RSA Blog - April 2016

  • 4/29/2016 - CEO Fraud: The New $2 Billion Phishing Scam Like most employees, you don’t think twice before opening an email from your CEO. Given the latest email scam making the rounds in the workplace, maybe you should.  Statistics show that the spear phishing scam known as “CEO Fraud” has already racked up more than $2 billion in losses and victimized 12,000 individuals globally. Losses...
  • 4/28/2016 - Measure your Readiness - Threat Intelligence Program In the first part of this series we talked about the journey to undertake building a security monitoring and incident response program based on five dimensions: analytics, governance, measurement, operational and organizational. The third main program, also considered a primary capability of an effective Security Operations Center, is the development of tactical, operational and strategic...
  • 4/27/2016 - Next-Generation Authentication: Addressing Changing Compute Paradigms To achieve optimal security in today’s rapidly evolving computing environment, companies are turning to sophisticated authentication mechanisms. Next-generation authentication is identity and access validation that adapts to protect assets against both static and continuously changing variables. This type of authentication needs to accommodate the following: The burgeoning of bring-your-own-device (BYOD) trends The growing reliance on...
  • 4/27/2016 - The Industrialization of Cybercrime: Driving Innovations in Security If you compare the world of cybercrime now to that of 10 years ago, there really is no comparison. Whether one measures its impact through estimated profits – which some estimate as now surpassing those of the profits for illegal drugs – or from the scale, scope, and sophistication of available “black hat” services and...
  • 4/26/2016 - Setting the Benchmark in the Network Security Forensics Industry “Setting the benchmark” – “Beating thirty other products in threat detection and response capabilities” – “Outstanding achievement in product leadership, technological innovation, customer service, and product development” – “Superior capabilities for best addressing customer needs” Wow! While we certainly don’t do what we do here for such accolades – we do it to help our...
  • 4/26/2016 - Risk Appetite Limbo The Financial Stability Board (FSB), an international body that monitors and makes recommendations about the global financial system, published “Principles for An Effective Risk Appetite Framework” in November 2013.  Regulations were finalized around these principles by some regulators including the Comptroller of the Currency in 2014.  Although the genesis is FI-related, there are a lot...
  • 4/26/2016 - Pervasive network visibility: driving the Federal security mission Reports over the last year about catastrophic cyber breaches to Federal IT systems have been so frequent that we have been somewhat numbed to them. We have come to an almost dazed acceptance that our adversaries will continue to access and obtain highly sensitive information – on Federal employees, their families, the public, our marketplace,...
  • 4/25/2016 - Reduce Fraud and Abandonment with a Risk-Based Approach to Online Sales Sooner or later every business with an online presence is plagued by shopping cart abandonment. Sometimes a consumer changes their mind, factors in the cost of shipping and decides it’s not worth it, or is simply distracted long enough so the transaction is never completed. Getting a consumer to follow through is not as easy,...
  • 4/23/2016 - Exceptional Access: An 'Exceptionally' Bad Idea We the people — citizens, residents, visitors — have fundamental needs and inalienable rights. To give these concepts any meaning, we need to be secure from our adversaries and free to communicate. As such, we’ve given the government a mission: the money, mandate, and framework to help keep us safe. This vital work is performed...
  • 4/21/2016 - Risk Intelligence Reveals Opportunity for Competitive Advantage Risk intelligence measures an organization’s understanding and implementation of risk management strategies, which are essential to gaining a competitive advantage in any industry. However, after indexing nearly 400 organizations, RSA concluded that less than 10 percent of companies have a risk management strategy that is mature enough to be considered “advantaged.” This signifies that 90...
  • 4/20/2016 - How to Manage Third-Party Risk Before, During, and After Signing a Service-Level Agreement One of the great things about events such as the Next-Generation Security Summit is the opportunity to network and share information with security leaders from multiple industries. In recent sessions, third-party risk has been a particularly hot topic. In the banking industry, this discussion is being driven in large part by the US Office of...
  • 4/20/2016 - Find Friends and Credit Cards on Facebook: The New Cybercrime Reality Social media attracts all kinds. These sites are used for catching up with friends on Facebook, instant news dissemination on Twitter, partisan political viewpoints expressed in online forums, real-time reach outs on Snapchat, professional networking on LinkedIn — and now, not surprisingly, they’re used as global havens for cybercrime. With the release of the second...
  • 4/19/2016 - Deciphering the Debate Over Encryption Today, I testified before the United States House of Representatives Energy and Commerce Subcommittee on Oversight and Investigations hearing entitled “Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives.”  While this is a complicated, nuanced issue, there are some key points that I feel very strongly help frame the discussion. I’ve recently covered these...
  • 4/18/2016 - How Breach Readiness Is Enhanced by Threat Intelligence Breach readiness is essential to limiting the impact of data breaches, regardless of industry or company size. Recent RSA research determined the current state of breach readiness and response at large organizations. The four critical areas considered in the survey were threat intelligence, content intelligence, analytic intelligence, and incident response. Organizations Are Moving Toward Proactive...
