The surge in popularity of Bitcoin and other cryptocurrencies has a dark underbelly. It is spurring the growth of a vast cybercrime industry rife with numerous scams. Cunning wrongdoers are preying on unsuspecting Internet users, hoping to trick them into losing their Bitcoins. In this article, I will shed light on the most common cryptocurrency-related scams, providing tips on staying safe when using crypto.

Ponzi schemes

Some websites may entice you with irresistible crypto offers that seem too good to be true. They promise to multiply your Bitcoin holdings in a short span, like doubling them overnight. However, this is often a classic sign of a Ponzi scheme. Once you part with your Bitcoin, the chances of even recovering your original amount are slim to none.

Protection:

• Be suspicious of any investment that promises guaranteed returns. Investments always come with risk, and anyone promising a sure profit is likely not being honest.
• Legitimate investments make money through a clear business model. If you cannot understand how an investment makes money, that is a red flag.
• Ponzi schemes are highly dependent on recruiting new members. If you are pressured to bring in more people to make money, it might be a Ponzi scheme. These websites often incorporate referral programs enabling members to earn money by bringing in new customers. If you spot a referral link in URLs, it should raise a red flag. These referral links typically look something like this: superwebsite.com/?ref=9472.
• Before investing, check with your country’s financial regulators to see if the company is registered and if any complaints or actions have been taken against it.
• Do not invest more than you can afford to lose.

Cloud mining

Cloud mining is a cryptocurrency mining process that utilizes a remote data center with shared processing power. In essence, cloud mining providers rent out their mining hardware and their computational abilities to clients, who can then mine cryptocurrencies without having to purchase and maintain expensive mining equipment.

While the concept itself is excellent and entirely legitimate, fraudsters often launch deceptive schemes. They entice potential investors with lofty promises, only to deliver significantly lower returns than promised if any at all.

Protection:

• Ensure the website provides clear and transparent information about which mining pool is used and who manages it. This also includes information about their mining facilities, the types of hardware they use, and their mining capacity.
• Check contract details. In a legitimate cloud mining contract, details like the cost of the contract, the amount of processing power you will receive, and other terms should be clearly stated. If these details are not precise, be cautious.
• Seek advice from an independent cloud mining advisor or someone knowledgeable about cryptocurrency mining.

Bogus crypto exchanges

Beware of advertisements promising to sell Bitcoins at bargain prices or with minimal transaction fees. These could be a bait to draw you to a fraudulent cryptocurrency exchange website. Another telltale sign of a scam is the PayPal to BTC exchange ruse.

Websites running this scam typically present you with a form asking for your PayPal email and the amount you wish to spend. Following this, a QR code is generated to authenticate the transaction. But, alas, the promised Bitcoins never arrive, and you are left with a compromised PayPal account instead.

Protection:

• Before using any Bitcoin exchange, do your research. Read reviews from reputable sources and seek opinions from experienced users. You can also check the exchange’s website for information about the company, including how long it has been operating, its physical address, and the names of its team members.
• Many countries require crypto exchanges to be registered and comply with specific regulations. Check if the exchange is compliant with these regulations in your country.
• Be careful not to click on any suspicious links that might be trying to lead you to a fake exchange. Always double-check the URL of the exchange before logging in.

Fake wallets

Identifying deceptive Bitcoin wallets can be a bit trickier, as the main purpose of a wallet is to hold crypto, not to trade it or execute BTC smart contracts. This means that these scams are not usually about immediate financial gain. While they may ultimately pilfer your assets, these rogue wallets often first aim to snatch sensitive data.

Protection:

• Always download wallet software from the official website or a reputable app store. Rogue wallets often disguise themselves as the real thing, but they can only be found in unofficial or unregulated app stores.
• Enable MFA for added security. This requires you to provide two forms of identification, usually a password and a verification code.
• If you are dealing with large amounts of cryptocurrency, consider using a hardware wallet. These are physical devices that store your cryptocurrency offline.
• Ensure your device and any applications you use are kept up to date. This includes the wallet software, your device’s operating system, and any security software.
• If the Bitcoin wallet comes as a downloadable application, it is a good idea to scrutinize it for any potentially harmful code first. Websites such as VirusTotal can be quite useful, as they scan software binaries for recognized threats using multiple antivirus programs at once. If the wallet is open-source, you can check its code on platforms like GitHub. While this may require some technical knowledge, it can provide insight into the wallet’s security and functionality.
• Many crypto wallets provide a way to back up your wallet, often in the form of a seed phrase. You can use this phrase to recover your funds if you lose access to your wallet. Keep this phrase safe and secure.

Good old phishing

Phishing, arguably the most common scam in the digital realm, aims to trick users into visiting a deceptive website masquerading as a well-known and trustworthy service. The malicious email could seemingly come from a cryptocurrency exchange or wallet service you currently use. Cybercriminals typically gather your personal details from numerous past data breaches to use in their phishing emails.

Scammers might also employ online advertisements or dubious SEO tactics to lead you to a counterfeit Bitcoin exchange or wallet when you search for terms like “Buy Bitcoin,” or “Bitcoin exchange,” or “Buy Crypto.” These trapped sites often appear among the top search results.

Protection:

• As a rule of thumb, avoid clicking on links within emails. A deceptive link might appear authentic at first glance, but it uses multiple redirection steps to ultimately land you on a hacker-controlled site. To avoid this risk, directly type URLs into your browser or use your bookmarked links.
• Also, be sure to treat every email attachment with caution. Hackers often use attachments as a means to distribute malicious software.
• Be suspicious of unsolicited communications. When in doubt, check the email address or phone number and get in touch with the company using the contact details provided on their legitimate website.

