The enterprises should set right, the security philosophy instead of focusing on security solutions, products, softwares, etc. The technicality of security should not be primary. In many occasions, information security is taken as an afterthought, whereas it should be seen as a business and a board function and not a technical function. Security is a board function nowThe information security and cyber security should be integrated. It should be embedded right from conceptualising to the disposal stage, for e.g. zero trust is currently a widely discussed topic, says N. Raman, Group GM CISO, ONGC.Usually, on an ongoing basis, for e.g the operations department implements a solution for cost reduction or improving efficiency and then it is being brought to the IS department, as an afterthought for the sake of compliance. This is not the right approach. There is a mad rush for acquiring solutions to immediate challenges and then gaps remain, when compared to regulatory requirements, which is a big challenge, says Raman.The corporate ecosystem is growing up to the realisation about CISO being a board function and relatively more important than other corporate functions.

To listen to more views from N. Raman, Group GM CISO, ONGC, click on the below link.

Gaining New Insights into the Data Movement with Modern Network and Edge

Balancing growing digitisation and security requirementsONGC comes under the Critical Information Infrastructure (CII) category. Recently, requirements have come-in to integrate the operations technology (OT) with the internet. This is a major challenge as it amounts to security repercussions, says Raman. There is a demand from the government for growth in digitisation to ramp up business productivity, coupled with the onslaught of security regulations of unprecedented nature. Its imperative to balance the both, which is also a major challenge for government organisations. The benefits of cloud computing is driving government adoption of cloud in one of the many options that cloud is offered however it has its own share of security challenges too. The current staff is also ill equipped to handle the changing technology landscape. IS initiatives at ONGCThe oil major is setting up an information security operations centre (ISOC), which will be operationalised soon. Moreover, threat gathering is an area that is being done with the help of the Govt, and IS vendors. In case of breach incidents reported in the media, the remedial measures should not be taken on the basis of paper cuttings. One has to see the full picture and have a look at the hashes, IPs and domains, etc. Additionally, we are also getting feeds from National Critical Information Infrastructure Protection Centre (NCIIPC), CERT-in and MHA. Security feeds play a major role and provides insights about the global cyber threat scenario, says Raman. The processes are being put in place in this direction.ONGC is also in the process of laying out an initial set of baseline guidelines from the regulatory bodies for securing the OT systems. Initiatives on the people part of the people, process, technology triad are being taken. The endpoint security is of paramount importance and thus the VAPT tests will soon be exercised. In an already established process of simulating the exercise of sending phishing emails, the plan is to continue with the programme. The regulatory regime issues lengthy guidelines and regulations, which equally applies to the OT systems, thus the company is mulling on simplifying some specific guidelines on OT. Even, globally, the regulators have not come to a crystalline and conclusive regulatory approach. On the adoption of cloud computing, Raman says, it is more suited to the customer focussed industries, where demand elasticity is higher compared to the oil industry. Its also important that the skills of the employees are upgraded to matchup to manage the cloud system and we are in the process of getting skill certifications. Even the world over, our kind of organisations hasnt gone for cloud adoption because of lack of demand elasticity, concludes Raman.

N. Raman, Group GM CISO, ONGC was expressing his views during a vRoundtable organised by Express Computer partnering with Forcepoint

If you have an interesting article / experience / case study to share, please get in touch with us at [emailprotected]

Originally posted here:
Information Security: At the onset, set the philosophy and strategy right, says N. Raman, Group GM CISO, ONGC - Express Computer

The shipping industry is lagging behind other industrial sectors in the all-important field of cyber security. Ben Densham, Chief Technology Officer of Nettitude, the cyber security services provider of Lloyds Register, warns of a rising incidence in attacks, with ransomware and targeted cyber assaults both becoming more common.

As the pace of shippings digital transformation accelerates, the threat surface is expanding all the time, he warned. and the onset of the pandemic has coincided with a marked increase in malicious attacks. The combination of circumstances provides more opportunities for hackers and, as a result, all parties in maritime must exercise utmost vigilance.

As well as being directly impacted and disrupted by events such as ransomware, Densham noted that hackers who find their way into digital systems are targeting increasingly complex supply chains through sophisticated methods. He drew attention to the recent high-profile cyber-attack on SolarWinds, a US federal software contractor, widely thought to have been state-sponsored.

