Security Archives - IBA Group - USA https://us.ibagroupit.com/tag/security/ Mon, 14 Oct 2024 11:20:15 +0000 en-EN hourly 1 https://wordpress.org/?v=6.5.5 Insights on Mitigation of AI Security Risks in Modern Businesses https://us.ibagroupit.com/insights/insights-on-mitigation-of-ai-security-risks-in-modern-businesses/ Mon, 29 Jul 2024 14:22:38 +0000 https://us.ibagroupit.com/insights/insights-on-mitigation-of-ai-security-risks-in-modern-businesses/ The post Insights on Mitigation of AI Security Risks in Modern Businesses appeared first on IBA Group - USA.

]]>

Introduction

Artificial Intelligence (AI)  is a groundbreaking technology that has become integral in various fields. It enables us to offer innovative solutions in software development, decision-making, and other business areas. However, AI use can also bring security risks. In the article, we are analyzing these risks, and their impact on businesses and people who use AI. We will also show how companies can protect themselves from these risks, and keep their AI systems safe and secure.

AI Vulnerabilities and Threat Landscape

The use of AI in different areas has revealed new ways for attacks and weaknesses in the apps and systems where it is used. These weaknesses are real and can damage trust, dependability, and operation of AI systems, affecting both companies and individual users.

Here are some common examples of AI attacks:

  1. Input Attacks. These attacks manipulate the content fed into the AI system, altering its output to serve the attacker’s objectives. As AI systems operate by receiving inputs, performing calculations, and returning outputs, tweaking the input can lead to disastrous consequences. Imagine the aftermath of altering a physical stop sign to a green light. What would happen to a self-driving car?
  2. Poisoning Attacks. These corrupt the data that train an AI system, causing it to misinterpret information and act erroneously. Such attacks take advantage of AI’s primary sustenance, namely data. Spoil the data, and you spoil the AI system.
  3. Risk of AI Theft. AI models may be stolen through various means, including network attacks, exploitation of existing vulnerabilities, and deceptive strategies. Various attackers, from hackers to corporate spies, can carry out such illicit activities. Once they access AI models, they can modify and use them for harmful purposes, hence increasing the overall social risks associated with AI.

In addition, it is crucial not to overlook the security testing of web applications that either operate with proprietary AI or utilize third party APIs. In our testing practice, we discovered vulnerabilities in such applications. To be more exact, there was a case when a client’s application utilized OpenAI, a third party AI, to generate responses. We managed to bypass the limit of free generations. This allowed us to perform numerous generations every second. As a result, the client incurred service payment costs. 

In another case, one could view other users’ conversations with AI and the results of their requests by cycling through chat IDs. Therefore, it is imperative to conduct regular security testing of web applications, as well as use DevSecOps solutions working with AI to prevent such vulnerabilities and potential financial losses.

OWASP Machine Learning Security Top Ten List

Considering the topic, it is essential to mention the OWASP Machine Learning Security Top Ten list. The latest OWASP Machine Learning Security Top Ten list, an initiative by the nonprofit OWASP (The Open Web Application Security Project), serves as a valuable resource for developers in the realm of machine learning security. This list delineates the top ten security issues prevalent in machine learning systems. Its primary aim is to provide an overview of these critical security concerns, offering insights into vulnerabilities, their potential impacts, and recommended preventive measures. This essential guide assists in understanding and addressing security challenges in machine learning systems, aligning with the general threat models discussed in our article.

For more detailed information, please refer to OWASP Machine Learning Security Top 10.

Here is the top five from the list:

  1. Input Manipulation Attack (ML01:2023): This attack type involves the intentional modification of input data with the aim of deceiving models. It leads to incorrect classifications and potentially allows attackers to bypass security measures or inflict damage to the system.
  2. Data Poisoning Attack (ML02:2023): In these attacks, assailants manipulate training data to provoke models into exhibiting undesirable behavior that causes the model to generate incorrect predictions and make false decisions leading to serious repercussions, including the compromise of sensitive information and system integrity.
  3. Model Inversion Attack (ML03:2023): This attack involves attackers gaining insights into the training data used by the model, potentially revealing sensitive information on the dataset, thus posing a significant risk to user privacy and data security.
  4. Membership Inference Attack (ML04:2023): In this attack, a hacker manipulates the training data of a model to expose sensitive information. For example, a malicious actor can train a model on a dataset of financial records and use it to find out whether a specific individual’s record is included in the training data. This allows the hacker to infer sensitive financial information. The attacker can gain insights into financial data, resulting in a loss of confidentiality, and potential legal and reputational damage.
  5. Model Stealing Attack (ML05:2023): This attack type occurs when an attacker, say a competitor, gains access to the model’s parameters to steal it. For instance, attackers might reverse engineer a company’s valuable machine learning model to recreate and use it for their own purposes, causing significant financial and reputational loss to the original company. The impact of such an attack is substantial, as it affects both the confidentiality of the data used to train the model and the reputation of the organization that developed the model.

Securing AI: Measures and Strategies

To be protected from the multifaceted threats to AI, it is essential to implement comprehensive security measures and strategies. These include close monitoring of AI services, regular checks for any suspicious activity, and addressing any vulnerabilities in the code. To this end, you can use applications for building threat models, such as OWASP Threat Dragon and PYTM, as well as services for working with logs like Zabbix and Logstash. 

To prevent undesirable outcomes, it is crucial to ensure that the input and output data be clean and validated. For this reason, it is recommended to implement SAST, DAST, IAST, RASP, and SCA tools like Acunetix, OWASP ZAP, Burp Suite, PagerDuty, BlackDuck. Organizations should also focus on training their staff on the best practices of using AI and create security policies to ensure the secure use of this technology.

Data security is another critical aspect of AI security. It is vital to store consolidated personal data in secure environments to prevent unauthorized access and implement data management strategies to store data without directly associating it with users.  Implementation of methods that prevent user data from entering the training model’s data sets, and limiting the volume and duration of the stored data to the minimum are also essential steps in mitigating data leaks. Therefore, there is a need to use tools for secure management, such as Vault, and establish a secure development environment, for example, through Cloudflare.

The quality of AI’s recommendations is largely dependent on the quality of the training data. If AI systems are trained on unreliable or biased data, it may lead to incorrect recommendations that adversely affect various sectors. Organizations must actively focus on the quality of data used for AI training, conducting data analysis to identify errors and biases, and continuously updating and auditing AI algorithms. Implementation of quality control mechanisms for AI outputs contributes to prompt detection and rectification of erroneous decisions.

IBA Group’s Expertise in AI Security

IBA Group is always ready to help you keep your AI applications safe. Our skilled team excels not only in AI protection but also in providing a range of security services. These include helping with secure development, testing for security vulnerabilities, checking for security risks, training your employees in security, and many other aspects. Do not hesitate to contact us, and let’s team up to strengthen your AI projects and keep things safe and secure.

The post Insights on Mitigation of AI Security Risks in Modern Businesses appeared first on IBA Group - USA.

