Cybersecurity Threat Landscape

Questions and Answers

What is the primary reason organizations must continually invest in security, according to the text?

• To avoid potential lawsuits from customers.
• To attract more investors and increase stock prices.
• To comply with increasing regulatory requirements.
• To ensure the company remains competitive in the market. (correct)

Why is investing solely in protection no longer sufficient for organizations in the current threat landscape?

• Threats are evolving too rapidly, requiring a balance of protection, detection, and response. (correct)
• Insurance policies now cover most security breaches, reducing the need for preventative measures.
• Protection technologies are becoming increasingly expensive and ineffective.
• Regulations mandate equal investment in all areas of IT, not just security.

What was the primary impact of the DDoS attacks launched against DNS servers in October 2016?

• Widespread ransomware infections across enterprise networks.
• Data breaches affecting millions of personal records.
• Disruption of major web services like GitHub, PayPal, and Twitter. (correct)
• Compromised user credentials on a large scale.

What was the main purpose of the VPNFilter malware during IoT-related attacks?

To infect routers and capture and exfiltrate data. (A)

Why should a CISO be prepared to explain the vulnerabilities in home devices to the CEO?

Because vulnerabilities in home devices can impact company security through remote access and BYOD scenarios. (D)

According to Gallup, what percentage of employed Americans report working remotely at least some of the time?

43 percent (A)

What is the primary risk associated with BYOD implementations that are not well planned?

Insecure network architecture leading to potential breaches. (A)

Why are phishing emails still an effective attack method, despite the presence of security controls?

They exploit the psychological aspects of users, enticing them to take risky actions. (C)

What was the initial entry point for the major attack that compromised Wipro Ltd in April 2019?

A phishing campaign targeting employees. (D)

According to the FBI, approximately how much money was paid in ransomware payments during the first three months of 2016?

$209 million (D)

What do the connectivity attack entry points described in the text all have in common?

They all involve the end user as a key element. (C)

What is the predominant cloud service model adopted by most companies when initially moving to the cloud?

Infrastructure as a Service (IaaS) (A)

When an organization extends its on-premises infrastructure to the cloud using IaaS, what is a critical security step they should take?

Evaluate threats for the connection through a risk assessment. (D)

Even if a personal device has no direct connection to on-premises resources, in what scenario could it still compromise company data?

If the user opens a corporate email or accesses corporate SaaS applications from the device. (A)

What is the most effective measure to protect against threats affecting end users, even with technical security controls in place?

Continuous security awareness training. (B)

According to Verizon's 2017 Data Breach Investigations Report, what is the preferred attack vector for financially motivated cybercriminals?

Stolen credentials (D)

What concept has the industry agreed upon regarding user identity in the context of network security?

User identity is the new perimeter. (B)

What does it mean for a cybercriminal to "move laterally" (pivot) within a network after gaining access?

To move from one compromised system to other systems in the network. (D)

Which security strategy is still considered effective for protecting a user's identity, as illustrated in Figure 2?

Defense in depth. (A)

Besides password requirements, what is another growing trend to protect user identities?

Enforcing multi-factor authentication. (D)

What is the primary purpose of continuous monitoring in the context of identity protection?

To understand normal user behavior and identify suspicious activities. (B)

Which of the following is the most accurate description of an organization's security posture?

The overall strength of an organization's security controls and practices. (C)

Why is it important to align investments in protection, detection, and response?

To create a comprehensive and adaptive security strategy. (A)

What made the 2016 DDoS attacks that targeted DNS servers particularly concerning?

They leveraged the growing number of insecure IoT devices. (D)

What is a key difference between remote access and BYOD in the context of IT security?

Remote access often involves using a company's infrastructure from outside the office, while BYOD uses personal infrastructure. (A)

Why is the growing adoption of cloud computing relevant to an organization's security posture?

Cloud adoption introduces new threat vectors and requires adapted security controls. (C)

In the context of credential security, what does "defense in depth" refer to?

