Brewing Cybersecurity Insights

Month: April 2023

How to Choose a MFA in 2023

In today’s rapidly changing digital environment, Multi-Factor Authentication (MFA) has become increasingly important in protecting your sensitive data and accounts from unauthorized access. Following the feedback received on the previous article, “Why Multi-Factor Authentication as you know it is not enough in 2023“, I’ve compiled a list of MFA options, ranked from the least to the most secure.

How to Choose a MFA in 2023 – MFA techniques

  1. Worst: Password-only authentication
    Relying solely on a password for account security is the least secure option. Passwords are vulnerable to brute force attacks, social engineering, and various other hacking techniques.
  2. Bad: Call & SMS
    While better than just using a password, Call & SMS-based MFA is susceptible to channel jacking attacks and requires a phone carrier. SIM swapping and other telecom exploits can bypass this method.
  3. Good: TOTP, Oath token, Push notification, and Authenticator apps.
    These options are only susceptible to real-time phishing attacks. Push notifications and authenticator apps are slightly better but require connectivity and a smart device. They provide a higher level of security, especially when used in combination with other MFA methods.
    Biometrics
    Enhances security but may not always be convenient or accessible, and raises privacy concerns
  4. Better: Authenticator app with number matching prompt, FIDO passkeys These methods are less susceptible to real-time phishing attacks but require a more sophisticated attack to be compromised. Number matching prompts and FIDO passkeys add an additional layer of security, making it harder for cybercriminals to gain unauthorized access.
  5. Best: Hardware-based MFA like FIDO2 and Windows Hello.
    The most secure MFA options are hardware-based solutions, such as FIDO2 and Windows Hello. These methods store cryptographic keys on a physical device, providing the highest level of security against unauthorized access and real-time phishing attacks.

Additional Complementary Authentication Options

While the following options are not strictly MFA, they can complement and enhance your chosen MFA solution to create a more robust and secure authentication experience:

  • Single Sign-On (SSO) and Identity Federation
    streamlines authentication but requires robust security measures and for the latter also trust between participating organizations
  • Risk-based or Adaptive Authentication
    dynamic method that can increase security while reducing the authentication burden on users in low-risk scenarios
  • Continuous and Behavioral Authentication
    monitors user behavior and context throughout a session, detecting anomalies and signs of compromise in real-time

MFA can be hacked

While MFA offers an essential layer of security, it is crucial to remember that no security measure is foolproof, as detailed by KnowBe4. MFA can be hacked through various methods, such as phishing and social engineering attacks. Even hardware based MFA is subject to physical attacks.

To protect against these threats, organizations should consider implementing additional security measures like employee security culture (awareness, training, phishing simulations) and Identity detection and response systems. By combining MFA with other cybersecurity best practices, it is possible to strengthen the defenses and reduce the risk of unauthorized access to the systems.

Conclusion

Choosing the right MFA method is crucial for ensuring your digital assets’ safety.

By understanding the strengths and weaknesses of each option, you can make an informed decision that best suits your security needs, taking into account your specific requirements, budget, and user experience considerations. To maximize security, it’s essential to continually revise and update your authentication strategy as new threats and technologies emerge. By prioritizing the most secure methods and staying vigilant against ever-evolving cyber threats, you can effectively safeguard your digital assets and stay ahead of cybercriminals.

Stay tuned as the next article will be on AI Password cracking, role and issues of password managers and shift to password-less.

Integrating XDR and Zero Trust

The Power of Effective Cybersecurity

In my article on Zero Trust I promised an in-depth exploration on the integration of Zero Trust and XDR, here it is.

As cyber threats become increasingly sophisticated and complex, traditional security approaches no longer suffice in protecting organizations from data breaches and other security incidents. This is where integrating Zero Trust and XDR technologies comes into play, providing a more effective way to reduce risk and safeguard sensitive data.

Zero Trust is a security approach that assumes all users, devices, and applications are untrusted and continuously verifies access, while XDR (Extended Detection and Response) is an advanced threat detection and response platform that enables security teams to detect and respond to attacks across multiple attack vectors and endpoints.

Integrating these two technologies can help organizations achieve a higher level of security by leveraging the strengths of each. Here are some key benefits of integrating XDR and Zero Trust:

  1. Improved Detection and Response Capabilities

By integrating XDR and Zero Trust, security teams can enhance their detection and response capabilities. XDR can detect potential threats across multiple attack vectors, while Zero Trust can automatically block potentially malicious network destinations, breached identities, and breached devices. This combination enables security teams to respond quickly and effectively to potential threats.