]]>
Cloud Security Pitfalls: Understanding and Overcoming Common Threats https://us.ibagroupit.com/insights/cloud-security-pitfalls-understanding-and-overcoming-common-threats/ Mon, 29 Jul 2024 14:22:38 +0000 https://us.ibagroupit.com/insights/cloud-security-pitfalls-understanding-and-overcoming-common-threats/ The post Cloud Security Pitfalls: Understanding and Overcoming Common Threats appeared first on IBA Group - USA.

]]>

Introduction

The advent of cloud computing has ushered in a new era of technological advancement, reshaping the way organizations approach data management and information technology. With cloud technologies becoming increasingly pervasive, their adoption has transcended geographical boundaries, offering businesses a versatile and scalable framework for their operations. In the era of widespread integration, when cloud technologies have become a cornerstone of digital transformation, the imperative for robust security measures has never been more evident.

Current prevalence of cloud technologies is substantiated by persuasive statistics on adoption rates. Recent studies indicate that over 80% of businesses actively use cloud services, showcasing a transformative shift in the digital landscape. Companies predominantly store employee data (44%) and customer data (44%) using cloud storage solutions, and about 80% of companies adopt a hybrid approach incorporating both public and private clouds.

Cloud services offer a number of benefits, including on-demand access to computing resources, rapid deployment of applications, and reduced infrastructure maintenance costs. However, cloud security remains a paramount concern for many businesses, as it involves entrusting sensitive data and valuable applications to a third-party provider. The present article deals with the complexities of cloud security exploring common vulnerabilities, effective strategies, and best practices to maintain a secure cloud infrastructure stemming from the extensive experience and IBA findings in the domain of cloud security.

Key Cloud Security Challenges

As organizations embark on the transformative journey of adopting cloud technologies, the spotlight on security becomes more intense. Seamless integration of cloud solutions demands meticulous attention to safeguarding digital assets and sensitive information. Apart from the promises of efficiency and innovation, firm commitment to addressing key cloud security challenges becomes imperative. Below follow some of the most common security challenges.

Misconfiguration. Misconfigurations stemming from human error or lack of comprehension have the potential to make cloud resources vulnerable to security threats caused by, for instance, the use of default accounts and passwords, the deactivation of monitoring and logging features, insecure automated backups, and unrestricted access to non-HTTPS/HTTP ports. In general, the main problems here typically originate from the employees. For instance, in 2022, 82% of breaches involved the human element. According to checkpoint research, the misconfigurations were of the primary cloud security concern in 2022 affecting about 59% of respondents.

Breach of Access Control. Unauthorized access to confidential and personally sensitive information stored in the cloud may occur when access to an API is restricted to only one host, however another instance with privileged service-account attachment has access as well. Moreover, weak password policies may facilitate early password guessing or a cloud provider may not require MFA for all users, making it easier for attackers to gain unauthorized access. For example, permissions set to all users or authenticated users can expose data to the public posing a risk if the data are sensitive. It is crucial to restrict anonymous and public access, especially to Cloud KMS cryptographic keys, to prevent unintended data exposure.

Insecure Sensitive Data Storage. Keeping passwords in plaintext inside Docker containers also poses a security risk. To mitigate unauthorized access and potential security breaches, it is crucial to constantly encrypt credentials. Storing sensitive data, such as API keys and encryption credentials, in plaintext within cloud environments can allow attackers to easily escalate their privileges. According to the findings, only 45% of cloud data is being currently encrypted on average.

Over-permissive or Insecure Network Policies. Inadequate implementation of cluster ingress controls can lead to unregulated communication among pods, while unrestricted internet access on any port heightens the potential for lateral movement and external attacks, thereby increasing the overall risk.

Granting the Editor role to a service account provides extensive privileges, it’s generally contradicting security best practices. Such roles should be assigned judiciously to minimize the risk of unauthorized access and potential system compromise. 16% of attacks occur through valid accounts.

Ineffective Logging and Monitoring with Lack of Policy and Incident Response. Unauthorized actors exploit the situation by obtaining authorization credentials with maximum access rights. Subsequently, they can boldly explore the internal infrastructure without taking covert actions and proceed to add the initially granted account to all conceivable access groups. This allows attackers to locate and acquire sensitive details, including credentials for various services within both cloud and external platforms. Furthermore, they may propagate dummy malware files and manipulate data in storage, posing a significant threat to the overall system security.

It is imperative to promptly detect and respond to the situations described. The longer attackers remain within the system undetected, the greater the potential damage they can inflict. Early detection and immediate response are crucial to mitigating the impact of such security threats.

Strategies for Ensuring Comprehensive Cloud Security

It is important to adopt a series of interrelated best practices to guarantee reliable protection. Further follows an overview of possible approaches to data protection.

1. Establishment of an all-encompassing identity and access management (IAM) system. This system acts as the guardian managing access to cloud resources through strict verification methods, including multi-factor authentication.

2. Regular inspection of cloud infrastructure (Security Assessments) which helps in pinpointing and resolving possible hazards like configuration errors or antiquated systems. Review of permissions for compute service account’s custom role on the Principle of Least Privilege.

3. The ‘zero trust’ principle is a key tactic in contemporary cloud security. This approach is based on the premise that trust is never implied, regardless of the origin of the request. Access is provided only after rigorous validation, it’s reducing the risk of both internal and external intrusions.

4. Implementation of secrets management solution. Deployment of a robust secrets management system like HashiCorp Vault to handle sensitive data such as tokens, passwords, and API keys. Ensure that secrets are not hard-coded in source code or configuration files.

5. Data Encryption and Backup. Encrypting data, whether stored or in transit, preserves their integrity and confidentiality, protecting the data from unauthorized intrusion and breaches. Moreover, consistent data backups are important to avert data loss from various dangers, including cyber-attacks and system failures.

6. Vulnerability scanning, which involves using specialized software to automatically scan systems for known vulnerabilities. Unlike the manual in-depth approach to ethical hacking, vulnerability scanning provides a broader, ongoing review of the cloud environment.

7. Introduction of necessary responses to suspicious activities by high-privileged principals. Define clear incident response procedures when Event Threat Detection identifies suspicious activities involving high-privileged accounts. Implement automated response actions where possible, such as revoking credentials or isolating affected resources. Train your security team to respond to high-severity finds, which may indicate unauthorized access to privileged groups or roles. Use tools like the Security Command Center to monitor and alert to suspicious bucket access patterns.

Conclusion

The multifaceted nature of cloud services challenges the system security and causes the need to apply comprehensive, dynamic strategies to protect against evolving threats. This necessitates high-quality training of employees not only in using cloud services, but also in how to work safely with them.
No doubt, while the Cloud Service Providers (CSPs) assume responsibility for securing the architecture utilized by customers, it is equally crucial to regularly validate it through penetration testing and red teaming.

If you are facing challenges in securing your cloud environment, IBA Group is here to help. We have a proven track record of delivering successful Red Team and cloud security projects. Our expertise in cloud security is tailored to meet the specific needs of each client.

If you are interested in bolstering your cloud security, leave us an inquiry, and let’s explore how IBA Group can provide the security solutions you need.

The post Cloud Security Pitfalls: Understanding and Overcoming Common Threats appeared first on IBA Group - USA.

