[Webinar On-Demand] Why Do You Need Security Awareness Training?

Hosted by Gerard Brown at NetUtils and joined by guest speakers Ollie Pech, Channel MSP Manager and Javvad Malik, Security Awareness Advocate from KnowBe4 and known blogger and YouTuber within the infosec industry.

The title of this webinar poses a critical question all organisations should be asking themselves in this ever-changing world. While a layered security infrastructure is an absolute must to protect against the growing variety of threats organisations face today, there’s a hidden threat that is often-overlooked. What is this hidden danger… IT’S YOUR USERS?

The facts from NetUtils

Did you know, more than 90% of successful hacks and data breaches, all start with phishing scams? That’s a huge number considering the sheer volume of data breaches you hear about in the news on a daily basis.

According to the APWG Phishing Activity Trends Report for Q3 2019, phishing scams have reached the highest level in just three years, this level not seen since 2016! Below is a snapshot of the stats over the past year. What makes the chart of interest is the 46% increase of phishing sites detected between Q2 and Q3 of this year. And an almost 100% increase in phishing sites detected in Q4 of 2018, this time last year. *

Phishing attacks reach the highest level in 3 years!

* APWG Phishing Activity Trends Report Q3 – 2019

8 reasons why we partner with one of the best Security Awareness Training vendors in the industry

To help our customers educate their end users and to keep security top of mind!

  1. The world’s largest integrated Security Awareness Training and Simulated Phishing platform, founded in 2010
  2. With over 28,000 customers and 9.5million users KnowBe4 helps organisations manage an ongoing problem of social engineering
  3. The ‘last layer’ of security is the Security Awareness layer, only really been taken into consideration over the last few years i.e. your human firewall
  4. KnowBe4 have developed tremendously as a business from a “nice to have” within organisation to be a “must have”
  5. Over a thousand training modules that are pre aligned to the platform that are all around security awareness and includes some HR modules and over 80 compliance modules
  6. A simulated phishing platform with an iterative process; train, phish and analyse, all of the time
  7. The KnowBe4 console helps organisations see where their end users are having trouble understanding security, this is backed up with over 1000 training modules to support learning. Not used to name and blame
  8. Assists organisations in reducing malware infections, data loss and potential cyber threat, whilst increasing user productivity
Train, phish and analyse with the KnowBe4 phishing platform

Empowering Your Human Firewall

Always remember as a business you are dealing with human beings and to do that, you have to understand behaviour and how to influence that behaviour. Ultimately, the goal is, to move your staff from insecure behaviours to better behavioural patterns so they can take a risk-based approach to any actions they take.

There are 3 realities of Security Awareness:

  1. Just because I’m aware doesn’t mean I care
  2. If you try to work against human nature, you will fail
  3. What your employees do is way more important than what they know

Take the book by Daniel Kahneman called Thinking, Fast & Slow – there are 2 types of systems he outlines; System 1 called Fast Thinking, this is the way a person reacts to everyday routine, they don’t really think about the actions as this is just natural behaviour i.e. making a cup of tea. However, when we look at System 2 thinking referred to as Slow Thinking, this is used to solve specific problems when necessary, it’s more complicated and requires thought.

Daniel Kahneman book called Thinking, Fast & Slow.

When it comes to Security Awareness and your organisation you actually start with System 2, the Slow Thinking, to try and get people really thinking. The more you do this the more it becomes a System 1 way of thinking. That is why continuous awareness and training is vital. The goal, to make Security Awareness a natural behaviour within your organisation, like making that cup of tea, make it a habit over time and get that way of thinking embedded into your company culture.

Your awareness program should NOT focus only on information delivery. Do you care more about what your people know or what they do?

During our webinar Javvad revealed an interesting take away from Dr. BJ Fogg, known in the field of ‘Behaviour Design’ and The Fogg Behavior Model.

“Behaviour happens when three things come together at the same time: Motivation, Ability, and a Prompt to do the behaviour.”

