IT Security RSS Feed for 2024-12-22

Posted on 2024-12-22 Edited on 2025-04-03 In IT Security Word count in article: 44k Reading time ≈ 40 mins.

IT Security RSS Feed for 2024-12-22

LockBit ransomware gang teases February 2025 return

Published: Thu, 19 Dec 2024 12:56:00 GMT

LockBit Ransomware Gang Teases February 2025 Return

The notorious LockBit ransomware gang has hinted at a potential resurgence in February 2025, three years after its supposed takedown.

Background on LockBit

LockBit, a sophisticated ransomware operation, emerged in 2019 and quickly gained notoriety for its aggressive tactics and high-profile targets. In 2022, the gang was reportedly dismantled in a joint operation by law enforcement worldwide.

February 2025 Hint

On January 14, 2023, LockBit released a cryptic message on its Telegram channel, stating, “Wake me up when February ends, 2025.”

This message has raised speculation that the gang may be planning a comeback in three years. However, it is important to note that their intentions and capabilities remain unclear.

Potential Impact

If LockBit returns in 2025, it could have a significant impact on organizations worldwide. Ransomware attacks continue to be a major threat to businesses, governments, and individuals alike.

Increased Security Measures

In light of this potential threat, organizations are advised to take steps to enhance their security measures. This includes implementing robust anti-malware protections, conducting regular security audits, and implementing cybersecurity best practices.

Government Response

Law enforcement agencies are closely monitoring the situation and coordinating efforts to prevent or mitigate any potential attacks. Cooperation between countries and sharing of intelligence will be crucial in responding to LockBit or any other ransomware threat.

Conclusion

While the true intentions of LockBit remain unknown, their cryptic message has raised concerns about a potential resurgence in 2025. Organizations should take proactive steps to strengthen their security postures and prepare for the potential threat posed by ransomware gangs like LockBit.

Latest attempt to override UK’s outdated hacking law stalls

Published: Thu, 19 Dec 2024 11:10:00 GMT

Latest Attempt to Override UK’s Outdated Hacking Law Stalls

The UK government’s latest attempt to override its outdated hacking law has stalled, leaving campaigners and experts frustrated.

The Computer Misuse Act (CMA), enacted in 1990, has long been criticized for being too broad and outdated. It criminalizes unauthorized access to computer systems, even for legitimate purposes such as security research.

In 2019, the government launched a consultation on proposed reforms to the CMA. The reform package sought to introduce a new “authorized access” defense and create a new offense of “unauthorized access with intent to impair.”

However, the consultation has been delayed multiple times, with the government last week announcing that it has been withdrawn.

“The government has decided to withdraw its proposals for reform of the Computer Misuse Act and will undertake further work to consider the issues raised in the consultation,” the Department for Digital, Culture, Media and Sport (DCMS) said in a statement.

Campaigners and experts have expressed disappointment at the government’s decision.

“The government’s decision to withdraw its proposals is a major setback for the UK’s tech industry,” said Matt Warman, MP and Chair of the Digital, Culture, Media and Sport Select Committee. “The CMA is an outdated law that stifles innovation and research.”

Dr. Ian Levy, Technical Director of the National Cyber Security Centre (NCSC), said that the government’s decision “is a missed opportunity to modernize our laws and provide greater clarity and certainty for businesses and researchers.”

The CMA has been criticized for its overly broad definition of unauthorized access. For example, it has been used to prosecute researchers who have accessed computer systems to look for vulnerabilities without the permission of the system owner.

The proposed reforms would have introduced a new “authorized access” defense, which would have allowed researchers and others to access computer systems without authorization for legitimate purposes, such as security research.

The government’s decision to withdraw its proposals for reform of the CMA is a blow to efforts to modernize the UK’s outdated hacking law. It remains to be seen when and if the government will bring forward new proposals for reform.

The Data Bill: It’s time to cyber up

Published: Thu, 19 Dec 2024 09:42:00 GMT

The Data Bill: It’s Time to Cyber Up

In an era where data has become an indispensable asset, protecting its integrity has become paramount. Governments and corporations alike are grappling with the challenges posed by cyberattacks and data breaches, which have the potential to compromise sensitive information and disrupt critical infrastructure.

In response to these concerns, many jurisdictions are enacting comprehensive legislation to enhance data security and privacy. One such initiative is the Data Bill, a proposed law that aims to strengthen the United Kingdom’s approach to data governance and cybersecurity.