On-the-spot crypto trading hazards

As Bitcoin theft reaches beyond the digital sphere, new laws and regulations controlling cryptocurrency trading are emerging globally. In some areas, these changes pose challenges to conventional online buying and selling of Bitcoins. This has spurred a shift in the Bitcoin economy, with traders turning to in-person meetings for transactions.

There have been several incidents highlighting the potential dangers of in-person Bitcoin exchanges. For instance, in India, an entrepreneur fell victim to a robbery while attempting to purchase BTC at an appealingly low price. He arranged a meeting with the alleged sellers at a shopping center, only to be ambushed by them and lose the $50,000 he had brought for the transaction.

Protection:

• Avoid in-person meetings with strangers for Bitcoin exchanges, especially if you are carrying large amounts of money.
• If in need, conduct transactions in public places like coffee shops or shopping centers. These locations are generally safe as they are often crowded and have surveillance cameras. Inform others of your whereabouts.
• If possible, bring a friend along with you.
• Use reliable peer-to-peer platforms with features like blind escrow.
• Utilize the platform’s reputation and feedback systems to select trustworthy traders and thoroughly clarify all trading specifics using encrypted chat before proceeding with any transactions.
• Ensure the other party shows you the agreed sum of money first before you send any coins.
• Trust your instincts; if something does not feel right, walk away. It is better to miss out on a trade than to risk your safety.

Pump-and-Dump schemes

Crypto “pump-and-dump” schemes are a type of manipulation where the price of a cryptocurrency is artificially inflated (pumped) through coordinated buying or spreading of misleading positive news. Once the price has significantly increased, the manipulators sell off their holdings (dump), leading to a rapid price drop. This can result in substantial profits for the scammers but causes significant losses for those who bought in during the pump. These schemes are illegal in many jurisdictions due to their fraudulent nature. However, cryptocurrencies’ decentralized and global nature can make them difficult to prevent.

Protection:

• Do not rush into investments based on hype or pressure. “Fear of Missing Out” can lead you to rash decisions.
• Spread your investments across different assets. This can reduce the impact of a bad investment.
• Be skeptical of “Get Rich Quick” promises. If it sounds too good to be true, it probably is.
• Set Stop-Loss Orders. This will limit potential losses if the price of a cryptocurrency suddenly crashes.

Fake airdrops

Fake airdrops are a common type of cryptocurrency scam where fraudsters promise free coins in an attempt to lure unsuspecting victims. These scams require participants to provide sensitive information like private keys or personal data or make a small payment to “unlock” their supposed reward. However, after fulfilling the conditions, victims receive nothing in return. By creating an illusion of a free giveaway, scammers prey on the desire for easy profits.

Protection:

• Always confirm the airdrop is from a legitimate and reputable company. Check their official website and social media channels for announcements.
• Legitimate airdrops will never ask for your private keys. Your private key is your most sensitive piece of information. Never share it with anyone.
• Be cautious if an airdrop asks for excessive personal information. Although you might need to provide some data, consider any unreasonable requests as potential red flags.
• It is likely a scam if an airdrop requires you to send cryptocurrency to receive tokens. Legitimate airdrops do not require a purchase.

Cryptojacking

Cryptojacking is a form of cybercrime where hackers covertly use other people’s computing resources to mine cryptocurrencies. This is often done by infecting a website or an individual’s computer with malicious code. Once the unsuspecting victim visits the compromised website or installs the infected software, their computer’s processing power is harnessed to mine crypto without their knowledge. This can lead to degraded system performance, increased power consumption, and hardware wear and tear. It is a stealthy and unethical way for hackers to profit at the expense of others’ resources and can pose significant cybersecurity risks.

Protection:

• Use reliable and powerful antivirus software that includes features to detect and block cryptojacking scripts.
• Install browser extensions that can help prevent cryptojacking scripts from running in your browser.
• Regularly monitor your system’s performance. Unusually high CPU usage might indicate a cryptojacking attack.
• Regularly update your operating system and all software, including browsers, as updates often include security patches.

Conclusion

Despite the initial hype surrounding cryptocurrencies subsiding, the industry continues to grow with the emergence of new projects. Cryptocurrencies are here to stay and will remain a part of our lives. However, as a relatively new form of currency, the crypto sphere will always attract new scammers. By being aware of popular scams and following the recommended protection measures, you can reduce the potential risks involved in trading cryptocurrencies.

The post A Guide to Identifying and Avoiding Top Crypto Scams appeared first on ReadWrite.

The internet can be a valuable source of knowledge, education, and amusement for kids. At the same time, it can come with its own problems, such as inappropriate material, cyberbullying, and online harassment.

Some websites can be hazardous for children because they may be created to mislead them into giving away personal details or initiating malware downloads.  Additionally, children may be exposed to cyberbullying or some other digital abuse.

Mobile apps may also be dangerous for children. For example, some apps offer anonymous messaging, allowing predators to contact kids easily. Other apps may have lax privacy controls, which could put children at risk of having their personal information shared without their consent. Still, other apps may be designed for adults but are attractive to children and may expose them to inappropriate content or adult themes.

As a parent, it is crucial to protect your kids from these potential dangers and help them stay safe online. In this article, I will provide tips and advice for keeping your children safe while using the internet.

1. Set online behavior rules and enforce them consistently

The first and most important step is to set clear rules. This might include rules about how much time children can spend online, the types of websites they can visit, and the types of personal information they are allowed to share. It is vital to make sure your kids understand the consequences of breaking these rules. You should always follow through with those consequences if necessary.

To enforce these rules, it can be helpful to establish a routine for your child’s internet use. This might involve setting specific times of day when they are allowed to go online and monitoring their activity to ensure they follow the rules. Always reward children for doing things right.

