Cybersecurity Flashcards
(24 cards)
What are the seven key reasons businesses should invest in Cybersecurity?
- biggest risk financially & reputationally
- legal & moral duty to protect consumer data
- The government & the Information Commissioner’s Office define it as a board-level responsibility.
- Businesses increasingly assessing security to decide if they should do business
- Most breaches occur due to human error. Invest helps reduce.
- Not a static requirement- needs attention, maintenance & evolution
- IT’s complexity makes it harder- lots of logins+ devices- increases risk.
What is a Supply-chain attack?
Cyber attacks against third-party vendors in an organization’s supply chain.
Why is the modern software supply chain particularly vulnerable to attacks?
Software supply chains are highly susceptible to attack because in modern development organizations, software isn’t created from scratch- using off-the-shelf components such as third-party APIs, open-source code, and proprietary code from software vendors. All these can be exposed to security threats and vulnerabilities.
Historically how were supply chain attacks done?
Targeted trust relationships, attacking insecure suppliers in the chain to gain access to their larger partners.
What’s the difference between a software supply chain attack and a hardware supply chain attack?
software supply chain: injects malicious code into application+ infects all users.
hardware supply chain:
might inject malicious code into an application and infect all users of the application, while a hardware supply chain attack compromises physical components and uses them to infiltrate an organization’s systems.ion
How do Supply chain attacks work?
They exploit the trust relationships between different organizations, fortified by installing+ using software on networks or collaborating as part of vendor/ contractor agreements
They target the weakest link in he chain of trust- like a vendor that isn’t secure. They gain a foothold in the provider’s network and exploit this trust to gain access to more secure networks.
What is a common attack surface for supply chain attacks and why?
MSP’s ( managed service providers)
They are targeted because they remotely manage companies- including vendors- IT infrastructure. They have deep access to customer networks.
Attacks can impact and gain access to networks by compromising them if they have poor security. Lets them gain access to networks that are otherwise difficult to attack directly.
What is the CI/CD pipeline and how can supply chain attacks exploit it?
The CI/CD pipeline is the continuous integration and continuous delivery pipeline. It refers to automated software development processes that maintain the supply chain.
What was the Solarwinds attack?
Attackers injected a backdoor into a software update of SolarWinds, a networking tool used by companies + gov agencies. It allowed them remote access to thousands of corporate+ gov servers. This was a global-scale attack that led to many data breaches + security incidents.
What did security researcher Alex Birsan do?
He hacked corporate systems managed by Microsoft, Uber, Apple, and Tesla. He did this by leveraging a dependency used by these companies to support their end users. He created harmless, fake versions of this dependency and delivered them to end-users, demonstrating an attacker’s ability to do the same with a malicious package.
What was the Kaseya attack?
Attackers compromised a software solution used by MSPs, infecting it with REvil ransomware, which was deployed with an update of the software. The ransomware spread to thousands of customer environments, allowing attackers to extort $70 million from MSPs and their customers.
What was the Atlassian attack?
Security researchers discovered that Atlassian applications were vulnerable to abuse of single sign-on (SSO) procedures. An attacker could use the SSO token to access applications + perform actions related to user accounts. This affected thousands of organizations which relied on Atlassian’s solutions.
What was the Mimecast attack?
Hackers compromised the security certificate that authenticated the Mimecast service on Microsoft 365 Exchange Web Services. Approximately 10% of Mimecast customers had applications that depended on the stolen certificates. Few were impacted by the attack, but it could have a much bigger impact if not discovered early.
What was the Codecov attack?
An attacker infected the Codecov Bash uploader, part of a code coverage testing tool that automatically sends reports to customers. By injecting malicious code into the script, the attackers eavesdropped on Codecov servers and stole customer data.
What was the British Airways attack?
A data breach occurred after a Magecart supply chain attack disrupted its trading system and leaked sensitive information.
How can recognising and mapping your security landscape help prevent supply chain attacks?
