Let's Discuss: NIST 800 -53

Q1. How flexible is NIST Special Publication (SP) 800-53?

 NIST SP 800-53, a regulatory body of standards, establishes security control guidelines for information systems within the United States Confederacy (Tariq et al., 2017). This framework, NIST SP 800-53, offers adaptable guidelines that enable organizations to implement suitable controls and manage risk in alignment with their mission, processes, and technological infrastructure. These controls find application across both private and public sectors, catering to the needs of organizations throughout the United States, including federal government agencies, states, and the private sector. Notably, NIST SP 800-53 is available in two versions, Rev 4 and Rev 5, both of which have played a pivotal role in risk mitigation. The latest iteration, Rev 5, was developed in September 2020, and it delivers updated guidance on privacy and security controls, reflecting the most current standards and practices in the field.

Q2 What controls are essential to prevent cybersecurity threats?

Various controls play a crucial role in mitigating cybersecurity threats, including NIST SP 800-53, COBIT, CIS controls, HITRUST, and the ISO/IEC 27000-series.

(i) NIST SP 800-53: This resource encompasses a comprehensive list of 20 controls that aid in the development of secure information systems within the United States federal sector. 

(ii) COBIT: Serving as a framework, COBIT facilitates effective communication among IT professionals, top management, and auditors by providing a common language to discuss IT controls, goals, objectives, and desired outcomes.

(iii) CIS Controls: These controls consist of prescriptive and prioritized sets of cybersecurity best practices and defensive measures, effectively thwarting the most perilous cyberattacks. The CIS Controls comprise a group of 20 cybersecurity recommendations focused on enhancing organizational security.

(iv) HITRUST: HITRUST is both an organization and a cybersecurity framework. It holds certification status and offers comprehensive guidance on regulatory compliance and risk management, providing organizations with detailed information (Akinsanya, Papadaki & Sun 2019).

(v) ISO/IEC 27000-series: This series offers a collection of best practices designed to enhance an organization's information security. It establishes a globally recognized standard framework for information security management, providing the world with a set of best practices in this critical domain, (Meriah & Rabai, 2019).

                                                   References

Tariq M.I Tayyaba, S. Ashraf, M. W., & Rasheed, H. (2017). Risk-based NIST effectiveness analysis for cloud security. Bahria University Journal of Information & Communication Technologies(BUJICT), 10(Special Is).

 Meriah, I., &Rabai, L. B.A. (2019). Comparative study of ontologies-based ISO 27000 series standards. Procedia Computer Science, 160, 85-92.

Akinsanya, O. O., Papadaki, M., & Sun, L. (2019). Current cybersecurity maturity models: How effective in the healthcare cloud? In CERC (pp. 211-222)

Let's Discuss: QR Codes Phishing

 A QR Code is a type of machine-readable code composed of a grid of black and white array, designed to be scanned and decoded by digital devices such as smartphones. Such as the picture below:

 

Figure 1.

 

QR Codes are valuable tools that streamline processes across various domains and are predominantly employed for business purposes such as accessing and safeguarding sensitive information. Unfortunately, Threat actors are aware of this, and found ways to exploit this knowledge One of them is by a designing system to intercept data through deceptive QR Codes, often called QR Code Phishing. QR Code Phishing is a form of attack used by cyber threat actors to deceive individuals into revealing sensitive information or taking harmful actions. These malicious QR Codes (Quick Response codes). Recognizing the threat, the following questions may arise:

·         What is it?

·         What Can it do?

·         How does it work?

·         What is the impact?

·         Example of breach occurs.

·         Is it controllable?

·         What are the solutions to neutralize the effect?

 

Addressing these questions will give us a better understanding of the situation and strategies to counter the threats posed by QR Code Phishing.

 

 

1.            What is it?

 

QR Code Phishing involves hackers creating QR Codes that, when scanned by an individual’s smartphone or QR Code reader app, lead to malicious websites or trigger actions that compromise the user’s security and privacy.