]]>
2024 Cyber Threat Landscape: a Business Navigation Guide https://us.ibagroupit.com/insights/2024-cyber-threat-landscape-a-business-navigation-guide/ Mon, 29 Jul 2024 14:22:38 +0000 https://us.ibagroupit.com/insights/2024-cyber-threat-landscape-a-business-navigation-guide/ The post 2024 Cyber Threat Landscape: a Business Navigation Guide appeared first on IBA Group - USA.

]]>

Introduction

In an era where digital transactions and communications form the backbone of most businesses, the threat landscape has become increasingly sophisticated, posing significant challenges to both cloud and on-premises environments. A 2023 report by Statista highlights the pervasiveness of such threats, revealing that phishing attacks continue to be the most common form of security breach, as it affects 74 percent of companies in their on-premises operations. Furthermore, the data shows a notable prevalence of user account compromise in the cloud, with 27 percent of respondents encountering such issues, slightly lower than the 31 percent facing similar threats in their office networks.

Cyber Threats Businesses Face Today

The evolution of cyber threats has been marked by the increased personalization of phishing scams. Personalized scams leverage artificial intelligence (AI) to craft highly convincing fake messages. This represents a significant shift from the generic, easily spotted phishing attempts of the past.

Ransomware attacks, known for their disruptive potential, have also advanced, employing more complex encryption methods that target not just the information technology infrastructure but also operational technology (OT) environments, thus broadening their impact.

Another rising threat is supply chain attacks, where attackers exploit vulnerabilities in the interconnected web of third-party vendors and software, a reflection of the increasingly complex ecosystems in which businesses operate..

New Threats

Among the newest fronts in the cyber threat landscape are AI-powered attacks. Cybercriminals are now using AI to automate the creation of attacks, significantly enhancing the speed and adaptiveness of threats. This development, alongside the use of deepfakes and AI-generated content for impersonation and fraud, introduces unique challenges in authenticating identities and information.

The advent of quantum computing also looms as a potential future threat, with its capability to break traditional encryption methods, prompting businesses to explore quantum-resistant encryption techniques.

Moreover, the increasing adoption of blockchain technology and smart contracts has opened new avenues for exploitation, with vulnerabilities potentially leading to the theft of cryptocurrencies or manipulation of decentralized applications (dApps).

Impact of Cyber Attacks on Businesses and Customers

The repercussions of cyberattacks extend far beyond immediate financial losses and operational disruptions. They can inflict lasting damage on a company’s reputation, eroding the trust and confidence of customers and business partners. This is particularly concerning in instances where breaches result in the theft of personal data, raising the specter of identity theft, financial fraud, or the sale of sensitive information on the dark web.

A notable instance in 2023 involved the U.K.’s Royal Mail, which faced a ransomware attack leading to the encryption of crucial files and a six-week halt in international shipments. Despite refusing to pay the demanded $80 million ransom and subsequent lower demands, the incident cost over $12 million in remediation work and security improvements.

Data Protection Strategies for Companies

In response to these challenges, it is advisable that companies adopt a multifaceted approach to cybersecurity. Implementing Multi-Factor Authentication (MFA), conducting regular security audits and penetration testing, and fostering employee awareness about phishing and social engineering attacks are fundamental steps. Additionally, regular data backups and the adoption of a Zero Trust architecture, which assumes no entity within or outside the network is trusted by default, can further bolster defenses. Keeping abreast of the advanced technologies and implementing the latest security patches is also crucial.

The development of a comprehensive cybersecurity plan is essential for businesses to navigate the threat landscape effectively. Such a plan should encompass a multi-layered approach, including risk assessment, security policy formulation, technical controls, continuous monitoring, and employee education. Regular reviews and updates are necessary to ensure the plan remains relevant in the face of evolving threats.

Business Sectors Most Susceptible to Cyber Threats

Certain business sectors are particularly vulnerable to cyber threats due to the valuable data they hold or the critical services they provide. The healthcare sector is a prime target because of the sensitive personal health information (PHI) it manages, which can include everything from patient medical records to billing information. Financial services firms are also at high risk, as they are targeted for both direct financial gain and the sensitive customer data they possess, including account details and transaction histories. Retail and e-commerce businesses, with their rich sources of payment and personal data, are attractive targets for cybercriminals looking to commit fraud or identity theft. Meanwhile, the manufacturing sector and critical infrastructure are increasingly subjected to espionage, sabotage, or ransomware attacks aimed at disrupting supply chains and causing significant operational damage.

These sectors’ attractiveness to cybercriminals underscores the pressing need for robust cybersecurity measures to protect against potential breaches and attacks.

New Cybersecurity Trends & Impact on Business

Increased Use of AI and Machine Learning. Businesses are increasingly leveraging AI and ML for both defensive strategies and prediction of potential cyber threats. However, this technological advancement also means that attackers are utilizing AI to craft more sophisticated attacks, presenting a continuous arms race in cybersecurity capabilities.

Regulatory Evolution in AI and ML. The landscape of cybersecurity regulation is evolving, with significant legislative actions in the EU and executive orders in the U.S. focusing on establishing ethical frameworks for AI and ML use. These regulations aim at transparency, public welfare, and ensuring that AI development aligns with the public interest, setting a precedent for global AI governance trends.

Rising Complexity of Ransomware. Ransomware attacks are anticipated to grow in sophistication, with cybercriminals targeting cloud environments and backup data stores to maximize their extortion efforts. This shift is largely due to the increased digitization of business operations and the storage of sensitive data in the cloud.

Sophisticated Attack Techniques. Cybercriminals are employing advanced techniques to evade traditional security measures, including polymorphic malware and advanced persistent threats (APTs). These methods allow malicious software to change its code to avoid detection and remain hidden within networks for extended periods.

Targeted Ransomware Attacks. Moving away from indiscriminate attacks, there is a noticeable trend towards targeted ransomware attacks. Cybercriminals are focusing on specific industries, organizations, or countries, using ransomware tailored to exploit particular vulnerabilities. This strategy enables attackers to demand higher ransoms from entities with critical infrastructure or sensitive data.

Integration of Ransomware with Other Threats. Ransomware attacks are becoming more complex by integrating with other cyber threats, such as through sophisticated phishing campaigns or as a secondary phase following an initial breach by different malware. This multifaceted approach significantly complicates the detection and mitigation of attacks.

Adoption of Privacy-Enhancing Computation Technologies. In response to growing data privacy concerns, the adoption of Privacy-Enhancing Computation (PEC) technologies has become crucial. These technologies protect data during processing, enabling businesses to analyze and utilize data without exposing sensitive information, a key strategy in today’s data-driven world.

Stringent Data Protection Regulations. Data protection laws are becoming increasingly stringent, requiring businesses to adopt more transparent and secure data handling practices. Privacy by design and by default are becoming regulatory mandates, pushing organizations towards technologies that minimize personal data use while preserving functionality.

Sector-Specific Cybersecurity Standards. Governments are recognizing the unique vulnerabilities and threats faced by critical infrastructure sectors, such as finance, healthcare, energy, and telecommunications. In response, sector-specific cybersecurity standards are being implemented, mandating robust security measures, regular assessments, and incident reporting to bolster defenses against cyber threats.

