Cyber security is the state or process of protecting and recovery computer systems, networks, devices and programs from any type of cyber attack. Cyber attacks are becoming an evolving danger to the sensitive data of organizations, their employees and individuals.
As the world becomes increasingly reliant on the Internet and computer systems and the next generation of smart Internet of Things enabled devices with access to wireless networks via Bluetooth and Wi-Fi come online, the average level of every organization's cyber security risk and cybercrime is on the rise.
Businesses and nation states have begun to recognize cyber security as a major challenge due to its complexity in terms of politics and the increasingly distributed attack surface. Many businesses are now including information risk management as part of their enterprise risk management.
What types of cyber security threats are there?
The process of keeping up with new technologies, security trends and threat intelligence is a massive task. The first stage is to understand what information may be valuable to an outside party and then how they may gain access to it. See our post on cyber security risk for more information.
Below we have outlined the common sources of cyber threats that you should be aware of.
What is a backdoor?
A backdoor is a method of bypassing normal authentication or encryption in a computer system, product, or embedded device (like a router). Cyber attackers often use backdoors to to secure remote access to a computer, obtain access to plaintext passports, delete hard drives, or transfer information within the cloud.
A backdoor can also take the form of a hidden part of a program, a separate program, code in firmware of hardware or operating systems. Although some backdoors are secretly installed, other backdoors are deliberate and known. These have legitimate uses such as providing the manufacturer with a way to reset a user's password.
These legitimate backdoors can result in data leaks when misconfigured resulting in access to sensitive data and personal information that may be used for identity theft.
What is a denial of service attack?
A denial of service attack (DoS) is a cyber attack meant to shut down a machine or network, making it inaccessible to the end-user. DoS attacks do this by flooding a network with traffic or sending information that results in a machine crashing.
In both instances, the DoS attack deprives the legitimate user (customer, employee, etc) of the service or resource they were using. A simpler form of DoS attack is when an individual deliberately enters a wrong password consecutively to cause the victim's account to be locked.
Victims of DoS attacks are often high-profile organizations such as banking, commerce, media companies and governments. DoS attacks do not generally result in theft or loss of significant information or other assets but can cost the victim a great deal of money and time.
One way to prevent DoS attacks is to use firewall rules that deny network attacks from a single IP address but more sophisticated distributed denial of service (DDoS) attacks can come from a large number of points making defence more difficult.
DDoS attacks can originate from zombie computers part of a botnet that may be control by a trojan horse or other malware, fooling innocent systems into sending traffic to a target.
What is a direct access attack?
A direct access attack is a cyber attack achieved through social engineering where an attacker gains physical access to a computer to modify it, copy sensitive information, or install malware or ransomware like WannaCry.
Standard information security measures like an antivirus and other tools used by cyber security professionals can be bypassed by booting another operating system or tool from a CD-ROM or other bootable media like a USB drive making direct access attacks a very real cyber threat.
This is why disk encryption and Trusted Platform Modules are fundamental to any cyber risk management process.
What is eavesdropping?
Eavesdropping is when an attacker listens to a private conversations between hosts on a network. In the United States government agencies like the FBI and NSA have used programs like Carnivore and NarusInSight to eavesdrop on Internet service providers for national security purposes.
Network security solutions that prevent eavesdropping are part of any robust cyber security strategy to protect important information technology assets.
What is phishing?
Phishing is an attempt to acquire sensitive information such as usernames, passwords or credit cards directly from the end-user.
A typical phishing scam occurs through email spoofing or text messaging that directs the user to urgently enter their details into a fake website that looks and feels identical to the legitimate website. Once the user submits their details, their credentials are used to gain access to their real account.
Phishing is largely an attack on the end-user rather than technology, meaning education is an important cyber security measure that reduces the security risk of passwords being phished.
What is privilege escalation?
Privilege escalation is a situation where an attack gains a level of access that enables them to continue to elevate their access level. For example, a standard computer user may be able to exploit a vulnerability in the system to gain access to restricted data or even become a root user with full unrestricted access to the system.
What is social engineering?
