strengthening relationships and fostering loyalty.

9. Continuous Improvement and Optimization:

AI algorithms will continually analyze client interactions, identify patterns, and suggest improvements to processes and strategies.
This data-driven approach will drive ongoing enhancements and ensure that client relationships remain strong over time.

10. Collaboration with Human Teams:

AI will complement and empower human teams, freeing up their time to focus on high-value interactions and strategic initiatives.
AI-supported relationship management will enhance human capabilities and create a more productive and effective work environment.

Conservative MP adds to calls for public inquiry over PSNI police spying

Published: Tue, 17 Dec 2024 11:45:00 GMT

Conservative MP adds to calls for public inquiry over PSNI police spying

A Conservative MP has added his voice to calls for a public inquiry into alleged spying by the Police Service of Northern Ireland (PSNI).

David Davis, who served as Brexit Secretary under Theresa May, said there was “clear evidence” of a “pattern of wrongdoing” by the PSNI.

His comments came after the Police Ombudsman for Northern Ireland (PONI) published a report that found the PSNI had spied on journalists and politicians.

The PONI report found that the PSNI had collected and retained information on journalists and politicians without their knowledge or consent.

It also found that the PSNI had used covert surveillance techniques to gather information on people who were not suspected of any wrongdoing.

Davis said that the PONI report “raises serious questions about the conduct of the PSNI”.

He said that “a public inquiry is now necessary to get to the bottom of what happened and to hold those responsible to account”.

The PSNI has denied any wrongdoing and said that it will cooperate fully with any public inquiry.

However, Davis said that the PSNI’s denial “is not credible”.

He said that “the evidence of wrongdoing is clear” and that “a public inquiry is now necessary to get to the truth”.

The call for a public inquiry has been supported by a number of other politicians, including Sinn Féin leader Mary Lou McDonald.

McDonald said that the PONI report “has exposed a shocking catalogue of abuses by the PSNI”.

She said that “a full, independent public inquiry is now essential to uncover the full extent of this scandal”.

The PSNI is facing increasing pressure to hold a public inquiry into the alleged spying.

The Police Ombudsman has called for a public inquiry, and a number of politicians have also expressed their support for one.

It remains to be seen whether the PSNI will agree to hold a public inquiry. However, the pressure is mounting, and it is increasingly likely that one will be held.

What is PKI (public key infrastructure)?

Published: Tue, 17 Dec 2024 09:00:00 GMT

Public Key Infrastructure (PKI)

PKI is a system that manages and authenticates the use of public key cryptography for secure electronic communications. It consists of:

1. Certificate Authority (CA):

A trusted third-party that issues digital certificates to verify the identity of entities (e.g., websites, individuals).
The CA’s certificate is the root of trust in the PKI system.

2. Digital Certificates:

Electronic credentials that contain the public key and identity information of the certificate holder.
Used to establish a secure connection between two parties.

3. Public Key:

A mathematical key used to encrypt data.
Published and can be used by anyone to encrypt messages.

4. Private Key:

A mathematical key used to decrypt data encrypted with the public key.
Kept secret by the certificate holder.

How PKI Works:

Certificate Request: An entity (e.g., a website) requests a digital certificate from a CA.
Verification: The CA verifies the entity’s identity through a specified validation process.
Certificate Issuance: If verified, the CA issues a digital certificate containing the entity’s public key, identity, and validity period.
Certificate Distribution: The certificate is distributed to the entity for use online.
Client-Server Communication: When a client (e.g., a web browser) connects to a server, the server presents its digital certificate.
Certificate Validation: The client checks the certificate to verify its authenticity and trust the server.
Secure Channel Establishment: If the certificate is valid, a secure encrypted channel is established using the public and private keys.

Benefits of PKI:

Authentication: Verifies the identity of entities in electronic communications.
Confidentiality: Ensures that data is encrypted and can only be decrypted by authorized parties.
Integrity: Protects data from modification or tampering.
Non-repudiation: Provides evidence that an entity sent or received a message.
Enhanced Security: Allows for secure communication over unsecured networks (e.g., the internet).

What is passwordless authentication?

Published: Tue, 17 Dec 2024 09:00:00 GMT

Passwordless Authentication

Passwordless authentication is a method of accessing online accounts without the need for a traditional password. Instead, it relies on alternative credentials or verification methods to verify user identity.