These trends underscore the dynamic nature of the cybersecurity landscape, highlighting the need for businesses to remain vigilant, adaptable, and proactive in their security strategies. With this in mind, they will be able to navigate the challenges ahead effectively.

The post 2024 Cyber Threat Landscape: a Business Navigation Guide appeared first on IBA Group - USA.

]]>
Role of Intelligence Gathering in Hacking https://us.ibagroupit.com/insights/role-of-intelligence-gathering-in-hacking/ Mon, 29 Jul 2024 14:22:00 +0000 https://us.ibagroupit.com/insights/role-of-intelligence-gathering-in-hacking/ The post Role of Intelligence Gathering in Hacking appeared first on IBA Group - USA.

]]>

Intelligence is the product resulting from collection, collation, evaluation, analysis, integration, and interpretation of collected information. Information gathering is the first step of hacking. At this stage, they formulate the purpose of the attacks and the idea of how to carry out the attacks. The hackers also identify potential weaknesses for further actions, including the names of employees and internal mail templates.

We distinguish between active and passive intelligence. These differ in the methods of obtaining information. With passive intelligence, hackers investigate publicly available sources and they do not interact with the object under investigation. As for active intelligence, hacking systems directly interact with the object under study. Active intelligence provides more data that is useful for a hacking attack, but the object may become aware about the intelligence gathering. Both approaches are applicable in penetration testing.

What are they looking for in the course of intelligence?

If the target is a particular person, an attacker might gather information through a passive search:

  • Physical location
  • Social media profiles
  • Email addresses, nicknames, aliases, infrastructure owned by the user, such as servers and domain names
  • Biography information, including criminal records, licenses, and jobs via official databases or professional organizations
  • Publications, including articles, blog posts, and news releases
  • Phone number, type of the mobile device the person uses

In case of a corporation or an organization, an attacker is interested in:

  • Identifying the focus and types of work performed
  • Infrastructure used, including ranges of IP addresses, network devices, firewalls and other means of protection, technologies, and types of servers
  • Information from open devices, such as surveillance cameras, routers, servers, and online repositories
  • Information about clients and partners
  • Mail templates
  • Public documents, marketing strategies, and financial technologies
  • Information about financial performance from reports, financial statements, and purchases and sales

In case of active intelligence, the targets are as follows:

  • Information about the device and the devices connected to it, other devices on the network
  • Information about open ports, the version and type of the operating system, running services, and discovery of new hosts
  • Subdomains, hidden pages, configuration files, and backup files
  • Meta information, comments, error texts, and response headers

Intelligence Role

Based on the investigation, the attackers decide on the next steps of hacking. Having learned the types and versions of the software used, the hackers select appropriate hacking tools and suitable payloads. Having identified the templates of emails and email addresses of employees, they prepare phishing attacks on the employees. It is especially effective when they have revealed information about the situation in the organization and the processes taking place in it. Having identified open ports, the attackers try to interact with the attacked system via the ports. Having information about the location of users, they select appropriate lists of possible passwords. If they detect an additional resource that is less secure resource than the main one, the hackers can target attacks through this resource.

The data about the target allow for reducing the time of influence on the system. It is important because security methods are constantly evolving and can detect hacking attempts and notify the responsible department. Alternatively, the attackers may not have enough time to sort through all possible tools and payloads. Thus, intelligence increases the chances of success by reducing the time of influence on the system. Even if there is lack of reliable systems for responding to specific activity, the attackers’ activity affects the system in various degrees and the resource administrators might notice it if the attackers blindly resort to all possible means to hack the resource. Finally, the intelligence can signal about the expediency of carrying out further actions with the resource. The result may not even be comparable to the extended efforts.

What can you do to reduce the chances of attacks?

– Conduct intelligence on your own

Find out what data are available on the network and assess their threat to the security of your company

– Organize regular training of employees

An untrained and careless employee has always been the weakest link in any security system. Therefore, it is necessary to conduct regular training of employees. This will contribute to reducing chances of attacks, as well as to the employees’ awareness of how to act in case of any suspicious activity.

– Conduct cybersecurity audits

Systematic checks of programs, services, ports, networks, and infrastructure are a must. They will make it possible to identify weaknesses and vectors of attacks on systems, reduce risks in case of attacks, and respond to incidents faster.

Conclusion

In the rapidly evolving security landscape, intelligence provides a crucial advantage, minimizing system vulnerability. By embracing a holistic cybersecurity approach that integrates intelligence gathering, organizations can enhance their resilience against dynamic threats and protect their digital assets.

At IBA Group, we are committed to delivering comprehensive cybersecurity solutions. Our services encompass cutting-edge penetration testing, where we replicate real world attacks to identify vulnerabilities and reinforce defenses. Moreover, we prioritize human-centric security by offering customized training to empower personnel against social engineering and phishing threats – two prevalent risks in the digital era.

Stay tuned for more cybersecurity insights and explore the first, second, and third parts of our series for comprehensive coverage.

The post Role of Intelligence Gathering in Hacking appeared first on IBA Group - USA.

]]>
Security Automation in SDLC: Comprehensive Analysis https://us.ibagroupit.com/insights/security-automation-in-sdlc-comprehensive-analysis/ Mon, 29 Jul 2024 14:21:32 +0000 https://us.ibagroupit.com/insights/security-automation-in-sdlc-comprehensive-analysis/ The post Security Automation in SDLC: Comprehensive Analysis appeared first on IBA Group - USA.

]]>

DevSecOps, the abbreviation for Development, Security, and Operations, aims to incorporate security practices into the Software Development Life Cycle (SDLC). Automation, particularly security automation, plays a pivotal role in achieving this goal, numerous benefits being provided, such as accelerated development and deployment, enhanced collaboration, and heightened security. The present article explores the concept of DevSecOps automation and its integration within the SDLC delving into the intricacies of each stage and the various tools and methodologies employed.

Introduction

DevSecOps, an evolutionary step forward from the traditional DevOps approach, focuses on integrating security within the software development process. The successful implementation of DevSecOps automation necessitates utilization of various security automation tools, technologies, and practices throughout the SDLC. Security automation and security testing are fundamental parts of this process. The following stages detail these components and their application at each step of the software development process.

1. Planning and Analysis

  • Threat Modeling: a systematic process to identify, quantify, and address potential security threats within an application. Utilization of specialized tools such as Microsoft’s Threat Modeling Tool, OWASP’s Threat Dragon, or securiCAD by foreseeti facilitates this endeavor. The process encompasses the evaluation of assets, trust boundaries, and potential attack vectors, as well as the application of threat intelligence and data flow analysis.
  • Risk Assessment: a crucial practice in identifying and prioritizing vulnerabilities, employing frameworks and standards like CVSS (Common Vulnerability Scoring System), FAIR (Factor Analysis of Information Risk), or NIST SP 800-30 to assess and rank potential risks. Analyzing the likelihood and impact of vulnerabilities, teams can develop effective remediation strategies and prioritize resources based on risk severity.
  • Security Requirements: defining and documenting security specifications during the initial planning phase, including access control, data encryption, and secure communication protocols. Incorporating security standards such as ISO/IEC 27001, NIST SP 800-53, or CIS Critical Security Controls ensures adherence to industry best practices and compliance with relevant regulations. Moreover, the application of Privacy by Design principles safeguards users’ data and privacy.
  • Asset Inventory: compiling a comprehensive inventory of software and hardware assets, including their configurations and dependencies, is crucial for maintaining an accurate understanding of the system’s architecture.

