Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
Author: Jason
TryHackMe | Advent of Cyber 2024 – Day 12
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
TryHackMe | Advent of Cyber 2024 – Day 11
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
Key Takeaways From the FIRPA Practitioner Insights Report
This blog post summarizes the key takeaways from the Five Eyes Insider Risk Practitioner Alliance (FIRPA) Practitioner Insights Report. The report is based on workshops with over 100 insider risk practitioners from Australia, the USA, and Canada.
AI Generated Podcast:
Stakeholder Engagement and Collaboration
- Executive buy-in and cross-departmental collaboration are essential for successful insider risk management. Collaboration across departments like legal, HR, IT, and compliance is needed to create a unified approach to insider risk.
- Challenges include communication breakdowns, competing priorities, and a lack of shared understanding across departments. Organizations need to develop a shared language and tailor communication to different stakeholder groups.
Security Culture and Leadership
- Leaders must champion security and set the tone for a security-conscious culture. They need to embed security practices into daily operations and create an environment where insider risk management is prioritized.
- Challenges include silos between departments, biases in insider risk detection, and a lack of buy-in from senior leadership. Organizations should promote a no-blame culture that encourages open reporting and engagement.
Education and Training
- Training programs should leverage multiple modes of delivery and include real-life scenarios and simulations.
- Challenges include cost constraints, lack of motivation, and outdated content. Organizations need to develop contextually relevant practices, invest in dynamic learning tools, and ensure training remains current and engaging.
Tools, Techniques, and Indicators
- Selecting the right tools and techniques is crucial, but they must be aligned with an organization’s unique risks and operational context.
- Challenges include over-reliance on data without sufficient context, difficulty integrating new tools with existing systems, and a lack of understanding of the human factors behind insider threats. Organizations need to select tools that offer contextual accuracy and invest in training and development of internal experts.
Information Sharing and Collaboration Between Organizations
- Sharing insider threat information between organizations is crucial but faces challenges such as legal barriers, privacy concerns, and organizational resistance.
- Challenges include reluctance to share sensitive data due to legal uncertainties, concerns over reputational damage, and difficulties in defining common terms for information sharing. Organizations should create a common asset list, establish legal-focused working groups, and promote the sharing of behavioral attributes from past incidents.
Program Structure, Policy, and Governance
- Clear governance frameworks, leadership engagement, and continuous improvement are needed to ensure that insider risk management processes are consistent and adaptable.
- Challenges include inconsistent executive support, resistance to change, and external pressures for compliance. Organizations should establish clear program frameworks with well-defined roles and responsibilities, collaborate across departments and with external partners, and secure leadership buy-in.
Investigative Process, Procedure, Interventions, and Improvement
- A well-structured investigative process is essential and requires clear guidelines for escalation, well-documented procedures, and transparent decision-making.
- Challenges include inconsistent investigative processes, lack of clarity around when to escalate incidents, and balancing thoroughness with employee privacy concerns. Organizations should establish clear guidelines for escalation, provide regular training for investigators, and use centralized tracking systems.
Regional and Cultural Nuances
The report identifies some regional differences in how practitioners approach insider risk.
- American practitioners emphasized ROI and advanced technologies.
- Australian practitioners focused more on communication strategies, relationship-building, and aligning tools with organizational culture.
Additional Insights from Surveyed Australian Practitioners
- Negligence is viewed as the primary insider threat.
- Continuous education and cross-departmental collaboration are foundational elements for improving insider risk programs.
- A common misconception is that insider risk programs are punitive.
Conclusion
The report highlights the importance of:
- Securing leadership engagement
- Fostering cross-departmental collaboration
- Balancing advanced technologies with human-centered approaches
Organizations need to continuously refine their practices to stay ahead of evolving threats and bolster their defense against insider risks.
Staying Up-to-Date in the Cybersecurity Industry
Staying current in cybersecurity is crucial to proactively mitigate risks, ensure compliance, and make informed decisions in today’s rapidly changing digital landscape. Here are some resources to help you stay up-to-date with cybersecurity:
Feedly
Feedly (RSS Aggregator) is a free website that will collect news from different sources and put them all together in one place. Here are some sites to add to feedly:
- CISA Alerts
- BleepingComputer
- Dark Reading
- Security Affairs
- SecurityWeek
- The Hacker News
- The Register – Security
TLDR
Information Security News to Your Inbox. TLDR is a free service that sends you a recurring emails aggregating the news in various subjects for you. They have many different newsletters on various topics including information security.
