Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cybersafety. Show all posts

Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses

 

In recent years, the task of safeguarding businesses against cyber threats and ensuring compliance with security standards has become increasingly challenging. Unlike larger corporations that typically employ Chief Information Security Officers (CISOs) for handling such issues, smaller businesses often lack this dedicated role due to either a perceived lack of necessity or budget constraints.

The growing difficulty in justifying the absence of a CISO has led many businesses without one to adopt a virtual CISO (vCISO) model. Also known as fractional CISO or CISO-as-a-service, a vCISO is typically an outsourced security expert working part-time to assist businesses in securing their infrastructure, data, personnel, and customers. Depending on the company's requirements, vCISOs can operate on-site or remotely, providing both short-term and long-term solutions.

Various factors contribute to the increasing adoption of vCISOs. It may be prompted by internal crises such as the unexpected resignation of a CISO, the need to comply with new regulations, or adherence to cybersecurity frameworks like NIST's Cybersecurity Framework 2.0 expected in 2024. Additionally, board members accustomed to CISO briefings may request the engagement of a vCISO.

Russell Eubanks, a vCISO and faculty member at IANS Research, emphasizes the importance of flexibility in vCISO engagements, tailoring the delivery model to match the specific needs of a company, whether for a few days or 40 hours a week.

The vCISO model is not limited to smaller businesses; it also finds applicability in industries such as software-as-a-service (SaaS), manufacturing, industrial, and healthcare. However, opinions differ regarding its suitability in the heavily regulated financial sector, where some argue in favor of full-time CISOs.

Key responsibilities of vCISOs include governance, risk, and compliance (GRC), strategic planning, and enhancing security maturity. These experts possess a comprehensive understanding of cyber risk, technology, and business operations, enabling them to orchestrate effective security strategies.

Experienced vCISOs often play advisory roles, assisting CEOs, CFOs, CIOs, CTOs, and CISOs in understanding priorities, assessing technology configurations, and addressing potential cybersecurity vulnerabilities. Some vCISOs even assist in defining the CISO role within a company, preparing the groundwork for a permanent CISO to take over.

When seeking a vCISO, companies have various options, including industry experts, large consulting firms, boutique firms specializing in vCISO services, and managed services providers. The critical factor in selecting a vCISO is ensuring that the candidate has prior experience as a CISO, preferably within the same industry as the hiring company.

The process of finding the right vCISO involves understanding the company's needs, defining the scope and outcome expectations clearly, and vetting candidates based on their industry familiarity and experience. While compatibility with the company's size and vertical is essential, the right vCISO can outweigh some of these considerations. Rushing the selection process is discouraged, with experts emphasizing the importance of taking the time to find the right fit to avoid potential mismatches.

Digital Guardianship: A Call to Arms for Safeguarding Our Children's Future

 


It is no longer news that children's lives are becoming increasingly impacted by the digital realm in our modern world. There are a wide array of educational resources, entertainment, and social connections available on the Internet. Despite this, it is possible to have a lot of online threats and vulnerabilities for children as a result of such a digital transformation. 

As parents, educators, policymakers, and technology companies begin to come together to create a younger generation's online ecosystem which promises to be a safer one, it is clear that the importance of protecting children online has never been more apparent. 

Campaigners have welcomed a set of new regulations regulating how online services should deal with children's data as they become effective as the regulations are set to take effect soon. It has been mandated that websites and apps take into account the “best interests” of their child users from Thursday onwards, to avoid fines of up to 4% of global revenue. 

The Age Appropriate Design Code was written into law as part of the 2018 Data Protection Act, which implemented GDPR for the UK as well. The most traumatic thing a parent can go through is receiving a communication from a hacker informing them that their child's most sensitive information is slated to be exposed on the Internet unless the school pays a ransom to get the information back. 

The information includes passports and birth certificates, profile pictures, and classroom location information.  As a result of a horrendous situation that occurred recently in Nevada, Clark County School District (CCSD) was regarded by many as being the nation's fifth-largest school system, serving nearly 300,000. 

The nightmare continues, with parents in the district losing track of what's going on at school and more informing themselves about what's happening through hackers than through school officials, who seem less transparent about what's happening since the district suffered a breach two years ago. There has been a marked change in the way children encounter information, communicate, and entertain themselves during the last few decades, largely due to the exponential growth of the digital landscape. 

Although the digital revolution has brought us a great deal of convenience, it has also introduced several dangers to children's physical, mental, and emotional health. As a result of the vast expanse of the Internet, there is a constant threat of exposure to inappropriate content, which includes violence, explicit material, and hate speech, which can be accessed by children inadvertently, leading to harmful effects on their development. 

The issue of cyberbullying is one of increasing concern as children are increasingly likely to be targeted by online harassment, cyberbullying, and social media pressures and rules. This can lead to emotional distress and other mental health problems in children. 

Identifying thefts, online tracking, and data breaches are among the serious risks that children face when sharing their personal information online, bringing their identities into danger. In addition to screen time causing addiction, it also plays a role in challenging physical activity and can have undesirable effects on children's cognition and social development when excessive screen use occurs. 