2. Design and Architecture

  • Secure Design Principles: adherence to best practices such as the OWASP Top Ten Proactive Controls, the SANS 25 Most Dangerous Software Errors, or the MITRE ATT&CK framework emphasizing data minimization, least privilege, and defense-in-depth strategies. The principles guide the development of robust secure applications by promoting a proactive approach to threat mitigation.
  • Architecture Analysis: evaluation of application architecture to identify potential security flaws, utilizing security automation tools like OWASP’s Dependency-Check, Sonatype’s Nexus Lifecycle, or Snyk for analyzing third-party dependencies and uncovering potential vulnerabilities. This analysis also includes the use of threat modeling methodologies such as STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege) or PASTA (Process for Attack Simulation and Threat Analysis) to assess the application’s attack surface.
  • Security Patterns: implementation of established security design patterns, such as the Singleton Pattern, the Factory Pattern, or the Principle of Least Privilege, to bolster application security. The patterns can be complemented by architectural patterns like Microservices, Serverless, or Containerization which provide additional security benefits by isolation, scalability, and enhanced deployment flexibility.

3. Development and Implementation

  • Secure Coding Practices: ensuring developers adhere to secure coding standards, including OWASP’s Secure Coding Practices, CERT’s Secure Coding Standards, or SEI’s Coding Standards. Following these guidelines developers can prevent vulnerabilities resulting from common coding errors, such as improper input validation, insufficient error handling, or insecure data storage.
  • Static Application Security Testing (SAST): automated code analysis using tools like SonarQube, GitLab SAST, Veracode, or Fortify to identify vulnerabilities in source code. SAST tools perform deep code scanning, control and data flows analysis, and security flaws detection, such as SQL Injection, Cross-Site Scripting (XSS), or Insecure Deserialization. Integrating SAST into the development process enables early vulnerability detection and remediation, thus reducing potential risks.
  • Software Composition Analysis (SCA): analysis of open-source components and libraries utilizing tools such as WhiteSource, Black Duck, or Snyk to identify known security vulnerabilities. SCA tools examine an application’s dependencies, detecting outdated or insecure components, and providing actionable insights to remediate identified issues. Regular updating dependencies and monitoring for security advisories help maintain a secure and up-to-date application environment.
  • Infrastructure as Code (IaC) Security: employing IaC tools like Terraform, Ansible, or Chef to automate infrastructure provisioning and configuration while integrating security checks using tools like Checkov or Kics. Incorporating security into IaC enables teams to enforce consistent security policies and configurations, thus enhancing the overall security posture of the application environment.

4. Testing and Validation

  • Dynamic Application Security Testing (DAST): automated testing of running applications employing tools like OWASP’s Zed Attack Proxy (ZAP), Burp Suite, Acunetix or AppSpider to detect vulnerabilities. DAST tools simulate real-world attacks, such as SQL Injection, Cross-Site Scripting (XSS), or Cross-Site Request Forgery (CSRF), testing the application’s resilience and identifying security weaknesses during runtime. This form of security testing plays a vital role in securing applications.
  • Interactive Application Security Testing (IAST): combining SAST and DAST approaches utilizing tools like Contrast Security, Seeker, or HCL AppScan to identify vulnerabilities and code execution paths. IAST tools monitor applications during runtime analyzing data flows, HTTP requests, and responses and providing real-time feedback to developers. The approach enhances the accuracy of vulnerability detection and facilitates rapid remediation.
  • Penetration Testing: conducting simulated attacks on the application leveraging tools like Metasploit, Nmap, or Cobalt Strike to identify and address security vulnerabilities. Penetration testing methodologies, such as the Open Web Application Security Project (OWASP) Testing Guide or the Penetration Testing Execution Standard (PTES), provide a structured approach to security testing ensuring comprehensive coverage of potential threats.
  • Fuzz Testing: employing advanced testing techniques like fuzz testing using tools such as AFL, Peach Fuzzer, or Boofuzz to identify potential vulnerabilities in the application. Fuzz testing involves sending large volumes of random, malformed, or unexpected input data to the application aiming to trigger unintended behavior, crashes, or security vulnerabilities.
  • Compliance and Security Audits: conducting regular audits to ensure compliance with relevant regulatory standards, such as GDPR, HIPAA, or PCI DSS, and adherence to security best practices. Leveraging tools like OpenSCAP, Nessus, or Qualys Policy Compliance simplify the audit process and help organizations maintain a secure and compliant application environment.
  • Security Test Driven Development (STDD): integrating security testing into the development process with a focus on writing security test cases alongside with functional test cases. This approach promotes a security-focused mindset enabling developers to address potential vulnerabilities as they arise during development.

5. Deployment and Monitoring

  • Continuous Integration and Continuous Deployment (CI/CD): streamlining the development and deployment process leveraging tools like Jenkins, GitLab CI/CD, or CircleCI to ensure consistent and secure application updates. Integrating security tools such as SAST, DAST, or SCA into the CI/CD pipeline enhances the security posture by automating vulnerability detection and remediation throughout the development lifecycle.
  • Security Information and Event Management (SIEM): aggregating and analyzing log data from various sources employing tools like Splunk, LogRhythm, or IBM QRadar to identify potential security incidents. SIEM tools provide real-time monitoring, advanced analytics, and incident response capabilities enabling organizations to detect, investigate, and respond to security threats effectively.
  • Runtime Application Self-Protection (RASP): incorporating security measures directly into the application runtime utilizing security automation tools to detect and prevent attacks in real-time. RASP solutions monitor application behavior, identify malicious activities, and take appropriate actions, such as blocking the attack or alerting security personnel, providing an additional layer of protection against known and unknown threats.
  • Vulnerability Management and Patch Management: regular scanning the application and its infrastructure for vulnerabilities and applying necessary patches, leveraging tools like Tenable Nessus, Rapid7 InsightVM, or Ivanti Patch Manager. A robust vulnerability and patch management program minimizes the window of opportunity for attackers to exploit known vulnerabilities and helps maintain a secure application environment.
  • Incident Response and Forensics: developing and maintaining a comprehensive incident response plan, incorporating digital forensics tools like Autopsy, EnCase, or X-Ways Forensics, to effectively address security incidents. A well-prepared incident response strategy enables organizations to swiftly detect, contain, and remediate security breaches minimizing potential damages and facilitating the recovery process.
  • Network Security Monitoring (NSM): implementing network monitoring and intrusion detection systems using tools like Suricata, Snort, or Zeek to detect and respond to security events at the network level. NSM tools analyze network traffic, identify suspicious activities, and provide insights into potential threats facilitating rapid incident response and remediation.

Conclusion

Successful integration of security automation within the SDLC results in a secure, efficient, and streamlined software development process. Leveraging appropriate tools and methodologies at each stage of the SDLC organizations can effectively address security concerns and reduce the risk of vulnerabilities in their applications. The solution ultimately leads to enhanced reliability, increased customer trust, and improved overall software quality.