Social engineering is the process of gaining a user's trust in order to convince them to disclose secrets like passwords or credit card numbers by impersonating their bank, a contractor, or even a customer.
A common security issue involves a fake CEO email sent to the accounting and finance department asking for payment of an invoice. In early 2016, the FBI reported that this scam had cost US businesses more than $960 million.
Because of the nature of social engineering, it is one of the hardest things to prevent and an important cyber security risk to address.
What is spoofing?
Spoofing is the act of impersonating a real entity by faking data like IP address, username or email address in order to gain access to an application or data.
Common types of spoofing include:
- Email spoofing where an attacker forges the "From" address of an email
- IP address spoofing where an attacker alters the source IP address in a network packet to hide their identity or impersonate a computing system
- Media Access Control (MAC) address spoofing where an attacker modifies their MAC address of their network interface to pose as a valid user of the network
- Biometric spoofing where an attack uses fake biometric sample to pose as another user
What is tampering?
Tampering is the malicious modification of a product to gain surveillance capabilities or access to protected data.
One form of tampering is called the evil maid attack where an unattended device is physically altered in an undetectable way so it can be access later.
What is typosquatting?
Typosquatting is a form of cybersquatting where someone sits on similar domain names to those owned by another brand or copyright, targeting Internet users who incorrectly type in a website address into their web browser, rather than using a search engine. Typosquatting is also known as url hijacking, domain mimicry, a sting site, or a fake URL.
What are vulnerabilities?
The Common Vulnerabilities and Exposures (CVE) database is a good place to stay up to date on cyber security threats that cyber criminals may exploit.
Malicious software or malicious code designed to gain unauthorized access to computer systems can scan for exploitable vulnerabilities automatically, so it is becoming increasingly important to keep computer systems up to date.
Vulnerabilities arne not the only way hackers can gain access to your critical infrastructure and it is important to understand the different types of cyber defence available for your organization as part of a cyber security program.
How to defend against cyber attacks
Cyber security mainly comprises preventative measures like firewalls, data protection and a range of other countermeasures that aim to reduce threats, vulnerabilities, and the attack surface by improving data security and application security.
Timely discovery and reporting of issues is also important so corrective action can be taken.
However, relatively few organizations have the expertise to maintain computer systems with effective detection systems and far fewer have organized response mechanisms in place resulting in massive data breaches and exposure of sensitive information.
Organizations are increasingly turning to more sophisticated platforms that utilise a range of techniques including machine-learning to detect threats before and as they happen.
Below are common cyber security defence mechanisms that can be employed or outsourced to a third-party vendor.
What are the common cyber security measures?
Common cyber security measures are attained through the use of three processes:
These processes are based on risk management policies and computer system components such as:
- Access controls and cryptography to protect system files and sensitive data
- Hardware and software based firewalls as a network security prevention system shielding access to internal network systems and attacks like packet filtering when properly configured
- Intrusion Detection Systems (IDS) designed to detect in-progress network attacks and assist in post-attack analysis with help from audit trails and logs
Incident responses can range from a simple upgrade of a computer or firmware to fix a known vulnerability to notification of legal authorities depending on the organization and severity of cyber attack.
In extreme cases, organization may opt for complete destruction of a compromised system as other compromised resources may not be detectable.
What is secure by design?
Software is said to be secure by design when security is considered a main feature and developed with a group of principles in mind:
- Principle of least privilege: a subsystem should only have access to what it needs to function so if a hacker gains access to that part of the system they have limited access to the entire computer system
- Automated theorem proving: to prove mathematical correctness of crucial software subsystems
- Code reviews and unit testing: ensure modules are more secure by peer review where formal correctness proofs are not possible
- Defense in depth: more than one subsystem needs to be violated to compromise the integrity of the system and its data
- Default secure settings: systems should be default secure with deliberate, conscious actions from legitimate authorities needed to make it insecure
- Audit trails: tracking systems designed to outline the cause and extent of a breach, store remotely so intruders are unable to cover their tracks
- Disclosure of vulnerabilities: vulnerabilities must be disclosed when discovered
What is vulnerability management?