Hackers were able to plant malicious code in software which then lay dormant for a number of weeks before being triggered to attack government departments, federal agencies, many Fortune 500 companies and even the mighty Microsoft itself.

On taking over as US President on January 20, Joe Biden ordered an immediate investigation into the SolarWinds incident, the full extent of which is still not clear.

So far, shipping is not thought to have been affected by the SolarWinds attack but Densham pointed out that growing sophistication across the hacking community needs to be met with the utmost security diligence.

He and his colleagues, who also provide cyber security services in other key sectors including financial services, defence, government and healthcare, are concerned that attention to cyber safety in shipping and ports is simply not keeping pace.

Densham highlighted similar sectors including logistics and offshore. Both of these industries are on the leading edge of digital development, he said, and there are a lot of lessons around cyber security that can be learnt from these sectors.

In contrast, many shipping companies view digital defence as merely a compliance issue, rather than a constant and dynamic threat that needs to be managed.

Whilst the IMOs cyber initiatives are helpful, Densham explained why, on their own, they are not sufficient to meet the rapidly developing threat environment.

The IMO guidelines set the overall future direction for the industry. But cyber security needs to be dealt with at pace and with agility. Were talking here about highly motivated and mentally agile hackers set on causing cyber disruption, he said. It is a fast-moving scene which can change by the minute. We see this every day just ask one of our financial services clients and the backdrop is very different now, compared with 12 months ago..

When it comes to autonomous vessels, marine and offshore autonomous development is advancing, Densham stated. But there are both lessons to be learnt from other sectors such as autonomous vehicles and cyber security needs to be seen intrinsically and not as an afterthought or bolt on to a development programme.

Densham revealed that one of Nettitudes most sought-after services from clients are requests from companies seeking to test whether or not their cyber defence systems are sufficiently robust. This usually involves Nettitude specialists taking on the role of the threat actor, seeking to identify gaps in security systems or other weaknesses.

Some shipping companies, he said, already have teams of in-house Offensive Penetration Testers, sometimes known as hackers, employed specifically for this purpose thereby demonstrating the type of proactive approach that is necessary. However, for many, it is merely a compliance issue and another box to tick, he said.

Densham singled out cruise lines and navies as leaders in the maritime cyber security field.

Cruise liners are effectively floating cities, he commented. They need to be secure across many digital arenas, including personal data, health, finance, retail, inventory management, always-on internet services, ship operation, and so on.

Cruise lines dynamic approach sets a good example, Densham said. Being ready for an attack is key, not merely protected by yesterdays systems.

See original here:
Shipping needs to raise its cyber game. - Lloyd's Register

While the customers impacted by the recent SolarWinds Corp. cyberattack are rightly being described as victims, they are nonetheless facing significant costs stemming from the incident.

SolarWinds customers will need to determine whether any of their data was accessed or exfiltrated. Making that determination requires a digital forensics investigation, typically involving a third-party security vendor.

The forensics bill depends on factors such as the number and types of devices and systems on a network, the geographic distribution of the network, and whether the customer already had a contract with a security vendor to provide such services in the event of a security incident.

If investigators determine that certain categories of personal information of residents of U.S. states or certain foreign countries was accessed or exfiltrated from a SolarWinds customer, the victim will need to provide notices to affected individuals. It is considered a best practice to offer credit repair and monitoring services and call centers to assist affected individuals.

Depending on its contracts, the victim company also may be required to notify its business customers and vendors and to reimburse them for expenses they incur in investigating and mitigating the effects of the breach and providing notifications. It may also be required to indemnify them for third-party lawsuits and regulatory proceedings.

The victim company may also be required to notify regulators or state attorneys general. Such agencies may issue fines if their investigations find that the companys cybersecurity practices were not adequate or that the company did not notify within a required time frame. Additionally, the victim company may incur substantial costs in defending consumer, business partner, or shareholder derivative lawsuits.

Furthermore, after it has been determined that an adversary has accessed a network, there is a debate about whether any device on the network can be trusted and remain in use. Many IT security practitioners recommend fully rebuilding a network that has been breached by malware.