  1. Motivation – are your users sufficiently motivated to an action
  2. Ability – do they have the ability to do that action
  3. Prompt – the nudge to get them to do that action

Take these behaviours into consideration when designing your training programs so all boxes are ticked. Get specific as to what behaviours you want to change and target them.

Get specific with the behaviours you want to change and target them.

Here at NetUtils we partner with KnowBe4 to help our customers educate their end users and keep security top of mind. Security Awareness Training should be part of your cyber security strategy and embedded into your cultural fabric especially when human error is still one of the leading causes of data breaches today.

To help you on your way we’ve got some cool FREE tools to get you started!

  • Free Phishing Security Test – Find out what percentage of your users are Phish-prone. Get yours here.
  • Free Email Exposure Check – Find out which of your users’ emails are exposed before the bad guys do. Get yours here.
  • Free Domain Spoof Test – Find out if hackers can spoof an email address of your own domain. Get yours here.
  • Free Phish Alert Button – Your employee’s now have a safe way to report phishing attacks with one click. Get yours here.
  • Ransomware Simulator – Find out how vulnerable your network is against ransomware attacks. Get yours here.

KnowBe4 Report: 2019 Phishing by Industry Benchmarking

How are you doing compared to your peers of similar size?

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up! IT security seems to be a race between effective technology and clever attack methods. However, there’s an often overlooked security layer that can significantly reduce your organisation’s attack surface: New-school security awareness training.

The 2019 study analysed a data set of nearly nine million users across 18,000 organisations with over 20 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Top 3 industries by company size.

Do you know how your organisation compares to your peers of similar size? Download your report to learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Phishing vs Spear Phishing

The Osterman Research White Paper ‘Best Practices for Implementing Security Awareness Training’ reveals a wide range of issues that concern security professionals. One of which being more than 90% of organisations report that phishing and spear phishing attempts reaching end users during 2018 are either increasing or staying at the same levels.

While phishing and spear phishing attacks are similar, there are many key differences to be aware of.

A phishing campaign is very broad and automated, think ‘spray and pray’.

It doesn’t take a lot of skill to execute a massive phishing campaign. Most phishing attempts are after things like credit card data, usernames and passwords, etc. and are usually a one-and-done attack. 

On the other hand, spear phishing is highly targeted, going after a specific employee, company, or individuals within that company.

This approach requires advanced hacking techniques and a great amount of research on their targets. Spear phishers are after more valuable data like confidential information, business secrets, and things of that nature. That is why a more targeted approach is required; they find out who has the information they seek and go after that particular person. A spear phishing email is really just the beginning of the attack as the bad guys attempt to get access to the larger network.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

[Webinar On-Demand] Never Trust. Always Verify.

Gartner predicts that 21 billion mobile devices, wearables, medical devices and other IoT things will connect to the internet by 2020.

So, how can you be sure who or what is on your network?

Watch our on-demand webinar ‘Never Trust. Always Verify’ with Malcolm, Network Utilities’ Technical Director and Paul, Channel SE from Pulse Secure to learn how a Zero Trust model gives you the visibility needed to mitigate risk.

During the webinar you’ll discover:

  • What’s driving the interest in Zero Trust
  • The principles of a Zero Trust model
  • Trends shaping the delivery of Secure Access
  • How the Software Defined Perimeter works
  • The critical elements of any successful Zero Trust Secure Access solution
  • How Pulse Secure delivers Zero Trust Secure Access for hybrid IT

KnowBe4 named UK’s Security and Consultancy Provider of the year

KnowBe4, the provider of the world’s largest security awareness training (SAT) and simulated phishing platform, announces it has won Network Computing’s Security Training and Consultancy Provider of the Year award.

KnowBe4’s CEO Stu Sjouwerman said, “We are very happy to win this award and are committed to the UK market. We’ve seen explosive growth with organisations recognising the need for training to improve their security culture. Additionally, we are working with UK based organisations such as Twist and Shout to continue to provide relevant and Netflix quality content.” Sjouwerman further noted, “We are also very proud of our UK team for their dedication to our customers.”

