Browse Author: Nili Molvin Zaharony

Attribution: Does It Really Matter?

 

 

Hacker typing on a laptop

 

Unlike the movies, hackers typically don’t infiltrate businesses and steal intellectual property while sitting in their mother’s basement. Instead, they launch attacks from devices in organizations they’ve already infiltrated. They use these infiltrated sites to make multiple “hops” before arriving at their objective to obfuscate their location. These hackers use their skills and time to hide their identity prior to the start of the operation. This process makes it difficult for threat analysts to determine who they are and where they are located (aka attribution).

Not only can attribution be difficult, but if the wrong organization (nation-state, etc.) is identified, it can lead to false accusations, which can be risky for the accuser.

Over the past few years, attribution has come up more often as large-scale breaches have become more mainstream. After a major breach occurs, security analysts will typically attempt to determine who was behind the attack. For example, China was believed to have carried out an attack against the Office of Personnel Management; the Iranian government was believed to have hacked a small dam in New York; and North Koreans were believed to be responsible for the Sony breach. In the end, people want to know who is responsible for the incident, and attribution is an attempt to uncover the culprit.

Attribution is not a new concept. It’s been around for a while as officials try to identify who is responsible. Just as there isn’t always a direct answer to who committed a traditional crime, it can also be difficult to find evidence of attribution of a cybercrime.

“Attribution is extremely difficult and requires intelligence sources that are reliable and accurate,” says David Kennedy, CEO of TrustedSec. “The intelligence community typically monitors specific groups and activity in order to have high confidence. It’s not a perfect system, but the US is one of the best.”

Thomas Rid, professor and author of Attributing Cyber Attacks seems to agree. “Obviously there are cases where we cannot come to a clear conclusion in digital forensics. It’s always a question of what evidence did you get,” says Rid. “But there is still this ‘attribution is impossible’ knee jerk reaction that occasionally pops up, which really doesn’t make much sense. The idea that attribution is not possible really doesn’t carry any weight in the technically informed community anymore.”

Are We Focusing On The Wrong Thing?

Having a security team attempt to determine attribution can be a time-consuming process, and sometimes futile if you don’t have the evidence or talent to attribute the event. While having this information may be useful, it doesn’t help your organization improve its defenses so it will be better prepared for the next attack.

Your resources should be focused first on protecting your network to make sure you’ve done everything to stop future infiltrations. This includes following these steps:

  1.    Appoint a person to oversee your security program.
  2.    Update your security software (this includes operating system security patches).
  3.    Schedule security audits to make sure you measure your efforts.
  4.    Create a plan for incident response.
  5.    If you don’t have enough internal talent to handle the load, get help from a managed services provider.

While it may be helpful to know “whodunit,” it’s more important to protect your company before the next attack occurs. Following these five steps will help you reach that goal.

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action

 

 

Threat Hunting: When You Can’t Sit Back and Wait

 

Threat Hunting

Do you ever sit at your desk and wonder when the next attack on your network will occur? Maybe you have an automated system that sends you alerts, but you get so many false positives, you feel like you’re starting to drown in the irrelevant data. Meanwhile, threat actors are continuously improving their techniques and approaches.

While threat detection tools and incident response are both critical, sometimes security professionals need to take a more proactive approach. Threat hunting is essentially threat detection that is driven by a human analyst. This is somewhat different than it being driven by an automated system, no matter how powerful the system is.

“Security Operations Centers (SOCs) today are faced with an onslaught of false positive alerts and actual attacks often lay undetected for months before being discovered. Threat hunting is a critical new function for any modern SOC to proactively look in the blind spots of current tools and sensors and surface hidden, advanced threats,” says Ely Kahn, co-founder of Sqrrl and former Director of Cybersecurity at the White House.

Tools Are An Important Part Of The Strategy

Traditional systems for finding threats are typically based upon signatures, which means they can only detect things that are known. Newer systems actually monitor behavior and do a better job of identifying unknown attacks on your endpoints. Monitoring behaviors allows you to identify when an endpoint has been compromised. Machine learning can be used to identify traffic patterns of a hacked device as it reports back to a command-and-control system.

Threat Hunting

You can’t rely on monitoring and the alerts alone to know that your network is safe. Threat hunting helps you identify attackers that have been operating unseen within your network. At the same time, threat hunting can be used to augment your automated threat detection and improve the quality of detections by reducing false positives.

Without having someone actively hunting for threats on your network, you must wait for automated systems to alert you when an attack occurs. However, what happens when an attacker finds a way around your automated system and through gaps in your security?

Instead of sitting around waiting, threat hunters are constantly looking for new ways to identify attackers. A threat hunter can work to not only identify these threats, but to automate known threat detection in the future. This will help reduce the number of items that threat hunters will need to monitor going forward.