Types of Passwordless Authentication:

1. Biometric Verification:

Fingerprint scan
Facial recognition
Voice recognition

2. One-Time Passwords (OTPs):

SMS-based OTPs
Email-based OTPs
Time-based OTPs (TOTPs)

3. Security Keys:

Physical tokens
USB-based
Bluetooth-based

4. Multi-Factor Authentication (MFA):

Combines multiple methods of authentication, such as OTPs with biometric verification.

Benefits of Passwordless Authentication:

Enhanced Security: Eliminates the risk of password theft or brute-force attacks.
Improved User Experience: No need to remember or reset passwords, making it faster and easier to access accounts.
Reduced Fraud: Lessens the likelihood of unauthorized account access.
Compliance: Meets regulatory requirements that mandate strong authentication.
Cost Savings: Eliminates the need for password management systems and incident response costs.

How Passwordless Authentication Works:

User Verification: The user provides an alternative credential (e.g., fingerprint, OTP) or combination of credentials (MFA).
Authentication: The authentication server verifies the user’s identity based on the provided credentials.
Account Access: Once verified, the user is granted access to their account without a password.

Examples of Passwordless Authentication:

Windows Hello: Uses facial recognition or fingerprint scan for authentication.
Apple Touch ID: Uses fingerprint scan for authentication.
Google Smart Lock: Allows users to sign in to websites and apps using their phone’s Bluetooth proximity.
Yubico YubiKey: A physical security key that generates OTPs.

Considerations for Passwordless Authentication:

Cost of Implementation: May require hardware upgrades or software changes.
Convenience: Some methods (e.g., biometrics) may be less convenient than passwords for certain users.
Security: While generally more secure than passwords, passwordless authentication methods can still be susceptible to vulnerabilities.

Tribunal criticises PSNI and Met Police for spying operation to identify journalists’ sources

Published: Tue, 17 Dec 2024 05:45:00 GMT

Tribunal Criticises PSNI and Met Police for Spying Operation

A tribunal has criticized the Police Service of Northern Ireland (PSNI) and the Metropolitan Police (Met) for conducting a covert spying operation that targeted journalists’ sources.

Background

In 2003, the PSNI launched an operation called “Project Rapid” to investigate paramilitary activity in Northern Ireland. As part of the investigation, the Met Police provided technical support, including the use of Automatic Number Plate Recognition (ANPR) cameras.

Spying Operation

The tribunal found that the spying operation involved:

Monitoring journalists’ movements using ANPR cameras
Recording journalists’ phone calls
Accessing journalists’ emails and social media accounts without their knowledge or consent

Journalists Affected

The operation targeted several journalists, including:

Gerry Moriarty of the Sunday World
John Ware of The Guardian
Siobhan Hegarty of the Irish Times
Suzanne Breen of the Sunday Times

Tribunal Findings

The tribunal concluded that the spying operation:

Violated journalists’ privacy rights
Chilling effect on journalism
Undermined the public’s trust in the police

The tribunal criticized both the PSNI and the Met Police for:

Not having appropriate legal authority for the operation
Failing to adequately protect journalists’ sources
Not fully disclosing the operation to the courts

Consequences

The tribunal’s findings have led to calls for:

Independent inquiry into the operation
Reforms to prevent similar abuses of power
Compensation for the journalists affected

The PSNI and the Met Police have apologized for the operation and vowed to learn from their mistakes. However, the tribunal’s findings have raised concerns about the potential for further surveillance and intimidation of journalists.

Private vs public AI: Which should your business use in 2025?

Published: Mon, 16 Dec 2024 15:21:00 GMT

Private AI

Pros:
- Tailored to specific business needs: Private AI models can be customized to address the unique requirements and pain points of your organization.
- Higher accuracy and efficiency: By focusing on specific business processes, private AI can deliver more accurate and efficient results compared to public models trained on general data.
- Improved security and data privacy: Private AI models are deployed and managed within your own infrastructure, ensuring greater control over data access and security.
Cons:
- Higher development costs: Developing private AI models requires significant investment in data collection, model building, and infrastructure.
- Limited external collaboration: Private AI models are not shared with other organizations, which limits opportunities for knowledge sharing and collaboration.
- Narrower scope: Private AI models focus on a specific domain or business process, which may not be applicable to wider industry trends or external data sources.