Moreover, embracing DevSecOps automation not only bolsters the security posture of software applications but also fosters a culture of collaboration and shared responsibility among development, security, and operations teams. This symbiotic relationship encourages knowledge sharing, facilitates faster remediation of security issues, and results in a more resilient software ecosystem. The use of security testing ensures a robust and secure application.

About IBA Group’s Security for CI/CD Service

At IBA Group, we specialize in providing Security for CI/CD service, ranging from consulting to implementation and ongoing support. Our team of experienced professionals is well-versed in the latest Security testing tools, technologies, and best practices, and is committed to helping organizations seamlessly integrate security into their software development process. By leveraging our expertise in security automation, clients can unlock the full potential of security testing automation and reap the numerous benefits it offers.

If you are interested in learning more about our Security for CI/CD service or would like to discuss how we can help your organization enhance its security posture, please don’t hesitate to contact us. Our team of dedicated experts is eager to assist you in navigating the complexities of Security Testing automation and ensuring the successful integration of security within your CI/CD pipeline. Together, we can build secure, resilient, and high-quality software applications that stand the test of time.

The post Security Automation in SDLC: Comprehensive Analysis appeared first on IBA Group - USA.

]]>
Overcoming DevSecOps Challenges for Resilient Solutions https://us.ibagroupit.com/insights/overcoming-devsecops-challenges-for-resilient-solutions/ Mon, 29 Jul 2024 14:21:32 +0000 https://us.ibagroupit.com/insights/overcoming-devsecops-challenges-for-resilient-solutions/ The post Overcoming DevSecOps Challenges for Resilient Solutions appeared first on IBA Group - USA.

]]>

DevSecOps is a seamless blend of software development, security, and operations, designed to integrate these different realms into a harmonious cycle of continuous delivery. However, the process of integrating security into DevOps is unique for each case and comes with specific obstacles. In this article, we aim to share IBA Group’s experience gained during the implementation of a DevSecOps solution in one of our projects. We will shed light on how we managed to overcome significant barriers and successfully implement an effective DevSecOps approach. This article is part of IBA Group’s DevSecOps series, and if you are interested in delving deeper into the topic, you can read the first article and the second article in our DevSecOps series.

Challenges of SAST Integration into the CI/CD Pipeline

Static Application Security Testing (SAST) integration plays a vital role in the Software Development Life Cycle (SDLC), and it is a fundamental component of CI/CD security as it detects significant vulnerabilities in an application prior to deployment to production, when the remediation costs of vulnerabilities are comparatively low. Based on the customer requirements, we chose SonarQube as a SAST tool, a renowned platform for continuous inspection of code quality. SonarQube has a great capacity to detect bugs and security vulnerabilities. However, SAST integration into the CI/CD pipeline exposed us to an array of challenges hidden before.

Addressing Vulnerabilities and Bugs Discovered by SonarQube

The introduction of SonarQube led the project management team to an unexpected revelation – a massive volume of vulnerabilities and bugs hidden within the project. The team found themselves at a standstill, as fixing these issues impeded further development and caused significant time delays. At that point, continuing product development had a higher priority than stopping and fixing vulnerabilities in the code. Moreover, project management did not want to be completely blocked by found vulnerabilities in the code. To address this, we proposed a quick and short-term solution: we decided to run SonarQube without failing the pipeline automatically so that it does not block the build, but the team is aware of vulnerabilities.

Flexible Approach and Incremental Vulnerability Resolution

As the second step, our DevSecOps team developed a more flexible solution. Recognizing the crucial security role and the necessity to maintain the speed of product development, we developed a plan to address the issues highlighted by SonarQube incrementally. We prioritized vulnerabilities based on their risk factor and impact on the project, fixing them in controlled batches. This allowed the team to keep development progressing while steadily reducing the threat landscape. Alongside, we conducted security coding training for the development team and provided rigorous manual code reviews to catch potential bugs before they became ingrained within the codebase.

Integration of Dynamic Application Security Testing (DAST)

Another type of testing that our team integrated into the customer’s software development lifecycle (SDLC) was Dynamic Application Security Testing (DAST) tool. DAST integration is crucial for ensuring the security and robustness of applications. The DAST tool is aimed at testing the application during the testing or deployment phase to identify vulnerabilities and weaknesses that may only occur during runtime. Initially, we integrated it only in the staging environment. At the same time, we faced a problem: the CI/CD pipeline slowed down by three times, which was unacceptable for the team. Thus, our goal was to achieve CI/CD with integrated security without compromising the speed.

Balancing Speed and Security in the CI/CD Pipeline

To achieve this goal, we decided to define the scope of the application that should be tested in the first place. Through a combination of code analysis, threat modeling, and vulnerability assessment, we managed to identify and prioritize the areas that demanded the utmost level of attention and could consequently lead to security breaches. The DAST tool was integrated into the CI/CD pipeline and configured to test only these specific parts of the application, so we were able to speed up the testing process. Furthermore, we developed other configurations for the DAST tool to cover other types of vulnerabilities. As a result, they could be run upon request or scheduled on a weekly basis, for instance, outside the CI/CD pipeline.

Fostering Organizational Awareness and Adaptability

However, dealing with technical issues was only part of the solution. The key to successful Security integration into DevOps lies in raising the awareness of business management. Security is not merely a technical concern but an organizational one. We held awareness sessions explaining the role of DevSecOps, its benefits, and the potential risks of not using it. Our efforts led to a better understanding of DevSecOps amongst business leaders causing their active involvement and support.

Embracing a New Working Model and Cultivating Change

SAST and DAST integrations into the CI/CD pipeline episode was just one facet of the multifaceted challenge we faced. Another significant hurdle that reared its head was the difficulty in adapting to a new dynamic working model. The key of DevSecOps lies in its ability to foster rapid, iterative development while ensuring continuous security integration. This represents a significant shift from traditional phase-based software development methods. As a result, our team found itself grappling with the challenges of changing gears midway through the project.

Customer’s team was used to designating phases for development, security, and operations but DevSecOps made us blur these lines. Unexpectedly, everyone had to wear multiple hats – developers had to think about security, and the operations team had to get involved in the early stages of development. This required not just a change in mindset, but also a shift in our practical approach.

However, the solution was not to return to our comfort zones, but in embracing the change and pushing our boundaries. We initiated comprehensive training programs for the team to better understand their new roles. Knowledge-sharing sessions were held where different teams could learn from each other. We turned to fostering a culture that welcomed change and encouraged continuous learning.

Initially, it was a struggle. But gradually, the team started experiencing the benefits of this integrated approach. Improved communication between the teams led to a better understanding and collaboration. Constant feedback cycle helped us identify and rectify problems much earlier in the development phase. As the result, security integration helped to promote a culture focused on continuous improvement, where security practices are regularly evaluated, updated, and adapted to emerging threats. With time, what seemed like a steep mountain became an easily navigable hill.

Growing as a Team and Achieving Organizational Resilience

This shared journey has not only enabled us to overcome the challenges we faced but has also facilitated the growth of our team and organization, enhancing our problem-solving abilities and fostering organizational resilience.