2. Encourage open and honest communication

• Ask your children about their online activities and interests and listen to what they have to say without judging or lecturing.
• Be available and approachable. Children should know that they can come to you at any time and speak openly about their online experiences. If your children come to you with a question or concern, take it seriously and help them find the information or support they need.
• Be a good role model. Show your children that you value open and honest communication by being open and honest with them yourself.

It is also essential to continue having regular conversations with your children about internet safety as they grow and their online habits and interests change.

3. Educate your children about internet safety

• Talk to your kids regularly about the potential risks of using the internet, such as cyberbullying, exposure to inappropriate content, and meeting strangers online.
• Explain the importance of protecting personal information, including name, phone number, address, and other identifying information.
• Explain to children that once something is posted online, it can be difficult or impossible to remove it completely.
• Remind them that online behavior can have real-life consequences and that they should always be respectful and considerate of others when posting online.
• Encourage your children to use privacy settings on their social media accounts and other online services to control who can see their posts and personal information.

When buying a new laptop or phone, explain how to use it securely. By educating your children, you help them make responsible decisions when it comes to their online activity.

4. Teach your kids to be skeptical of messages and content they receive online

Explain to your children that not everything they see online is true. People can easily create fake accounts, websites, and content. Encourage them to think critically about the information they get online. Ask them questions to help them evaluate the information they are seeing, such as:

• Who is the source of this information?
• Is there any evidence to support it?
• Are there any reasons why the information might be false or misleading?

Encourage them to speak up if kids receive a message or see content that makes them uncomfortable.

5. Help your children understand the potential consequences of cyberbullying

Explain to your children what cyberbullying is and why it is wrong. Children should always speak up if they or someone they know are being bullied. Help them understand the importance of being an upstander, not a bystander.

Cyberbullying can have severe consequences for both the victim and the person doing the bullying. For example, the victim may experience anxiety, depression, or other mental health issues, and the person doing the bullying may face legal consequences, such as criminal charges or civil lawsuits.

6. Monitor your kids’ online activity

Parents should watch their children when they use the computer or phone. It is important to occasionally check in with them and see what they are watching or typing, and consider their mood and reaction.

For example, when making dinner for my youngest son, I let him play games for 45 minutes, but I observe his internet activity from the kitchen. Even though most games are harmless, they can still cause anger and frustration. This is not shoulder surfing but taking proper precautions.

It is good to occasionally check the browsing history on children’s devices to see which websites they have visited. You can also monitor your kids’ social media accounts to see what they are posting and who they are interacting with. It is also good to review all installed apps.

Many parents do not know what their children are doing online. By monitoring your kids’ online activity, you can stay informed about what they are doing and take steps to keep them safe.

7. Use privacy settings

Use the “Privacy” settings in social media accounts to control who can see your kids’ posts, who can see their profile information, and who can send them friend requests. You can also block specific people. As mentioned above, you should educate your children about the importance of privacy settings and encourage kids to use them themselves.

8. Consider using parental control software

Parental control apps allow parents to set internet usage limits, block access to inappropriate websites and apps, and monitor kids’ online activity in real-time. By configuring the settings properly (celltrackingapps dotcom; parental controls), you can protect your child from plenty of potential risks.

Research different parental control software to find one that meets your needs. Look for an app that offers the features you need. Most solutions require you to install the app on your child’s device in order to monitor their activity.

As your children grow, you may need to adjust the settings on the parental control app to continue protecting them effectively. Be sure to review the app settings regularly.

9. Stay up to date on the latest trends and platforms to understand the digital landscape your child is navigating

• Read articles and blogs about internet safety and parenting.
• Consider attending workshops and seminars on internet safety. Many organizations and schools offer such events.
• Reach out to other parents and experts in the field of internet safety and parenting to learn more about the latest trends and platforms in the digital landscape. They can provide valuable insights and advice based on their experiences and expertise.

Conclusion

Keeping children safe while they are using the internet is an important responsibility. By setting online behavior rules, monitoring your kids’ online activity, educating them about internet safety, and taking advantage of parental control apps, you protect your children from many risks and ensure they have a positive and safe experience.

Stay involved in your children’s online activities and continue to have open and honest conversations to help them make responsible decisions while using the internet.

Featured Image Credit: Jessica Lewis; Pexels; Thank you!

The post 9 Expert Tips for Keeping Children Safe Online appeared first on ReadWrite.

Telework is a long-running trend in the business world, and it has reached unprecedented heights because of the Coronavirus emergency. As a result, numerous companies have been forced to plunge headlong into implementing the remote work model, and predictably enough, this process is not always smooth.

One of the issues is that employees’ security is often sacrificed so that organizations can continue to operate as they did before the crisis. Unfortunately, this fact could not possibly stay beyond the cybercriminals’ spotlight.

As a result, malicious actors have focused on finding loopholes in the popular tools used for teleworking, such as conferencing software and Virtual Private Network solutions.

Malicious actors aim to snoop on sensitive communication or plague enterprise networks with spyware or ransomware. To further boost these efforts, they are also adjusting the themes of phishing attacks to employees’ fears and pain points arising out of infodemic and terrifying news like those coming from the fronts of the Russian-Ukrainian war.

Here is a roundup of cybercrime methods zeroing in on the remote work model and practical techniques for companies to steer clear of these attacks.

VPN security needs an overhaul

While working out of the office, employees should maintain a stable and secure connection with the company’s computer networks. VPN is a vital tool that bridges the gap between workers and hacker-proof online communication.

Unfortunately, with teleworkers increasingly relying on these tools to perform their duties, cybercriminals are busy exploring them for vulnerabilities.