Public AI

Pros:
- Lower development costs: Public AI models are readily available and accessible, eliminating the need for costly data collection and model building.
- Broader perspective: Public AI models are trained on large and diverse datasets, providing a broad understanding of industry trends and generalizable knowledge.
- Easier access to expertise: Public AI models are developed by experts in the field, leveraging collective knowledge and best practices.
Cons:
- Limited customization: Public AI models cannot be easily modified to fit specific business needs. They may require additional fine-tuning or adaptation to ensure optimal performance.
- Potential bias: Public AI models may exhibit biases inherited from the training data, which can lead to inaccurate or unfair outcomes.
- Data security concerns: Public AI models are accessible to all users, raising concerns about data privacy and the potential for unauthorized access or misuse.

Which Option is Right for Your Business in 2025?

The choice between private and public AI depends on several factors:

Business size and complexity: Larger and more complex organizations may benefit from private AI to address their unique challenges and scale their operations.
Data availability and quality: If you have access to high-quality and relevant data, private AI can provide tailored solutions with higher accuracy.
Industry specificity: Private AI is particularly valuable in industries with specialized knowledge or where data is sensitive.
Collaboration and knowledge sharing: If your organization values external collaboration and access to the latest AI advancements, public AI may be a more suitable option.
Cost and resource constraints: Public AI models are more cost-effective and require fewer resources, making them attractive for organizations with limited budgets or technical expertise.

Hybrid Approach

In many cases, a hybrid approach that leverages both private and public AI can provide the optimal balance. Organizations can develop private AI models for their core business processes and supplement them with public AI models for insights from broader data sources or emerging trends.

What is a business continuity plan audit and how do you create one?

Published: Mon, 16 Dec 2024 14:00:00 GMT

What is a Business Continuity Plan Audit?

A business continuity plan audit is a comprehensive review and evaluation of an organization’s business continuity plan (BCP). It assesses the plan’s effectiveness, identifies areas for improvement, and ensures that the plan aligns with the organization’s business objectives.

How to Create a Business Continuity Plan Audit

1. Establish Scope and Objectives:

Define the scope of the audit, including the specific plans and areas to be reviewed.
Establish clear audit objectives, such as assessing plan effectiveness, identifying gaps, and recommending improvements.

2. Gather Information:

Collect relevant documentation, including the BCP, risk assessments, incident response plans, and employee training records.
Interview key personnel from various departments to gain insights into plan implementation and operations.

3. Conduct Risk Assessment:

Review the organization’s risk assessment and identify any critical processes or activities that could be impacted by disruptions.
Evaluate the plan’s coverage of these risks and assess its adequacy.

4. Test Plan Assumptions and Procedures:

Test key assumptions and procedures outlined in the BCP.
Conduct drills or exercises to simulate disruptions and observe how the plan is implemented.

5. Identify Gaps and Areas for Improvement:

Compare the plan’s performance against established audit criteria.
Identify gaps, inconsistencies, or areas where the plan does not meet expectations.

6. Develop Audit Findings and Recommendations:

Summarize the audit findings and identify deviations from the established objectives.
Develop clear and actionable recommendations to address the gaps and improve the plan’s effectiveness.

7. Report Findings and Recommendations:

Present the audit findings and recommendations to relevant stakeholders, including senior management and business unit leaders.
Seek approval for implementation of the recommendations and establish a timeline for follow-up.

8. Plan Maintenance and Monitoring:

Establish a regular schedule for reviewing and updating the BCP to ensure its ongoing effectiveness.
Monitor plan implementation and make necessary adjustments based on changes in the business environment or risk landscape.

Benefits of a Business Continuity Plan Audit:

Improved plan effectiveness
Enhanced disaster preparedness
Reduced downtime and business losses
Compliance with regulatory requirements
Increased confidence in the organization’s ability to respond to disruptions

The Security Interviews: Stephen McDermid, Okta

Published: Mon, 16 Dec 2024 08:15:00 GMT

Decoding the end of the decade: What CISOs should watch out for

Published: Fri, 13 Dec 2024 13:22:00 GMT

Deciphering the Cybersecurity Landscape at the Dawn of a New Era

As we bid farewell to the tumultuous 2020s and usher in the dawn of the 2030s, CISOs are poised at a critical juncture, navigating the ever-evolving cybersecurity landscape. This article delves into the key trends and challenges that will shape the industry in the coming years, empowering CISOs to make informed decisions and safeguard their organizations.