According to Verizon’s 2019 data breach investigation report, Phishing was the #1 threat action used in successful breaches linked to social engineering and malware attacks.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.

Sources:

DISCOVER THE 14 CORE CAPABILITIES YOU NEED FOR DEFENCE-GRADE SECURITY

The following 14 core technical capabilities were created to help guide and prioritise cybersecurity investments.*

With cyber threats constantly evolving, it’s important to identify the gaps in your security posture and being prepared for cybercriminals to get through your defences in this changing environment is essential. You need to determine where to start and what is most important.

1. Asset Management

Identify assets by leveraging automated tools and discovery solutions (to also discover rogue systems), including:

  • Installed software (including on endpoints, mobile (leverage Mobile Device Management (MDM or EMM) solutions) and servers)
  • Deployed hardware (including endpoints, mobile, cloud and “on- premise” systems)

2. Network Segmentation

Ensure networks are properly segmented, particularly separating the business side from the infrastructure networks.

Focus initially on high value assets and critical systems. Move away from solutions that focus only on “on premise” segmentation and deploy network segmentation solutions, such as Software Defined Perimeter that allows for granular role-based segmentation of on-premise and Cloud-based systems, including legacy systems. Additionally, leverage Network Access Control (NAC) when possible.

3. Network Security

Leverage intrusion detection and prevention systems (IDS/IPS) across enterprise and system enclave boundaries (including ingress, egress points), including using cloud-based appliances whenever possible to monitor cloud traffic.

  • Select solutions that can protect both on-premise and cloud-based traffic and consolidate alerts/logs on a single dashboard
  • Consider leveraging Deep Packet Inspection/Packet Capture (DPI)
  • Consider deploying cloud access security brokers (CASBs) at cloud boundaries
  • Leverage Domain Name Server Security (DNSSEC) to secure your Domain Name Server (DNS)
  • Consider specific distributed denial of service (DDoS) protections to protect servers, applications, and networks
  • Consider solutions that protect communication systems against telephony denial of service (TDoS) and DDoS attacks

4. Identity Management

Manage user access and roles by:

  • Deploying a centralised identity management solution with access control management and identity proofing
  • Leveraging a Single Sign-On solution across the enterprise and its applications
  • Deploying multi-factor authentication across the organisation, particularly for critical systems and privilege access
  • Using identity management best practices to ensure “need to know” and “least privilege”
  • Properly disabling or deleting accounts according to the organisation’s policy requirement

5. Privilege Access

Privilege access management solutions should be deployed to manage and control critical infrastructure systems’ administrative accounts, including:

  • Requiring multi-factor authentication for all administrative accounts, including on servers and endpoints
  • Using solutions, such as Software Defined Perimeter, to enforce multi-factor authentication policies across the enterprise while implementing patching, need to know, and least privilege, among others

6. Patching and Vulnerability Management

  • Conduct proper monitoring and patch installation, including testing prior to patch deployments
  • Prioritise patches based on risk and critical impact
  • Regularly perform automated scanning (daily ideal or weekly), including credentialed, passive, internal, and external scans. Include database configuration and web services configuration scans
  • Install agents on servers and endpoints to facilitate scans whenever possible
  • Scan applications both statically and dynamically
  • Perform source code review when necessary

7. Continuous Monitoring

Continuous monitoring is recommended 24 hours a day, 7 days a week, including:

  • Employ alerts and Security Information and Event Management (SIEM) solutions with a customised dashboard to monitor critical systems using proper log management
  • Create/manage a security operation centre (SOC) to continuously monitor critical systems

8. Endpoint Protection

Employ endpoint protection solutions to:

  • Mitigate against viruses, ransomware, and malware using solutions such as Application Segmentation (Micro Virtual Machine isolation), Advanced Endpoint Protection, and Antivirus/Anti-malware
  • Deploy these solutions across all endpoints and servers, including mobile devices
  • Leverage a File Integrity Solution to protect against file tampering/rootkits etc.