“While machine learning is incredibly powerful it’s not something that solves the attack detection problem. It’s something which narrows your focus and attracts the attention of a human analyst to take a look,” says Ian Barker with betanews.

When You Can't Sit Back and Wait

Tips To Improve Your Threat Hunting

Make the most of your data: Automated systems can collect a plethora of data within a short period of time. Embracing data analytics can help you create datasets that will make your hunting more productive. Since some attacks involve weeks or even months of data, you will need a system like Apache Hadoop that can be used to collect and analyze the data.

Machine learning: With machine learning, you have the ability to increase your hunting potential and help you find the anomalies within your dataset.

Have a strategy in place (before you get hacked): An underlying theme in most of the sessions at April’s InfoSec World was to have a strategy in place before you get hacked. The last thing you want to do is to stand in front of the Board of Directors and tell them that the company has suffered a data breach. Create a strategy before this occurs. Use a framework like kill chain mapping to give you a way of making sure that each hunting expedition is efficient.

Let The Hunt Begin

Security researchers need to continue to challenge themselves in their organization to proactively hunt threats instead of waiting to react after a breach has occurred. Using a blended approach with threat hunting delivers better results than just depending on a single method or tool.

 

New Call-to-action

 

marketing-data

Marketing Lessons from the Amazon S3 Web Services Outage

 

marketing-data

Twitter was full of burns directed at Amazon Web Services (AWS) about a week ago, as the company struggled to get its S3 web-based storage service back online.  Among the sage advice dispensed by users were suggestions to “just plug it back in” or, “turn it off and back on again.”

Click to Tweetsometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us

Jokes aside, sometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us – a painful truth that most marketers have come to realize.

In response to the outage, AWS, which maintains an estimated 40% of the overall cloud market, released a statement saying, “For S3, we believe we understand root cause and are working hard at repairing. Future updates across all services will be on dashboard.”

Given the rising popularity of cloud-based services Dropbox, Google Drive, Salesforce, Capterra, SearchCRM – to name a few – it’s no surprise that experts predict the number of data breaches in this sector will continue to grow, and that the risk is real.

As marketers continue to employ more personalized and targeted campaigns to better engage consumers, the need to collect a wide range of data on each unique prospect and create individual consumer profiles continues to grow – as does the risk of this data being breached.

Even though it was revealed that the AWS outage was caused by human error, it’s still crucial for us marketers take a step back, and try to understand what the consequences could have been for the community if it was a cyber attack.

What the AWS Outage Highlights About Keeping Customer Data Safe

According to reports, the AWS S3 system is used by 148,213 sites, and stores over 3-4 trillion pieces of data. When considering this magnitude, there’s no question that data traversing the cloud must be subject to the same level of scrutiny as its physical counterpart.

Even if this outage wasn’t the result of an attack, it still sheds light on what we stand to lose if cyber criminals focus their attention on taking down cloud services.  Just think of all the data your prospects and customers have entrusted to your marketing department!

In the era of digital marketing, where organizations develop detailed profiles of individual consumers based on multiple data sources, even one data breach can serve to considerably harm consumer trust – and ultimately impact a company’s operations and revenue.

According to research from Deloitte University Press, 59% of consumers state that the knowledge of a data breach at a company would negatively impact their likelihood of buying from that company. The report also states, “the more data a company collects – and the more sensitive that data – the greater the data’s appeal to malevolent hackers, and the greater the risk associated with data breaches.”

Related Article – What Will Cybersecurity Marketing Look Like In 2017?

Keeping Marketing Data Secure in the Cloud

 There’s no denying the appeal of cloud. Deploying technologies in dispersed and diverse environments in a quick, cost-effective way can prove beneficial for businesses across the board.

How can you ensure that your organization’s marketing data stays safe in the cloud? In terms of overall guidelines, make sure you adopt policies that are transparent, be cautious about collecting – and particularly sharing – data, reassure customers about steps you’re taking to keep their information safe, and most importantly – if there’s an attack, regain their trust.

Here are 5 key steps your marketing team should consider:

Step 1: Define Your Cloud

Work with your IT department to determine whether public, private, or hybrid cloud is best for your team. Traditionally, private cloud is considered the most secure. That isn’t to say that other options aren’t worth looking at; however, all options should be aligned with other security measures.

Step 2: Review SLAs and Plan Ahead

Create a plan to enable your marketing technologies while keeping data secure. This means reviewing the service level agreement (SLA) from your cloud provider and preparing for any gaps that may occur in the migration process and beyond.5_steps_

Step 3: Go Beyond Your Application View

Consider inside and outside threats that could take down your cloud technology. Are you using IoT devices? Are employees using single sign on? Are there potential unknown endpoints connecting to the cloud?

Step 4: Prepare for Worst-Case Scenarios

Prepare for attacks and outages. Always have a plan that your entire team is aware of in the case of an episode. This should outline failover plans and risk mitigation steps to follow.