1. The Evolving Threat Landscape:

Sophisticated Attacks: Cybercriminals are becoming increasingly sophisticated, employing AI, machine learning, and social engineering techniques. This requires CISOs to stay ahead of the curve with threat intelligence and invest in advanced detection and response technologies.
Convergence of Threats: The lines between physical and cyber threats are blurring as IoT devices proliferate. CISOs must adopt a holistic approach to security, considering both traditional IT and operational technology (OT) systems.

2. Cloud Adoption and Hybrid Work:

Expanded Attack Surface: The widespread adoption of cloud computing and hybrid work models has significantly expanded the attack surface. CISOs must prioritize cloud security, investing in solutions such as cloud security posture management (CSPM).
Remote Workforce Protection: With employees accessing sensitive data and applications from anywhere, CISOs must strengthen endpoint protection and implement robust access control measures.

3. Data Privacy and Regulation:

Heightened Regulatory Scrutiny: Governments worldwide are enacting stringent data privacy regulations, such as GDPR and CCPA. CISOs need to ensure compliance, implement robust data protection mechanisms, and build a culture of privacy awareness within their organizations.
Data Breaches and Reputational Risks: Data breaches remain a major concern. CISOs must focus on data loss prevention (DLP) and invest in incident response plans to minimize reputational damage.

4. Cybersecurity Talent Shortage:

Critical Skill Gap: The cybersecurity industry faces a chronic talent shortage, making it difficult for organizations to find qualified professionals. CISOs should invest in training and development programs to attract and retain skilled talent.
Skills Evolution: The rapid evolution of technology requires cybersecurity professionals to constantly update their skills. CISOs should foster a culture of continuous learning and support employee development.

5. Emerging Technologies:

Quantum Computing: Quantum computers pose potential risks to encryption algorithms. CISOs should stay informed about the latest quantum computing developments and explore post-quantum cryptography solutions.
Artificial Intelligence (AI): AI can enhance cybersecurity by automating threat detection, but it also introduces new vulnerabilities. CISOs need to balance the benefits of AI with proper risk management and ethical considerations.

Navigating the Path Ahead:

To effectively address these challenges, CISOs should focus on:

Continuous Monitoring: Invest in advanced security analytics and SIEM solutions to detect and respond to threats in real-time.
Integrated Security Architecture: Establish a comprehensive security framework that integrates cloud, endpoint, and network security solutions.
Cybersecurity Awareness and Training: Educate employees on cybersecurity best practices and train them on detecting and reporting suspicious activities.
Collaboration and Information Sharing: Foster collaboration within the industry and leverage threat intelligence platforms to stay informed about emerging threats.

By embracing a proactive mindset, staying abreast of the latest trends, and implementing robust cybersecurity measures, CISOs can protect their organizations and drive success in the rapidly evolving digital landscape of the 2030s.

IT Security RSS Feed for 2024-12-21

IT Security RSS Feed for 2024-12-21

LockBit ransomware gang teases February 2025 return

Latest attempt to override UK’s outdated hacking law stalls

The Data Bill: It’s time to cyber up

Innovation, insight and influence: the CISO playbook for 2025 and beyond

What is a public key certificate?

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

The Security Interviews: Martin Lee, Cisco Talos

Top 10 cyber security stories of 2024

Look to the future: How the threat landscape may evolve next

Top 10 cyber crime stories of 2024

2025-30: Geopolitical influence on cyber and the convergence of threat

Using AI to build stronger client relationships in 2025

Conservative MP adds to calls for public inquiry over PSNI police spying

What is PKI (public key infrastructure)?

What is passwordless authentication?

Tribunal criticises PSNI and Met Police for spying operation to identify journalists’ sources

Private vs public AI: Which should your business use in 2025?

What is a business continuity plan audit and how do you create one?

The Security Interviews: Stephen McDermid, Okta

Decoding the end of the decade: What CISOs should watch out for