Published
2 years agoon
Few companies were prepared for COVID-19 and the disruptions it brought — especially when it came to cybersecurity. Companies had to quickly adjust to secure a remote workforce, to protect corporate networks being accessed from potentially risky home networks and to address new threats, such as Zoombombing.
A silver lining from the pandemic is companies have a number of lessons to learn from. Author and security researcher Ravi Das wrote Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons Learned from the COVID-19 Pandemic to help organizations do just that.
Here, Das discusses why he wrote the book, the importance of endpoint security and how to prepare for future pandemics or natural disasters.
Check out an excerpt from Chapter 3 that covers the importance of securing endpoint attack surfaces — a common target for cyber attackers during a pandemic.
Editor’s note: The following interview has been edited for conciseness and clarity.
What was your motivation to write the book?
Ravi Das: In 2019, we saw warning signs of COVID-19 in China. I and many others thought it would stay localized to the Wuhan province; never did we imagine it would spread all over the world. Then, it did. During this time, I saw so many things that went wrong but could have been avoided — we weren’t ready to handle a global pandemic. I wanted to write a book geared toward CISOs that serves as a roadmap of what we learned and what we can do better if another pandemic or incident occurs.
Can you share some of those lessons learned?
Das: The first is there should have been a better transition companywide to work from home. Nobody knew COVID-19 would happen the way it did, but companies should have been worried about natural disasters or weather keeping people from the office. There should be a stack of laptops and wireless devices with the latest security protocols ready to hand out to employees. Everything was done in haste for this pandemic.
Another lesson is to have incident response and business continuity plans in place. Many companies still don’t have them; they don’t understand the magnitude and importance of having such plans. The plans should be rehearsed quarterly to make sure everyone knows what to do.
A third big lesson is understanding where data sets reside and ensuring they’re safeguarded. Part of the challenge is linked to BYOD and the rapid move to work from home. A lot of employees gave up waiting for a company-issued device and began using their own. This created shadow IT with employees using unauthorized apps, which leads to more backdoors for cyber attackers.
COVID-19 was a perfect storm of if anything could go wrong, it went wrong. But things have improved since. Zoom patched its security holes, companies have stocked up on laptops, and networks are better protected as companies figured out how to deploy patches and parents kept their home network isolated from their kids.
How can companies become less reactive and more proactive to prevent the same issues from occurring?
Das: IT can deploy all the major security technologies it wants, but that doesn’t mean much if employees aren’t learning by example from above. The CISO needs to understand how to lead from the top down so IT managers follow their lead and then employees learn from IT managers. Everyone is demanding employees have good cyber hygiene, but employees need to know those above actually care. One way to do this is to have the CISO record a short webinar about cyber hygiene. This leaves a much stronger impression for employees to follow.
Another way to be proactive is to have the mindset that an attack could really happen, no matter how small it may be. I was talking to a prospect the other day, and they were saying, ‘We’re just a three-man nonprofit shop.’ I told them they were a top target for a cyber attacker because, while they may not have all the valuable data, attackers will still penetrate them and move in a lateral fashion to get at any data they can.
You discuss disaster recovery, incident response and business continuity plans. Is there an order of importance to creating these if an organization has a limited budget?
Das: There shouldn’t be a limited time or budget for these documents; they’re not that expensive, and they really shouldn’t take that long. And, if businesses can’t figure out how you do that, they need to consult with an MSP or a cyber consultant that specializes in drafting these plans.
The incident response plan should come first. If you’re hitting an issue, you want to mitigate things as soon as possible. Disaster recovery comes second, then business continuity last because it’s more of a longer-term goal.
Note, that doesn’t include any audits you’ll have to do for authorities, especially if the issue was a security incident.
Why does endpoint security often get overlooked in favor of protecting IT infrastructure?
Das: Too many companies still have a reactive mindset — the focus is often on data in transit, the back-and-forth transmitting of confidential information to sender and receiver. That’s a concern, sure, but nobody seems overly concerned about endpoints. And attackers are taking notice. They may not launch threats from endpoints, but they use them as backdoors and stay covertly on devices for months. Then, they move laterally within an IT network infrastructure and figure out where the crown jewels are.
