Cyber-securityConsulting, Training Courses and Certification Exam Preparation
If you think that you are protected, then you are most probably vulnerable
Data theft of 800’000 Swisscom customers
Data theft of 800’000 Swisscom customers : What are the risks that they do not disclose?
Switzerland is not spared, and this type of theft does not only happen to others. It is important to remember that the number of cases of data piracy continues to increase and that the Swisscom case represents only a modest event compared to the billions of personal data compromised via the accounts of Yahoo, MySpace, Ebay , LinkedIn, Dropbox.
As a customer or user, should we worry, since the data stolen from Swisscom is not considered sensitive? The answer is unfortunately yes, since the stolen phone numbers and names are now most likely accessible on the darknet. They attract the greed of a multitude of malicious actors who are willing to exploit them for illicit purposes .
(The video doesn’t start? There is an issue with the RTS streaming.
Workaround: after hitting “play”, click on the timeline, just right of the dot, say at 0:02, and it will play normally.)
Jeff Primus, CEO of ACTAGIS, was interviewed on this subject for the “19h30” of the RTS on February 7, 2018.
The risks associated with this type of data theft are far from negligible and are not limited to receiving unwanted advertising calls. In reality, several scenarios of attacks remain entirely possible. For example, using “social engineering” methods, it is very easy for a malicious entity to use the stolen data to subtly obtain other more sensitive information. In other cases, the attacker will be able to exploit the stolen data by using a messaging or IP telephony application, in order to discover the vulnerabilities of the users.
By unveiling, early February 2018, that it was the victim of a piracy of its customers’ information at the end of 2017, Swisscom is probably at the top of the list for this type of incident in Switzerland. So why did Swisscom wait 4 months before announcing these facts to the general public? So far, we do not have a satisfactory explanation from Swisscom, but we think they should have warned the victims of this hacking without such a lengthy delay.
With the new European GDPR (General Data Protection) Act and the Swiss Data Protection Act, the situation for Swiss companies could quickly change. For example, the GDPR will require Swiss companies processing European citizens’ data to apply preventive, detective, and corrective security measures and to rapidly announce this type of incident to stakeholders.
In the event of a breach of the regulations, the company in question could pay a fine of up to 4% of international revenu. That should get companies thinking, if they haven’t yet found the motivation to devote a reasonable security budget for the products and services they offer their customers.
© 2018 Jeff Primus, ACTAGIS
Wannacry ransomware attack
Wannacry ransomware attack
The Wannacry ransomware attack proved us again how the human factor coupled with the vulnerabilities inherent to the information systems can cause tremendous damage to the worldwide digital economy.
The schema used is not revolutionary and is based on a conjunction of known techniques.
- Exploiting a vulnerability that has been discovered but not patched by the software or hardware vendor
- Using the human factor weakness to activate the malware on the operating system
- Having access to the low level system instructions that enables the total encryption of the data stored on the system.
- Using worms to facilitate the light speed propagation of the attack on the network of the victims
- Using the darknet mechanisms in order to receive the ransom via bitcoin
With the scenario described above, the victims are, in the vast majority of cases, disarmed, especially if they were not prepared via security awareness campaigns and if the CIO and CSO did not implement adequate preventive, detective and corrective controls.
Jeff Primus, CEO of ACTAGIS, was interviewed on this subject for the show “Toutes Taxes Comprises”, aired on the RTS on 15 May 2017 (in French).
Since the beginning of the attack more than 150 countries have been hit by Wannacry and the damages to the worldwide economy can easily estimated to billions of dollars, if we consider the business interruptions caused to thousands of companies worldwide.
In order to reduce the probability and the impact of such events, companies should reinforce the awareness level of their users and patch their systems in a frequent and systematic way. Last but not least, a well designed and implemented business continuity architecture, would permit the enterprises and users to recover their information systems and data to a coherent state, as they were just before the attack.
Wannacry screen seen by the victims of the cyber-attack.
We should all be reminded that we are in a field where never ending battleswill probably continue forcing us to be better and better prepared for the future evolutions of more and more sophisticated threats.
The human factor will always be the biggest vulnerability that the attackers will exploit. And the major area where security can be improved.
©2017 Jeff Primus, ACTAGIS
What can ACTAGIS do for you?
Secure your business in alignment with the stakeholders needs and augment your level of protect in a proactive way.
- Strategy creation
- Security Management System
- Security Dashboard
- Training & Awareness
- Packaged security services
- CSO, CISO services
CISM is the only globally recognized certification in the fields of IS management and governance. It has earned a great reputation internationally for many years, as it sets a high and consistent standard worldwide. The CISM Job Practice Area consists of five “domains”, 37 “tasks” and 60 “knowledge statements”. Because the different tasks refer to the relevant COBIT processes, COBIT is an integral part of the CISM training and certification. This training is organized by ACTAGIS SA in collaboration with Swiss Chapter of ISACA (www.isaca.ch).
This 5-day training is composed of theory modules covering the 8 CISSP domains which were updated in April 2015, interlaced with exam questions, offering the participant an optimal preparation for the certification exam.
This is a 5 days course (with a choice between the “Foundation” and “Architecture” modules), which combines the SABSA levels L1 and L2. For more information on this topic: Download the SABSA flyer (PDF) here.