You are getting scammed


My Dead Friends,

I write this to you, because you are being scammed and your identity is in immediate danger. This is not a joke and I am not selling you anything than just a friendly reminder.

Making your social media updates private or limiting them to your closest friends will not help anything. Internet is basically open – as it has always been. Nothing is 100% secure.

Because of social media every one knows what you like, what is your home town, what is your mother’s maiden name, your first pet and the web shops you use. Probably your ISP, bank and insurance company are also known by the “tweets” of your feedback and claims. Your pictures tell where you are where you have been and what is important to you. Now, because of the newest “circular letter” #myfirstsevenjobs, your first job is also known. There is only very little what is NOT known.

All this information defines your digital identity. It can be easily accessed and even more easily stolen. Your password can be reset and your account stolen – from every account you have. This can happen to all of us.

Please take care of your personal information and remember what you post to social media.

Best regards
Your friendly herald of cybersecurity

Cognitive cybersecurity

HP Cognitive cyber defence

I have now had couple of months to familiarise with the major vendors offering what they each call “Cognitive Cybersecurity” and it is very interesting.

They all essentially mean the same – taking advantage of advanced business analytics to create better view and understanding about cyber universe and its threats. What the solutions actually do, is totally different.

There seems to be two major rules when talking about Cognitive Cybersecurity solutions (and this is the part where people gets irritated). 

Rule number one. If you started as a network solution provider, your security concentrates on network security. If you started as anti-virus company, your security concentrates on virus detection and prevention on clients and servers. They have all kinds of fancy stuff, but the basic principles stay the same.

Rule number two. The more you pay, the better solution you get. To get a real Cognitive Cybersecurity solution, you have to pay a lot. There is no way to get round of it. It just costs a lot of money and resources. Period.

So if you are planning to have a solution not from client/server/network concentrated vendor and it will cost a lot more than $100K you are on the right track.

What should Cognitive Cybersecurity solution do? Most important thing you always need, is a lot of data. With out several data sources and big data you cannot have proper analytics.

When you have the data, it needs to be subjected to cognitive analysis. Proper data contains the traditional threat intelligence feeds and network analysis, but also audio, video, news, stock information, radio and even TV-news. Analysing Twitter tells you a lot more, than just waiting something to happen to your web service. 

Analysed data is inserted to proper Security Incident and Event Management system and distributed to peers via intelligence sharing systems. On top of the all, you need a threat operations center or a Security Operations Center as usually called.

This sounds like a complex and expensive setup and it is. On the other hand, cybercrime is the worlds second most profitable criminal activity and even most of the governments do it. So you need to clarify how secure you need to be and act accordingly. I just want to point out, that there are solutions out there, providing the ultimate situational awareness and protection – not 100%, but close enough to make attackers turn away.

Is there any IoT security?

IoT security by ENISA 2015

Since the Internet of Things (IoT) is rapidly growing to be one of the largest businesses in the ICT-world, everyone is talking about it. Even more, everyone seems to be concentrating on security and how bad it is.

I saw an extensive university study which came to conclusion that all of the tested IoT home appliances were vulnerable for cyber attacks. Well, I could saved their time, since absolutely everything connected to internet is vulnerable. Their recommendation for the situation was to use stronger passwords. True, you should always use strong passwords, but unfortunately that will not help you to secure your home or business IoT environment.

There are security vulnerabilities in home IoT-appliances and usually they are deeper and more complex than bad Wi-Fi password. In most cases, they cannot be secured by the every-day user. Bad design and structural problems causes unwanted backdoors and exposures of confidential information to the maleficent side of the internet. As an example, smart TV’s have cameras which can be accessed remotely because of a software glitch. Remote controlled light bulbs and air conditioners use proprietary wireless connection which reveals your “how ever strong it is” Wi-Fi password in plain text to public. 

So what to do then? You have couple of options. You can always use an additional security device to help you to secure your environment – just like companies do. The stuff is very new, the first shipments are just beginning at Q1 2016: F-Secure SENSE, Luma smart Wi-Fi router, Dojo ja Cujo.

Another option is to make a personal risk assessment and classify your environment and privacy. Do you have to connect the specific device to the internet? What functionality will you lose if you use it as a stand-alone device? If it needs to be connected to internet, can it be secured sufficiently? It it gets hacked, what information you reveal or loose? Does it really matter or is it very important or sensitive? Can the data be used against you or others?

Then there is one additional information important to understand. Even if the data is not important to you or the connected device is more or less harmless, it could be used to cause harm to some-one else. There are cases where captured IoT-home appliance has been used from spamming email or cause Distributed Denial of Service attacks. Regular user would not even know that this kind of illegal activity is happening.

So as always, you first need to think what you are doing and connecting to internet at your home. If you do not know, ask from a friend, or better yet, ask from a professional. If you are not able to do any of these, just do not plug it in.

How is your cyber defence today?

Cognitive cyber defence

What to do, when cyber attacks are financed by nations and managed by organised crime? Attackers budgets are endless and they will not stop until they get what they want.

When even the hactivists have more resources than professional organisations, it is time to think something else.

Something else have to be totally different. Something more than fancier anti-viruses or firewalls. Intrusion detection is now a commodity and data leak prevention did not really work. Most organisations are turning to security information and event management solutions and building or buying security operations centers.

Old security phrase stated that the human is the weakest link in security. While I did never fully agree that statement, it has always been partially true. Specially now.

The weakness of any current cyber security defence is the human. It does not matter anymore if employees are negligent or the people who have built the defence mechanisms have made mistakes – they are are and they have – always.

Now the real weakness is on the active defence. How fast you can detect something you do not understand. How you even could try to react for something unknown to you? When you find out and understand what is happening, it is way too late. In old information security world (viruses and hackers) you could react for an attack in minutes. Now it all has begun weeks or months ago and all you can do is to calculate your losses.

Another challenge is understanding the goal. As in traditional warfare, the ultimate goal is usually the most protected secret. Same applies for cyber security. You use tons of different channels and methods to get on your target. Not revealing itself too early is more important than achieving 100% of the target. Attacks are so sophisticated, that event the best cyber professionals or brightest analysts cannot see the final goal for an attack by just examining the small parts of the attack mechanism. 

So is there an another answer for cybersecurity than having more money, skills and resources than the attacker? In last couple of months I have started to believe that there is – cognitive cyber security platforms. There are already few available and they are best where the humans are weak.

Cognitive cyber security platform is designed to recognise and understand a previously unseen attack, quickly extrapolate the ultimate targets and launch counter-measures and direct security processes according the security policy. Will it do all this and how? Will it really work good enough at ultra-high-security environments? I will find out and tell you what I found later this year!