Numerous security reports signal the escalating threat of VPN exploitation. Therefore, it is crucial to harden the security of the remote work model and implement VPNs wisely these days. Here are the significant risks in this regard:

• Since VPN is one of the foundations of secure telework, hackers have ramped up their efforts to discover and exploit new weaknesses in these solutions.
• Businesses use VPNs 24/7, so it can be problematic for them to keep up with all the updates that deliver the latest security patches and bug fixes.
• Threat actors may increasingly execute spear phishing attacks (malwarefox dotcom spear phishing) that dupe teleworkers into giving away their authentication details.
• Organizations that do not require their personnel to use multi-factor authentication for remote connections are more susceptible to phishing raids.
• Trying to save money, some admins configure their systems to support a limited number of simultaneous VPN connections. As a result, information security teams may fail to perform their tasks when VPN services are unavailable due to network-wide congestion.

Essentially, adopting telework that relies on VPN technology leads to the fact that the average company’s security architecture often has a single point of failure. A malefactor who succeeds in hacking VPN connections can get an unnervingly broad scope of access to the target’s data assets.

Here is some extra food for thought. Some time ago, CISA alerted businesses to the massive exploitation of a nasty flaw in Pulse Secure VPN. This bug could launch remote code execution attacks targeting enterprise networks.

One of the reported incursion vectors involving this vulnerability was related to the distribution of the Sodinokibi ransomware virus, a strain that specifically homes in on corporate networks.

If the appropriate patch was not applied, this imperfection allowed malefactors to turn off MFA and access network logs that keep the cache of user credentials in plaintext.

In response to the looming menace, security experts recommend organizations focus on upping their VPN security practices to prevent the worst-case scenario.

Here are a few tips to help a company from being a moving target:

• First, keep VPN tools and network infrastructure devices up to date. This recommendation also holds true for devices (company-issued or personal) that the employees use to connect to corporate resources remotely. Correct updates and patch management ensure the most current security configuration is in place.
• Let your teams know about the expected rise in phishing attacks so that they exercise more caution with suspicious emails.
• Ensure the cyber security team is prepared to tackle remote access exploitation scenarios through breach detection, log analysis, and incident response.
• Use multi-factor authentication for all VPN connections. If, for some reason, this rule cannot be put into practice, ascertain that your staff members are using strong passwords to log in.
• Inspect the corporate VPN services for capacity restrictions. Then, choose a reliable hosting service that can help leverage bandwidth limiting and ensure secure connections continuity when needed the most.
• An additional precaution is to test the functionality of the VPN kill switch. This feature automatically terminates all web traffic if the secure connection is interrupted. This way, you can rest assured that the data doesn’t travel via the public Internet in an unencrypted form.

Conferencing software is low-hanging fruit.

Similarly to virtual private networks, tools that enable virtual meetings have recently extended their reach significantly. It comes as no surprise that cyber crooks have stepped up their repertoire in terms of discovering and exploiting weaknesses in popular conferencing products.

The consequences of such a hack can be devastating because it paves the way for eavesdropping on a large scale.

The U.S. National Institute of Standards and Technology (NIST) highlighted the risks stemming from the abuse of virtual meeting tools. According to the agency, although most of these solutions come with basic security mechanisms, these features may not be enough to fend off privacy encroachment.

Here is a roundup of recommendations in this context to stop hackers in their tracks:

• Adhere to your company’s policies and guidelines addressing the security of virtual meetings.
• Avoid reusing access codes for web meetings. If you share them with plenty of people, chances are that confidential data is leaked beyond the intended number of individuals.
• If you plan to discuss a highly confidential subject, consider using one-time PINs or unique meeting identifier codes.
• Make the most of the “waiting room” function that prevents a virtual meeting from starting until the conference host joins.
• Tweak the settings, so the app triggers notifications when new people join the web meeting. If this option is missing, the host must request that all participants name themselves.
• Leverage dashboard controls to keep abreast of the attendees during the conference.
• Refrain from recording the virtual meeting. If you really need to do it for future reference, be sure to encrypt the file and specify a passphrase to decrypt it.
• Minimize or ban the use of employee-owned devices for video conferencing.

Keep in mind that hackers are not the only ones who may wish to snoop on virtual meetings. Disgruntled employees or fired employees who still have access to the company’s digital infrastructure may also be lured to get hold of your proprietary data.

The bottom line

The global increase in remote work is a natural part of the business evolution. It is also an emergency response to new factors like COVID-19. But sadly, the “rough” implementation of telework in many organizations has become the weakest link in their security.

In addition to thwarting the above risks related to VPN tools and virtual meetings, organizations should rethink and bolster their anti-phishing practices to dodge scams that rely on trendy news topics. Your personnel should be skeptical about suspicious messages and think twice before clicking on any links in them.

Remote work security is now more critical than ever before. This needs to change if it is not your organization’s top priority.

Featured Image Credit: Photo by Thirdman; Pexels; Thank you!

The post Cybersecurity Focus: How to Make Remote Work Safer appeared first on ReadWrite.

To manage vulnerabilities in your company effectively, it is worth going through several preparatory stages. It is necessary first to assess the IT infrastructure and current information security processes, identify the most dangerous types of vulnerabilities, determine the areas of responsibility of personnel, etc. Let’s figure out what questions you need to answer before implementing a vulnerability management program in an organization.

Software vulnerabilities, configuration errors, and unrecorded IT assets exist in any organization. Some of these issues are more dangerous from the point of view of information security, and some are less. But in any case, they open the way for attackers to the company’s internal infrastructure. You can reduce the number of potential and existing cybersecurity threats by building a vulnerability management program. This is a process that consists of several important steps:

• Regular infrastructure inventory
• Vulnerability scanning
• Processing of scan results
• Eliminating vulnerabilities
• Controlling the implementation of the above tasks

As mentioned above, you cannot start a vulnerability management program “in a snap.” First, you need to do the “homework”: evaluate the information security infrastructure and processes that exist, understand how well the staff is trained, and choose a scanning tool and method. Otherwise, vulnerability management and vulnerabilities will exist separately from each other.