We need to do a better job protecting endpoints. Things have improved — cloud providers are keeping up with the latest security threats, and some have their own endpoint security platform, such as Microsoft 365 Defender. But there’s more to be done.
You recommend different technologies, such as security, orchestration, automation and response, as well as SIEM, in your book. Are there any others you’d suggest adopting in the wake of COVID-19?
Das: I advocate using the least amount of technology overall. Cloud companies provide all the tools and technologies you need, but ultimately, the responsibility is on you to protect your systems and data. Adopting new technology after new technology only increases your attack surface.
Remember that your IT security team has to keep up with each technology and device in the organization. It is going to have to learn about the little nuances of each tool and its log files, which could be a big waste of time.
Use the budget instead to purchase technology and strategically place it where it’s needed most. Do a risk assessment, and see where your weak points are, and apply the budget toward those areas. It’ll keep your attack surface from expanding and show your C-suite and board of directors that you’re frugal with your budget while being strategic and thinking long term.
Published
9 months agoon
March 15, 2024
By LARRY NEUMEISTER
NEW YORK (AP) — FTX founder Sam Bankman-Fried’s orchestration of one of history’s largest financial frauds in his quest to dominate the cryptocurrency world deserves a prison sentence of 40 to 50 years, federal prosecutors on Friday told a federal judge.
Prosecutors made the recommendation in papers filed in Manhattan federal court in advance of a March 28 sentencing, where a judge will also consider a 100-year prison sentence recommended by the court’s probation officers and a request by defense lawyers for leniency and a term of imprisonment not to exceed single digits.
Bankman-Fried, 32, was convicted in November on fraud and conspiracy charges after his dramatic fall from a year earlier when he and his companies seemed to be riding a crest of success that had resulted in a Super Bowl advertisement and celebrity endorsements from stars like quarterback Tom Brady and comedian Larry David.
Some of his biggest successes, though, resulted from stealing at least $10 billion from investors and customers between 2017 and 2022 to buy luxury real estate, make risky investments, dispense outsized charitable donations and political contributions and to buy praise from celebrities, prosecutors said.
“His life in recent years has been one of unmatched greed and hubris; of ambition and rationalization; and courting risk and gambling repeatedly with other people’s money. And even now Bankman-Fried refuses to admit what he did was wrong,” prosecutors wrote.
“Having set himself on the goal of amassing endless wealth and unlimited power — to the point that he thought he might become President and the world’s first trillionaire — there was little Bankman-Fried did not do to achieve it,” prosecutors said.
They said crimes reflecting a “brazen disrespect for the rule of law” had depleted the retirement funds and nest eggs of people who could least afford to lose money, including some in war-torn or financially insecure countries, and had harmed others who sought to “break generational poverty” only to be left “devastated” and “heartbroken.”
“He knew what society deemed illegal and unethical, but disregarded that based on a pernicious megalomania guided by the defendant’s own values and sense of superiority,” prosecutors said.
Bankman-Fried was extradited to the United States in December 2022 from the Bahamas after his companies collapsed a month earlier. Originally permitted to remain at home with his parents in Palo Alto, California, he was jailed last year weeks before his trial after Judge Lewis A. Kaplan concluded that he had tried to tamper with trial witnesses.
In their presentence submission, prosecutors described Bankman-Fried’s crimes as “one of the largest financial frauds in history, and what is likely the largest fraud in the last decade.”
“The defendant victimized tens of thousands of people and companies, across several continents, over a period of multiple years. He stole money from customers who entrusted it to him; he lied to investors; he sent fabricated documents to lenders; he pumped millions of dollars in illegal donations into our political system; and he bribed foreign officials. Each of these crimes is worthy of a lengthy sentence,” they wrote.
They said his “unlawful political donations to over 300 politicians and political action groups, amounting to in excess of $100 million, is believed to be the largest-ever campaign finance offense.”
And they said his $150 million in bribes to Chinese government officials was one of the single largest by an individual.
“Even following FTX’s bankruptcy and his subsequent arrest, Bankman-Fried shirked responsibility, deflected blame to market events and other individuals, attempted to tamper with witnesses, and lied repeatedly under oath,” prosecutors said, citing his trial testimony.
Two weeks ago, Bankman-Fried attorney Marc Mukasey attacked a probation office recommendation that their client serve 100 years in prison, saying a sentence of that length would be “grotesque” and “barbaric.”