 

 

2.          What Can it do?

QR Code phishing can have several harmful outcomes including:

·         Leading individuals to fake login pages to steal their credentials.

·         Initiating the download of malware or malware or malicious apps onto an individual’s device.

·         Redirecting individuals to websites that request personal information.

·         Initiating financial transactions without one consent.

 

 

3.         How does it work?

 Hackers created QR codes that appear legitimate but contain malicious payloads. When users scan these codes, they unknowingly trigger the malicious actions embedded within them. The user's device interprets the QR code's data and takes actions based on the encoded information, often without user verification.

 

 

4.         What is the impact?

 

The impact of QR Code phishing can be significant. Individuals can fall victim to various forms of cybercrime, such as identity theft, financial fraud, and the compromise of personal data. Additionally, organizations may suffer reputational damage if attackers use their branding in phishing campaigns.

 

5.         Examples of a breach occurs.

 

A prominent energy corporation in the United States has fallen victim to a phishing operation that managed to evade email security filters, successfully infiltrating inboxes by introducing malicious QR codes. As reported by BleepingComputer, the campaign distributed approximately 1,000 emails, with nearly one-third (29%) of them directed at a prominent U.S. energy company. The remaining phishing attempts were aimed at businesses within various sectors, with manufacturing (15%), insurance (9%), technology (7%), and financial services (6%) being among the targeted industries.  Cofense, the organization that detected this campaign, has highlighted a significant development – this marks the first instance where QR codes have been utilized on such a widespread scale in phishing attempts. This innovation suggests that more malicious actors may be evaluating the efficacy of QR codes as a novel attack vector. While Cofense did not disclose the identity of the energy company subjected to this campaign, they did classify it as a "major" corporation headquartered in the United States. (Toulas, 2023)

 

6.         Is it controllable?

 

While it is challenging to eliminate the possibility of QR Code phishing, it is controllable to some extent through security awareness, user education, and secure QR code readers that check the legitimacy of URLs before loading them.

 

7.         What are the solutions to neutralize the effect?

 

To mitigate the risk of QR Code phishing:

•           User Education: Educate individuals on the risks associated with scanning unknown QR codes and advise them to verify the source before scanning.

•           Secure QR Code Readers: Use trusted and secure QR code reader apps that can check the destination URL for legitimacy before opening it.

•           Multi-Factor Authentication (MFA): Enable MFA for sensitive accounts to provide an additional layer of security.

•           Regular Software Updates: Keep smartphones and QR code reader apps up to date to patch vulnerabilities.

•           Security Policies: Implement strict security policies in organizations to discourage employees from scanning unfamiliar QR codes and accessing sensitive information through them.

 

Remember that QR Code phishing can evolve, so it's essential to stay informed about the latest threats and security best practices to protect against them.

 

 

 

 

References

 

Figure 1. What is QR code and how does it work? Digit Insurance. (2023, August 23). https://www.godigit.com/finance/qr-code/what-is-qr-code-and-how-does-it-work

Toulas, B. (2023, August 16). Major U.S. energy org targeted in QR code phishing attack. BleepingComputer. https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/

 

 

 

 

 

Let's Discuss: IBM Watson AI

 Cybersecurity is a practice used to protect inter-connected software, hardware, and data systems from cyber threats. It can be done from an individual level to enterprises to protect these systems against unauthorized and malicious access to data volumes. This paper discusses IBM’s Watson use in handling cybersecurity, citing its advantages over other cybersecurity methods.

                                                            Figure 1. IBM AI

 

IBM developed a computer system endowed with the ability to respond to inquiries framed in natural language. This remarkable achievement is made possible by the incorporation of advanced technologies, encompassing information processing, data retrieval, as well as automated reasoning and learning (Jain, 2021). This innovative system represents a fusion of human and artificial intelligence, thereby constituting what is known as cognitive security software. This powerful software possesses the capability to parse through vast troves of documents and extract profound insights that might elude human perception. Subsequently, it communicates these insights to a central security operations center. Its capability adds another line of defense to the security of interconnected computer systems because it spots any security breaches and unauthorized access attempts that may go unnoticed and make the best suggestion on the best response.