Assessment of information security processes in the company

The first step to effective vulnerability management is an assessment of business and information security processes. The organization can do this on its own or engage an external auditor.

When evaluating information security processes, it is worth answering the following questions:

• Is there a process of centralized control of all IT assets of the company, and how effective is it?
• Is there currently an established practice of finding and fixing software vulnerabilities? How regular and effective is it?
• Is the vulnerability control process described in the internal information security documentation, and is everyone familiar with these documents?

Suppose the answers to these questions do not correspond to the actual state of affairs in the company. In that case, the assessment will turn out to be incorrect, and many errors will appear when implementing or refining the vulnerability management program.

For example, it is often the case that a company has a vulnerability management solution, but either it is not configured correctly, or there is no specialist who can effectively manage it.

Formally, vulnerability management exists, but in reality, part of the IT infrastructure is invisible to the tool and is not scanned, or the scan results are misinterpreted. These misunderstood interpretation results need to be addressed in companies.

Based on the audit results, a report should be generated that will clearly demonstrate how the processes in the company are arranged and what shortcomings they have at the moment.

Choosing a scanning tool

Today, there are several options for implementing vulnerability management. Some vendors offer self-service and simply sell the scanner. Others provide expert services.  You can host scanners in the cloud or on company perimeters. They can monitor hosts with or without agents and use different data sources to replenish their vulnerability databases.

At this stage, the following questions should be answered:

• How is the organization’s IT infrastructure built, and how specific is it?
• Are there regional peculiarities in the work of the company?
• Are there plenty of remote hosts?
• Does the company have qualified specialists to service the scanner?
• Does your budget allow you to buy additional software?

Building interaction between information security and IT teams

This is perhaps the most difficult stage since here it is necessary to properly build the interaction of people. As a rule, security specialists in an organization are responsible for information security, and the IT team is responsible for eliminating vulnerabilities. It also happens that IT and information security issues are the responsibility of one team or even one employee.

But this does not change the approach to the distribution of tasks and areas of responsibility, and sometimes it turns out at this stage that the current number of tasks is beyond the power of one person.

As a result, a consistent and synchronous process of eliminating vulnerabilities should be formed. To do this, it is necessary to determine the criteria for transferring information about discovered vulnerabilities from the information security team to IT (that is, to form a data transfer method that is convenient for everyone).

In fact, the greatest problem is the absence of a good analyst who can competently audit news sources and prioritize vulnerabilities. News, security bulletins, and vendor reports often point out what vulnerabilities should be addressed first. In my experience, analysts should deal with the most dangerous vulnerabilities. All other work should be done automatically by processing patches received from software vendors.

Some types of vulnerabilities (malwarefox dotcom; zero day attack) and attacks are hard to detect. To effectively control all processes, at this stage of building a vulnerability management program, you need to discuss and agree on KPIs and SLAs for the IT and security teams.

For example, for information security, it is important to set requirements for the speed of vulnerability detection and the accuracy of determining their significance, and for IT, the speed of fixing vulnerabilities of a particular severity level.

Implementing a vulnerability management program

After evaluating the effectiveness and availability of processes, deciding on a scanning tool, as well as regulating the interaction between teams, you can begin to implement a vulnerability management program.

At the initial stage, it is not recommended to use all the functions modules available in the scanning tool. If earlier there was no constant vulnerability monitoring in the organization, then, most likely, the information security and IT teams would experience difficulties. This can lead to conflicts and non-compliance with KPIs and SLAs.

It is better to introduce vulnerability management gradually. You can go through an entire vulnerability management cycle (inventory, scanning, analyzing, eliminating) at a slower pace. For example, you can scan the whole infrastructure once a quarter and business-critical segments once a month.

In about a half year, your teams will be able to “work together,” find and fix the most critical vulnerabilities, understand the obvious flaws in the processes and provide a plan to eliminate these flaws.

Additionally, you can involve external experts who will help to significantly reduce the routine work for the company’s full-time employees. For example, a service provider can be involved in inventory and scanning and in processing the results. The service approach will also help managers plan work and monitor progress.

So, for example, if it is clear from the provider’s report that the vulnerabilities found during the previous scan have not been fixed, the manager, having looked at the SLA of his employees, will understand that either the information security department does not have time to transmit the scan data, or the IT team does not have time to correct the identified issues.

Conclusion

When building a vulnerability management program, a company may encounter the following mistakes:

• Overestimation of current processes and their effectiveness within the organization.
• Wrong assessment when choosing a scanning method and tool. This happens because some specialists choose a scanner either based on a subjective assessment or “as ordered from above” without proper evaluation of processes and analysis. If full-time employees do not have sufficient experience and competencies, then it is better to choose a service provider for scanning, analyzing results, and fixing vulnerabilities.
• Lack of delimitation of areas of responsibility between the information security and IT teams.
• Implementation of everything at once. “We will regularly monitor all servers, workstations, and clouds. We will also focus on ISO 12100 and PCI DSS. We will install a patch management solution, and John will control it all.” Such an approach is dangerous. In a month, John will quarrel with IT, and in three months, he will quit. The process will be recognized as inefficient and forgotten about until the first cybersecurity incident.

Therefore, it is better to first “lay the foundation” and only after that start building the vulnerability management program.

Featured Image Credit: Christina Morillo; Pexels; Thank you!

The post How to Build an Effective Vulnerability Management Program appeared first on ReadWrite.

At the beginning of my story, I want to note that DLP systems should not be viewed as something that solves a narrow range of issues related only to personnel safety. Today, DLP systems are solving a wide range of tasks that include compliance, risk management, anti-corruption, personnel and internal security of enterprises.