He urged the judge to sentence Bankman-Fried to just a few years behind bars after calculating federal sentencing guidelines to recommend a term of five to 6 1/2 years in prison.
“Sam is not the ‘evil genius’ depicted in the media or the greedy villain described at trial,” Mukasey said, calling his client a “first-time, non-violent offender, who was joined in the conduct at issue by at least four other culpable individuals, in a matter where victims are poised to recover — were always poised to recover — a hundred cents on the dollar.”
Mukasey said he will respond to the prosecutors’ claims in a filing next week.
Published
10 months agoon
February 21, 2024
WASHINGTON (AP) — President Joe Biden on Wednesday signed an executive order and created a federal rule aimed at better securing the nation’s ports from potential cyberattacks.
The administration is outlining a set of cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
“We want to ensure there are similar requirements for cyber, when a cyberattack can cause just as much if not more damage than a storm or another physical threat,” said Anne Neuberger, deputy national security adviser at the White House.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, Neuberger said. The standardized set of requirements is designed to help protect against that.
The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely. There is no set of nationwide standards that govern how operators should protect against potential attacks online.
The threat continues to grow. Hostile activity in cyberspace — from spying to the planting of malware to infect and disrupt a country’s infrastructure — has become a hallmark of modern geopolitical rivalry.
For example, in 2021, the operator of the nation’s largest fuel pipeline had to temporarily halt operations after it fell victim to a ransomware attack in which hackers hold a victim’s data or device hostage in exchange for money. The company, Colonial Pipeline, paid $4.4 million to a Russia-based hacker group, though Justice Department officials later recovered much of the money.
Ports, too, are vulnerable. In Australia last year, a cyber incident forced one of the country’s largest port operators to suspend operations for three days.
In the U.S., roughly 80% of the giant cranes used to lift and haul cargo off ships onto U.S. docks come from China, and are controlled remotely, said Admiral John Vann, commander of the U.S. Coast Guard’s cyber command. That leaves them vulnerable to attack, he said.
Late last month, U.S. officials said they had disrupted a state-backed Chinese effort to plant malware that could be used to damage civilian infrastructure. Vann said this type of potential attack was a concern as officials pushed for new standards, but they are also worried about the possibility for criminal activity.
The new standards, which will be subject to a public comment period, will be required for any port operator and there will be enforcement actions for failing to comply with the standards, though the officials did not outline them. They require port operators to notify authorities when they have been victimized by a cyberattack. The actions also give the Coast Guard, which regulates the nation’s ports, the ability to respond to cyberattacks.
Published
1 year agoon
November 19, 2023
Theories are going around the internet why Sam Altman was fired. On an insider tech forum (Blind) – one person claims to know by third-hand account and how this news will trickle into the media over the next couple of weeks.
It’s said OpenAI had been using data from D2 to train its AI models, which includes GPT-4. This data was obtained through a hidden business contract with a D2 shell company called Whitefly, which was based in Singapore. This D2 group has the largest and biggest crawling/indexing/scanning capacity in the world 10x more than Alphabet Inc (Google), hence the deal so Open AI could get their hands on vast quantities of data for training after exhausting their other options.
The Chinese government became aware of this arrangement and raised concerns with the Biden administration. As a result, the NSA launched an investigation, which confirmed that OpenAI had been using data from D2. Satya Nadella, the CEO of Microsoft, which is a major investor in OpenAI, was informed of the findings and ordered Altman’s removal.
There was also suggestion that Altman refused to disclose this information to the OpenAI board. This lack of candor ultimately led to his dismissal and is what the board publicly alluded to when they said “not consistently candid in his communications with the board.”
To summarize what happened with Sam Altman’s firing:
1. Sam Altman was removed from OpenAI due to his ties to a Chinese cyber army group.
2.OpenAI had been using data from D2 to train its AI models.
3. The Chinese government raised concerns about this arrangement with the Biden administration.
4. The NSA launched an investigation, which confirmed OpenAI’s use of D2 data.
5. Satya Nadella ordered Altman’s removal after being informed of the findings.
6. Altman refused to disclose this information to the OpenAI board.
We’ll see in the next couple of weeks if this story holds up or not.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |