Timeline Photos

Happy New Year! “For last year's words belong to last year's language And next year's words await another voice.” ― T.S. Eliot, Four Quartets I wish this New Year provides you enough reasons to be happy and you have uncountable days filled with joy and mirth!

Phishing and Spearphishing • Implement a Sender Policy Framework (SPF) record for your organization’s Domain Name System (DNS) zone file to minimize risks relating to the receipt of spoofed messages. • Educate users to be suspicious of unsolicited phone calls, social media interactions, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information. • Do not reveal personal or financial information in social media or email, and do not respond to solicitations for this information. This includes following links sent in email. • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL often includes a variation in spelling or a different domain than the valid website (e.g., .com vs. .net). • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org). • Take advantage of anti-phishing features offered by your email client and web browser. • Patch all systems for critical vulnerabilities, prioritizing timely patching of software that processes Internet data, such as web browsers, browser plugins, and document readers.

Permissions, Privileges, and Access Controls (Part B) • Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly. • Configure firewalls to disallow RDP traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary VPN with lower privileges. • Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound. • Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. This can be indicative of failed intrusion activity. • If remote access between zones is an unavoidable business need, log and monitor these connections closely. • In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens.

Permissions, Privileges, and Access Controls • Reduce privileges to only those needed for a user’s duties. • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network. • Carefully consider the risks before granting administrative rights to users on their own machines. • Scrub and verify all administrator accounts regularly. • Configure Group Policy to restrict all users to only one login session, where possible. • Enforce secure network authentication where possible. • Instruct administrators to use non-privileged accounts for standard functions such as Web browsing or checking Web mail.Reduce privileges to only those needed for a user’s duties. • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network. • Carefully consider the risks before granting administrative rights to users on their own machines. • Scrub and verify all administrator accounts regularly. • Configure Group Policy to restrict all users to only one login session, where possible. • Enforce secure network authentication where possible. • Instruct administrators to use non-privileged accounts for standard functions such as Web browsing or checking Web mail.

Restrict administrative privileges • Threat actors are increasingly focused on gaining control of legitimate credentials, especially those associated with highly privileged accounts. • Reduce privileges to only those needed for a user’s duties. • Separate administrators into privilege tiers with limited access to other tiers.

Timeline Photos

2017 - Intelligence and cyber security training Can a “Joint Intelligence” publication, prepared under the direction of the Chairman of the Joint Chiefs of Staff (CJCS), be useful for the cybersecurity planning and training of the private sector? In 2017, more non-technical professionals will enter the world of cybersecurity. Intelligence tactics, techniques, and procedures (TTPs) existed long before cyberspace was conceived and are extensively used in cyberspace. Principles from the intelligence community (and even policies affecting information superiority and information dominance) become parts of a successful cybersecurity plan. This includes a good understanding of the current and historical intelligence efforts (and how all these apply to cyber operations and security). Hacking can be just another collection method, very similar to many other classic intelligence collection methods. King Frederick the Great of Prussia (instructions for his generals, 1747) has told that great advantage is drawn from knowledge of your adversary, and when you know the measure of his intelligence and character you can use it to play on his weaknesses. In 2017, firms and organizations understand the role of management and leadership in mitigating threats, achieving organizational goals in information protection and complying with laws and regulations covering security and privacy (or both, like the General Data Protection Regulation (GDPR) / Regulation (EU) 2016/679). A good example of the use of intelligence principles in cybersecurity is the “paradox of warning”. An intelligence officer, having detected certain adversary actions and correctly determined the adversary’s intent, forecasts that the adversary is preparing to attack. The commander reacts by having friendly forces take appropriate defensive measures. However, the adversary commander detecting these actions decides attacking is no longer a desirable course of action (COA), and cancels the attack. In this example, adversary actions produced a friendly reaction resulting in changes to the adversary’s intent. Does it apply in cybersecurity? According to Carl von Clausewitz (on war, 1832), by ‘intelligence’ we mean every sort of information about the enemy and his country—the basis, in short, of our own plans and operations. If we do not understand the enemy, we cannot plan. This applies to cyber security as well.

New email address for compliance with the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). Swiss and EU citizens have the right to require increased responsibility and accountability for those processing personal data, so they can contact us at the email address: george.lekatis@cyber-risk-gmbh.swiss If you use this email address, we will process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint (the servers are located in the interxion data center in Zurich, the data is saved exclusively in Switzerland, and support, development and administration activities are also based entirely in Switzerland).

Training Series | From hacking to Cyber Crime to Cyber Espionage - Cyber Security Challenges for Firms and Organisations in Switzerland

The British Swiss Chamber of Commerce Training Series | From hacking to cyber crime to cyber espionage; Cyber security challenges for firms and organizations in Switzerland Tuesday 31st January 2017, 18.00 - 21.00, BSCC Head Office, Bleicherweg 12, 8002 Zürich The British Swiss Chamber of Commerce invites you to join the next Training Series event in collaboration with Cyber Risk GmbH. You will learn how hackers, cyber criminals and foreign spies exploit IT vulnerabilities and how they use deceptive or manipulative attacks on people to gain access to facilities, systems and the critical infrastructure. You will also understand better the Federal Council’s national strategy for the protection of Switzerland against cyber risks (NCS) and its implementation plan. To learn more: http://bscc.co.uk/index.php?option=com_k2&view=item&id=3412:training-series-with-george-lekatis http://www.cvent.com/events/training-series-from-hacking-to-cyber-crime-to-cyber-espionage-cyber-security-challenges-for-firms-a/event-summary-a5ecc78059c342578a078868d1b2483f.aspx

Timeline Photos

Cyber Risk GmbH listed in ENISA database with courses and certification programmes linked to Network and Information Security. https://www.enisa.europa.eu/topics/cybersecurity-education/nis-in-education/universities/cyber-risk-gmbh

Timeline Photos

The Internet of Things (IoT) Security: User awareness, from ENISA - 4

Timeline Photos

The Internet of Things (IoT) Security: User awareness, from ENISA - 3

Timeline Photos

The Internet of Things (IoT) Security: User awareness, from ENISA - 2