Making The Digital World a Safer Place 


Parental Involvement 


To foster responsible behaviour online and educate children about the risks and dangers associated with the internet, we need to have open and honest communication with them.

To monitor and regulate their child's online activities, parents can take advantage of parental control software, which provides them with the ability to set settings that restrict how their child may use his or her devices and how he or she may access certain websites or applications. 

Children's online safety can be enhanced by the following actions by tech companies: 


Enhancing Safety Features in their Platforms: Aside from content filtering, security reports, and privacy controls within their platforms, companies are creating features and tools at a high level to enhance online safety. 

To reduce risks for young users, age-appropriate designs were created to minimize the risks associated with those interfaces and contents. 

A new White House initiative aims to create a cyber workforce and educational framework for children to enhance the importance of cyber education in the formative years of life. As states such as New York have introduced computer science and data fluency standards in their education systems, these measures are still falling short of what state education systems need. 

It is the same idea as teaching children not to start a fire when it comes to the current goal of digital proficiency. The need to go beyond the current situation and provide children with the skills to extinguish fires goes beyond the mandate. 

To deal with this, it is necessary to provide children with comprehensive cyber-hygiene training - informing them about how to protect their data while in transfer, how to protect their online identities, and how to effectively deal with attacks. Many aspects of child online protection must be addressed for the issue to be resolved with immediate effect. 

As a result of the statistics presented in this article, it becomes evident that there is a grave problem that has to be addressed and the necessity of collaborative efforts is pressing.. Our children need to be educated, regulated, and encouraged to use technology responsibly for us to create a safer digital environment for them.

Multiple Iterations of 'HeadCrab' Malware Seize Control of Numerous Servers

 

The HeadCrab malware, known for incorporating infected devices into a botnet for various cyber activities, has reappeared with a novel variant that grants root access to Redis open source servers.

According to findings by Aqua Security researchers, the second version of this cryptomining malware has impacted 1,100 servers, with the initial variant having already compromised a minimum of 1,200 servers.

Asaf Eitani, a security researcher from Team Nautilus, Aqua Security's research team, clarified that while HeadCrab doesn't conform to the typical rootkit, its creator has endowed it with the capability to manipulate a function and generate responses. In essence, this mirrors rootkit behavior as it gains control over responses, allowing it to modify and remain undetected.

Eitani explained, "The tradition of the term rootkit is malware that has root access and controls everything, but in this sense, you are able to control what the user sees."

The updated variant includes subtle adjustments enabling attackers to better conceal their activities. Custom commands have been removed, and encryption has been integrated into the command and control infrastructure, enhancing stealth.

A distinctive feature of HeadCrab is a "mini blog" within the malware, where the author, operating under the pseudonym Ice9, provides technical details about the malware and leaves a Proton Mail email address for anonymity. 

While Aqua Security researchers contacted Ice9, they were unable to ascertain his identity or location. Ice9 claimed they were the first to reach out and insisted that the malware doesn't impair server performance, asserting its ability to eliminate other malware infections. Ice9 praised the researchers in the mini blog after they discovered the second variant.

Notably, Ice9 is the sole user of HeadCrab and exclusively manages the command and control infrastructure.

HeadCrab infiltrates a Redis server when an attacker utilizes the SLAVEOF command, downloads a malicious module, and executes two new files—a cryptominer and a configuration file. Aqua Security researchers advise organizations to conduct scans for vulnerabilities and misconfigurations in their servers and implement protected mode in Redis to minimize the risk of HeadCrab infection.

Which Country Ranked the Highest in the Global National Privacy Test?


Apparently, it has turned out that what is known to be the world’s smallest country has also been named the most literate in terms of cybersecurity: Vatican City.

As per the National Privacy Test carried out by one of the most acclaimed VPN services, NordVPN, The Holy See topped, with eight other top ten nations all being European. On the world leaderboard, the UK came in at number 35.

NordVPN says the test is "designed to evaluate aspects of an individual's online life, including their understanding of cybersecurity in theory and their ability to recognize online threats and react accordingly."

European Countries Dominate

Vatican City respondents received 72 points in the test, the highest of any other country, according to data accumulated since 2020 with nearly 140,000 respondents from 192 countries answering to 20 questions. 

The residents "demonstrated an excellent awareness of digital risks and how to avoid them," notes NordVPN. However, the firm also criticized the residents’ digital habits, mentioning that they need to up their online services and privacy tools in order to maintain their security. 

The second place was secured by Finland, followed by the Czech Republic. As per the reports, when compared to Vatican City, both countries have poorer results in areas pertaining to the test, namely digital habits, digital privacy awareness, and digital risk. 

Status of the Non-European Countries 

Singapore was the only non-European country making it in the top ten, ranking seven with 69 points. The other Asian countries followed were Malaysia and the UAE, both scoring 67 points. Moreover, the US ranked 21st globally with a score of 67, leaving behind Canada in all the test aspects.

New Zealand took first place in the Oceanic region with 68 points, while Australia came in second with 63 points. New Zealand outperformed other nations in every category. Meanwhile, with 67 points, Brazil took first place in Latin America, two points ahead of its closest competitors, Argentina and Colombia. However, Colombia outperformed Argentina in terms of digital dangers (84 to 80) and behaviors (49 to 47).