  1. Better Risk Management

The integration of XDR and Zero Trust provides better risk management by combining threat detection and response with access control. With Zero Trust, access is continuously verified and controlled, while XDR can identify potential threats and provide insights to help mitigate risk.

  1. More Efficient Threat Management

XDR and Zero Trust integration can also improve threat management efficiency by automating the response to potential threats. For example, if an EDR system detects a suspicious event, XDR can use a playbook that incorporates Zero Trust to automatically block the event, with subsequent verification and unlocking in case it is a false positive. This approach is more efficient than traditional inspection methods and can help security teams respond to potential threats quickly and effectively.

  1. Simplified Security Operations

Integrating XDR and Zero Trust can simplify security operations by consolidating security tools and technologies. With XDR and Zero Trust working together, security teams can reduce the number of tools and technologies they need to manage, making security operations more efficient and effective.

In conclusion, the integration of XDR and Zero Trust is a powerful combination that can provide organizations with a more effective way to reduce risk and protect sensitive data. By leveraging the strengths of each technology, organizations can enhance their detection and response capabilities, improve risk management, simplify security operations, and achieve compliance with regulatory and industry standards.

Battling Burnout in Cybersecurity

Battling Burnout in Cybersecurity
Photo by fauxels from Pexels

5 Key Strategies for Enduring Team Resilience

Introduction

The cybersecurity field presents unique challenges and stressors, resulting in change fatigue that threatens the sustainability of security teams.

Why are cybersecurity teams burning out? Talent shortages, understaffing, and fading motivation are hitting hard, and employee burnout is becoming one of the biggest threats to cybersecurity teams. To address this growing problem, it’s crucial to implement strategies that promote sustainability and mitigate fatigue among cybersecurity professionals.

In recent speech on talent (I already talked about this in a LinkedIn Post), I shared my experience of a resignation of a key resource that ultimately resulted in me becoming a better leader. By acknowledging the failure and learning from it, I was able to create a more supportive and understanding environment for my team.

In a recent Gartner article, “Four Tactics to Mitigate Change Fatigue,” CIOs are provided with valuable strategies to combat change fatigue within their organizations.

While primarily targeting CIOs, these tactics can be adapted to address the sustainability crisis in cybersecurity teams, or any team. These are all strategies that I pursue (badly or well can only be said by the people who work with me). In this article we’ll explore those revised four strategies and my additional ones, to ensure a lasting journey of fatigue mitigation.

Strategies for a Sustainable Journey of Fatigue Mitigation in Cybersecurity Teams:

  1. Treat change fatigue as a business issue: Cybersecurity is particularly stressful due to the constant security debt and the fear of being hit by a major attack. Balancing short-term objectives with long-term goals is crucial to prevent employee burnout, anxiety, that ultimately ends in resignation. It’s important to incorporate change fatigue as a factor when planning initiatives and prioritize projects to reduce the impact of fatigue on the team, e.g. by avoiding excessive workload, or the week-end warriors phenomenon.
  2. Distribute change leadership: Decisions in cybersecurity often require trade-offs between business, as-is operations, and security. Engaging business leaders and experts in decision-making at all levels can lead to more successful outcomes and reduce the burden of decision-making, which is a key cause of stress. Collaboration among different leaders is essential for making informed decisions. I’d add that also clear responsibilities are a must as unclear expectations are another a big source of stress. A key point here is that Cybersecurity leaders should hold the other leaders accountable in making the organization more secure (if this accountability fails, the organization will be significantly less secure).
  3. Co-create execution and involve stakeholders: In the long run, employees who feel a sense of purpose and are involved in the change management process will become the “leaders of tomorrow.” Creating cross-pollination between teams is paramount, with attacks targeted on people (e.g., phishing, CEO Fraud), on the supply chain, all departments must collaborate to secure the enterprise. This principle is also true inside of the Cybersecurity function, resources working on detection and response and those focused on protection measures must all know the vision and the strategy and know what the others are doing, this is crucial for a more cohesive and empowered team.
  4. Focus on the journey, not just the end goals: Instead of solely concentrating on the end goal, emphasize the process and progress made throughout the journey. Security is a continuous journey, not a goal that can be reached. By celebrating progress and creating a positive environment, the team will feel accomplished and motivated during the entire journey.

Allow me to add some additional personal strategies: make sure that employees are supported, they feel valued, have a work-life balance, and have the opportunity for personal growth and development. It’s essential to provide continuous feedback, both positive and negative, and to clearly explain what is good and what needs improvement. This empowers employees with the right to fail, as long as they learn from their mistakes and grow. Addressing issues in real-time ensures the team remains successful, rather than waiting until the end of the year to provide a feedback and having low performances in the meantime.