9. Public Key Infrastructure (PKI)/Key Management

Deploy both symmetric and asymmetric encryption key management solutions, including:

  • Managing public and private keys used for application programming interfaces (APIs), email signing, and encryption using a PKI solution
  • Employing key management solutions to store keys, including Secure Shell (SSH) keys and other encryption keys

10. Log Management

Centralise, correlate and consolidate logs, including:

  • Ingress and egress logs
  • Application logs
  • Endpoint protection logs
  • Firewall logs
  • Security logs such as authentication failure, misuse, unauthorised access, insider threat
  • Server logs
  • Database logs
  • Webserver logs
  • IDS/IPS logs

Ensure proper timestamp by leveraging Time Synchronisation (Network Time Protocol (NTP)) solutions across every system.

11. Phishing Protection

Implement phishing training and plugin solutions, including:

  • Mandating regular phishing training for all employees, including senior executives
  • Deploying email validation system (Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM)) to detect and prevent email spoofing
  • Deploying phishing plugin solutions on email servers and endpoints to allow phishing email detection, prevention, and reporting
  • Conducting real-life phishing campaigns to all your employees to measure openings/clicks, and target training to employees opening those emails

12. Configuration Management

Adopt a configuration management solution to properly enforce configuration requirements on servers and endpoints, including:

  • Prioritising solutions that can synchronise logs with SIEM and that support multiple operating systems
  • Leveraging application whitelisting solutions to limit access to necessary applications on endpoints and mobile devices. Whitelisting is recommended instead of blacklisting because new malicious software is too difficult to track

13. Application Security

Application security is the use of software, hardware and procedural methods to prevent vulnerabilities in applications and protect sensitive information from external threats. Applications may include desktop, server, and mobile technology. Software security should be built into applications during their development phase:

  • Fuzz testing (fuzzing) should be leveraged as a quality assurance technique, using a software tool called a fuzzer to discover coding errors and security loopholes in software, operating systems or networks. The technique involves inputting fuzz (massive amounts of random data) to the test subject to make it crash, find vulnerabilities, and identify potential causes
  • Dynamic analysis can be used as the testing and evaluation of a program by executing data in real-time to find errors in a program and flaws in the source code while it is running, rather than by repeatedly examining the code offline. Dynamic code analyser software finds security issues caused by the code’s interaction with other system components like SQL databases, application servers or Web services to debug a program in all the scenarios for which it is designed
  • Static code analysis is also available as one of the security tools the enterprise can use to identify flaws and malicious code in applications before they are bought or deployed. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards
  • Leverage Web Application Firewalls (WAF) solutions to secure your web applications

14. Data Security

Implement solutions to secure data, including:

  • Properly protect data, in particular, personally identifiable information (PII), personal health information (PHI), payment card industry (PCI), and sensitive, classified, and/or financial data, by using Data Loss Prevention solutions:
    • Leveraging solutions to detect and prevent data leaks and massive data exports on servers, databases, and endpoints, when possible
  • Deploying backup solutions across the organisation endpoints, servers, databases, and critical systems
    • Establishing off-site backup, whether in a separate datacentre or on the cloud
  • Mandating encryption for all PII, PHI, PCI, sensitive, and confidential data whenever possible. Examples include:
    • Requiring full disk encryption solutions for mobile devices, laptops, and removable media
    • Using encryption on databases and files whenever required

* 2018 Cybersecurity Guide – originally provided by Bromium featuring Nicolas Chaillan.

Secure Access for Today and Tomorrow: Part 3

The Requirements of a Secure Access Solution – Balance Security and Productivity

With a Secure Access solution in place, organisations can enforce policy compliance by employees, guests and contractors regardless of location, device type, or device ownership. Users enjoy greater productivity and the freedom to work anywhere without sacrificing access to authorised network resources and applications. IT can mitigate malware, data loss and IoT risks. And IT is empowered to optimise their resources and enable digital transformation across the organisation.