- Group vendors into risk profiles and prioritise every third party by vulnerability level, access to your data+ systems and impact on organisation.
- Use questionnaires and on-site visits to assess supply chain security. Identify the weakest areas in the supply chain and supplement these vendors or ask them to improve security
- Assess the safety of hardware and software products supplied to your organization.
- Identify the processes in the supply chain that pose a threat to sensitive data and systems and determine suitable security measures
- You can visualize risks by drawing a tree of all interactions between your organization and supply chain elements. This practice can help see the full picture of supply chain risks and track connections.
How can creating a multi-faceted supply chain security strategy help prevent supply chain attacks?
- Supply chain attacks can have various objectives, including ransom, sabotage, and intellectual property theft. Attacks can take many forms, such as malicious code injections into legitimate software, hijacking software updates, and attacks on IT and operational technologies.
Supply chain attacks can exploit vulnerabilities in the physical flow of assets — Including processing, packaging, and distribution processes. And the virtual flow of data or software — All virtual flows across connected systems and devices.
As cyber-attacks increase, supply chain leaders need to coordinate with security and risk management leaders to understand these threats working together to jointly manage risks.
How does managing remote work endpoint risk help prevent supply chain attacks?
As more people work from home the number of exploitable endpoints expands.
- supplier’s users must manage physical and virtual security and protection of endpoints across various locations external to established enterprise monitoring services.
- organisations exposed to risks like
device loss or theft, employees downloading sensitive data without offline protections, or introducing shadow IT applications, keyloggers, files, and various persistent threats. - Traditional security tools, like virtual private networks (VPNs) and virtual desktop infrastructure (VDI), cannot effectively protect organizations and mitigate these threats. These tools rely on end-users to follow security policies before and after they connect to secured networks.
- Organizations and supply chain leaders must monitor how remote employees use their devices to protect the supply chain.
How does continuously monitoring third-party risks help prevent supply chain attacks?
adversaries disrupt business operations+ manufacturing production
What are the motivations behind potential attacks? What are most valuable corporate assets ( proprietary information, customer information, and intellectual property) effective program must prioritize what needs to be defended.
- Pinpointing attack motivations and sensitive assets helps determine the systems and areas of supply chain that require protection and how to prioritize cybersecurity investments. implement various measures, including threat hunting, centralized log aggregation, and sensor deployment.
Continuous supply chain protection help suncover evidence of activity already occurring, gain deep visibility, and identify gaps in the organization’s ability to detect these activities.
consolidated monitoring capability provides visibility into threats and helps identify complex attack chains.
What three things do ransomware gangs want to do when they target a business and how can you defend against them?
- Steal your data
- Encrypt your production systems
- Encrypt any backup you have
How can businesses take a multifaceted security approach to ransomware?
- Take Active Action ( have an element of protection and reactive form of recovery- robust endpoint data protection, antivirus software, whitelisting software that only allows approved applications to be accessed)
Part of this is defining how much data you can afford to lose+ how long you can spend in recovery- help forge response to potential attack
- Don’t become complacent
Businesses that operate with the mindset that even their most effective point of endpoint security will and can be breached are and will remain safer than those who dismiss the risks. Continually test.
- Have a comprehensive backup and recovery approach
What is ‘Tech intensity’?
“Tech intensity” a term coined by Microsoft CEO Satya Nadella, describes an organisation’s ability to “build their digital capability on top of the technology they have adopted.” Nadella argues UK companies need to enhance their “tech intensity” to remain successful going forward.
What did London Goldsmiths identify about ‘tech intensity’?
Goldsmiths University’s Blueprint for UK Competitiveness classified organisations as either frontrunners, challengers, survivors or endangered in 2021 based on their “tech intensity”. “46% of UK organisations were classed based on their ‘tech intensity’ as endangered.”- Blueprint for UK Competitiveness.
What does only a third of UK employees believe according to Blueprint for UK competitiveness?
“Only a third of UK employees believe their organisation is adopting new technologies and systems quickly enough- Blueprint for UK Competitiveness