Personnel security and information security

Personnel security is one of the main tasks of DLPs. These tools help reduce the risks associated with careless actions of employees as well as malicious insider activities. Many companies already have a built-in information security ecosystem, but even mature and well-developed systems are at risk if insiders work effectively. Therefore, personnel security plays an increased role these days.

Company security is highly dependent on three areas of security: information, personnel, and network. If the security problem concerns technical issues, such as how to penetrate data storage, then this is a network security issue. When we are talking about people’s actions, this is personnel security. Finally, if the task is related to business processes, then this is information security.

High efficiency in the fight against security threats can only be achieved through the proper interaction between the IT department, information security, and HR teams. Therefore, DLP is becoming an increasingly comprehensive and integrated tool that connects all areas of business protection.

To be better protected, you should consider not only actual risks but also potential threats. Therefore, collecting data, analyzing it correctly, and subsequently drawing the correct conclusions is essential.

Personnel security risks

The main risks that DLP tools address are data breaches, fraud, employees working for competitors, etc. These main risks mainly relate to the economic sphere. However, DLP is a “Swiss knife” for information security, and its functions can connect to various tasks.

DLP systems help companies avoid risks primarily related to finances and reputation. However, with government organizations, the situation is different. The latter deal with strategic data, and the damage can seriously affect the entire country. So, DLPs are becoming crucial in the public sector.

The field of personnel security is changing. Previously, we had to deal primarily with incidents due to negligence – the vast majority of cases used to be unintentional. Today, we see a sharp change in malice.

Risks that existed primarily as potential have now materialized. Many medium-sized companies have, until now, believed that they do not need special protection because they do not have important or sensitive information. Now they are faced with the fact that employees are purposefully planning malicious actions. Employees are often the organizers of attacks or participate in operations organized by third parties. In addition, external actors are not uncommon to install cell tracking apps on employees’ devices and use them in an unwitting fashion – “blindly.”

Earlier, malicious intent was often limited to mischief or revenge. Sabotage was also widespread. Now, the task is to actually break through the perimeter and take possession of confidential data.

For DLP systems, this gives rise to new factors and assessments. It is necessary to consider the place of work of employees and the level of the critical significance of their position in terms of security.

The practice of using DLP systems in personnel security

Employees should be notified about the introduced security controls. They are also provided with a package of documents for signing. Employees must understand that the collected data belongs to the information security field and can be used in court.

With the help of DLP, it is possible to prove, for example, that an employee did something in the interests of a competing organization by sending them documents and screenshots containing trade secrets. Evidence can also be mined when an employee uses company equipment for personal gain.

From a technical point of view, the system looks as simple as possible. There are endpoints and gateways where data is collected about legitimate and illegitimate events. In response to legitimate events, special rules must be created.

Problems of DLP systems

The main personnel security risk comes from malicious insiders. In addition to insiders, there are also risks related to privileged users. DLP can collect user data from all company departments. However, this requires high competence and the correct setting of the DLP rules.

When implementing DLP, one should pay attention to the operators of DLP systems. They may come across personal information and must understand their responsibility when dealing with this data.

Security teams are excessively focusing on the technical part of the work of DLP systems. At the same time, little attention is paid to working with people. Therefore, it is essential to understand that attackers are also people. Correctly interpreting their actions and timely preventive measures will allow you to establish effective countermeasures.

It is also worth paying attention to the differences in the culture of using DLP in different companies. Not all customers share their problems with the DLP vendor. The vendor can assist with the choice of rules that help identify the problem’s origins and find ways to solve it. However, many customers do not share such information. The reasons may be different. The first is that information can be classified as strictly confidential (in some organizations, this is a state secret). But we often deal with a specific security culture in the company. Few companies adhere to openness, and most prefer to be as closed as possible.

Some DLP customers do not consider DLP as a “living” system that requires control rules to be regularly revised to solve new problems. Instead, they believe that DLP is an automaton tool that is enough to set up once during installation and not touch again.

Learning to work with DLP systems

Particular attention should be paid to the issues of training and learning the rules of operation of DLP systems. For example, who and when can become an operator or analyst of DLP systems? This topic is quite hot, especially with a growing interest in outsourcing.

There are no special courses or textbooks to learn DLP operation rules comprehensively. Instead, universities teach only economic security. This knowledge is not suitable for DLP. Basically, training takes place in specialized centers opened by DLP vendors that teach how to work with their system. The rest of the training takes place in self-learning mode when employees gain experience on their own.

Very often, former law enforcement officers are recruited to work with DLP. However, only they understand the value of the collected information and have experience with the tools, methods, and scenarios. Unfortunately, the average graduate who has completed economic security training is of little use to DLP.

DLP myths

There have always been a lot of myths about DLP tools. Myths are born from a lack of understanding of the system’s workings and primitive fears, often even expressed by someone else. However, all myths are dispelled by themselves when you delve into the structure of the DLP system and its principles. Here are some of the myths:

• Ten years ago, you could hear employees talking about serious fears that arose after the introduction of DLP. There is still an opinion that DLP is a personal enemy of many employees as it monitors them and invades their privacy.
• Other myths also appear. There is a well-established myth regarding the “high” cost of DLP systems.
• There is also a nasty myth about the excessive complexity of DLP installation and the impossibility of running it out of the box.
• At the initial stage of launching DLP, hundreds of security events have been issued, frightening many business leaders. As a result, people think DLP is very difficult to work with and are afraid to use this system.
• There is also a well-established judgment about the excessive resource consumption of DLP systems. “They will put down all the computers on the network” – something like this can often be heard.
• It is also worth noting the fear that the vendors of DLP systems can use their customers’ data, creating risks for the company.
• The most dangerous myth is that DLP systems can allegedly provide security on their own upon installation. But security is primarily a competent employee who deals with security issues. DLP is just a tool that is used for security purposes.