Vulnerability management is the process of identifying and remediating vulnerabilities in software and firmware.
Organizations can use a vulnerability scanner to analyze computer systems and search for known vulnerabilities, such as open ports, insecure software configuration, and susceptibility to malware.
What is two factor authentication?
Two factor authentication is a method of mitigating unauthorized access to a system or sensitive information. The idea is that the user "needs to know something" like their username or password and has "to have something" like a card, dongle, cellphone, or app.
Training is often involved to mitigate social engineering risk but even in highly disciplined environments social engineering attacks are difficult to prevent.
Two factor authentication improves security and reduces the impact of phishing and other social engineering attacks as an attacker needs credentials and the two factor authentication method to gain access.
What are hardware security mechanisms?
Beyond two-factor authentication, there are other alternatives to software-only security. Devices and methods include USB dongles, intrusion-aware computer cases, drive locks, disabling USB ports, and mobile-enabled access improve security due to the physical access required to be compromised.
- USB dongles: used to prevent unauthorized access to a computer or other software creating an encryption scheme that is harder to replicate than simply copying software to another machine
- Intrusion-aware computer cases: detect when a computer case is opened and alerts the end-user when the computer is booted up
- Drive locks: software tools that encrypt hard drives
- Disabling USB ports: prevents unauthorized access to an otherwise secure computer
- Mobile phones: built-in capabilities like Bluetooth, Bluetooth low energy (LE), Near field communication (NFC) and biometric validation offer new secure ways to connect to access control systems like access to secure buildings
What is end-user security training?
One of the most common forms of error is poor password management and the inability to recognize the difference between legitimate emails and login pages, and phishing attempts. This is one of the reasons that single sign on and password managers are quickly becoming required purchases for small and large organizations alike.
Further, security awareness training is quickly becoming popular at all levels of an organization, not just what is required by formal compliance with regulatory and industry mandates. Too many organizations focus on a cyber security approach that is exclusively technical and need to raise awareness of cyber attacks throughout the business.
What is incident response planning?
Responding to a cyber attack is often difficult because attacks can be geographically distributed, operating in different jurisdictions to the systems they are attempting to breach. This is further obfuscated through use of proxies, temporary wireless connections, and other anonymizing procedures. Furthermore, they may delete logs to cover up their tracks.
Due to these issues, and the fact that law enforcement are often unfamiliar with information technology attackers are often not pursued. This is makes it more important to have an organized incident response process that addresses and manages the aftermath of a cyber attack.
It is better to prevent and mitigate cyber risk.
Incidents that are not identified and managed at the time of intrusion can escalate to more impactful events such as data breaches or system failure. Incident response planning establishes best practices to stop an intrusion before it causes extensive damage. A typical plan contains a set of written instructions that outlines the organization's response to a cyber attack.
Without proper documentation, organizations may not successfully detect an intrusion and stakeholders may not understand their role slowing the organizations response time.
The four keys components of a computer security incident response plan are as follows:
- Preparation: stakeholders need to understand procedures for handling computer security incidents or compromises before hand
- Detection and analysis: suspicious activity must be identified and investigated, prioritizing a response based on impact
- Containment, eradication and recovery: affected systems must be isolated to prevent escalation, limit impact, removing malware and finding the root cause of the attack then steps must be taken to restore systems and data to pre-attack conditions
- Post incident activity: post mortem analysis is done to improve the incident response plan for future incidents
What are the common cyber attack targets?
The exponentially growing number of computer systems and increasingly reliance on computing infrastructure by individuals, businesses, industries, and governments has increased the risk of cyber attack and common cyber attack targets.
Computers sit at the heart of financial regulators and institutions like the U.S. Securities and Exchange Commission, Australian Stock Exchange, investment banks, and commercial banks. Financial institutions are a favoured target for cyber criminals because they can use their infrastructure to influence markets and make illicit gains.
Web sites and apps are increasingly becoming part of the financial system with online brokerage accounts, and food delivery apps storing credit card numbers that are key targets because of the potential gain of transferring money, making purchases or selling information on to other interested parties.