SANS Cyber Security Summits
SANS Free Virtual Conferences. SANS summits take place often on a variety of subjects including AI, DFIR, Cloud, Threat Intelligence, etc. It is free to attend the summits online and if you miss them you can watch the recording. They also count for CPE. Their slack is also a great place to learn from others.
BrightTALK
Free Virtual Talks. BrightTALKs bring the speakers to you. Search for any subject and attend live or recorded talks on any subject including many Cybersecurity ones. Every month the Verizon Threat Research Advisory Center gives an update. They are a great talk to attend.
Verizon Business Page at BrightTALK
Podcasts
I’ve already compiled a list of podcast on this blog here is a link to that post.
Books
Here are some favorites of mine:
- Hacker and the State by Ben Buchanan. Packed with insider information based on interviews, declassified files, and forensic analysis of company reports, The Hacker and the State sets aside fantasies of cyber-annihilation to explore the real geopolitical competition of the digital age
- Countdown to Zero Day by Kim Zetter. Rather than simply hijacking targeted computers or stealing information from them, it proved that a piece of code could escape the digital realm and wreak actual, physical destruction—in this case, on an Iranian nuclear facility.
- Dark Wire by Joseph Cox. In 2018, a powerful app for secure communications called Anom took root among organized criminals. They believed Anom allowed them to conduct business in the shadows. Except for one thing: it was secretly run by the FBI.
- This is How They Tell Me the World Ends by Nicole Perlroth. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
YouTube
There are so many YouTube channels doing a great job getting information out there. This is not an exhaustive list, but they are some of my favorites!
- Black Hills Information Security – A great channel. I especially love the weekly Talkin’ Bout [Inforsec] News series.
- SANS Institute – Yes, they are on Youtube as well. If you missed a summit it might be posted here. Lots of evergreen content posted on this channel too!
- David Bombal – David has two channels worth watching. His main channel and David Bombal Tech.
Other Networks
Blueksy – Read more about bluesky on this prior post. Here are the info sec starter packs.
LinkedIn – Here are some good folks to follow on LinkedIn.
Mastodon – Federated messaging service a la Twitter/X, with large infosec group on the infosec.exchange server.
TryHackMe | Advent of Cyber 2024 – Day 10
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
TryHackMe | Advent of Cyber 2024 – Day 9
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
Weekly Cybersecurity Wrap-up 12/2/24
Each week I publish interesting articles and ways to improve your understanding of cybersecurity.
Projects
- Linux Foundation – Introduction to Kubernetes (LF158) – In Progress
- TryHackMe – Splunk: Setting up a SOC Lab
- TryHackMe – Advent of Cyber – Playlist
Videos
Articles
- Meta plans to build a $10B subsea cable spanning the world, sources say – sources close to the company that Meta plans to build a new, major, fibre-optic subsea cable extending around the world — a 40,000+ kilometer project that could total more than $10 billion of investment.
- New York Fines Geico and Travelers $11 Million Over Data Breaches – New York has announced $11 million settlements with Geico and Travelers over data breaches affecting 120,000 people.
- Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online – Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year’s attacks on file transfer tool MOVEit.
- Russia sentences Hydra dark web market leader to life in prison – Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison.
- Law Enforcement Read Criminals’ Messages After Hacking Matrix Service – Law enforcement has taken down yet another encrypted messaging service used by criminals, but not before spying on its users.
- Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT – Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.
- Telecom Giant BT Group Hit by Black Basta Ransomware – BT Group, a major telecommunications firm, has been hit by a ransomware attack from the Black Basta group. The attack targeted the company’s Conferencing division, leading to server shutdowns and potential data theft.
- Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks – A California teen suspected of being a Scattered Spider member left a long trail of evidence and even used an FBI service to launder money.
- Deloitte Hacked – Brain Cipher Ransomware Group Allegedly Stolen 1 TB of Data – Notorious ransomware group Brain Cipher has claimed to have breached Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data from the professional services giant.
- Authorities Shut Down Crimenetwork, the Germany’s Largest Crime Marketplace – Germany’s largest crime marketplace, Crimenetwork, has been shut down, and an administrator has been arrested.
- NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise – Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems.
Podcasts
- Smashing Security 396: Dishy DDoS dramas, and mining our minds for data
TryHackMe | Advent of Cyber 2024 – Day 8
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.
TryHackMe | Advent of Cyber 2024 – Day 7
Follow along as we crack open a new year of the Advent of Cyber from TryHackMe! This is always fun! Here is the playlist on youtube, but I’ll be posting them on this site as well.