Step 5: Devise a Crisis Communications Plan

It’s equally important to craft the marketing messaging that will need to be shared with your customer base if an attack does occur.

 Click to Tweet – Marketing is the Public Face of An Attack 

 When a new attack makes the news, it’s up to the marketing department to respond quickly with a message that instills confidence in your cyber security solution.

Customers will feel exposed and concerned about the collateral damage of downtime or malicious activity, and having any of your infrastructure in the cloud, public or private, introduces a whole new degree of vulnerability.

Organizations considering signature-based detection solutions need to know that providers using these techniques may be hosting their databases of code in the cloud.

Rather than give up on the value that consumer data can lend to targeted campaigns, marketers should foster brand trust by meeting consumer expectations about data security.

In the event that we encounter another prolonged outage, your security services won’t be available, leaving you and your organization vulnerable to more attacks.

That’s why it’s more important than ever that your marketing team is prepared for the worst – especially when migrating to the cloud.

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>New Call-to-action

 

 

THREE REASONS YOUR CYBER SECURITY CONTENT ISN’T DRIVING CONVERSIONS

1

 

You’ve heard about how important content marketing is. You’ve implemented several different marketing strategies by now but haven’t seen any significant results.

Now you’re starting to wonder, “What is the big deal about content, it doesn’t drive conversions at all!”

Don’t go there yet. Because content does drive conversions (and increase leads, and a whole lot of other valuable things) if you purpose it correctly.

Content is how you bring new leads to your site and attract an audience. After getting them to your site, good content helps you establish authority in your niche and set your business apart from others.

By building a consistent audience, you are increasing your potential for conversions and establishing a relationship with your customers.

And you must have an audience that trusts your brand if you hope to win conversions and get repeat customers.

You see, good content (along with a few other factors) is at the top of your sales funnel. It is the thing that allows you to attract and engage with new users.

There’s no denying that content is valuable.

So let’s look at three reasons your cybersecurity content isn’t driving conversions.

1. You Don’t Use Your Content to Solve Your Audience’s Problems

I would speculate that the reason your blog isn’t getting the attention it deserves is because it doesn’t cater to your audience’s needs.

As a cybersecurity company you may have content, but don’t use it to solve your audience’s problems. Instead, you talk about your services and products at every chance you get.

But as Zig Ziglar once said, “If you help enough people get what they want you eventually get what you want”.

Remember that people come to your site in hope to solve a problem they have. So stop writing about yourself.

2. You’re Lacking Call-To-Actions

The number one thing I tell clients about their content is that they lack call-to-actions (also known as CTAs).

This will be the death of your conversions.

Think about your landing page. Do you encourage people to take action? To schedule a consult or contact you?

How about in your blog posts?

4c479070c3a9c6cce9010981e3c818a3By the end of each post, you should have answered the question your potential customer had, established your business as knowledgeable, and set-up your readers to feel compelled to choose your company to solve their problem.

Like, “Of course I’ll hire this company, they answered my questions and are extremely knowledgeable!”… That type of thing.

So how do you do it?

By using a headline that gets people’s attention and lets readers know you’re about to answer their question, you have completed step one.

Of course, after that, you actually have to provide useful content. We can call that step two.

This means writing a mid-to-long length blog post that gives specific details and how-tos. When writing your content, be sure to avoid long paragraphs that are hard on the eyes.

You can have a good amount of content without it being daunting for people to read.

Break your content into sections to address specific points, use bullets whenever possible, and include graphics or visuals. This will help get your point across without being too wordy.

At the end of every blog, you should include a call-to-action button or section.

Something saying, “Click here to schedule your consultant today.” Or, “Click here to see how we can help your business!”

You should also include social media icons to encourage people to share your content (increasing your potential leads).

3. You’re Not Consistent

Customers need reliability before committing to a company. They need to see that you are invested in your business and are willing to put in the work.

It’s not enough to have a few stellar pieces of content.

You have to show customers that you are capable of more than just one good thought. That no matter what their issue is, you will have a fresh new idea to solve it.

If your blog only has a few posts on it scattered throughout a few months, you are not going to appear consistent to any potential customers.

You should have an editorial calendar which outlines what and when content is coming out, and it should be fairly often (at least once a week or so).

Consistent scheduling is crucial, especially if you have subscribers that are just sitting, waiting for your next piece to come out and wow them.
So don’t make them wait.

Because while they’re waiting for you, they might wander onto a competitors site and decide to work with them instead of you.

Consistency in tone and type of content is important as well. You should use the same language throughout your entire site.

So while you’re thinking about abandoning your content marketing efforts, pause for a second and consider if any of these reasons could be the cause of your lack-of-conversions.

Are you ready to take the plunge and start converting?

 

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action