Utilities and industrial equipment
Our utilities are increasingly controlled by computers including the coordination of our phone calls, the electricity to our house, nuclear power plants, and even the valves that open and close the water and gas networks we rely on. Worms like the Stuxnet have shown that even computers that are not connected to the Internet can be vulnerable to sophisticated cyber attacks.
An attack on critical infrastructure for the energy sector could cause loss of power in large areas for long periods of time with server consequences akin to a natural disaster.
Aviation's critical infrastructure relies on computing and a power outage or disruption in flight communication can have cascading effects that are felt around the world. Further, the introduction of Wi-Fi on planes represents another potential attack vector for passengers who utilise their often insecure Wi-Fi networks.
Consumer devices and the Internet of Things
Desktop and laptops computers are common targets for gathering passwords or financial account information. This risk is increasingly due to the growth in smartphones, tablets, smart watches, and other internet enabled devices that often collect sensitive personal information such as location and heart rate
Corporations are common targets for a variety of reasons from identity theft through to data breaches by both individuals and foreign governments who want to engage in cyber warfare to spread propaganda, sabotage, or spy on targets.
Cars are increasingly computerized with critical systems like cruise control, engine timing, anti-lock brakes, seat belt tensioners, door locks, airbags, and driver-assistance system controlled by computers on many models.
The introduction of Wi-Fi and Bluetooth to communicate with onboard devices and cell networks has increased the risk of cyber attacks, with self-driving cars expected to be even more complex.
Government and military systems are commonly attacked by activists and foreign governments who wish to engage in cyber warfare. Infrastructure like traffic lights, police and intelligence agency communications, personnel records, student records, and financial systems are now often computerized.
Medical systems like in-hospital diagnostic equipment and implanted devices like pacemakers and insulin pumps are the targets of attack with potentially deadly vulnerabilities.
Medical records are often targeted for use in general identity theft, health insurance fraud, and impersonation of patients to gain prescription drugs or recreational purposes or resale.
What are examples of notable data breaches?
Nearly 14,000 documents containing financial, medical, and personal information were exposed by Medico Inc., a healthcare vendor that provides billing and insurance data processing. These documents, amounting to approximately 1.7GB of PDFs, spreadsheets, text files, and images, include explanations of insurance benefits, insurance claims, medical records and reports, legal documents, and internal business data for Medico itself.
A set of cloud storage buckets utilized by data management company Attunity have been secured from any future malicious action. Attunity, recently acquired by business intelligence platform Qlik, provides solutions for data integration.
Three publicly accessible Amazon S3 buckets related to Attunity were discovered. One contained a large collection of internal business documents. The total size is uncertain, but the researcher downloaded a sample of about a terabyte in size, including 750 gigabytes of compressed email backups. Backups of employees’ OneDrive accounts were also present and spanned the wide range of information that employees need to perform their jobs: email correspondence, system passwords, sales and marketing contact information, project specifications, and more.
Publicly accessible information belonging to technology services provider HCL was discovered. The public data included personal information and plaintext passwords for new hires, reports on installations of customer infrastructure, and web applications for managing personnel. After notifying HCL, the pages with the sensitive information were made inaccessible, securing the known data exposures.
Two third-party developed Facebook app datasets have been found exposed to the public internet. One, originating from the Mexico-based media company Cultura Colectiva, weighs in at 146 gigabytes and contains over 540 million records detailing comments, likes, reactions, account names, FB IDs and more. This same type of collection, in similarly concentrated form, has been cause for concern in the recent past, given the potential uses of such data.
The AggregateIQ breach
It was with some astonishment to the residents of picturesque Victoria, British Columbia, that AggregateIQ - a small data firm of “about half a dozen employees,” headquartered on the city’s Market Square - emerged as a central player in an international news story stretching from London to Silicon Valley. With more evidence emerging of its close ties to Cambridge Analytica, the political analytics company has been under investigation for its harvesting of data from over 87 million Facebook user accounts. Facebook, under congressional fire, suspended the company from its platform, citing AIQ’s documented ties to Cambridge Analytica and its parent company, Strategic Communication Laboratories (SCL).
- The Aggregate IQ Files, Part One: How a Political Engineering Firm Exposed Their Code Base
- The AggregateIQ Files, Part Two: The Brexit Connection
- The AggregateIQ Files, Part Three: A Monarch, A Peasant, and a Saga
- The AggregateIQ Files, Part Four: Northwest Passage
A storage server with exposed data belonging to the Oklahoma Department of Securities was discovered, reported and secured, preventing any future malicious exploitation of this data. While file size and file count are imprecise tools for gauging the significance of an exposure, they at least provide familiar yardsticks for a sense of scale, and in this case, the publicly accessible data totalled three terabytes and millions of files. The contents of those files ran the gamut from personal information to system credentials to internal documentation and communications intended for the Oklahoma Securities Commission.
73 gigabytes of downloadable data belonging to Washington-based internet service provider Pocket iNet was publicly exposed in a misconfigured Amazon S3 storage bucket. According to their website, Pocket iNet “makes use of bleeding edge and emerging technologies such as native IPv6, Carrier Ethernet and local fiber to the premise delivering the highest possible service levels to connected customers."
Call lists containing full names and phone numbers for over 527,000 individuals were publicly exposed in a misconfigured Amazon S3 bucket belonging to the Tea Party Patriots Citizens Fund (TPPCF), a Republican super PAC involved in campaigns including the 2016 presidential election, the Stand for the Second student walkout, and endorsing congressional candidates like Alabama’s Roy Moore and New Jersey’s Jay Webber.
Detailed medical information for employees of 181 business locations, as well as personally identifiable information (PII) for nearly 3,000 individuals was publicly exposed in an unsecured Amazon S3 storage bucket belonging to Medcall Healthcare Advisors (CSR score: 342), a “Workers Compensation and Healthcare Solutions” provider. Medcall’s workers compensation line of services act as an intermediary between employees and emergency care, with Medcall operators taking calls from enlisted persons, gathering information about them and their issue, and then connecting them with “someone board certified in emergency medicine.”
Data exposure containing medical information for hundreds of individuals and bank account numbers for several large Australian enterprises, preventing any future exploitation of this information. The information belonged to OneHalf, a business process outsourcing firm operating in the APAC region, and was exposed via a set of public Github repositories. The projects' commit history showed they had been under development on Github for at least two years, and were still being actively updated while UpGuard notified OneHalf. Identifying and securing these projects almost certainly prevented more personal and corporate information from being committed to the publicly accessible repositories.
Public Domain: How Configuration Information For the World's Largest Domain Name Registrar Was Exposed Online
A data exposure of documents appearing to describe GoDaddy infrastructure running in the Amazon AWS cloud, preventing any future exploitation of this information. The documents were left exposed in a publicly accessible Amazon S3 bucket which, according to a statement from Amazon, "was created by an AWS salesperson." GoDaddy is “the world’s largest domain name registrar,” one of the largest SSL certificate providers, and as of 2018, the largest web host by market share. The exposed documents include high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios.
Sensitive documents for over a hundred manufacturing companies were exposed on a publicly accessible server belonging to Level One Robotics, “an engineering service provider specialized in automation process and assembly for OEMs [original equipment manufacturers], Tier 1 automotive suppliers as well as our end users.” Among the companies with data exposed in the incident are divisions of VW, Chrysler, Ford, Toyota, GM, Tesla and ThyssenKrupp.
Sensitive data from the Los Angeles County 211 service, a nonprofit assistance organization described on their website as “the central source for providing information and referrals for all health and human services in LA County,” was publicly exposed online.
A cloud storage repository containing information belonging to LocalBlox, a personal and business data search service, was left publicly accessible, exposing 48 million records of detailed personal information on tens of millions of individuals, gathered and scraped from multiple sources.