  • 4/18/2016 - Money Mules: The Critical Cash Out Service in the Fraud Supply Chain While we might associate a mule with the stubborn, four-legged animal, in the world of cybercrime, it has a much different connotation. Mules can come in the forms of both accounts or people and are critical parts of the fraud supply chain. You can have mule accounts which are used to move stolen funds, or...
  • 4/14/2016 - Good Insight from Gartner on How to Do SIEM Right: Part 1 In a recently released report from Gartner titled, SIEM Technology, Market and Vendor Assessment, (Gartner.com client access needed to get the full report), Gartner analysts Anton Chuvakin and Augusto Barros gave their latest take on the SIEM market, as well as provided eight specific recommendations for organizations that are looking to acquire a solution.  While...
  • 4/13/2016 - Appetite and Exercise In my last blog post, I posed the concept of Cyber Risk Appetite as something that all organizations need to consider today.  I used the analogy of a balanced diet of risk – taking some risks to keep the business growing while avoiding so much risk that the business becomes bloated.   The objective is to...
  • 4/12/2016 - Bring-Your-Own-Identity Gains Steam in Information Security Bring-your-own-identity (BYOI, or sometimes BYOID) is an emerging concept in Identity and Access Management. BYOI has become interesting because it presents a realistic solution to a pressing problem: the need for better federated identity management. The Theory BehindBring-Your-Own-Identity The BYOI security methodology, like bring-your-own-device (BYOD) before it, contributes more than identity to the InfoSec ecosystem...
  • 4/11/2016 - /əbˈskjʊə.rɪ.ti/ - we need more of it. You have no idea what I think we need more of? Congratulations, that’s exactly my point. If you haven’t already googled the phrase above let me help you: /əbˈskjʊə.rɪ.ti/ means “obscurity”. All I did was write it using the International Phonetic Alphabet. That wasn’t that hard to find out but it wasn’t my intention to...
  • 4/8/2016 - The Access Tug of War While contemplating the user access management struggle between easier access and more security my mind goes back to the Tastes Great / Less Filling Miller Lite commercials of my childhood. Miller Lite claimed to be the solution to both great tasting and less filling beer. In access management, users want easier to use applications with easier access....
  • 4/7/2016 - Managing Third-Party Security Risk Requires Regular Reassessments Even if your business partners’ security policies and processes were thoroughly reviewed at the beginning of your relationship, third-party security risk management requires regular reassessments to ensure the appropriate levels of security, privacy, compliance, and resiliency are being maintained. How Often to Reassess Security Risk Experts agree that signing a business agreement is not the...
  • 4/7/2016 - Reversing the Drift into Failure In his January 2016  Cryptogram newsletter, Bruce Schneier reprinted an essay on “normalization of deviance”: the process of divergence from defined policies and procedures into increasingly risky practices. Explored in detail by Dr. Diane Vaughan, as well as by other researchers and practitioners seeking to explain catastrophic failure events, it bears great relevance on cyber...
  • 4/6/2016 - How Hungry is your Organization? As someone that tries to watch my diet, I know how hard it is to deal with your own appetite. Several things that are my weakness – fresh bread, cold beer, pizza, the list goes on – are definitely not the best elements for a balanced diet.  Most of the time I am able to deal...
  • 4/5/2016 - Continuous Monitoring: Not Quite Constant, But a Bit Automated Visibility is a key security element in every network environment. Without it, IT teams would be flying blind, only able to react as their vulnerabilities are exploited. Fortunately, monitoring solutions give organizations the ability to remain proactive in their security efforts. Through a combination of constant, automated, and continuous monitoring, they can maintain an ever-watchful...
  • 4/5/2016 - Defend the Kingdom - My Final Thoughts Episode #6 of Defend the Kingdom, “Ghost in the Machine”, brings to close the dramatic battle between good and evil in both Marty’s imagination and his daily work as a security “hunter”.   The episode reveals a highly skilled, persistent, maniacal adversary bent on the Kingdom’s ultimate destruction.  In Marty’s alter-universe, he sees this as an...
  • 4/4/2016 - Credential Sharking: A New Fraud Comes to Town Over the past couple of years, I’ve worked on many projects which have been focused on helping companies ‘turn the lights on’ as to what is happening on their website – the good, the bad and everything in-between. One of the most unusual cases I’ve seen involved a payday lender and a mass disclosure of online...
  • 4/1/2016 - An Update on Terracotta VPN An update on the Chinese VPN service Terracotta, research reported by RSA in August 2015. Linked to APT threat groups Deep_Panda / Shell Crew
  • 4/1/2016 - Internet Voting...What Could Possibly Go Wrong? Cybersecurity experts are known for their tough and varied opinions: Put six different experts in a room and you’ll wind up with 10 different opinions, the old saw goes. With the US 2016 election cycle in full swing, internet voting is once again back in the news, this time in Utah as the state’s Republican...