Key Provisions of the Data Bill:

Data Protection and Privacy: The Data Bill introduces stricter measures to protect personal data. It expands the powers of the Information Commissioner’s Office (ICO) to enforce data protection laws, including imposing significant fines for violations.
Cybersecurity Measures: The bill requires businesses to implement robust cybersecurity measures to protect data from unauthorized access, theft, or damage. It also establishes a National Cyber Force to enhance the government’s capabilities in defending against cyberattacks.
Data Sharing and Open Data: The Data Bill promotes data sharing between businesses and government agencies for legitimate purposes, such as improving public services and economic growth. It also introduces measures to make open data more accessible to researchers and the public.
Digital Identity: The bill establishes a framework for a digital identity system that allows individuals to securely authenticate their identity online. This system aims to reduce fraud and improve the user experience for digital services.

Benefits of the Data Bill:

Enhanced Data Security: The Data Bill strengthens cybersecurity measures, providing businesses with a clear framework for protecting data and mitigating the risks of cyberattacks.
Improved Privacy Protection: The bill’s data protection provisions provide individuals with greater control over their personal data, minimizing the potential for data breaches and misuse.
Innovation and Economic Growth: The Data Bill’s provisions on data sharing and open data aim to foster innovation and drive economic growth by making data more accessible.
National Security: The National Cyber Force established by the bill enhances the UK’s capabilities in defending against cyber threats, protecting critical infrastructure and national security interests.

Conclusion:

The Data Bill is a comprehensive piece of legislation that addresses the critical challenges of data governance and cybersecurity. By strengthening data protection measures, implementing robust cybersecurity measures, and promoting data sharing and open data, the bill aims to create a more secure, prosperous, and innovative digital environment for the United Kingdom. As governments and corporations continue to navigate the complexities of the digital age, it is essential that they adopt measures such as the Data Bill to safeguard data and protect the interests of citizens and businesses alike.

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Published: Thu, 19 Dec 2024 09:10:00 GMT

Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond

Introduction:

In the ever-evolving realm of cybersecurity, staying ahead of threats requires a proactive, transformative approach. CISOs must embrace innovation, foster insights, and exert influence to effectively protect their organizations in the years to come. This playbook outlines strategies for CISOs to navigate the future and ensure cybersecurity resilience.

Innovation: Driving Transformation

Embrace Emerging Technologies: Explore cutting-edge solutions such as AI, ML, and cloud computing to enhance threat detection, response, and monitoring.
Foster a Culture of Curiosity and Experimentation: Encourage a mindset of continuous learning and experimentation to identify potential vulnerabilities and innovative solutions.
Collaborate with Vendors and Startups: Partner with innovative cybersecurity providers to access cutting-edge technologies and gain insights from their expertise.

Insight: Generating Value from Data

Develop a Data-Driven Cybersecurity Strategy: Leverage data to identify patterns, trends, and correlations that inform decision-making and risk management.
Utilize Security Analytics and Visualization: Employ tools that provide visual representations of security data, enabling CISOs to quickly grasp complex information.
Foster Collaboration and Sharing of Insights: Establish channels for exchanging threat intelligence and best practices with industry peers and law enforcement agencies.

Influence: Shaping the Future

Advocate for Cybersecurity at the Executive Level: Elevate cybersecurity concerns to the highest levels of management, ensuring it is recognized as a strategic business priority.
Build Strong Relationships with Stakeholders: Engage with business leaders, IT teams, and other stakeholders to understand their needs and align cybersecurity initiatives with organizational goals.
Influence Cybersecurity Policy and Regulation: Engage with policymakers and legislators to shape cybersecurity laws and standards, ensuring the protection of critical infrastructure and sensitive data.

Key Considerations for 2025 and Beyond

Increased Sophistication of Cyberattacks: Threat actors will continue to evolve their tactics and capabilities, requiring CISOs to stay one step ahead.
Cloud Security and Data Privacy: The adoption of cloud computing will necessitate a focus on securing cloud environments and protecting customer data.
IoT and Operational Technology: The proliferation of IoT devices and operational technology will create new attack surfaces that CISOs must address.
Cybersecurity as a Business Enabler: Cybersecurity must be integrated into business processes to support innovation and growth.
Building a Cybersecurity-Savvy Workforce: Training and upskilling employees in cybersecurity is crucial for creating a more resilient organization.

Conclusion

By embracing innovation, generating insights, and exerting influence, CISOs can position their organizations for cybersecurity success in 2025 and beyond. This playbook provides a roadmap for driving transformation, ensuring resilience, and shaping the future of cybersecurity. As technology continues to evolve, CISOs must lead with vision, collaboration, and a relentless commitment to protecting their organizations and the broader digital ecosystem.

What is a public key certificate?