Bottom line, cybersecurity staff should feel committed and believe that the cybersecurity leadership is composed of individuals with a little more experience who empower them.

Conclusion

Adapting the strategies above can help address the sustainability crisis in cybersecurity teams by mitigating change fatigue and successfully battling burnout in cybersecurity.

By treating change fatigue as a business issue, distributing change leadership, co-creating execution, and focusing on the journey rather than just the end goals, cybersecurity teams can remain resilient and effective in an ever-evolving landscape. Embracing change and personal growth as a leader is essential to building a strong, empowered, and sustainable team.

Is too much Security a Big Cyber Risk?

Finding the Right Balance

Photo by Pixabay from Pexels

In the ever-evolving world of cybersecurity, finding the right balance between protection and flexibility is crucial for organizations. While it might seem counterintuitive, having too much security can be just as risky as having too little. Overly restrictive measures can slow down or even block business operations, pushing employees to bypass protocols and increasing risk.

In a previous article, we discussed how Zero Trust can help organizations achieve both security and flexibility. In this article, we’ll explore the risks of too much security and provide guidance on finding the perfect balance to safeguard your organization without stifling innovation. But why is finding this balance so important? Let’s delve deeper into the consequences of not having the righ security balance and how it can negatively impact your organization.

  1. Understanding the risks of too little security:
  • High agility but increased cyber risk
  • The impact of security incidents can be severe
  • Lack of preparedness and response plans
  1. The dangers of too much security:
  • Business operations are slowed or blocked
  • Employees may bypass security protocols, leading to shadow IT
  • Costs and resources may be wasted on unnecessary security measures
  1. Finding the right balance:
  • Conduct a thorough risk assessment to identify threats and vulnerabilities
  • Prioritize security measures based on the organization’s unique needs and risk profile
  • Implement a layered approach to security, focusing on prevention, detection, and response
  • Continuously monitor and evaluate the effectiveness of security measures
  1. Fostering a security-aware culture:
  • Encourage a culture of security awareness and accountability throughout the organization
  • Provide regular training and education for employees on security best practices
  • Establish clear policies and guidelines for secure behavior
  1. Embracing flexibility and adaptability:
  • Stay informed of the latest cybersecurity trends and threats
  • Regularly reassess and adjust security measures as needed
  • Adopt a proactive approach to security, anticipating potential risks before they materialize

Conclusion: Striking the right balance between too little and too much security is a delicate task, but it’s essential for organizations looking to protect themselves from cyber threats while maintaining business agility. By understanding the risks associated with both extremes and implementing a well-rounded cybersecurity strategy, businesses can reduce their risk exposure and thrive in today’s complex digital landscape.

Unraveling the Chat GPT Block in Italy

Geopolitics, AI Regulation, Inconsistencies, and Constitutionality

Photo by Andrew Neel

On Friday, March 31st, the Italian Data Protection Authority (Garante della Privacy) announced the temporary restriction of Italian users’ data processing by OpenAI, resulting in the blocking of Chat GPT access for Italian users later that evening. Many people in Italy woke up on April 1st to find Chat GPT not working and, given the date, mistakenly assumed it was an elaborate April Fool’s Day prank. The situation is more complex than that. Here are some key insights: 

  1. Geopolitical implications: The EU is working on comprehensive AI regulation, including the Artificial Intelligence Act, which aims to create a legal framework for AI in Europe. However, Europe and the US have been slow to regulate AI. There is a deeper reason for that, as I mentioned in this LinkedIn post, EU and US regulations will not deter China and Russia, who could use AI advancements as a competitive advantage. The ongoing US-China tech rivalry and concerns over AI’s potential dual-use capabilities for military and civilian purposes may influence global AI regulation. So why US and EU should slow down to allow the competitors to gain advantage? This Politico article provides an interesting perspective on the issue.   
  2. Post-Brexit European dynamics: With Germany and France as the main European powers, Italy aims to assert itself as the third power, influencing the balance when Germany and France disagree. 
  3. Italy’s move to restrict OpenAI could be an attempt to establish itself as a key player in European and global political chessboard, aiming to be seen as a precursor to broader EU regulations, potentially influencing the direction of the upcoming policies and to project soft power in the technology domain, showcasing its ability to take decisive action and influence the global AI landscape. 
  4. Timing is always a factor, Elon Musk earlier last week asked to stop AI development to regulate it. Elon Musk, one of the original founders of OpenAI, left the organization in 2018. Microsoft has since invested $10 billion in OpenAI, and while not the direct owner, its influence is significant. This may be a factor in Musk’s call to stop AI research, as I discussed in this LinkedIn post
  5. Another relevant point is that no other Data Protection Authority took action, which led to complaints considering that the GDPR has a broader scope than just Italy. The event highlights the importance of international collaboration in Data Protection and AI regulation to avoid fragmentation and inconsistencies. Establishing global norms and standards for AI technologies can foster responsible development and deployment across countries 
  6. The block is akin to block the wind with the hands, users can still access Chat GPT via VPNs, (such as NordVPN, which currently offers a 40% discount on their plans), as I mentioned in this LinkedIn post, or with alternative access means: Bing allows access to Chat GPT, and Microsoft manages GDPR requirements properly. Additionally, some creative minds have developed PizzaGPT, using the original APIs of Chat GPT. 
  7. One of the Garante’s concerns was the protection of minors. However, it is unclear why the same level of scrutiny is not applied to platforms like TikTok and WhatsApp. 
  8. Another point to consider is the potential violation of the ‘right of information,’ as stated in Article 21 of the Italian Constitution. By blocking Chat GPT, the Garante could be infringing upon this fundamental right, as it restricts citizens’ access to a tool that can provide valuable information and insights. It raises the question of whether the Garante’s decision may be overstepping its mandate and interfering with citizens’ constitutional rights.