At IBA Group, we firmly believe that every challenge presents an opportunity for growth and learning. If you are seeking to implement DevSecOps into your development cycle, we are here to provide assistance. Our expert team, backed by extensive experience, is prepared to address any inquiries, challenges, or requirements that may arise on your DevSecOps journey. Let us combine our efforts and collaborate in creating secure and resilient software solutions together.

Keep in mind, the key lies not in finding a path without obstacles, but in harnessing the strength and expertise to navigate through them. This is the commitment that IBA Group guarantees to deliver.

The post Overcoming DevSecOps Challenges for Resilient Solutions appeared first on IBA Group - USA.

]]>
Zero Day Attacks and How to Protect Against Them? https://us.ibagroupit.com/insights/zero-day-attacks-and-how-to-protect-against-them/ Mon, 29 Jul 2024 14:21:08 +0000 https://us.ibagroupit.com/insights/zero-day-attacks-and-how-to-protect-against-them/ The post Zero Day Attacks and How to Protect Against Them? appeared first on IBA Group - USA.

]]>

What is a zero day attack?

Zero day is a broad term that describes newly discovered security vulnerabilities that hackers can use to attack systems.

A zero day attack occurs when hackers exploit a vulnerability before the developers have time to fix it. The term refers to a vulnerability or attack that becomes publicly known before a software vendor releases bug fixes. That is, the vulnerability can potentially be exploited on running copies of the application and the developers have zero days to fix this vulnerability.

Zero day vulnerabilities lead to the emergence of new ways of spreading malicious code, which is actively used by cybercriminals to create an effective infection mechanism. Mass-use products, such as the popular Adobe Reader, etc., pose the greatest risk to users.

Examples of real-life zero-for vulnerabilities

1) Zero Day Vulnerability in Windows

On November 22, 2021, a researcher posted on GitHub a working exploit for the Windows zero day vulnerability CVE-2021-41379, with which a local user having limited rights can elevate privileges to the SYSTEM level. The vulnerability still, as it turns out, has not been completely fixed by developers and all versions of Windows supported by Microsoft are affected, including Windows 10, Windows 11, and even Windows Server 2022. Using this vulnerability, it is really possible to get local administrator rights to the system in a few seconds even with the latest and most updated version of Windows 10 21H1 build 19043.1348 with all patches. The developer explained that his exploit also works if the PC is in the active directory domain. It bypasses the established group policies from the Windows Server 2022 server, for example, preventing standard users from performing MSI installer operations.

2) Extremely Critical Hole in Microsoft Word 2000

Microsoft has notified users of a new zero day vulnerability in the Microsoft Word 2000 editor. The vulnerability allowed an attacker to execute arbitrary program code on the attacked machine. It is enough for the victim to open a specially formatted DOC file that is incorrectly processed by a text editor, after which the hacker gets full access to the system. Vulnerabilities were assigned the status of Extremely Critical. The error has already been described on the Microsoft website, although the company is trying to downplay the danger of this hole.

3) Older PowerPoint Formats Are Vulnerable to Zero Day Attacks

Microsoft warns about cases of hacker attacks through files in the PPT format of old versions. The company’s specialists learned about the new hole after the appearance of the exploit (even several exploits) and after the start of distribution of infected files. Therefore, this is a zero day vulnerability for which there is no patch yet.

The vulnerability affects the PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 file formats, as well as Office 2004 for Mac. After a user opens an infected file, PowerPoint accesses the “wrong” object in RAM and the malicious program gains the rights to execute any code and starts downloading Trojans from the Internet.

Problems with investigating a zero day

There are many blind spots in the process of studying zero days, reasons for their use, and methods of exploitation. We may not be aware of all really innovative methods of attacking software and services. Although practice shows that attack organizers also try to save resources.

One of the most important ‘white spots’ is the features of the exploits themselves, or rather the lack of information about them. In some cases, it is simply not there, while in other the data is not disclosed. The availability of exploits for researchers makes it possible to study not only the vulnerabilities themselves, but also the attack methods that make life difficult for organizers of these attacks. Disclosing such information is not always a good move. On the one hand, the exchange of information in the information security industry helps enhance protection. On the other hand, public exploits often lead to massive attacks on software that is not always patched on time.

Ways to protect against zero day attacks

In the classical definitions of zero day threats, it is emphasized that they include those threats against which the means of protection have not yet been developed. However, it is not true to life. To eliminate threats, it is often necessary to install security patches – updates to the programs used – and regularly update the protection system. Therefore, in reality, actual threats are not only those against which there is no protection, but also those against which protection is already available, but not used.

Due to the use of special technologies, 0-day threats cannot be detected by classic antivirus technologies. Products based on classical anti-virus technologies show poor results in dynamic anti-virus tests. However, if you do not neglect downloading antivirus updates, you can increase your chances of coping with the threat.

Any software may have security vulnerabilities. Hence, it is always necessary to check the relevance of the software version you use to reduce the risks of exploiting legacy vulnerabilities. Software vendors are not required to provide security updates for unsupported products. This is the second part of our cybersecurity series that I prepared in cooperation with my team, namely Maksim Martsinkevich, our Team Lead, and Ivan Shyshkou.

Stay tuned to discover more about cyber security and read the first part about it here.

The post Zero Day Attacks and How to Protect Against Them? appeared first on IBA Group - USA.

]]>
How Cyberattacks & Data Breaches Damage Reputation https://us.ibagroupit.com/insights/how-cyberattacks-and-data-breaches-damage-reputation/ Mon, 29 Jul 2024 14:20:39 +0000 https://us.ibagroupit.com/insights/how-cyberattacks-and-data-breaches-damage-reputation/ The post How Cyberattacks & Data Breaches Damage Reputation appeared first on IBA Group - USA.

]]>
How Dangerous are Data Breaches and Cyberattacks for Companies?

From the media, we often hear about data breaches and reputational losses worth millions of dollars for companies across the globe.

Consider the 2019 cybersecurity breach of the Capital One bank holding company that specializes in credit cards, auto loans, banking, and savings accounts. As a result of this cyberattack, the hacker gained access to 140,000 Social Security numbers, one million Canadian Social Insurance numbers, and 80,000 bank account numbers along with people’s names, addresses, credit scores, credit limits, balances, and other information, as reported by the bank and the US Department of Justice. In addition, the company’s stock price dropped nearly 6% immediately in the after-hours trading session, losing 13.8 percent within two weeks after the leak was publicly reported.

Another data breach incident occurred in October 2013 at Adobe. Nearly 3 million customer credit card records, transaction details, and other data from up to 150 million accounts of Adobe users were affected in this incident.

The Uber leak of 2016 is also worth mentioning. The attackers gained access to 57 million customer and driver records, including passenger names, phone numbers, email addresses and where they were registered, drivers’ salaries, travel reports, and in some cases, drivers’ license numbers. Uber did not disclose the leak and was eventually fined $148 million for the concealment and for the leak itself.

What is the Impact of Cybersecurity Breaches?

Firstly, there are fines and compensations in case of a breach, but that’s not all. According to the Forbes Global Study on the Economic Impact of IT Risk conducted in association with IBM, in the event of a data breach, the value of shares immediately drops by 5% at the time the incident is disclosed. Further, if the company, in which the leak occurs reports the leak and quickly responds to the data breach, it is able to restore the previous share price in an average of seven days. If the company does not respond on time and does not notify users about the ongoing efforts to recover the share price, it takes them more than 90 days to recover. There is a dependence between the fall in the value of shares and the speed of return to the previous level for incidents related to security breaches.