Published: Thu, 19 Dec 2024 09:00:00 GMT

A public key certificate, also known as a digital certificate, is an electronic document that serves the following purposes:

Identity Verification: It verifies the identity of the website, server, or entity that is presented online. It is similar to presenting a passport or ID card in the physical world.
Public Key Distribution: It contains the public key of the entity, which is used for encrypting data sent to it. The public key is a unique digital code that allows the receiver to decrypt messages that are encrypted with the corresponding private key.
Validation of Signature: It includes a digital signature from a trusted third party, known as a Certificate Authority (CA), which confirms the authenticity and integrity of the certificate.

Here’s a simplified analogy to illustrate its function:

Envelope with Address and Stamp: The public key certificate is like a sealed envelope.
Public Address: The public key is the address written on the envelope.
Private Key: The corresponding private key is like a secret code inside the envelope.
Postmark and Seal: The digital signature from the CA is like a postmark and seal, ensuring the authenticity of the envelope.

In practice, when you visit a secure website, your browser checks for its public key certificate. If the certificate is valid and trusted by your browser, it establishes a secure connection using the public key to encrypt data. This ensures that your sensitive information, such as passwords or credit card numbers, is protected from eavesdropping or interception.

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

Published: Thu, 19 Dec 2024 06:53:00 GMT

Paris, France - A French court has rejected a request to expedite the trial of Thomas Herdman, the alleged distributor of the Sky ECC encrypted communications platform.

Herdman was arrested in 2021 and charged with organized crime, money laundering, and drug trafficking. Prosecutors believe he played a key role in distributing Sky ECC devices to criminal organizations worldwide.

Last month, Herdman’s lawyers requested that his trial be expedited so that he could clear his name. However, the court ruled that the investigation is ongoing and that there is no urgent need to hold a trial at this time.

The court’s decision is a setback for Herdman, who has been in custody for over a year. His lawyers have argued that he is innocent and that he should be released while awaiting trial.

The Sky ECC platform was used by criminal organizations to communicate securely about their illegal activities. Law enforcement agencies around the world were able to crack the encryption in 2021, leading to a series of arrests and seizures.

Herdman is one of several individuals who have been charged in connection with the Sky ECC investigation. The trial of Vincent Ramos, the alleged founder of Sky ECC, is scheduled to begin in 2024.

The refusal to expedite Herdman’s trial is a reminder that the French justice system is often slow and bureaucratic. It can take years for cases to come to trial, and defendants can spend long periods in custody before their guilt or innocence is determined.

The Security Interviews: Martin Lee, Cisco Talos

Published: Wed, 18 Dec 2024 07:14:00 GMT

The Security Interviews: Martin Lee, Cisco Talos

Martin Lee, a Senior Security Researcher at Cisco Talos, has a wealth of experience in the cybersecurity industry. He’s worked on numerous high-profile projects, including the investigation of the “WannaCry” ransomware outbreak. In this interview, Martin discusses the current state of cybersecurity, the challenges faced by security professionals, and the future of the industry.

Q: What are the biggest challenges facing security professionals today?

A: The biggest challenge facing security professionals today is the constantly evolving threat landscape. Cybercriminals are constantly developing new and sophisticated ways to attack systems, so it’s essential for security professionals to stay up-to-date on the latest threats and trends.

Another big challenge is the lack of skilled cybersecurity professionals. The demand for cybersecurity professionals is growing rapidly, but there aren’t enough qualified people to fill the available positions. This can make it difficult for organizations to find the talent they need to protect their systems and data.

Q: What are some of the most common security threats that organizations face?

A: Some of the most common security threats that organizations face include:

Malware: Malware is malicious software that can damage or disable computer systems. Malware can be delivered via email attachments, malicious websites, or USB drives.
Phishing: Phishing attacks attempt to trick users into giving up their personal information, such as their passwords or credit card numbers. Phishing attacks can be delivered via email, text message, or social media.
Ransomware: Ransomware is a type of malware that encrypts files on a computer system and demands a ransom payment to decrypt them. Ransomware attacks can be very disruptive and can cause organizations to lose valuable data.
DDoS attacks: DDoS attacks are distributed denial of service attacks that attempt to flood a website or server with traffic, causing it to become unavailable. DDoS attacks can be very disruptive and can cause organizations to lose revenue.

Q: What are some of the best practices that organizations can follow to improve their security posture?

A: Some of the best practices that organizations can follow to improve their security posture include:

Implementing a layered security approach: A layered security approach involves using multiple security controls to protect systems and data. This can include using firewalls, intrusion detection systems, and anti-virus software.
Educating employees about security: Employees are one of the most important lines of defense against cyberattacks. It’s essential to educate employees about security risks and best practices.
Keeping software up-to-date: Software vulnerabilities can provide cybercriminals with an easy way to attack systems. It’s essential to keep software up-to-date to patch any vulnerabilities.
Backing up data regularly: Backing up data regularly can help protect organizations from data loss in the event of a cyberattack or other disaster.
Having an incident response plan in place: An incident response plan can help organizations respond quickly and effectively to cyberattacks.