Once the security incident has occurred, there are limits to what a company can do to minimize its liability. It can work cooperatively with its business partners to reduce the likelihood that they will sue. But other costs, such as class action suits, regulatory fines, or legal fees are considerably less controllable.

Not surprisingly, the best time to address potential liability for a security incident is before it happens. All companies, regardless of whether they were victims of the SolarWinds breach, should consider taking the following proactive measures:

In fact, many statutes and regulatory frameworks, such as the New York SHIELD Act, the Massachusetts Standards for the Protection of Personal Information, the rules and guidelines issued under the federal Gramm-Leach-Bliley Act, and New Yorks Department of Financial Services Cybersecurity Regulation, require risk assessments, written security plans, and the use of reasonable cybersecurity measures.

Also, the California Consumer Privacy Act gives private litigants a right to sue if their personal information is exfiltrated as a result of a companys failure to use reasonable security measures.

What security measures are reasonable is heavily driven by the risk assessment. Recognized standards such as ISO 27001, the National Institutes of Standards and Technology Cybersecurity Framework, or the Center for Internet Security Critical Security Controls can be used to determine what is reasonable. Using an accredited outside vendor to certify compliance can help establish the proper diligence.

Common best practices include network segmentation, appropriate logging, use of intrusion detection systems, multi-factor authentication, use of current encryption standards in connection with data at rest and in transit, strong password requirements, use of password managers, regularly backing up data and testing the restoration of data, patching and vulnerability management, and regularly testing security controls and incident responses. Data retention policies also should not be overlooked , since data that a company has not retained cannot be the subject of a data breach.

Educating employees about risks and best practices is also important. Additionally, companies should foster close multi-stakeholder coordination and communication about security. Representatives from the security organization, legal, IT, procurement, and product or sales groups should be included in the discussions.

Companies have exposure to significant potential liability arising from the SolarWinds security incident and a short set of options for limiting that liability. The best time for a company to limit its liability for security incidents is before they happen.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Write for Us: Author Guidelines

Andrew Baer is chair of the Technology, Privacy & Data Security group at Cozen OConnor where he focuses his practice on cutting-edge technology transactions on both the buy-side and sell-side, cloud computing, data privacy, security compliance, software, and transactions in the digital advertising ecosystem.

Christopher Dodson is an attorney at Cozen OConnor, where he focuses his practice on privacy, technology, and regulatory law. He works extensively with clients on issues rated to compliance with the GDPR, CCPA, and privacy and data security laws.

See the rest here:
Victims of SolarWinds Cyberattack Face Investigation Costs, Liability Issues - Bloomberg Tax

A recently published report titled Global IT Security Spending Market 2020 by Company, Regions, Type and Application, Forecast to 2025 by MarketsandResearch.biz broadly analyzes the markets critical aspects such as the vendor landscape, market dynamics, and regional analysis. The report offers end to end industry from the definition, product specifications, and demand till forecast prospects. The report comes out as a compilation of key guidelines for players to secure a position of strength in the global market. The report states global IT Security Spending industry developmental factors, historical performance from 2015-2025. The segmental market view by types of products, applications, end-users, and top vendors is given. In addition, the production value growth rate, production growth rate, import and export, and key players of each regional market are provided.

Market Landscape Analysis:

The report provides comprehensive research that focuses on overall consumption structure, development trends, and sales of top countries in the global IT Security Spending market. The research study deeply analyzes the global IT Security Spending industry landscape and the prospects it is anticipated to create during the forecast period from 2020 to 2025. Key segments are studied about different factors such as consumption, market share, value, growth rate, and production. The report analyzes region-wise revenue and volume for the forecast period of 2015 to 2025.

DOWNLOAD FREE SAMPLE REPORT: https://www.marketsandresearch.biz/sample-request/132565

NOTE: Our report highlights the major issues and hazards that companies might come across due to the unprecedented outbreak of COVID-19.