Data relating to a number of subsidiaries of Kansas City holding company Blue Chair LLC, such as lead generation company Target Direct Marketing, was left exposed online, revealing personally identifiable information for over one million individuals seeking further information about higher education. Revealed in the repository are personal details for these million individuals, including their names, email addresses, phone numbers, and, in some cases, information such as the person’s high school graduation year and area of study. Also exposed in this leak are what appear to be backups of a set of server configurations for a large network of feeder websites designed to draw consumers toward the for-profit education application process.
A digital data repository containing records from a Long Island medical practice was left publicly accessible, revealing medical details and personally identifiable information for over forty-two thousand patients. As detailed here and at databreaches.net, this data exposure appears to originate from Cohen Bergman Klepper Romano Mds PC, a Huntington, New York practice specializing in internal medicine and cardiovascular health, revealing such details as patient names, Social Security numbers, dates of birth, phone numbers, insurance information, and more.
A cloud-based data storage repository attributed to Birst, a business analytics software provider, that was left exposed to the public internet, revealing technical data about a Birst appliance. Although it appears that no customer data was exposed from this incident, it highlights the risks of using cloud storage for software delivery.
In a blow to consumer privacy that recalls previous breaches in the credit repair and marketing industries, the Maryland Joint Insurance Association (JIA), a private-sector program providing property insurance in the state, exposed personally identifiable information for thousands of individuals to the public internet via a misconfigured storage device. This data exposure once again underscores the ease with which highly sensitive, personally identifiable information can leak online - in this instance, through an open port on an internet-connected device.
A cloud repository belonging to Octoly, a Paris-based brand marketing company, was left exposed, revealing a backup of their enterprise IT operations and sensitive information about thousands of the firm’s registered online personalities. The leak, which resulted from the erroneous configuration of the repository for public access, revealed the contact information and personal details of over twelve thousand influential "creators" - largely Instagram, Twitter, and YouTube personalities supplied by Octoly with beauty products, merchandise, and gaming content from the marketing firm’s industry clients, which include household names like Dior, Estée Lauder, Lancôme, and Blizzard Entertainment.
A cloud-based data repository containing data from Alteryx, a California-based data analytics firm, was left publicly exposed, revealing massive amounts of sensitive personal information for 123 million American households.
A new, damaging exposure from within a financial firm, which, beyond revealing critical internal data, also exposes customer information compiled by all three major credit agencies. This highly concentrated level of exposure, thoroughly revealing customer credit history several times over, serves to highlight the myriad dangers a single exposure can unleash.
Critical data belonging to the United States Army Intelligence and Security Command (INSCOM), a joint US Army and National Security Agency (NSA) Defense Department command tasked with gathering intelligence for US military and political leaders, leaked onto the public internet, exposing internal data and virtual systems used for classified communications to anyone with an internet connection.
Three publicly downloadable cloud-based storage servers exposed a massive amount of data collected in apparent Department of Defense intelligence-gathering operations. The repositories appear to contain billions of public internet posts and news commentary scraped from the writings of many individuals from a broad array of countries, including the United States, by CENTCOM and PACOM, two Pentagon unified combatant commands charged with US military operations across the Middle East, Asia, and the South Pacific.
Accenture, one of the world’s largest corporate consulting and management firms, left at least four cloud storage buckets unsecured and publicly downloadable, exposing secret API data, authentication credentials, certificates, decryption keys, customer information, and more data that could have been used to attack both Accenture and its clients.
Viacom Inc, the Fortune 500 corporation that owns Paramount Pictures, as well as cable channels like MTV, Comedy Central, and Nickelodeon, exposed a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations. Exposed in the leak are a master provisioning server running Puppet, left accessible to the public internet, as well as the credentials needed to build and maintain Viacom servers across the media empire’s many subsidiaries and dozens of brands.
A publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan, a North Carolina-based private security firm, were exposed to the public internet, revealing the sensitive personal details of thousands of job applicants, including hundreds claiming “Top Secret” US government security clearances.