Q: What do you see as the future of cybersecurity?

A: I believe that the future of cybersecurity will see a continued increase in the use of artificial intelligence (AI). AI can be used to automate many security tasks, such as threat detection and response. AI can also be used to develop new and innovative security solutions.

I also believe that the future of cybersecurity will see a greater focus on collaboration between the public and private sectors. Cybersecurity is a global problem that requires a global solution. The public and private sectors need to work together to share information and best practices.

Conclusion

Martin Lee is a highly respected cybersecurity expert with a wealth of experience. His insights on the current state of cybersecurity, the challenges faced by security professionals, and the future of the industry are invaluable. Organizations that are looking to improve their security posture should take note of his advice.

Look to the future: How the threat landscape may evolve next

Published: Wed, 18 Dec 2024 06:48:00 GMT

Evolving Threat Landscape

1. Cybercrime as a Service (CaaS):

Crimeware tools and services will become increasingly affordable and accessible as a subscription model.
This will enable less skilled individuals and groups to launch sophisticated cyberattacks.

2. Deepfake Attacks:

Advances in artificial intelligence (AI) will enable the creation of highly realistic deepfakes, making it difficult to distinguish between real and synthetic content.
This can be used for phishing, fraud, and other malicious purposes.

3. Quantum Computing:

Quantum computers have the potential to break current encryption methods.
This could lead to a surge in data breaches and a need for organizations to develop post-quantum cryptography.

4. Convergence of Physical and Cyber Threats:

The line between physical and cybersecurity will continue to blur.
Attacks on critical infrastructure, such as energy grids and water systems, could have devastating real-world consequences.

5. Cloud Infrastructure Abuse:

Cloud services offer convenience and scalability, but they also introduce new security risks.
Malicious actors may exploit vulnerabilities in cloud infrastructure to gain access to sensitive data.

6. Supply Chain Attacks:

The increasing interconnectedness of organizations and their suppliers makes the supply chain a vulnerable target.
Attacks on software or hardware components can ripple through multiple companies and disrupt operations.

7. Biohacking:

Advances in biotechnology could lead to the creation of new types of cyberattacks targeting human biology.
Implants or genetic modifications could be used to spy on individuals or manipulate their behavior.

8. Cybersecurity Fatigue:

The constant barrage of cyberattacks can lead to cybersecurity fatigue among organizations and individuals.
This can result in complacency and a decrease in vigilance, making organizations more vulnerable to threats.

9. Artificial Intelligence-Driven Attacks:

AI can be used to automate and enhance cyberattacks, making them more effective and difficult to detect.
Malicious actors may also use AI to generate new types of malware and exploit vulnerabilities.

10. Geopolitical Tensions:

Cyberattacks are becoming increasingly prevalent as a tool of geopolitical influence and warfare.
Nations and non-state actors may use cyber capabilities to disrupt rivals or gain an advantage.

2025-30: Geopolitical influence on cyber and the convergence of threat

Published: Tue, 17 Dec 2024 16:53:00 GMT

Geopolitical Influence on Cyber: 2025-30

Rising cyber power dynamics:

Increasing prominence of China, Russia, and Iran as major cyber actors
Emergence of new players such as North Korea and Saudi Arabia
Competition and tensions among major powers in cyberspace

National cyber sovereignty and fragmentation:

Governments prioritizing national control over cyberspace
Restrictions on data flows and online content
Emergence of cyber splinternets and balkanization of the internet

Cybersecurity cooperation and conflict:

Intensifying efforts to build international cooperation frameworks
Potential for conflict escalation if cyber attacks are perceived as threats to national security
Increased reliance on “tit-for-tat” responses in cyberspace

Convergence of Threat: 2025-30

Convergence of physical and digital threats:

Cyber attacks targeting critical infrastructure, leading to disruptions in energy, transportation, and communications
Physical attacks against communication networks, disrupting internet access and online services

Growth of ransomware and extortion:

Continued rise of sophisticated ransomware attacks, extorting payments from businesses and individuals
Development of specialized tools and tactics for ransomware campaigns

Artificial intelligence and machine learning in cyber operations:

Increasing use of AI and machine learning to enhance cyber attacks and defenses
Advancements in AI-driven reconnaissance, surveillance, and penetration testing
Potential for autonomous cyber weapons systems

State-sponsored disinformation and propaganda:

Continued exploitation of social media and online platforms for spreading disinformation
Influence operations targeting elections, public opinion, and foreign policy
Rise of deepfakes and other advanced manipulation techniques

Combating the Convergence of Threat:

Strengthening international cooperation:

Establishing clear norms and frameworks for responsible state behavior in cyberspace
Developing mechanisms for information sharing and incident response
Promoting capacity building and technical assistance

