STE WILLIAMS

Retailers, healthcare providers, and social media platforms may be the first organizations that come to mind regarding consumer data security. However, other organizations — including institutions of higher education — are also tasked with the responsibility of protecting their customers’ sensitive and valuable personal information from cybercriminals.  

Because increasing numbers of students opt for some level of distance learning, today’s institutions of higher education are collecting vast amounts of virtual data. And as in any industry, universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information. 

This is especially important for universities that serve primarily nontraditional students — for example, adults taking online classes. To improve validation of the student population, universities collect and store information ranging from physical addresses, email addresses, Social Security numbers, birth dates, and more. Protecting all of this data warrants a cybersecurity strategy that exceeds students’ expectations for a quality learning experience that extends further than typical security.

We have experienced protecting all of this data first hand at University of Phoenix. Last year, the university taught approximately 123,900 students, the majority of which were working adults who primarily took their classes online. These students may live states or even countries away and must trust their information with an institution they may have never physically seen or visited.

While the basic principles of security create the foundation for an efficient experience, protecting data can be the unseen — and often unnoticed — component of a satisfactory college experience. A conscientious balancing act comes into play when the quality that a student sees and experiences — namely, availability, and accessibility — are considered. Personally identifiable information (that is, information to identify and contact a student) must be accessible for the student to review and update at all times but simultaneously remain secure from unauthorized access and unintended use. Any information that identifies a person (for example, a photo, name, or email address) is considered sensitive data and should be handled as such.

This creates a delicate balance between accessibility and security. To reach this equilibrium, the network must be resilient and self-healing to provide availability to students where and when it is needed. When it comes to managing an online security infrastructure for an educational institution, here are six important cybersecurity components to keep in mind.

1. Create a Hierarchy When Logging Data
Security logging of systems, applications, and network devices is critical when investigating suspicious activity, from attacks to user activity. With tens or even hundreds of thousands of students enrolled in online courses at any given time, the number of logs that are generated at an online institution can become daunting. Based on the amount of security an organization has to have for its system, a balance must be struck between generating loads of logs and analyzing the most important data. It’s important to focus on the logs that are most likely to give you data and information that could reveal suspicious or fraudulent activity.

2. Establish a Risk Baseline for Network Monitoring
A risk baseline must be established so analysts can differentiate between normal and suspicious activity on the network. Establishing what is normal, ordinary, and healthy behavior on the network is crucial, making it easy to flag any excessive or exceptional behavior and quickly understand if there is a current threat of or an actual cyberattack.

3. Integrate Effective Identity Management Solutions
Identity management should provide a pleasant user experience while protecting sensitive student information. Identity management is a constant balance between security and convenience. An organization could have the most secure network in the world, but it will not be used if it is too difficult to access. The best solution is multifactor authentication, to prove a valid user by password, using a coded token, or through a fingerprint or an iris scan. The most secure systems require all three of these elements and accomplish the goal of establishing the user without making the process too onerous.

4. Involve Students in Communication and Training
A security awareness program must be well communicated to keep students informed about attacks targeting people (phishing, for example). This typically takes the form of an annual training program that users must complete so that organizations have a record and a confirmation of users understanding the security basics, including but not limited to phishing, passwords, etc. When users have accounts that are safe, the organization has fewer ways for hackers to enter its system.

5. Layer Your Defense for Optimal Protection
Defense should be in layers because no single solution can defend against everything. Each layer must be appropriate for the data and systems it’s protecting. Different kinds of cyberattacks need different solutions. Multiple layers of defense provide varied solutions. It also is important to communicate with the Community Emergency Response Team (CERT) and all security vendors. This will provide the most up-to-date information and alert professionals to bigger attacks that may be happening across the nation and worldwide.

6. Expect Failure — and Have a Backup
Systems sometimes fail, which requires a documented and tested incident-handling process to meet and exceed minimum recovery time objectives. It seems like common sense, but when systems fail, an organization needs to have a backup plan. For example, if a server goes down, there should be a plan in place to take care of users. This should include overall instructions, what information they are able to access, and the recovery time on fixing the system. In some cases, there may be a need to have secondary equipment available for use and alternate ways to access data servers.

Related Content:

• 7 Places Where Privacy and Security Collide
• Privacy Futures: Fed-up Consumers Take Their Data Back
• Cryptographic Erasure: Moving Beyond Hard Drive Destruction
• Cybersecurity at the Core

Jamie Smith is the Chief Information Officer for University of Phoenix. Smith holds a Bachelor of Arts in Business Administration from Iowa State University and has served as a board member for Junior Achievement and the Memphis IT Council.
Larry Schwarberg is the Chief … View Full Bio

Article source: https://www.darkreading.com/endpoint/privacy/6-best-practices-for-managing-an-online-educational-infrastructure/a/d-id/1333552?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Google is ramping up the G Suite with new security alerts designed to notify administrators of Gmail phishing attacks and intruders’ data exfiltration processes.