Integrated mobile security

First, a Zero Trust Secure Access solution must enable enterprise mobility to boost workforce productivity. This requires enabling visibility and compliance controls in a transparent way across different devices and operating systems. It involves simplifying the secure use of mobile devices by offering automated, self- service on-boarding of devices – whether they are laptops, smartphones, or tablets – regardless of user location and device ownership. Mobility enablement also requires the ability to ensure compliance by isolating work applications and data from private applications in BYOD scenarios. Lastly, a Secure Access solution must support always.

Simple and easy-to-use UX

A Zero Trust Secure Access solution must also take into consideration users’ consumer-based expectations for a simple, integrated user experience (UX). For example, end users want the convenience of Single Sign On (SSO) to applications across devices, operating systems and application infrastructures. IT administrators demand an intuitive and flexible way to orchestrate all elements of access security – freeing them from the need to correlate data and actions across multiple security systems and consoles. Additionally, a best-in-class solution will optimise the user experience by leveraging an integrated Application Delivery Control (ADC) solution, guaranteeing timely response to meet any demand, regardless of whether users access applications on site or remotely.

End-to-end hybrid IT security and visibility

The increase in cyberattacks coupled with the move to hybrid IT environments means that a Zero Trust Secure Access solution must offer end-to-end hybrid IT security and visibility. The solution should provide user, device and access operational intelligence to allow for informed policy development, threat response and reporting. Such a solution should combine multi-factor authentication with role-based and device-compliant authorised access to applications, whether the applications are hosted in enterprise data centres, private clouds, or public clouds. An integrated platform, incorporating both perimeter-based (VPN) and Software Defined Perimeter (SDP) architectures provides versatility to address a broad number of business needs while offering deployment flexibility and management economies.

Unified and scalable platform

The difficulties associated with multiple security silos can be mitigated by adopting a unified Zero Trust Secure Access platform. A unified platform provides appropriate application access that supports physical and virtual IT resources across on-premise and cloud environments. It must also provide endpoint coverage across classic PCs, mobile and even IoT devices, requiring the application of agent and agentless Client technology. Given the growth in users and devices, a unified platform must be sufficiently scalable to handle the steady

Unified policy engine for users, devices, and applications

Policy unification is another way to combat the gaps that can be created by multiple security silos. Unlike siloed solutions, policy unification enables rules to be written once and automatically applied enterprise-wide. SDP architectures offer a unified and centralized policy engine that is context-aware, enabling enforcement of granular policies based on user, role, device, location, time, network and application, as well as endpoint security state. To minimize IT administrative workloads and ensure interoperability with third-party solutions, policy enforcement should be standards-based.

Seamless integration across multiple vendor solutions

Establishing a unified platform and policy engine is made easier and effective by partnering with a single vendor who can orchestrate Zero Trust Secure Access controls across multiple vendor solutions. To minimise IT administrative workloads, bi-directional interoperability should be standards-based and support a variety of third-party solutions. Applying this approach allows a single vendor to incorporate new technologies as they become available and enable greater enterprise availability, resiliency, elasticity and scalability.

Extensibility to new endpoints, services, and applications

Finally, as demonstrated by the growing need for IoT and multi-cloud security, a Zero Trust Secure Access solution must be intelligent and adaptable. The solution must be able to discover, segment and monitor sanctioned and unsanctioned IoT devices on the network and private cloud employing advanced device profiling, classification, analytics and threat response. Furthermore, as IOT devices interface with corporate application including IT and OT (Operational Technology) convergence, Secure Access functionality must be sufficiently flexible to accommodate future use cases without compromising availability, performance, compliance, or security.

Original source: Zero Trust Secure Access Checklist via https://www.pulsesecure.net

Read Secure Access for Today and Tomorrow: Part 1 here

Read Secure Access for Today and Tomorrow: Part 2 here