Investing in cybersecurity resilience:

Implementing robust security measures for critical infrastructure and online services
Educating users about cyber threats and best practices
Conducting regular vulnerability assessments and penetration testing

Leveraging technology to counter threats:

Utilizing AI and machine learning for threat detection, analysis, and response
Developing automated incident response systems to mitigate damage from cyber attacks
Exploring blockchain and other emerging technologies for data protection and integrity

Using AI to build stronger client relationships in 2025

Published: Tue, 17 Dec 2024 16:45:00 GMT

Using AI to Enhance Client Relationships in 2025

1. Personalized Customer Experiences:

AI-powered chatbots and virtual assistants provide tailored interactions based on customer preferences and past interactions, enhancing engagement and satisfaction.
Machine learning algorithms analyze customer data to create personalized recommendations, offers, and loyalty programs, fostering stronger relationships.

2. Predictive Analytics and Proactive Support:

AI models analyze customer behavior and identify patterns, enabling businesses to predict future needs and provide proactive support.
AI-driven alerts notify customer service teams of potential issues or opportunities, allowing them to address them swiftly and effectively.

3. Customer Segmentation and Targeted Marketing:

AI-based segmentation techniques identify customer groups with similar needs and preferences.
Tailored marketing campaigns designed for specific segments foster more relevant and engaging experiences, improving customer loyalty and conversions.

4. Omnichannel Engagement:

AI-powered platforms seamlessly connect businesses with customers across multiple channels (e.g., email, chat, social media).
Consistent and convenient communication strengthens relationships and ensures a positive customer experience.

5. Automated Relationship Management:

AI automates repetitive tasks related to relationship management, freeing up human resources to focus on high-value interactions.
Automated check-ins, personalized updates, and reminder notifications keep customers engaged and informed.

6. Sentiment Analysis and Feedback Management:

AI-powered sentiment analysis tools monitor customer feedback and identify areas for improvement.
Automated response systems acknowledge customer concerns and provide real-time support, strengthening trust and loyalty.

7. Predictive Customer Churn:

AI models analyze customer behavior to identify potential risks of churn.
Early detection allows businesses to implement personalized retention strategies and prevent valuable relationships from dissolving.

8. AI-Driven Content Curation:

AI platforms generate personalized content recommendations based on customer preferences.
Relevant and informative content fosters engagement, strengthens relationships, and positions businesses as trusted advisors.

9. Personalized Follow-Up and Upselling:

AI-powered recommendation engines suggest appropriate products or services based on customer history and preferences.
Automated follow-up campaigns nurture relationships and drive upselling opportunities, increasing customer lifetime value.

10. Customer Service Chatbot Enhancement:

AI-powered chatbots become more sophisticated, providing natural language processing, emotional intelligence, and context-aware responses.
Improved chatbot experiences strengthen customer engagement and reduce the need for live agent support, freeing up resources for more complex interactions.

By leveraging these AI applications, businesses can transform customer relationships, foster loyalty, increase conversions, and gain a competitive edge in the evolving digital landscape of 2025.

Conservative MP adds to calls for public inquiry over PSNI police spying

Published: Tue, 17 Dec 2024 11:45:00 GMT

Conservative MP adds to calls for public inquiry over PSNI police spying

DUP and Alliance Party also back inquiry into alleged spying by Police Service of Northern Ireland (PSNI) on solicitors
PSNI denies wrongdoing but has agreed to review allegations

A Conservative MP has added his voice to calls for a public inquiry into alleged spying by the Police Service of Northern Ireland (PSNI) on solicitors.

David Davis, the former Brexit secretary, said on Tuesday that the allegations were “deeply concerning” and that “a full and transparent investigation is needed”.

The DUP and Alliance Party have also backed calls for an inquiry.

The allegations stem from a report by the Police Ombudsman for Northern Ireland, which found that the PSNI had spied on a number of solicitors between 2002 and 2008.

The report found that the PSNI had used covert surveillance techniques, such as phone taps and bugs, to gather information on the solicitors.

The PSNI has denied any wrongdoing, but has agreed to review the allegations.

Mr Davis said that the allegations were “a serious threat to the rule of law” and that “it is essential that the public have confidence in the impartiality and integrity of the police”.

He said that a public inquiry was the best way to get to the bottom of the allegations and to restore public confidence in the PSNI.

The DUP’s Gregory Campbell said that an inquiry was “the only way to get to the truth” of the allegations.

He said that the people of Northern Ireland “deserve to know if the PSNI was spying on them illegally”.

The Alliance Party’s Stephen Farry said that an inquiry was “essential” to ensure that the PSNI was “accountable to the public”.