A data repository owned and operated by Omaha-based voting machine firm Election Systems & Software (ES&S) was left publicly downloadable on a cloud-based storage site, exposing the sensitive data of 1.8 million Chicago voters. The database, which included voter names, addresses, phone numbers, driver’s license numbers, and partial Social Security numbers, appeared to have been produced around the time of 2016 general election for the Chicago Board of Election Commissioners, an ES&S customer since 2014.
A data exposure within the systems of Texas-based electrical engineering operator Power Quality Engineering (PQE) , revealing the information of such clients as Dell, the City of Austin, Oracle, and Texas Instruments, among others.
A cloud-based file repository owned by financial publishing firm Dow Jones & Company, that had been configured to allow semi-public access exposed the sensitive personal and financial details of millions of the company’s customers. While Dow Jones has confirmed that at least 2.2 million customers were affected, UpGuard calculations put the number closer to 4 million accounts.
A misconfigured cloud-based file repository exposed the names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon, per analysis of the average number of accounts exposed per day in the sample that was downloaded. The cloud server was owned and operated by telephonic software and data firm NICE Systems, a third-party vendor for Verizon.
A misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
A publicly exposed file repository containing highly sensitive US military data. Analysis of the exposed information suggests the overall project is related to the US National Geospatial-Intelligence Agency (NGA), a combat support and intelligence agency housed within the Department of Defense (DoD).
Approximately 6.2 million email addresses were exposed by the Democratic Senatorial Campaign Committee in a misconfigured Amazon S3 storage bucket. The comma separated list of addresses was uploaded to the bucket in 2010 by a DSCC employee. The bucket and file name both reference “Clinton,” presumably having to do with one of Hillary Clinton’s earlier runs for Senator of New York. The list contained email addresses from major email providers, along with universities, government agencies, and the military.
A database containing personal information for over thirty-seven thousand individuals has been secured, preventing any future abuse. The database belonged to Neoclinical, an Australia-based company that matches individuals with active clinical trials.
The NIST Cybersecurity Framework
Governments are becoming increasingly conscious of the risks of cyber attacks with many producing policy frameworks for guidance on how private sector organizations should assess and improve their ability to prevent, detect, and respond to cyber attacks.
The NIST Cybersecurity Framework from the United States is one such framework that has been translated into many languages and is used by governments in Japan and Israel, among others.
Cyber security careers
Cyber security is one of the fast-growing career paths for IT professionals as organization's become increasingly aware of the risk of hacks and data breaches.
Many organizations employ cyber security experts including Google, Amazon, and Homeland security.
Typical cyber security job titles and roles are as follows.
What is a security analyst?
A security analyst's job is to analyze and assess vulnerabilities to software, hardware and networks using tools and countermeasures to remedy any detected vulnerabilities.
They may also analyze and assess damage as a result of a breach and recommend solutions, as well as create and implement new security solutions.
What is a security engineer?
A security engineer's job is to perform security monitoring, log analysis and forensic analysis to detect security incidents and mounts the incident response.
They also investigate and utilize technology and processes to enhance and improve security capabilities. In some organizations, they may also review code or perform other security engineering methodologies.
What is a security architect?
Security architects design security systems or major components of security systems and may head a security design team to build out new security systems.
What is a security administrator?
A security administrator installs and manages organization-wide security systems and may take on the role of a security analyst in some smaller organizations.
What is a Chief Information Security Officer (CISO)?
The Chief Information Security Officer (CISO) is responsible for the entire information security division of a company and may also include hands-on technical work.
What is a Security Consultant/Specialist/Intelligence?
These titles generally encompass one or more roles that are tasked with protecting computers, networks, software and sensitive data against viruses, worms, spyware, malware, intrusion detection, unauthorized access, denial of service (DoS), and an ever increasing list of cyber attacks.
How Upguard can improve your cyber security posture
UpGuard BreachSight's typosquatting module can reduce the cyber risks related to typosquatting, along with preventing breaches, avoiding regulatory fines and protecting your customer's trust through cyber security ratings and continuous exposure detection.
We can also help you continuously monitor, rate and send security questionnaires to your vendors to control third-party risk and improve your security posture, as well as automatically create an inventory, enforce policies, and detect unexpected changes to your IT infrastructure.