Market competition by top manufacturers as follows: Check Point Software Technologies, Symantec, Fortinet, Cisco Systems, Palo Alto Networks, EMC, Akamai Technologies, McAfee, Juniper Networks, Trend Micro, Dell SonicWALL, IBM, Avast Software, Microsoft, F5 Networks, Citrix Systems, AVG Technologies, Imperva, Hewlett-Packard, Barracuda Networks, Panda Security, Trustwave Holdings, Radware, Sophos

Based on product types, this report focuses on the status and outlook for product types, consumption (sales), market share, and growth rate for types, including: , Internet Security, Endpoint Security, Wireless Security, Cloud Security

Based on application, this report focuses on the status and outlook for major applications/end users, consumption (sales), market share, and growth rate for each application, including: , Commercial, Industrial, Military and Denfense, Others

Global IT Security Spending market segment by regions, regional analysis covers: North America (United States, Canada and Mexico), Europe (Germany, France, UK, Russia and Italy), Asia-Pacific (China, Japan, Korea, India and Southeast Asia), South America (Brazil, Argentina, etc.), Middle East & Africa (Saudi Arabia, Egypt, Nigeria and South Africa)

The report delivers marketing type analysis, market supply chain analysis, international trade type analysis, and traders or distributors by region with their contact information. The description of the products comprises the various ex-factors, production & consumption rates, and other factors about the products. The global IT Security Spending market report additionally focuses on investigating product capacity, product price, profit streams, supply to demand ratio, production and market growth rate, and a projected growth forecast.

Guide For Report Investment:

ACCESS FULL REPORT: https://www.marketsandresearch.biz/report/132565/global-it-security-spending-market-2020-by-company-regions-type-and-application-forecast-to-2025

Moreover, the report minutely studies all such factors which are essential to be known by all major industry players operating into this market or new players planning to enter this global IT Security Spending market. The report examines the global IT Security Spending market breakdown and anticipates the market volume related to volume and value.

Customization of the Report:

This report can be customized to meet the clients requirements. Please connect with our sales team (sales@marketsandresearch.biz), who will ensure that you get a report that suits your needs. You can also get in touch with our executives on +1-201-465-4211 to share your research requirements.

Contact UsMark StoneHead of Business DevelopmentPhone: +1-201-465-4211Email: sales@marketsandresearch.bizWeb: http://www.marketsandresearch.biz

You May Check Also Other Reports

Global Refrigerated Display Cases Market 2020 Key Drivers and Restraints, Regional Outlook, End-User Applicants by 2025

Global Floor Grinding Machine Market 2020 Growth Drivers, Regional Outlook, Competitive Strategies and Forecast up to 2025

Global Aluminium Powder Market 2020 Segmented by Product, Application, Key Players and Regional Analysis to 2025

Global Security Door Market 2020 Industry Analysis, Key Drivers, Business Strategy, Opportunities and Forecast to 2025

Global Powered Surgical Instruments Market 2020 Strategic Market Growth, Key Manufacturers and Industry Demand Analysis to 2025

Read the original:
Global IT Security Spending Market with (Covid-19) Impact Analysis: Growth, Latest Trend Analysis and Forecast 2025 KSU | The Sentinel Newspaper -...

Report by A10 Networks says that Distributed Denial of Service (DDoS) attacks continuous growth became a significant cybersecurity threat and nuisance in 2020. The firms threat intelligence report says that DDoS attacks became more intense and sophisticated during the COVID-19 pandemic as organizations struggled to support the remote workforce during the work from home period.

The group says it observed over 200,000 compromised devices and analyzed their behavior and the exploits employed to hijack the gadgets.

The A10 research team observed attack agents controlled by botnet command and control (C2) through the deployments of honeypots and scanning DDoS attack amplification sources.

The researchers noted that DDoS attacks increased during the COVID-19 crisis as threat actors exploited the pandemic to execute large and small-sized attacks on various victims, including healthcare, education, and government.

Consequently, the research group witnessed an expanding attack landscape in 2020 caused by the COVID-19 pandemic. The report states that DDoS attacks continue to be the biggest nuisance during the COVID-19 pandemic and in the foreseeable future. Most notably, A10 Networks witnessed an increase in DDoS weaponry by 12% within the second half of 2020.

Rich Groves, Director of Security Research at A10 Networks says that the increase in the number of DDoS weapons and connected devices, the 5G network rollout, and the use of new exploits and malware by attackers, made it very easy for these IoT devices to be compromised.

5Gs improved internet connection speeds led to increased internet traffic, ultimately leading to an increase in the number of attacks.