Moreover, the global average score turned out to be 65, with respondents performing their best when identifying and avoiding digital dangers, scoring an average of 82 points. The average score for knowing how to avoid malware was 69 points, while only 47 points were awarded for knowing how to properly secure data utilizing privacy tools and internet services.  

Online Tracking: What Do You Need to Know?

 


You can leave a record of whatever you click on the Internet whenever you browse the Internet, as well as any websites you visit. The majority of websites use small pieces of data known as cookies to track information about your visit to their website. Aside from cookies, many websites also use user accounts to monitor visitors' activity while browsing the web. There is no serious risk to your online security from this type of browser tracking. However, it is imperative to understand how your online data is being processed and tracked since it is being monitored in the first place. 

A small shift has been observed in recent years in favor of consumer privacy. Many tech giants received substantial fines because they used trackers in an invasive or incorrect way that violated consumer privacy. For example, Google settled charges that in the past year, it misled users into  thinking they had turned off location tracking, as a result of which it paid out a $391.5 million settlement. 

Despite this, the company continues to collect information about its customers.  Even though there have been some high-profile finger-wagging at tech companies for disregarding users' privacy, brands and advertisers are still mostly free to use tracking software to track our online actions without much resistance on the part of consumers. 

As a result, it is unlikely that this situation will change anytime soon. A project is currently being developed by the EU Commission that will allow brands to track users more easily while online. A unique code is generated from a user's mobile phone or a network based on a user's mobile number. Brands could use digital footprints to identify users and categorize them. This would enable them to target them individually with customized content and identify their behavior. 

The following may sound like an innocuous plan to improve the internet experience for users and brands alike. However, too many might seem out of the ordinary. The expansion of brands' ability to collect our personal information raises serious concerns about the safety, security, and even ethical implications of data collection. 

Everything is Tracked  

A tracker is essentially a piece of code embedded within a website or app. This allows a company to collect and track information about how users use those tools. You can collect a lot of information about how you use your computer. This includes the websites you visit, the links you click, the products you buy, and even your location.   

By collecting and analyzing this information, companies can gain valuable insights into their users' preferences, habits, and behaviors. A company could then use these insights to improve its services and products. Modern internet usage is hyper-personalized and built on trackers and data collection. 

Since the results are superficial, there is only minimal real value in focusing advertising on user interests and tailoring browsing experiences to their needs. The fact that high-quality targeted ads are a step up from the unusable banners found on most websites is evident from the fact that they are compared to glitchy, irrelevant ads that are almost impossible to use on some websites. 

The reality is that the vast amount of information consumers are releasing, storing, and converting into customized ads based on their preferences, location, and browsing history has created an increasing sense of discomfort for many consumers. In the end, this information can be used to target these individuals with ads based on their preferences and information. In the last few years, it has become increasingly apparent that internet giants are closely monitoring their digital footprint more closely than ever before. This is because they sell their personal information to the highest bidder. It is as if they are constantly watched; they feel like their digital footprint is constantly and closely monitored. 

It is even possible to argue that targeted advertising is not in the public interest. Some experts worry that individuals will be unable to explore more interesting ideas and perspectives due to personalized content generated by tracking. One's worldview narrows as a result. 

Ultimately, it is up to the Consumer   

It is clear what internet users need to do to limit online trackers. A virtual private network (VPN) is the most effective and simplest way to encrypt internet traffic and hide IP addresses as it encrypts and hides internet traffic from all governments. Therefore, advertisers and third parties will have difficulty tracking online activities as a result. It also sets up a system that prevents hackers or bad actors from accessing personal data that could be misused in illegal activities.  

Even though it is difficult to fool online trackers, there seems to be a growing movement of internet users breaking away from big corporations such as Google and Facebook. As a result, these users are turning to products and services that actively denounce internet tracking. They work towards creating a more transparent internet that does not track them online. There are many privacy-conscious features in this version, which allow users to roam freely and without worrying about being constantly tracked and monitored by the system.  

To do this, they often resort to visiting websites, utilizing privacy-first analytics tools that actively use these tools regularly. The fact is, as mentioned, that for most consumers it won't be easy or even possible to completely disappear from all social media. This will alter their internet usage overnight. However, there are small steps that internet users can take to have a bit more control over how their personal information is collected online and how their data is used, such as relying on brands that actively eschew corporate surveillance practices. 

There has been an unprecedented increase in brands' ability to track consumers' movements, which has resulted in users losing control over their digital destinies. Users need to protect their privacy and identity online, so it has become an even more critical concern than ever before. It is imperative to know the processes by which brands and businesses collect and use our data as well as how they track us. Internet users can use VPNs to protect their privacy by equipping themselves with this knowledge. This will limit how much data is collected about them online. This is done by limiting data mining.  

There is no doubt that this will lead to a more optimistic internet landscape in which consumers have control over their data and privacy. This is one where they control their data. Brands and big corporations will not only have to follow suit as this movement gains momentum but they will be forced to do so when the trend grows.