He said that the allegations had “cast a shadow over the PSNI’s reputation”.

The PSNI has said that it is “committed to transparency and accountability” and that it will “co-operate fully” with any inquiry.

However, it has also said that it believes that the allegations are “unfounded”.

The PSNI said that it had “a long history of working with solicitors” and that it “values the relationship”.

It said that it had “no interest in spying on solicitors” and that it “would not tolerate any such activity”.

The PSNI said that it had “already taken steps to review our practices” and that it would “continue to do so”.

What is passwordless authentication?

Published: Tue, 17 Dec 2024 09:00:00 GMT

Passwordless authentication, also known as passwordless login or zero-trust authentication, is a method of accessing an online account or application without the use of a traditional password. It typically involves the use of alternative authentication methods, such as:

Biometric authentication: Using unique physical characteristics, such as fingerprints, facial recognition, or voice recognition, to verify the user’s identity.
Multi-factor authentication (MFA): Requiring multiple different factors of authentication, such as a one-time password (OTP) sent to a phone or email, to verify the user’s identity.
Magic links: Sending a unique link to the user’s email or phone, which when clicked, logs the user into the account without requiring a password.
Security keys: Inserting a physical security key into the device to verify the user’s identity.

Passwordless authentication aims to improve security by eliminating the vulnerabilities associated with traditional passwords, which can be easily stolen, cracked, or leaked. By utilizing alternative authentication methods, passwordless authentication provides a more secure and convenient way to access online accounts and applications.

What is PKI (public key infrastructure)?

Published: Tue, 17 Dec 2024 09:00:00 GMT

Public Key Infrastructure (PKI) is a system that enables the secure exchange of information between two parties over an untrusted network. It is used to create a secure communication channel between two parties by using public key encryption and digital certificates.

PKI utilizes a pair of cryptographic keys, a public key and a private key. The public key is made publicly available, while the private key is kept secret. When one party wants to send a message to another party, they encrypt the message using the recipient’s public key. Only the recipient can decrypt the message using their corresponding private key.

PKI also uses digital certificates to verify the identity of the parties involved in the communication. A digital certificate is an electronic document that contains information about the certificate holder, such as their name, email address, and public key. The certificate is signed by a trusted third party, known as a Certificate Authority (CA), which verifies the identity of the certificate holder.

PKI is used in a variety of applications, including:

Secure web browsing (HTTPS)
Email encryption (S/MIME)
Secure file transfer (SFTP)
Digital signatures
Code signing
Authentication and authorization

PKI plays a critical role in ensuring the security and privacy of online communications. By using PKI, businesses and individuals can protect their sensitive information from unauthorized access and eavesdropping.

Tribunal criticises PSNI and Met Police for spying operation to identify journalists’ sources

Published: Tue, 17 Dec 2024 05:45:00 GMT

Tribunal criticises PSNI and Met Police for spying operation to identify journalists’ sources

A tribunal has criticised the Police Service of Northern Ireland (PSNI) and the Metropolitan Police Service (MPS) for carrying out a spying operation to identify journalists’ sources.

The operation, codenamed Operation Kenova, was launched in 2010 after a series of leaks from within the PSNI. The aim of the operation was to identify the journalists who had received the leaks and their sources within the PSNI.

The tribunal heard that the PSNI and MPS used a variety of methods to gather intelligence on journalists, including phone records, email accounts, and social media activity. The tribunal also heard that the PSNI and MPS had obtained a warrant to intercept the communications of a journalist.

The tribunal concluded that the PSNI and MPS had breached the European Convention on Human Rights by carrying out the spying operation. The tribunal said that the operation was not justified in the public interest and that it had a chilling effect on freedom of expression.

The tribunal’s findings are a significant blow to the PSNI and MPS. They are also a reminder of the importance of freedom of expression and the need to protect journalists from state surveillance.

Reaction

The PSNI and MPS have said that they will “carefully consider” the tribunal’s findings. The National Union of Journalists (NUJ) has welcomed the tribunal’s findings and has called for an independent inquiry into the spying operation.

Background

Operation Kenova was launched in 2010 after a series of leaks from within the PSNI. The leaks included information about the PSNI’s investigation into the murder of PSNI officer Ronan Kerr.

The PSNI and MPS have said that the spying operation was necessary to protect the security of the state. However, the tribunal has concluded that the operation was not justified in the public interest and that it had a chilling effect on freedom of expression.

Private vs public AI: Which should your business use in 2025?