A10 report also correlated with Amazon and Googles observations indicating that DDoS attacks peaked at 2.3 Gbps on amazon web services and 2.5 Gbps on Googles cloud platform. Akamai also blocked 809 million packets targeting the Akamai platform on June 21, 2020.

The high volume of online shopping occasioned by COVID-19 pandemic also led to increased DDoS attacks during the holiday shopping season.

The team discovered changes in the DDoS weapon choice used by threat actors during the DDoS attacks experienced during the COVID-19 pandemic. The previously-preferred DDoS weapon Portmap dropped in popularity to the third position during the second half of 2020.

Simple Services Discovery Protocol (SSDP) became the most preferred DDoS weapon used in 2,581,384 attacks, while SNMP (1,773,694) took the second position. ODNS Resolver (1,706,338) and TFPT (1,409,121) occupied the fourth and fifth positions respectively.

A10 researchers noted exponential growth in DDoS attacks from botnets located in India. Botnets are compute nodes including routers, IP cameras, servers and computers, IoT devices, etc., infected with malware and used to carry out DDoS attacks.

The report authors noted that botnets provide the ultimate flexibility to DDoS attackers as they can be sourced from different locations across the globe, depending on the attackers requirements.

A10 network researchers found 130,000 unique IP addresses exhibiting scanning behavior resembling that of the Mirai botnet in the first two weeks of Sept. 2020. The research tracked a total of 846,700 botnet agents during the period.

A leading Indian broadband provider was the single largest contributor of DDoS activity, according to the report. The broadband provider was associated with up to 200,000 unique sources of Mirai-like activity at the height of the campaign.

India hosted about a third (32%) of botnet agents, followed by Egypt hosting almost a quarter (24%) of hijacked devices. China (17%) emerged as the third source of DDoS botnets while Brazil (2%) and Taiwan (2%) tied at the fourth position. Top ASNs hosting botnet agents include Hathway India (26%), Telecom Egypt (24%), China Unicom (11%), China Telecom (4%), and MTNL India (3%).

The research notes that although DDoS attacks were globally distributed, they frequently originate from certain countries. The report also found that those countries hosted the majority of DDoS weapons. In determining the top sources of DDoS weaponry, the researchers analyzed the autonomous system number (ASN), a group of IP addresses under a single administrative operator. They observed that large numbers of weapons belonging to their users can remain connected to their network and play a role in attacking other systems.

China displaced the United States as the leading DDoS weaponry source, pushing it to the second position. The country hosts 2,000,313 DDoS weapons compared to the United States 1,900,812. South Korea (1,140,497) maintained its third position while a new entrant, Brazil (756,540), occupied the fourth position, pushing Russia (679,976) one step down to the fifth position. The remaining 7,291,999 DDoS weapons resided in other countries across the world.

Top organizations hosting DDoS weapons include China Telecom (767,898), Korea Telecom (703,639), China Unicom CN (665,053), Taiwanese Chungwha Telecom (286,973), and CANTV Venezuela (286,019).

The amplification of DDoS attacks involves sending small requests to the victims IP address, causing the servers to reply with large amplified responses.

DNS, NTP, SSDP, SNMP, and CLDAP UDP-based services are usually exploited during these types of attacks.

In the second half of 2020, A10 Network researchers observed more than 2.5 million unique systems exploiting SSDP services. In total, the researchers tracked more than 11.7 million amplification attacks.

For SSDP-based attacks, the top countries were South Korea with 436,165 unique sources, followed by China (320,828) and Venezuela (289,874).

The United States (557,280), China (291,717), and Russia (97,512) topped SNMP unique amplification sources.

The researchers advised organizations to carry out various security operations to rule out the possibility of compromise. A10 network researchers advised businesses to check their network traffic and drop connections they do not need.

A10 Networks said #DDoS attacks increased during the pandemic as #hackers exploited new tools, 5G networks, and the rising numbers of #connecteddevices. #cybersecurity #respectdataClick to Tweet

Updating IoT devices, employing DDoS baselining, artificial intelligence (AI) and machine learning (ML) techniques was also encouraged.

See the rest here:
DDoS Attacks Increased Rapidly During the COVID-19 Pandemic as Hackers Exploited New Tools and Techniques - CPO Magazine