Implementing multiple layers of security controls to protect user identities. (A)

What is the primary benefit of using a "callback" feature as part of multi-factor authentication (MFA)?

It adds an additional layer of verification by requiring a PIN entry during a phone call. (A)

Besides strong passwords and MFA, what is another important security layer to protect a user's identity?

Continuous monitoring and analysis of user behavior. (A)

Flashcards

Security Posture

The overall security status of an organization, aligning investments in protection, detection, and response.

Distributed Denial-of-Service (DDoS)

Attacks that disrupt services by overwhelming them with traffic from multiple sources, often leveraging vulnerabilities in various technologies.

VPNFilter Malware

Malware that infects routers to capture and exfiltrate data, highlighting vulnerabilities in IoT devices.

Bring Your Own Device (BYOD)

Allowing employees to use their personal devices for work purposes.

Phishing Emails

Deceptive emails designed to trick users into revealing sensitive information or installing malware.

Ransomware

Malicious software that encrypts a victim's data and demands a ransom payment for its decryption.

Infrastructure as a Service (IaaS)

A cloud computing model where computing infrastructure (servers, networking, storage) is provided as a service.

Software as a Service (SaaS)

A cloud computing model where software applications are delivered over the Internet as a service.

Mobile Device Management (MDM)

Solutions designed to manage and secure mobile devices within an organization.

Authentication

The process of verifying a user’s identity.

Authorization

The process of determining what a user is allowed to access.

Defense in Depth

A security strategy that uses multiple defensive layers to protect information and systems.

Multi-Factor Authentication (MFA)

A security measure that requires users to provide two or more verification factors to gain access to a system.

Callback Feature

Technique where the system calls the user back on a registered device to verify their login attempt.

Study Notes

• Organizations globally recognize the importance of continuous investment in security for competitiveness.
• Failure to secure assets can lead to significant damage or bankruptcy.
• Enhancing the security posture involves aligning investments in protection, detection, and response.

Current Threat Landscape

• Threats are rapidly evolving due to constant connectivity and technological advancements.
• Any device is vulnerable to attack, especially with the proliferation of IoT.
• In 2016, DDoS attacks targeting DNS servers disrupted major web services.
• IoT-related attacks are increasing, with 32.7 million detected in 2018.
• VPNFilter malware was used in IoT attacks to infect routers and steal data.
• Many IoT devices have long-standing vulnerabilities, such as default passwords on security cameras.
• The rise in remote workers and BYOD policies increases vulnerability, especially with insecure implementations.
• Humans are the weakest link due to psychological manipulation through methods like phishing.

Phishing and its Consequences

• Phishing emails are still effective in compromising devices despite security controls.
• Wipro Ltd experienced a data breach due to a phishing campaign in April 2019.
• Phishing is often the entry point for attacks like ransomware, which cost millions in payments.
• During the first three months of 2016, the FBI reported that $209 million in ransomware payments were made.

Entry Points and Attack Vectors

• End-user entry points for attacks include connectivity between:
  • On-premises and cloud
  • BYOD devices and cloud
  • Corporate-owned devices and on-premises
  • Personal devices and cloud
• Cloud computing adoption is growing, with hybrid scenarios and IaaS being common.
• Organizations extending on-premises infrastructure to the cloud must assess and counter threats.
• Personal devices, if compromised, can risk company data through:
  • Accessing corporate email
  • Accessing SaaS applications
  • Password reuse
• Security awareness training can help mitigate threats against the end user.
• Credentials are used to interact with applications and data, each having unique threat landscapes.

Authentication and Authorization

• Stolen credentials are a preferred attack vector, especially for financially motivated cybercrime.
• Companies must focus on authentication, authorization, and access rights of users.
• A user's identity is the new security perimeter, requiring specific security controls.
• Credential theft enables attackers to move laterally and escalate privileges.
• Defense in depth is a good strategy to protect a user's identity.
• Security policies for accounts should follow industry best practices.
• Multi-Factor Authentication (MFA) is increasingly used, including callback features.
• Continuous monitoring of identity is crucial to detect suspicious activities.