Published: Mon, 16 Dec 2024 15:21:00 GMT

Private AI

Advantages:
- Control over data and models
- Tailored to specific business needs
- Enhanced security and privacy
Disadvantages:
- High development and maintenance costs
- Limited access to external data and expertise
- Potential for bias due to limited training data

Public AI

Advantages:
- Access to pre-trained models and frameworks
- Lower development and maintenance costs
- Broader range of data for training
Disadvantages:
- Limited customization options
- Loss of control over data and model usage
- Potential security and privacy concerns

Factors to Consider for Decision:

1. Business Objectives:

Define specific AI use cases and align them with business goals.
Consider the need for tailored solutions or access to general-purpose AI.

2. Data Availability and Quality:

Assess the availability, quality, and sensitivity of data required for AI training.
Determine if private ownership of data is crucial for business operations.

3. Budget and Resources:

Estimate the costs associated with developing, maintaining, and scaling AI solutions.
Consider the availability of in-house expertise or the need for external AI vendors.

4. Security and Privacy:

Evaluate the importance of data protection and privacy in the AI use case.
Determine if private ownership and control of AI models is necessary for compliance and trust.

5. Innovation and Agility:

Assess the need for ongoing innovation and flexibility in AI solutions.
Consider the advantages of accessing external AI resources and expertise.

Recommendations for 2025:

Private AI:
- Consider for mission-critical applications where data sensitivity, security, and tailored solutions are paramount.
- Focus on developing in-house expertise and partnerships with specialized AI vendors.
Public AI:
- Explore for general-purpose AI applications where customization is not essential.
- Leverage pre-trained models and frameworks to reduce development costs and accelerate time-to-market.
Hybrid Approach:
- Consider a combination of private and public AI to balance control and flexibility.
- Use private AI for sensitive or high-value use cases, and public AI for complementary applications.

Conclusion:

The choice between private and public AI for businesses in 2025 will depend on a range of factors. By carefully considering business objectives, data availability, budget, security concerns, and innovation needs, organizations can make informed decisions that maximize the value of AI for their operations.

What is a business continuity plan audit and how do you create one?

Published: Mon, 16 Dec 2024 14:00:00 GMT

What is a Business Continuity Plan Audit?

A business continuity plan (BCP) audit is a systematic and independent examination of a BCP to assess its effectiveness and compliance with established standards and regulations. It involves evaluating the plan’s ability to restore critical business operations in the event of a disruption.

How to Create a Business Continuity Plan Audit:

Step 1: Plan and Scope

Define the audit’s purpose, objectives, and scope.
Identify the areas of the BCP that will be audited.
Establish a timeline for the audit.

Step 2: Gather Data

Review the BCP and supporting documentation.
Conduct interviews with key personnel involved in the plan.
Observe tests and exercises that have been conducted.
Collect historical data on disruptions and their impact on the organization.

Step 3: Assess Controls

Evaluate the effectiveness of the BCP’s controls, such as:
- Plan design and documentation
- Risk identification and assessment
- Response and recovery strategies
- Communication and coordination procedures
- Training and testing programs

Step 4: Identify Deficiencies

Document areas where the BCP does not meet established standards or requirements.
Identify gaps or weaknesses in the plan’s functionality.

Step 5: Develop Recommendations

Propose specific actions to address identified deficiencies.
Provide guidance on how to improve the effectiveness of the BCP.
Establish timelines for implementing recommendations.

Step 6: Report and Follow-up

Prepare an audit report summarizing the findings, recommendations, and action steps.
Schedule regular reviews to monitor progress in implementing recommendations.

Best Practices for Business Continuity Plan Audits:

Use Independent Auditors: Auditors should be objective and free from any vested interests in the plan.
Consider Internal and External Audits: Internal audits can focus on internal controls and compliance, while external audits can provide an independent assessment and credibility.
Review Regularly: Audits should be conducted on a regular basis (e.g., annually) to ensure the plan remains effective and relevant.
Test the Plan: Audits should include testing of the plan’s response and recovery strategies to verify their functionality.
Document Findings and Recommendations: Prepare a detailed audit report that clearly communicates the findings and recommendations.

The Security Interviews: Stephen McDermid, Okta

Published: Mon, 16 Dec 2024 08:15:00 GMT

The Security Interviews: Stephen McDermid, Okta

Interviewer: Welcome to The Security Interviews, Stephen. It’s great to have you here.

Stephen McDermid: Thanks for having me.

Interviewer: Can you tell us a little bit about your background and how you got into the field of security?

Stephen McDermid: Sure. I’ve been in the security industry for over 20 years. I started out as a software engineer, but I quickly realized that I was more interested in the security aspects of software development. I moved into a security engineering role, and then eventually into management. I’ve worked for a number of different companies, including Symantec, RSA, and now Okta.

Interviewer: What are some of the biggest challenges that you see in the security industry today?

Stephen McDermid: There are a number of challenges, but I think the biggest one is the constantly evolving threat landscape. New threats are emerging all the time, and it’s difficult to keep up. Another challenge is the shortage of skilled security professionals. There are simply not enough qualified people to fill all the open security jobs.