With artificial intelligence software, Watson is structured to power the Cognitive Security Operations Centers (SOCs) by training it on cyber security language (Thiyagarajan, 2020).

Figure 2. IBM Supercomputer

 

It has been ingested with over a million security documents making its database large enough to analyze and generate large volumes of natural language reports. This system has saved security analysts time to sift through thousands of security events that lead to time wastage. Watson’s suitability is furthered by its ability to identify and understand advanced threats by tapping into unstructured data like blogs and research papers which it then compares with local security breach databases and gives automated insights (Vähäkainu & Lehto, 2019).

In the end, IBM's Watson offers advanced cyber intelligence by leveraging different forms of artificial intelligence using complex machine learning algorithms. Like any machine or software, Watson learns as it operates on customer feedback, improving its language and response. Watson improves the defenses of computer hardware and software by detecting fraud and hacking attempts and incident forecasting, making it more reliable than human securities.

  

References

Jain, J. (2021). Artificial Intelligence in the Cyber Security Environment. Artificial Intelligence and Data Mining Approaches in Security Frameworks, 101-117.

Thiyagarajan, P. (2020). A review on cyber security mechanisms using machine and deep learning algorithms. In Handbook of research on machine and deep learning applications for cyber security (pp. 23-41). IGI Global.

Vähäkainu, P., & Lehto, M. (2019, February). Artificial intelligence in the cyber security environment. In ICCWS 2019 14th International Conference on Cyber Warfare and Security: ICCWS 2019 (p. 431). Academic Conferences and publishing limited.

 

Let's Discuss: Promoting Cyber Interoperability: The Path Forward

 Cybersecurity plays a pivotal role in safeguarding organizations, enabling them to realize their long-term objectives. The instructional video served as an enlightening resource, elucidating the significance of promoting cyber interoperability as a means to bolster cybersecurity measures. A central theme in the video revolves around the efficacy of threat intelligence in assisting businesses in mitigating the risks inherent in information-sharing ecosystems (Headquarters, 2020). The sharing of threat information within an organization proves indispensable, as it facilitates the dissemination of critical insights regarding potential threats and their adverse implications on operational continuity.

Effective communication strategies must be meticulously devised to thwart any attempts at exploiting the workforce's activities for nefarious purposes, particularly in the social engineering world, which poses a substantial cybersecurity risk. Cyber interoperability underscores the imperative of establishing robust data policies that govern and regulate an organization's data assets. Such policies serve as bulwarks against the unauthorized dissemination of sensitive information by malicious actors to the public domain. Moreover, they afford organizations the ability to implement stringent access control measures and enforce accountability mechanisms to monitor employee activities through log file tracking, thus enhancing the capacity to address internal threats adeptly (Point, 2021).

By embracing cyber interoperability, organizations ensure their alignment with contemporary cybersecurity standards, enabling them to harness these standards to their advantage. It is essential to acknowledge the viability of preventative measures aimed at upholding cybersecurity standards. Within this context, IT professionals within organizations assume a critical role in fortifying the company's assets against malevolent entities such as viruses, while simultaneously safeguarding sensitive information from unauthorized access and hostile actors, including hackers.

References

Headquarters, C. S. I. S. (2020, March 13). Promoting cyber interoperability: The path forward. Promoting Cyber Interoperability: The Path Forward | Center for Strategic and International Studies. Retrieved October 10, 2021, from https://www.csis.org/events/promoting-cyber-interoperability-path-forward.

Point, S. (2021, July 7). How to build a data governance policy. SailPoint. Retrieved October 10, 2021, from https://www.sailpoint.com/identity-library/how-to-build-a-data-governance-policy/.