If a security breach occurs at a high security company, the share price falls by no more than 3% at the time the incident is disclosed and in about 90 days, the stock price exceeds the pre-crisis level. In case of a leak at a company with a low level of security, the share price recovers in more than 90 days.

How Cyberattacks Damage Reputation

If it is impossible to get access to a service, the client loses trust in the company. It is especially true for financial institutions. This may result in the loss of customers, as they may switch to competitors. Trust is difficult and time-consuming to gain and maintain, but is very easy to lose. When clients use your service, whether it be a product ordering system, cloud storage, computing power, or mobile communications, they trust you with their personal data and expect that their data be protected and the service be available.

In the event of a hack or leak, trust in the reliability of the company is undermined. As a result, new customers stop coming and the old ones begin to refuse the services you offer. Information about incidents is distributed via the Internet, which means that almost instantly it becomes known about the denial of service for an application. And no one cares, whether the application is unavailable due to hacker attacks or because of the poor service performance. Everyone expects resilience from the service, if that’s what you promise.

According to the IBM Global Study on the Economic Impact of IT Risk, downtime can be categorized into minor with an incident time of about 19.7 minutes, major that can last up to 442 minutes, and medium with a downtime of around 111 minutes. The same study shows that minor incidents are three times more likely than major ones.

The price of a one-minute failure for a minor incident is lower than a minute of a major incident (about $53,223 for major, $32,229 for minor, and $38,065 on average). In aggregate, the estimated cost of a failure for a minor incident is up to $1 million and for a major incident from $14 million to $100 million, the average cost being $4 million. The evaluation criteria are cost of users’ idle time and lost productivity because of downtime or system performance delays, cost of forensics to determine the root causes of disruptions or compromise, cost of technical support to restore systems to an operational state, cost associated with reputation and brand damage, revenues lost because of system availability problems, and the cost associated with compliance or regulatory failure. It is worth noting that although the cost of consequences of minor incidents is much lower than of major incidents, the high frequency of minor incidents leads to higher costs over time.

Unaware does not Mean Protected

Small and medium-sized businesses are an easy target for hackers, because these enterprises have less stringent protection and fewer resources to implement cybersecurity. They are less aware of cybersecurity threats and often lack a cybersecurity strategy. The consequences of cyberattacks for such enterprises are often more devastating. According to recent studies, about 60% of enterprises shut down within six months after a cyberattack.

How to Prevent Cybersecurity Breaches

Data Backup

First of all, you need to start duplicating data. Backups will help in the event of a natural disaster when a building or equipment is damaged, as well as in the event of a cyberattack. This way, it is possible to increase fault tolerance.

Regular Cybersecurity Training

Human errors are one of the biggest threats, if not the biggest threat. If an employee is not aware of cybersecurity measures, you should not expect him or her to be cautious with a suspicious link or a random flash drive. Likewise, in case of a cybersecurity incident, an employee probably would not be able to respond properly.

Cybersecurity Audits

It is necessary to assess the cybersecurity state of both networks and applications. Penetration testing and vulnerabilities help identify weaknesses, inconsistencies, and shortcomings, as well as give an idea of ​​the company’s level of cybersecurity. Following a cybersecurity audit, a report that contains recommendations for eliminating weak points is generated. Repeat audits are also indispensable.

Employee Access Restrictions

Damage from a compromised employee account can be significantly less, if the employee has access only to the necessary parts of the system, not all. Access should be revoked over time. Admin accounts also should not be left omnipotent and with default passwords. After termination of an employee’s employment, it is worth deleting his or her account and revoking access to company resources.

Software Update

Any software may have security vulnerabilities. Hence, it is always necessary to check the relevance of the software version you use to reduce the risks of exploiting legacy vulnerabilities. Software vendors are not required to provide security updates for unsupported products.

This is the first part of our cybersecurity series that I prepared in cooperation with my team, namely Maksim Martsinkevich, our Team Lead, and Artyom Litvin. Stay tuned to read about zero day attacks.

The post How Cyberattacks & Data Breaches Damage Reputation appeared first on IBA Group - USA.

]]>
Enhanced Information Security for the Bank https://us.ibagroupit.com/cases/enhanced-information-security-for-the-bank/ Tue, 10 Mar 2020 12:23:49 +0000 https://us.ibagroupit.com/?post_type=cases&p=6511 The post Enhanced Information Security for the Bank appeared first on IBA Group - USA.

]]>

BUSINESS CHALLENGE

Monitor changes and activity of employees in the system during the implementation of production tasks on the SAP platform and increase the number of users.

SOLUTIONS HIGHLIGHTS

IBA Group arranged monitoring of the use of critical business transactions, roles and permissions of SAP users, created a register of transactions for analytical reporting and review of suspicious situations. We configured preventive control of certain transactions and processes with online warning of emerging threats. The solution notifies security officers of suspicious activity occurring in critical systems of the bank.

Result

The implemented system allowed automation of complex processes of bank information security and protection of SAP applications against attacks.

The post Enhanced Information Security for the Bank appeared first on IBA Group - USA.

]]>
Mainframe support and knowledge base at Eastern European Railway https://us.ibagroupit.com/cases/mainframe-support-and-knowledge-base-at-railway/ Mon, 28 Oct 2019 07:41:08 +0000 https://us.ibagroupit.com/?post_type=cases&p=5614 The post Mainframe support and knowledge base at Eastern European Railway appeared first on IBA Group - USA.

]]>

Business Challenge

The Customer requirement was to minimize the downtime of business applications and to enhance SLA compliance. The problem was that there was no single platform to organize the application support process. Due to inconsistent actions of the customer service, the downtime of applications (individual transactions) could have increased along with the discontent of business users.

In addition, it was necessary to provide a single source of knowledge to improve the quality of support and transfer knowledge to new employees. Unified knowledge of problem resolution history and architecture features was to be distributed among all stakeholders and not get lost.

SOLUTIONS HIGHLIGHTS

IBA Group has created a centralized platform for supporting various business applications running under z/OS. APPULSE monitors critical z/OS subsystems, including IMS, CICS, DB2, MQ, TWSz, and identifies the problem early on. Whereupon it notifies the responsible support engineers of such problem and automatically generates a ticket. The AI module offers a solution to the problem and predicts its success. You can run the solution, if it seems to be appropriate, directly from APPULSE. In the event of a new type of problem, the support engineer may address it directly from the program, thereby ensuring training of AI. Next time, APPULSE will offer this option to resolve problems of this or a similar type.

Results

Client reduced application downtime and ensured business continuity. A history of resolved problems accumulates, and a knowledge base is formed that is accessible to all stakeholders. Training for beginners is faster, leading to better and faster onboarding.

Advanced APPULSE interface, AI module and more efficient support processes make this job more attractive, so it has become easier for HR to fill vacancies.

The post Mainframe support and knowledge base at Eastern European Railway appeared first on IBA Group - USA.

]]>