Month: August 2021

There’s only one constant when it comes to cyber-attacks, and that is that each one is different

Cybercrime is a constant thorn in the side for every IT professional, and IT leaders most of all. You probably employ training, help desks and support services to handle the constant stream of attacks, but did you know that attackers are doing the same thing?

Cybercrime is big business; attack programmes and payloads are increasingly commoditised, and many are sold on the dark web. Like any seller, criminal gangs have a vested interest in keeping their clients happy, and offer a range of support services to get them what they need. If you've been unlucky enough to have been a victim of a recent ransomware breach, you may have seen the same thing from the other side: websites with live chat support dedicated to parting you from your hard-earned revenue.

"The increasing professionalisation of cyber gangs means CISOs need to put in place the right security controls to protect their organisations," says KnowBe4 security awareness advocate Javvad Malik. "Nothing is a case of ‘set and forget', and continual improvement needs to be made to stay a step ahead of the gangs."

Threat intelligence is crucial, of course, but so is information sharing. For too long, commercial organisations have tried to stand alone against cybercrime, but talking to your peers, and even your rivals, can mean the difference between paying a ransom and it never striking in the first place.

"Incident response and recovery should not be an afterthought, either. CISOs should know what to do in the event of an incident including knowing how to notify law enforcement, regulators, customers, partners, employees, and even the media," says Malik.

Enforcement agencies and governments have promised to get tough on cybercrime, with some urging peers to treat ransomware attacks with the same priority as terrorism, and others working together in cross-continental operations - and it all adds up.

"We've seen law enforcement take down some large cyber-criminal gangs recently. While this is a time-consuming process that involves international cooperation, it can be very effective in disrupting criminal activities.

"Just seeing more cyber criminals arrested and sentenced to prison can act as a massive deterrent to others who may be considering entering into crime as a profession."

These moves have come too late to discourage the recent tide of ransomware attacks that have swept the world in the last eight months: from Solarwinds to Colonial Pipeline, JBS and Kaseya. The first and last of these were supply chain attacks: by compromising just one company, the hackers were able to breach hundreds of the victims' customers.

Supply chains are notoriously difficult to secure, though Malik says there are steps to take that can help, including:

• Conducting business impact assessments
• Knowing and understanding all partner organisations
• Having the right policy and legal clauses in contracts
• Communicating clear security needs with partners
• Having technical assurance in place
• Putting in place a joint incident response plan that maps out all responsibilities
• Having an exit strategy to leave any relationship

Several of these attacks, and many others like them, were successful due to phishing and other social engineering tactics. A collaborative culture, where employees are encouraged to talk to the IT team (rather than staying silent for fear of punishment), should be your first line of defence when it comes to bolstering the human layer of your security.

Building or changing a culture can be a slow and laborious process, but it will pay dividends. It's important that everyone is on-board, though - including the executives.

"A top-down approach is the ideal approach - CEOs and executives play a big part in creating the organisational culture. But that's not to say that a culture can't go from bottom up or from middle out.

"What's important to remember is that culture building is a slow process that often takes years to embed within an organisation, so consistency is key."

The presence of cybercrime is a constant, but the way it manifests is always changing. It's important for both you and your employees to stay informed, and have clear lines of communication, to effectively combat the threat.

The MOD crowdsourced pen-testing with US-based HackerOne

For the first time, the UK's Ministry of Defence (MOD) has paid bounties to white hat hackers for discovering security bugs in its computer networks, to raise security across its networks and devices.

The Bug Bounty Programme, which ran for 30 days, saw the MOD pay an undisclosed sum to 26 hackers, who probed the organisation's systems for vulnerabilities before they could be found and exploited by threat actors.

US-based HackerOne, which specialises in bug bounty competitions and effectively outsources pen-testing, ran the programme with the MOD.

The MOD said that it invited hackers to investigate its devices by giving them 'privileged access' to certain internal systems.

The individuals were allowed to participate only after undergoing background checks with HackerOne.

The participants were not testing public-facing assets, although the MOD and HackerOne had previously agreed on a vulnerability disclosure policy for individuals who discovered issues with those.

The programme follows the government's publication of its integrated review of security, defence, development and foreign policy in March, which highlighted the need for greater resilience and capabilities to tackle cyber threats. The government also used the review to call for greater collaboration with different actors.

'[We] will continue to make use of the Bug Bounty expertise, in addition to other capabilities available to ensure cyber security and resilience,' the MOD said.

James Heappey, Minister for the Armed Forces, described the Bounty Programme as an exciting new capability for the MOD.

"This work will contribute to better cyber and information security for the UK," he added.

Christine Maxwell, the MOD's chief information security officer, said that the effort was an "essential step in reducing cyber risk and improving resilience."

"Working with the ethical hacking community allows us to build out our bench of tech talent and bring more diverse perspectives to protect and defend our assets," she explained.

Bug bounty programmes are used throughout the industry as a way to reward ethical hackers for uncovering and reporting issues in computer systems.

The majority of HackerOne's users are organisations in the USA and Canada, followed by a long tail led by the UK, Germany, Singapore and Russia.

Testing the patience of advisers.

As Mat Yelavich joins the team.

Salesforce will make Servicetrace part of MuleSoft, to focus on unified integration, API management and RPA

Salesforce has entered into a definitive agreement to acquire German robotic process automation (RPA) software provider Servicetrace, intending to make it a part of Mulesoft: another Salesforce acquisition back in in 2018.

In a blog post, Brent Hayward, CEO of Mulesoft, said that the addition of Servicetrace would enable MuleSoft to "deliver a leading unified integration, API management, and RPA platform, which will further enrich the Salesforce Customer 360 [platform]."

Hayward expects Servicetrace's RPA capabilities to enhance Salesforce's Einstein Automate solution, "enabling end-to-end workflow automation across any system for service, sales, industries, and more".

The financial terms of the deal were not disclosed. It is expected to close by the end of the Salesforce's third quarter (October 31st, 2021).

In recent years, automation, combined with robotics, has become as a must-have technology to perform repetitive tasks. Businesses can use RPA to quickly automate manual tasks across multiple departments, including IT service desks, finance, HR, customer support and more. It is often seen as the easiest entry point into automation.

Gartner estimates global RPA software revenue will reach $1.9 billion in 2021, up 19.5 per cent from 2020.

According to Salesforce's Trends in Workflow Automation report, 95 per cent of engineering and IT managers say their organisations are prioritising workflow automation.

Salesforce's Einstein Automate solution is a modern solution to automate specific tasks, but RPA is a generally a better option for legacy operations. The Serivcetrace acquisition will bridge Salesforce's capabilities between older on-premises tools and modern cloud software.

Servicetrace has three product lines - Robotic Process Automation, Automated Software Testing and Application Performance Monitoring - with customers including Siemens, Fujitsu, Merck and Deutsche Telekom.

The company is headquartered in Hessen, Germany and was founded in 2006.

This is just the latest in a series of recent acquisitions by Salesforce.

In December, Salesforce announced the acquisition of popular workplace communication tool Slack, for about $27.7 billion.

In 2019, Salesforce bought BI and analytics firm Tableau for $15.7 billion, adding a more advanced analytics element to its existing cloud-based CRM services, particularly in combination with the AI platform Salesforce Einstein.

The company also acquired ClickSoftware in 2019 for $1.4 billion in cash and stock, to 'accelerate the growth of Service Cloud' and to 'drive further innovation with Field Service Lightning to better meet the needs of customers'.