We are taking part in the European Cyber Security Month!

What is the ECSM? Basically this is an initiative supported by the European Commission and many other organizations like BSI to raise awareness for cyber security in the industry as well as for citizens. During the whole month of October many IT security experts contribute with presentations, special offerings and campaigns to highlight the importance of digital safety and speak about threats and trends in IT security.

We also decided to share our knowledge in the area of securing the human factor against cyber attacks and will inform about attacks on digital identities including consequences of a successful hack and give some ideas for prevention.

Ever wondered what social engineering is or how phishing works and what´s actually behind these buzzwords? How do attackers manipulate users and trick them into sharing their credentials, “open a (digital) door” to the company network or make them assist in a fraud? We will give a basic intro to that and are looking forward to your participation!

Time: 9th of October at 11 am (CET), duration: 45 minutes

Registration: https://doubleclue.com/en/registration-ecsm/

(Of course it´s completely free)


#ECSM #security #cyberattack

Key learning from BSI´s basic IT protection day

When you´re into topics like ISMS, organizational risk mgt. or certifications check the free publications and detailed information from BSI here: https://www.bsi.bund.de/DE/Themen/ITGrundschutz/itgrundschutz_node.html

Here´s some important take home messages:

Your technical infrastructure might be outstandingly secure, though there are millions of new attacks every day so that at least a few might come through. Prevent breaches from phishing or other less elaborated attacks with a solid employee awareness (e.g. how to recognize malicious mails) and create a vivid risk management (e.g. create internal phishing attack simulations).

On the other side, specificly targeted attacks are comparably rare but extremely dangerous. Before starting the actual hack, criminals collect many specific information on different channels such as social media (always be aware of your company´s and employees´ web presence!) and use manipulative communication and spoofing to convince specific colleagues to “open the door” for them.

Make sure you set up an effective control of rights, access and authentication so at least you could retain some control on the damage or prevent it at all.

Conclusion: No matter how elaborated your tech-sec setup is – it´s just as strong as the people working in it.

MATA: Multi-platform targeted malware framework

Researchers have uncovered a series of attacks that use the advanced malware framework “MATA” against the operating systems Windows, Linux and MacOS. The framework has been used since spring 2018 and is attributed to the notorious North Korean APT group Lazarus. German companies are also affected by the attacks.

The framework itself gives its controllers the flexibility to target Windows, Linux and macOS, and consists of several components including loader, orchestrator and plugins.

As cyber crime continues to evolve, do not allow your companies’ IT security to become outdated.

IT Security

Security as a Service – MSSP

Security as a Service – MSSP

Since an incredible amount of companies makes good use of cloud services, we quickly need to rethink our existing security infrastructure.

By using cloud applications and remote access we “open up” our network to the whole wide internet world while older security tools often do not sufficiently account for the new online setup.

Modernizing the own IT Sec tool- and hardware-landscape seems to be the way to solve this, otherwise an organization could decide for a MSSP: A managed security service provider who manages your IT security from the outside.

Why “outsource” IT security?
Actually there are some good reasons for this (of course there also might be some against it but it should at least be considered). The difficulty to find and pay qualified IT Sec experts instead of having an experienced, external expert team who is always aware of the latest threats and trends would be one argument. Depending on the individual setup it´s also worth checking the cost effectiveness: MSSP´s could provide similar services running on the same security assets for different customers at one time, therefore achieving economies of scale.

Apart from the general decision we should ask ourselves which parts of IT Sec should remain within the company? What about IAM?

Healthcare institutions and governmental agencies say: No cloud!

In the last weeks we had some very interesting talks with healthcare institutions and governmental agencies: One very important learning: No cloud

It´s not a new topic that a move to the cloud comes with a lot of security issues. For organizations with critical data (e.g. hospitals or public agencies) there is no way of using cloud solutions from abroad. Everything needs to remain within the organization, nothing is transferred to external companies.

The main reason is quite simple: You can´t guarantee what is happening to your data as German / European data privacy laws do not apply. Also, you´re depending on the providers services and delivery – in case they are facing issues you will be in serious trouble.

In our opinion the usage of cloud technologies is quite useful and there are a lot of good reasons for it. Just remember to have a good security environment around it as you´re openly connected to the internet, meaning you could have some easy access opportunities for intruders!

Generate savings in IT Security!

Generate savings in IT sec – what´s happening in the market

Referring to IBM and Ponemon institute Cyber Resilience Report 2020, many organization are about to define an emergency plan in case of attacks (Cyber Security Incident Response Planning, CSIRP). You benefit a lot from a coordinated and structured procedure to localize, isolate and kill the intrusion while not forgetting about aspects like communication with stakeholders. In the end this invest pays off greatly as consequences without it would be devastating.

Looking at the results of the resilience report it could be recommendable to reduce the amount of tools you use: The less the better in terms of security.

Instead of inflating the infrastructure with a lot of different, sometimes interdependent and narrow solutions, companies could benefit from a focus on the most important ones. There also is a trend towards an identity centric security infra. Millions of attacks target the human factor, trying to steal digital identities for access to our digital values and assets.

Concluding, it seems that a focused IT security will in many cases be more effective then a very complex one where you could simply overlook suspicious activities.

What is your opinion about the trend to reduce the tool landscape?