Again, proper assessment of your risks and needs, close cooperation with the vendor, and correct DLP implementation will help dispel all the myths.

Technologies for improving DLP systems

Future perspectives of DLP are primarily associated with introducing behavioral analytics (UBA and UEBA). Such systems allow you to introduce a rating of employees, which helps to track risks and identify and prevent serious incidents.

Integration with UBA and UEBA allows employee layoff forecasting and identifying data accumulation to take it outside the perimeter. UBA and UEBA can also help improve DLP by identifying violations and anomalies in business processes associated with the planned discrediting of the company or detecting the disloyal behavior of employees.

It is challenging to address these issues within the framework of a standard DLP since there are no clear security incidents associated with such events. However, new technologies make it possible to predict the development of various risky situations more accurately.

Currently, UBA has not really “taken off” due to the abundance of speculation on this topic. Afraid of not keeping up with market trends, vendors have tried to add UBA features, but in the absence of actual expertise and unique research, they have had little success.

Implementation of UEBA in its current form is also tricky since, in practice, there are too many different formats. Moreover, the results of the UEBA mechanism depend too much on data sources, and their slightest changes instantly cause a difference in the results. Therefore, it is first necessary to formalize the input data for UEBA. This will provide the correct decomposition.

Trends in the development of personnel security systems

The DLP customers always want to have a big red button. By clicking it, customers want to get the result immediately. This is the ideal goal. DLP vendors are just starting to go to it. We will come to it when DLP systems can process large arrays of complex data.

Much is already being done. An increase in the level of automation and widespread use of AI is expected soon. Labor costs for the operation of DLP will decrease. Identifying incidents better and automating configuration and policy settings will be possible. The machine should do the central part of the work. The DLP officer will be involved only in decision-making, not technical problems.

From the point of view of technical development, DLP will move towards integration with other security solutions. For example, DLP is expected to move towards integration with DCAP, UBA, and UEBA. Integration has already taken the first steps. For instance, DLP logs are actively used in SIEM products to evaluate the correlation of events.

Featured Image Credit: Danny Meneses; Pexels; Thank you!

The post Why the Future of Enterprise Security Depends on Intelligent DLP Systems appeared first on ReadWrite.

A few years ago, cybersecurity outsourcing was perceived as something inorganic and often restrained. Today, cybersecurity outsourcing is still a rare phenomenon. Instead, many companies prefer to take care of security issues themselves.

Almost everyone has heard about cybersecurity outsourcing, but the detailed content of this principle is still interpreted very differently in many companies.

In this article, I want to answer the following important questions: Are there any risks in cybersecurity outsourcing? Who is the service for? Under what conditions is it beneficial to outsource security? Finally, what is the difference between MSSP and SecaaS models?

Why do companies outsource?

Outsourcing is the transfer of some functions of your own business to another company. Why use outsourcing? The answer is obvious – companies need to optimize their costs. They do this either because they do not have the relevant competencies or because it is more profitable to implement some functions on the side. When companies need to put complex technical systems into operation and do not have the capacity or competence to do this, outsourcing is a great solution.

Due to the constant growth in the number and types of threats, organizations now need to protect themselves better. However, for several reasons, they often do not have a complete set of necessary technologies and are forced to attract third-party players.

Who needs cybersecurity outsourcing?

Any company can use cybersecurity outsourcing. It all depends on what security goals and objectives are planned to be achieved with its help. The most obvious choice is for small companies, where information security functions are of secondary importance to business functions due to a lack of funds or competencies.

For large companies, the goal of outsourcing is different. First, it helps them to solve information security tasks more effectively. Usually, they have a set of security issues, the solution of which is complex without external help. Building DDoS protection is a good example. This type of attack has grown so much in strength that it is very difficult to do without the involvement of third-party services.

There are also economic reasons that push large companies to switch to outsourcing. Outsourcing helps them implement the desired function at a lower cost.

At the same time, outsourcing is not suitable for every company. In general, companies need to focus on their core business. In some cases, you can (and should) do everything on your own; in other cases, it is advisable to outsource part of the IS functions or turn to 100% outsourcing. However, in general, I can say that information security is easier and more reliable to implement through outsourcing.

What information security functions are most often outsourced?

It is preferable to outsource implementation and operational functions. Sometimes it is possible to outsource some functions that belong to the critical competencies of information security departments. This may involve policy management, etc.

The reason for introducing information security outsourcing in a company is often the need to obtain DDoS protection, ensure the safe operation of a corporate website, or build a branch network. In addition, the introduction of outsourcing often reflects the maturity of a company, its key and non-key competencies, and the willingness to delegate and accept responsibility in partnership with other companies.

The following functions are popular among those who already use outsourcing:

• Vulnerability scanning
• Threat response and monitoring
• Penetration testing
• Information security audits
• Incident investigation
• DDoS protection

Outsourcing vs. outstaffing

The difference between outsourcing and outstaffing lies in who manages the staff and program resources. If the customer does this, then we are talking about outstaffing. However, if the solution is implemented on the side of the provider, then this is outsourcing.

When outstaffing, the integrator provides its customer with a dedicated employee or a team. Usually, these people temporarily become part of the customer’s team. During outsourcing, the dedicated staff continues to work as part of the provider. This allows the customer to provide their competencies, but the staff members can simultaneously be assigned to different projects. Separate customers receive their part from outsourcing.

With outstaffing, the provider’s staff is fully occupied with a specific customer’s project. This company may participate in people search, hiring, and firing of employees involved in the project. The outstaffing provider is only responsible for accounting and HR management functions.

