During this last week of Discussion Questions, I would ask that you reflect that you consider at least one of the following:
- Which security threats did you become aware of during this capstone class? How would you mitigate against this threat?
- What mitigation methods did you become aware of for the first time during this capstone class? Why is that mitigation method unique, more efficient or effective, or otherwise significant?
Vanessa Marin says
The creativity of hackers is enlightening. Yet, that creativity is relatively rare. The “lack” of creativity is even more astounding. I realize that security experts can’t think of “every” possible threat or vulnerability but it feels like the hacks in recent times are less sophisticated and really target simple vulnerabilities that have an unusually easy fix.
Patch management vulnerabilities are what has taken me aback this semester. Yes, this is an oldie but if it is so old, then why are companies so lacking in this area? Patch management software exists, entire libraries of vulnerabilities exist that provide links to patches and credible references for mitigation.
I suppose that cloud computing is not such a new concept but securing it is still evolving. I find that I have little to no experience in securing the cloud using machine learning. As machines learn to analyze network traffic and identify suspicious activity and build a security platform off of that data, the endeavor has become more and more lucrative. While still in infant stages it by no means should be your only protection against the outside world. machine learning has been brought to the forefront of an organization’s security technology stack. Using technologies — image classifications, face recognition and object detection– require a tantamount amount of data to be truly effective. These techniques are unique in that they are ever evolving. The machine will never stop making associations and links between data elements. The more data, the better the accuracy (for the most part). Over time ML and AI will continue to evolve into more mature security techniques becoming more efficient and effective. For the time being they are still in their infancy and research funds are poured in into their future.
Vincent Piacentino says
Hi Vanessa!
Great post!
Many organizations fail at patch management and we shake our heads as to why. In 2017, the WannaCry\EternalBlue exploit, perpetrated by North Korea, infected over 230,000 computers in 150 countries in one day. Organizations that had not installed Microsoft’s security update from April 2017 were affected by the attack as well as older versions of Windows. Losses were estimated in 100’s of millions of dollars. Simply crazy!
Vincent Piacentino says
During this final class, I have learned more about Advanced Persistent Threats (APT). I am intrigued by these very skilled organized groups that are mostly backed by enemies of the United States such as Russia, China, Iran and more. It often plays out like a spy movie but is it life imitating art? It is not… These attacks are a real and grave threat to national security. Today, the threat landscape is game of cat and computer mouse. (see what I did there?) It’s newly minted cybersecurity professionals like us that have to step up, think outside the box, and prevail!
Amelia Safirstein says
Vinny,
This is a great one! APTs are terrible but I do find that they are the most interesting to read about. In the infamous Bangladesh bank heist, bad actors gained access to Bangladesh Bank’s network and stayed there, learning what looked normal and what might raise flags. They found the systems that they needed to take advantage of and learned how to use them. Additionally, it is suspected that the bad actors had inside connections. Through extremely detailed planning and caution, the bad actors were able to make it out with 101 million US dollars (though 38 million was recovered but still, 63 million is quite the haul). The real kicker is that they went in for almost 1 billion dollars and were only stopped short because of a spelling error.
https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery
Amelia Safirstein says
In this class, I learned information that I had not previously known on the mitigations for various physical threats. For instance, plenum-rated cabling is used as a safety precaution for human life. Other cabling materials can let off dangerous, hazardous gasses if they are burned in a fire. I learned about CCTV details including the importance of using an auto iris lense if a camera is needed in an area where light changes such as outside of a building. These are details that I didn’t know I didn’t know until I started reading chapters on the topic.
Jerry Butler says
Remote access hacks increased due to COVID, companies switched employees to working from home on short notice, therefore many companies did not take security consideration before giving remote access to staff.
Below are the steps i would take to mitigate remote access attacks;
1. Review the security architecture and make necessary changes to adapt to the change and secure the system
2. Perform account reviews and identify all remote users for instance, review password configuration,
3. Ensure credentials are secured, encrypted and stored in safe place
4. Avoid or have few accounts that access critical assets remotely, this enables you to follow up on account activities
5. Monitor all access to the system by remote users, ensure all machines are sending logs to the SIEM so that if any account over reaches, an alert is instantly generated.