Interviewer: What do you think are the most important qualities of a successful security professional?

Stephen McDermid: I think the most important qualities are technical expertise, communication skills, and a passion for security. Security professionals need to have a deep understanding of the technical aspects of security, but they also need to be able to communicate effectively with both technical and non-technical audiences. And of course, they need to be passionate about security and have a strong desire to protect their organization from threats.

Interviewer: What are some of the trends that you’re seeing in the security industry?

Stephen McDermid: I’m seeing a number of trends, including the increasing use of cloud computing, the rise of mobile devices, and the growing sophistication of cyberattacks. These trends are all having a significant impact on the way that organizations approach security.

Interviewer: What advice would you give to someone who is just starting out in the security industry?

Stephen McDermid: I would advise them to get as much experience as possible. Start by learning the basics of security, and then specialize in a particular area. There are many different areas of security to choose from, so it’s important to find one that you’re interested in. And finally, never stop learning. The security industry is constantly evolving, so it’s important to stay up-to-date on the latest trends and technologies.

Interviewer: Thanks for your time, Stephen.

Stephen McDermid: You’re welcome.

Decoding the end of the decade: What CISOs should watch out for

Published: Fri, 13 Dec 2024 13:22:00 GMT

Cyber Threats on the Rise:

Ransomware Extortion: Sophisticated attacks will target critical infrastructure and demand higher ransoms.
Supply Chain Attacks: Threat actors will exploit vulnerabilities in interconnected systems to disrupt operations.
IoT Exploits: The proliferation of IoT devices creates entry points for attackers, leading to data breaches and service outages.

Evolving Cybersecurity Landscape:

Zero Trust Architectures: Organizations will adopt zero trust principles to assume every user and device is a potential threat.
Cloud Security Maturity: Cloud adoption will continue, necessitating strong cloud security practices to prevent data breaches.
Artificial Intelligence (AI) in Cybersecurity: AI and machine learning will enhance threat detection and response capabilities.

Regulatory and Compliance Challenges:

Increased Data Privacy Laws: Governments will introduce stricter data protection regulations, requiring organizations to invest in compliance measures.
Cybersecurity Insurance Premiums: Rising cyber risks will drive up cybersecurity insurance costs, forcing companies to re-evaluate their coverage.

Workforce Development:

Cybersecurity Skills Gap: The demand for skilled cybersecurity professionals will outpace supply, leading to a shortage in qualified talent.
Continuous Training and Certification: CISOs must prioritize ongoing training and certification programs to keep up with evolving threats.

Emerging Trends:

Cybersecurity Mesh Architecture: A decentralized approach to security that connects diverse security solutions to provide enhanced visibility and control.
Extended Detection and Response (XDR): Integrates multiple security tools to detect and respond to threats across the entire IT infrastructure.
Cyber Threat Intelligence (CTI): Sharing information about cyber threats and vulnerabilities among organizations to improve collective defense.

Recommendations for CISOs:

Adopt a proactive stance: Regularly assess risks and invest in preventive measures.
Embrace innovation: Leverage AI, cloud security, and zero trust principles to enhance cybersecurity posture.
Prioritize workforce development: Invest in training and certification programs to address the cybersecurity skills gap.
Enforce robust data privacy practices: Comply with regulatory requirements and implement strong data protection measures.
Collaborate with external stakeholders: Share information and best practices with industry partners and law enforcement agencies.
Keep abreast of industry trends: Stay informed about emerging threats and technologies to adapt and respond effectively.

IT Security RSS Feed for 2024-12-22

IT Security RSS Feed for 2024-12-22

LockBit ransomware gang teases February 2025 return

Latest attempt to override UK’s outdated hacking law stalls

The Data Bill: It’s time to cyber up

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond

Innovation: Driving Transformation

Insight: Generating Value from Data

Influence: Shaping the Future

Key Considerations for 2025 and Beyond

Conclusion

What is a public key certificate?

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

The Security Interviews: Martin Lee, Cisco Talos

Top 10 cyber security stories of 2024

Look to the future: How the threat landscape may evolve next

Top 10 cyber crime stories of 2024

2025-30: Geopolitical influence on cyber and the convergence of threat

Using AI to build stronger client relationships in 2025

Conservative MP adds to calls for public inquiry over PSNI police spying

What is passwordless authentication?

What is PKI (public key infrastructure)?

Tribunal criticises PSNI and Met Police for spying operation to identify journalists’ sources

Private vs public AI: Which should your business use in 2025?

What is a business continuity plan audit and how do you create one?

The Security Interviews: Stephen McDermid, Okta

Decoding the end of the decade: What CISOs should watch out for