At the same time, a different management model works with outsourcing: the customer is given support for a specific security function, and the provider manages the staff for its implementation.

Managed Security Service Provider (MSSP) or Security-as-a-Service (SECaaS)

We should distinguish two areas: traditional outsourcing (MSSP) and cloud outsourcing (SECaaS).

With MSSP, a company orders an information security service, which will be provided based on a particular set of protection tools. The MSS provider takes care of the operation of the tools. The customer does not need to manage the setup and monitoring.

SECaaS outsourcing works differently. The customer buys specific information security services in the provider’s cloud. SECaaS is when the provider gives the customer the technology with complete freedom to apply controls.

To understand the differences between MSSP and SECaaS, comparing taxi and car sharing is better. In the first case, the driver controls the car. He provides the passenger with a delivery service. In the second case, the control function is taken by the customer, who drives the vehicle delivered to him.

How to evaluate the effectiveness of outsourcing?

The economic efficiency of outsourcing is of paramount importance. But the calculation of its effects and its comparison with internal solutions (in-house) is not so obvious.

When evaluating the effectiveness of an information security solution, one may use the following rule of thumb: in projects for 3 – 5 years, one should focus on optimizing OPEX (operating expense); for longer projects – on optimizing CAPEX (capital expenditure).

At the same time, when deciding to switch to outsourcing, economic efficiency assessment may sometimes fade into the background. More and more companies are guided by the vital need to have certain information security functions. Efficiency evaluation comes in only when choosing a method of implementation. This transformation is taking place under the influence of recommendations provided by analytical agencies (Gartner, Forrester) and government authorities. It is expected that in the next ten years, the share of outsourcing in certain areas of information security will reach 90%.

When evaluating efficiency, a lot depends on the specifics of the company. It depends on many factors that reflect the characteristics of the company’s business and can only be calculated individually. It is necessary to consider various costs, including those that arise due to possible downtime.

What functions should not be outsourced?

Functions closely related to the company’s internal business processes should not be outsourced. The emerging risks will touch not only the customer but also all internal communications. Such a decision may be constrained by data protection regulations, and too many additional approvals are required to implement such a model.

Although there are some exceptions, in general, the customer should be ready to accept certain risks. Outsourcing is impossible if the customer is not prepared to take responsibility and bear the costs of violating the outsourced IS function.

Benefits of cybersecurity outsourcing

Let me now evaluate the attractiveness of cybersecurity outsourcing for companies of various types.

For a company of up to 1,000 people, IS outsourcing helps to build a layered cyber defense, delegating functions where it does not yet have sufficient competence.

For larger companies with about 10,000 or more, meeting the Time-to-Market criterion becomes critical. But, again, outsourcing allows you to solve this problem quickly and saves you from solving HR problems.

Regulators also receive benefits from the introduction of information security outsourcing. They are interested in finding partners because regulators have to solve the country’s information security control problem. The best way for government authorities is to create a separate structure to transfer control. Even in the office of the president of any country, there is a place for cybersecurity outsourcing. This allows you to focus on core functions and outsource information security to get a quick technical solution.

Information security outsourcing is also attractive for large international projects such as the Olympics. After the end of the events, it will not be necessary to keep the created structure. So, outsourcing is the best solution.

The assessment of service quality

Trust is created by confidence in the quality of the service received. The question of control is not idle here. Customers are obliged to understand what exactly they outsource. Therefore, the hybrid model is currently the most popular one. Companies create their own information security department but, at the same time, outsource some of the functions, knowing well what exactly they should get in the end.

If this is not possible, then you may focus on the service provider’s reputation, the opinion of other customers, the availability of certificates, etc. If necessary, you should visit the integrator and get acquainted with its team, work processes, and the methodology used.

Sometimes you can resort to artificial checks. For example, if the SLA implies a response within 15 minutes, then an artificial security incident can be triggered and response time evaluated.

What parameters should be included in service level agreements?

The basic set of expected parameters includes response time before an event is detected, response time before a decision is made to localize/stop the threat, continuity of service provision, and recovery time after a failure. This basic set can be supplemented with a lengthy list of other parameters formed by the customer based on his business processes.

It is necessary to take into account all possible options for responding to incidents: the need for the service provider to visit the site, the procedure for conducting digital forensics operations, etc.

It is vital to resolve all organizational issues already at the stage of signing the contract. This will allow you to set the conditions for the customer to be able to defend his position in the event of a failure in the provision of services. It is also essential for the customer to define the areas and shares of responsibility of the provider in case of incidents.

The terms of reference must also be attached to the SLA agreement. It should highlight all the technical characteristics of the service provided. If the terms of reference are vague, then the interpretation of the SLA can be subjective.

There should not be many problems with the preparation of documents. The SLA agreement and its details are already standardized among many providers. The need for adaptation arises only for large customers. In general, quality metrics for information security services are known in advance. Some limit values ​​can be adjusted when the need arises. For example, you may need to set stricter rules or lower your requirements.

Prospects for the development of cybersecurity outsourcing in 2023

The current situation with personnel, the complexity of information security projects, and the requirements of regulators trigger an increase in information security outsourcing services. As a result, the growth of the most prominent players in cybersecurity outsourcing and their portfolio of services is expected. This is determined by the necessity to maintain a high level of service they provide. There will also be a quicker migration of information security solutions to the cloud.

In recent years, we have seen a significant drop in the cost of cyber attacks. At the same time, the severity of their consequences is growing. It pushes an increase in demand for information security services. A price rise is expected, and perhaps even a shortage of some hardware components. Therefore, the need for hardware-optimized software solutions will grow.

Featured Image Credit: Tima Miroshnichenko; Pexels; Thank you!

The post Cybersecurity Outsourcing: Principles of Choice and Trust appeared first on ReadWrite.