Only admins are affected by the G Suite changes, which also include a new alert deletion option and a link to audit logs for G Suite Business and Basic domains, Google explains in a blog post, according to the company. Phishing alerts will generate notifications for suspicious looking emails in Gmail inboxes; admins in G Suite Enterprise domains can investigate them and, if necessary, remove bulk messages.

The “data export initiated” alert comes in when a domain data export begins, and is designed to help notify admins of potentially malicious activity. Admins can also delete alerts as they are resolved or are no longer needed. Audit logs provide data on past user activity related to alerts.

Users need to be a super admin or alert center-delegated admin to use G Suite’s alert center, which serves as a single place for admins to view security-related notifications, alerts, and actions across G Suite. Admins can access the alert center by going to Admin console Menu Security Alert Center, and access the Help Center to learn more about the tool.

Read more details here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/google-g-suite-now-alerts-admins-to-data-exfiltration/d/d-id/1333627?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

More than 90% of people want manufacturers to step up their security practices, and 74% would pay more for a product with additional security built in, Microsoft reported today.

There will be 25 billion Internet of Things (IoT) devices connecting the world by 2021, Gartner research indicates, and two-thirds of them will be for consumers. To learn more about consumer demand for connected products, their demand for security, and who they consider responsible for security, Microsoft teamed up with Greenberg Strategy to poll 3,000+ people across the US, UK, and Germany.

They learned security is the top consideration among people shopping for an IoT device — and most buyers don’t think companies are doing enough to protect them. Researchers say this creates an opportunity for device manufacturers to gain a competitive edge with security.

“Consumers have become more aware that smart devices bring risks into their homes, although they are often confused on exactly what those risks are and how probable they are,” says Galen Hunt, distinguished engineer and managing director for Microsoft’s Azure Sphere.

Some of the bigger IoT attacks — for instance, the 2016 attacks on Dyn using Mirai — became public knowledge. People often see IoT security risks in the news, reading about baby monitors becoming spying devices and hackers controlling connected cars. Security attacks feel like an invasion of privacy they generally want to avoid when they buy devices.

Most people say they’re likely to shop for a smart device in the next year. A smart TV is highest on their list (41%), followed by home security camera (36%), home security system (32%), lighting (31%), thermostat (26%), and speakers (23%). Smart ovens came in last (18%). Connected devices are pervasive, Hunt points out, and they all bring a similar risk level.

“Each node, or device, is connected to the broader network, and any link that breaks creates vulnerability to the network as a whole,” he explains.

Security Comes Top of Mind
When asked what factors play into their shopping decisions, security came on top at 21%, followed by value for money (20%), ease of use (11%), trusted brand (9%), and ease of setup (7%). Ninety percent of consumers think any piece of smart tech can be hacked, according to the survey.

But what are consumers worried will happen? More than half (52%) are most concerned about a personal data breach, while 19% fear their physical safety will be at risk. Nine percent are worried about personal privacy, 8% about government spying, 8% about corporate data misuse, and 3% about botnets. Unfortunately, their fears don’t translate to smart security practices.

“People generally do want to take the right steps,” says Hunt, pointing to a campaign for AV software installation on consumer PCs about 20 years ago. People recognize the need to put AV on their computers; when they don’t, machines will start showing signs of infection. “In today’s threat landscape, IoT devices won’t show as many visible signs — no noticeable lethargy, no visible popups — that give consumers clues there may be something amiss,” he adds.

Users think about security in their day-to-day lives: They lock their doors (82%) and close their windows (72%) before leaving their homes. But device security leads to false assumptions and resignation as people are both confused and unaware of how to approach security, researchers say. Sure, 90% accurately say software updates help maintain device security, but 65% think they can improve device security by avoiding sensitive conversations around their smart products.

Because they’re unsure of device security, consumers want manufacturers to do better. Sixty-five percent wouldn’t buy a smart product that had been hit with a security breach, researchers found. Further, says Hunt, the attack landscape for smart devices is so complex, it would be impossible for customers to take any action that mitigates all the risks their devices bring.

“This is why we feel it is imperative that manufacturers assume responsibility by building highly secured devices from the beginning,” he adds. One of his greatest concerns is that today, security is an afterthought — a problem that device makers assume they can solve later. In truth, Hunt notes, no amount of bolt-on security will protect users from dogged adversaries.

He’s also concerned device manufacturers are confused about the level of security they need. Many security solutions are on the market, says Hunt, but not all security is built equally. There’s a big difference between secured devices and devices with a few security features. Thankfully, he says, companies are becoming aware of the risk security can bring to their brand. Companies that seize responsibility today will have an “incredible advantage” in the future.