In conclusion, the situation surrounding Chat GPT in Italy is multifaceted, involving geopolitical dynamics, European power struggles, and questions around the consistency of data protection measures. It’s crucial to consider all these factors when examining this event and its implications for Data Protection and AI regulation and international relations. 

Why MFA as you know it is not enough in 2023

Why MFA as you know it is not enough in 2023

Due to the overwhelming response and engagement on my recent LinkedIn article about MFA, I’ve decided to reprise it here for completeness.

As online threats continue to evolve, it’s more important than ever to protect your accounts with multi-factor authentication (MFA). But not all methods are the same.

Traditional MFA methods like SMS codes are no longer secure enough to prevent sophisticated attacks. Even advanced MFA methods like push notifications have their own drawbacks. So, what’s the best way to defend yourself against online threats? According to the National Cyber Security Centre (NCSC), using Fido2 keys has been shown to be a secure and convenient MFA option. Nice to know that they share my view 😊

Why MFA is necessary: In today’s digital world, passwords alone are not enough to secure online accounts. With data breaches and hacking attempts on the rise, it’s essential to add an extra layer of protection to your accounts. MFA does just that by requiring users to provide multiple forms of authentication to access their accounts. By combining something you know (like a password) with something you have (like a physical key or token) or something you are (like a footprint), MFA makes it much harder for attackers to gain access to your accounts.

Traditional MFA methods such as SMS codes are no longer secure. While SMS-based MFA has been a popular choice in the past, it’s no longer considered a secure option. The U.S. National Institute of Standards and Technology (NIST) removed SMS-based MFA from its list of recommended authentication methods in 2021 due to its vulnerabilities. According to cybersecurity expert Brian Krebs, “SMS-based 2FA [two-factor authentication] is not only less secure than other forms of 2FA, it’s not really 2FA at all.”

Even advanced MFA methods such as push notifications have problems. Push-based MFA has become more popular in recent years, but it still has its own limitations. According to the European Union Agency for Cybersecurity (ENISA), push-based MFA can be vulnerable to man-in-the-middle attacks (an attacker intercepts communications between two parties), MFA bombing (attackers repeatedly push second-factor authentication requests to the target victim for them to approve it) and may not provide sufficient protection against social engineering tactics. ENISA recommends that users consider using hardware tokens or biometric authentication instead.

So back to Fido 2, why is it more secure? Fido2 cryptographic login credentials are unique across every website, never leave the user’s device and are never stored on a server. This security model eliminates the risks of phishing, password theft and replay attacks. According to the World Economic Forum, FIDO-based authentication solutions are more providing greater protection against phishing and man-in-the-middle attacks (nice to know that they also share my view 😊). Google use it and has reported that it has not had a single confirmed account takeover since it started requiring its employees to use Fido2 keys in 2017.

In conclusion, the importance of using strong MFA to protect your online accounts cannot be overstated. Traditional MFA methods like SMS codes are no longer secure, and even advanced methods like push notifications have their own limitations. Use the strongest method you can. By using MFA method like Fido2 keys, you can significantly reduce the risk of your accounts being compromised. Don’t wait until it’s too late – take action now to improve your online security with MFA.

Disclaimer: I do not have any financial or professional interest in promoting FIDO 2 technology or any specific security solution. My views on the importance of MFA and the vulnerabilities of traditional authentication methods are based on my professional experience in cybersecurity and my analysis of industry research and best practices.

© 2024 CyberSec.Cafe