Related Content:

• Security at the Speed of DevOps: Maturity, Orchestration, and Detection
• 6 Ways to Beat Back BEC Attacks
• Remote Code Execution Bugs Are Primary Focus of January Patch Tuesday
• Your Life Is the Attack Surface: The Risks of IoT

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/consumers-demand-security-from-smart-device-makers/d/d-id/1333621?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

When the 2018 midterm elections took place on November 6, the country held its collective breath waiting for news of a major election cyberattack. A few election-related hacking incidents occurred leading up to the midterms, including the recently revealed breach of the National Republican Congressional Committee, but things remained relatively quiet on Election Day.

Although Russia’s information operations continued, we didn’t see the kind of malicious cyber activity around voter registration databases or the hack-and-release of emails that occurred in 2016. Steps taken by election officials, political parties, and federal agencies are making it harder for adversaries to pull off those kinds of disruptions. But we should assume their tactics will change — and we must prepare for the next round. 

When it comes to election security, it’s easy to play into the FUD (fear, uncertainty, and doubt). But for all the talk around election security, the problem isn’t as bad as many people think — and it is getting better. One thing is for sure: We’re in better shape today than we were two years ago.

Growing Awareness Has Led to Progress
Most security researchers focus on the security of voting machines, but so much more comes into play and must be protected, including voter registration databases, the process of preparing and loading ballots into the machines, vote tabulation, and getting results to secretaries of state and the news outlets. Election infrastructure is much more complicated than just voting machines, and since 2016 government officials on both federal and state levels have taken strides to ensure the resilience of our elections against cyber threats. Communication has greatly improved between federal and state officials, improvements have been made to voting infrastructure, and election officials have received extensive training.

As awareness has grown, progress has been made — but there’s still more to be done. I was in charge of cyber and infrastructure security at the Department of Homeland Security (DHS) when we officially designated election infrastructure as critical infrastructure. There are many parallels between election systems and other forms of critical infrastructure, such as industrial systems. Just like with operational technology (OT) networks, the move to digitization has resulted in gaps in cybersecurity that must be addressed. I believe election officials can learn a lot from the advances made by industrial cybersecurity professionals to close those gaps and resolve vulnerabilities. For example:

• Improve communication between siloed groups. Information technology (IT) and OT groups within industrial organizations have historically operated in siloes; however, digitization has led to the convergence of IT and OT, which has created the need for close cooperation between previously siloed groups. The same is true for the groups involved in election security. Election officials can learn from industrial leaders by focusing on clarifying responsibilities, putting communication processes in place, and planning workshops to reconcile perspectives, resolve clashing cultural issues, and establish trust.
• Provide education. Cybersecurity education should be provided to all individuals involved in the election process on a regular, ongoing basis. Industrial cybersecurity leaders understand that the entire organization needs continuous education and often turn to widely used reference documents available from public cybersecurity organizations. For election officials and political candidates, cybersecurity playbooks developed by the Defending Digital Democracy project at Harvard’s Belfer Center, where I am on the advisory board, are great resources. In addition to furthering education, implementing and enforcing clear cybersecurity policies and procedures is vital.
• Safely integrate new technology with legacy systems. In the rush to digitize, industrial organizations have been challenged to integrate new technology with legacy systems. Election officials are faced with the same challenge and often struggle with understanding how to close cybersecurity gaps. Because it’s unrealistic to expect all legacy systems to be replaced, it will be important to implement cybersecurity technology that offers real-time monitoring, providing visibility into all systems across the environment.
• Put a comprehensive incident response plan in place. Assuming an adversary may overcome your defenses and ensuring that you can mitigate the consequences of an attack is an essential element of building resilience. Industrial leaders understand the importance of a comprehensive incident response plan that goes beyond just the computer network problems and addresses the operational impact. Creating an incident response plan that will allow a quick and safe response to identified threats is a must-have for election officials. The plan should have concrete guidelines and should clearly map out each individual’s role. As a group, election workers should do practice drills to ensure readiness should a significant cyberattack occur. And any plan must include public communication to shore up public confidence.

As a country, we learned a lot from the 2016 elections. Great effort has been put forth to ensure the integrity of our election systems, and as those efforts continue, election officials can learn a lot from other critical infrastructure organizations that have a head start in improving cybersecurity in the face of digitization. With heightened attention on this urgent need, I am optimistic that things will get better from here — in 2020, 2022, and into the future. Beyond election security, we must continue to improve critical infrastructure in all its forms — our way of life depends on it.  

Related Content:

• 8 Steps Toward Safer Elections
• The Best Way To Secure US Elections? Paper Ballots
• 4 Practical Measures to Improve Election Security Now
• The Votes Are In: Election Security Matters

Former Under Secretary for the National Protection and Programs Directorate (NPPD) at the US Department of Homeland Security (DHS), Ms. Spaulding has been addressing national security issues for more than 25 years. At the DHS, she managed a $3 billion budget and a workforce … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/election-security-isnt-as-bad-as-people-think-/a/d-id/1333579?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Security researchers are keen to link a recent outbreak of Ryuk ransomware to a specific attacker. Some have suggested North Korea, a decision some experts say could be rushed.

Last week a cyberattack caused print and delivery problems for newspapers owned by Tribune Publishing, including the Chicago Tribune and Baltimore Sun, as well as the Los Angeles Times. The issue affected the timeliness and, in some cases, the completeness of printed papers. At the time, people with knowledge of the incident said it appeared to be Ryuk ransomware.

Some parties, including Check Point Research, connected this particular Ryuk campaign and some of its inner workings to the Hermes ransomware – a form of malware commonly linked to the North Korean APT Lazarus Group. Unlike most ransomware, they say, Ryuk is only used for tailored attacks and its encryption scheme is purposefully built for small-scale operations.

But was North Korea behind the Tribune campaign? Not necessarily, McAfee Labs experts say.

To determine who may have launched the Ryuk campaign, some experts have looked at past research comparing Ryuk’s code with older Hermes ransomware. In October 2017, McAfee Labs investigated an attack on a Taiwanese bank in which actors used a ransomware outbreak to distract IT staff at the same time they were stealing money. The malware used was Hermes 2.1.

Back at the time of the bank attack, McAfee didn’t do much digging into the ransomware itself, says John Fokker, head of cyber investigations for McAfee Advanced Threat Research. When it was investigating North Korean attribution for the recent Ryuk campaign, they found an Aug. 2017 posting in an underground forum where a Russian-speaking actor was selling Hermes 2.1.

“It looks like a regular cybercrime kit you can buy and perhaps tweak to your liking,” he explains. “If we backtrack to the investigation, there’s a probability Lazarus bought this kit to use as a distraction.”

While most nation-state groups tend to build and use attacks they developed, as Lazarus typically does, it wouldn’t be out of the question for a group to purchase malware that would serve as a diversion. “It makes sense if you want to go for distractions, or want to create a false flag, you might go out and buy something,” Fokker adds, saying it’s a likely hypothesis.

Given Hermes 2.1 went on sale long before the bank heist in Oct. 2017, several people could have purchased and altered it, he continues. “We’ve shown that it’s for sale, anyone with skill and money could buy this,” says Fokker. “It opens to a wide variety of potential actors.”

McAfee Labs says Ryuk and Hermes 2.1 are generally equal. “There is a very high overlap,” he continues. “They’re almost identical.” If changing the name, and implementing a ransom note, are both part of the “fine tuning” process involved with editing Hermes 2.1 into a slightly different threat, then Ryuk is likely an edited version of it, researchers explain.

So Whodunnit?

McAfee Labs suggests the most likely hypothesis in the Ryuk case is that of a cybercriminal operation developed from a toolkit offered by a Russian-speaking actor. Evidence shows sample similarities over the past several months, which indicate a toolkit is being used. Researchers don’t currently know who is responsible, but Fokker points to some defining traits.

The author and seller of Hermes 2.1 advertises a kit, not a service, meaning whoever bought it would need to set up a distribution method and infrastructure to make it work, McAfee Labs researchers explain in a blog post. Fokker also predicts the attacker has a skill in targeting.

“They’re doing reconnaissance on the victim to find out if the victim is interesting and if they have money to pay up,” he says. “It’s less opportunistic, and more targeted. That shows to me a certain level of skill – not necessarily technical skill, but a skill that you can find your victim and select them.” If it’s not North Korea, it could also be a well-organized criminal group.

Fokker also points to general problems with attribution. It’s understandable experts want to attribute an attack, he says, but oftentimes the process for doing so is flawed – especially when it comes to linking incidents with state-sponsored actors.

“There is a strong movement toward the ‘who’,” he says. “Everyone wants to figure out who is responsible … but you often don’t have all the pieces to the puzzle.”

McAfee Labs’ approach is to analyze competing hypotheses, researchers say. An investigation involves several views, comparing different pieces of evidence to support each hypothesis, and also finding evidence that falsifies hypotheses. This method ensures the strongest hypothesis is not the one with the most verified evidence, but the one with the least falsifying evidence.

Related Content:

• 6 Ways to Anger Attackers on Your Network
• Web Vulnerabilities Up, IoT Flaws Down
• New ‘Crypto Dusting’ Attack Gives Cash, Takes Reputation
• Remote Code Execution Bugs Are Primary Focus of January Patch Tuesday

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/ryuk-ransomware-attribution-may-be-premature/d/d-id/1333628?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple