PECB Insights Issue 39 July August 2022 Pages
PECB Insights Issue 39 July August 2022 Pages
PECB Insights Issue 39 July August 2022 Pages
NETWORK SECURITY,
ETHICAL HACKING, AND
CYBERSECURITY
PROTECT YOUR ONLINE PRESENCE
32 W o r k - Li f e B a l a nce Top Five High-Paying Job Positions You Can Pursue with
an ISO/IEC 27032 Certification
A Day in the Life of a Cybersecurity Expert
74 The Expert
38 The Expert
Network Security and Management A Deeper
The Use of Blockchain in Cybersecurity Understanding
The views and opinions expressed in the PECB Insights Magazine do not necessarily reflect the views of PECB Group.
© PECB 2022. All rights reserved.
3
“ The five most efficient
cyber defenders are:
Anticipation, Education,
Detection, Reaction
and Resilience.
Do remember:
"Cybersecurity is
much more than
an IT topic. ”
STEPHANE NAPPO
Vice President - Global Chief
Information Security Officer Groupe SEB
4
5
T H E S TA N D A RD insights.pecb.com
T
omorrow’s metrology is the science of measurement and reduce delays associated with approval processes. In
for the digital economy. turn, this contributes to innovation, product agility, and
sustainability.”
Digital technologies such as artificial intelligence, big
data and machine learning are increasingly important to ISO has just signed the Joint Statement of Intent on the
the manufacturing industry. Just imagine the implications digital transformation in the international scientific and
on metrology – the science of measurement. quality infrastructure. The joint statement provides a
platform for the signatory organizations to indicate their
“Metrology in the Digital Era” is the theme of this year’s World support in a way that is appropriate to their particular
Metrology Day, celebrated annually on 20 May. The theme organization.
was chosen because digital technology is revolutionizing
metrology and is one of the most exciting trends in society This common understanding will help advance the
today. Accurate and fair data is an important cornerstone development, implementation, and promotion of the SI
of the digital development of science and technology. Digital Framework as part of a wider digital transformation
The resulting high-quality data, based on measurement of the international scientific and quality infrastructure.
standards, is the key to taking our industry to the next level
in the digital milestone.
The digital transformation of
As the BIPM and BIML directors state in their joint
metrology can bring many benefits to
message: “The digital transformation of metrology can
bring many benefits to our community. It can expedite our community.
time to market for measurement products and services
6
insights.pecb.com
The Joint Statement of Intent is part of an ongoing initiative The joint statement had previously been signed by the
to develop and establish a worldwide uniform and secure BIPM, the International Organization of Legal Metrology
data exchange format based on the International System (OIML), the International Measurement Confederation
of Units (SI), also known as the SI brochure. (IMEKO), the International Science Council (ISC), and its
Committee on Data (CODATA). “The addition of ISO further
The ISO 80000 series of standards for quantities and units is strengthens the collaboration and global reach of the
a vital element of the SI brochure as it provides harmonized initiative,” reads the BIPM press release.
terms, definitions, and symbols of quantities and units used
in science and engineering, providing a unified language Celebrated each year on 20 May, World Metrology Day
for communicating accurate measurement information commemorates the day back in 1875 in which the Treaty
between scientists, engineers and anyone involved of the Meter was signed, laying the foundations of a
in measurement. global system for common measurements that are all
based on constants of nature. The International Bureau
The SI Digital Framework will enable the implementation of Weights and Measures (BIPM) and the International
of new services that make best use of open data formats, Organization of Legal Metrology (OIML), which organize
software tools, and services that build upon the SI core World Metrology Day, actively liaise with a number of ISO
representation. Such services will help to produce technical committees.
high-quality data and make it available for analysis in
a coherent and consistent form. The outcome will be
new digital applications developed and deployed in the
Disclaimer: PECB has obtained permission to publish the
broader metrology community and in research disciplines articles written by ISO.
that rely on the SI.
7
insights.pecb.com
T
he cyber world is growing rapidly. Everyone is involved,
either directly or indirectly. Everything is available
with a single click or tap on your mobile, tablet, or
PC. You can browse websites, listen to or download audio,
video, and software, place your order, buy products, book
tickets, hotels, buses, taxis, etc. It has been made easy for
everyone due to the cyber world or digital world. You can
see the very bright side of the cyber world, which you are
enjoying in your daily routine, however, there is a dark side
to the cyber world that exists in reality, called Cyber Crime
or Hacking.
What is a cyber-attack?
The most valuable asset, nowadays, is data, not only for
organizations but also for individual users. If you are able
to protect your information or data, you or your organization
are stable and secure. Perhaps at first glance, it is difficult
to understand the importance, for those not that well-
versed with this industry, however, understanding the need
to stay protected is of high value today. Cyber-attackers, at
all times, are seeking these assets.
1. Malware
In the cyber world, it has become common knowledge
that around 300,000 thousand new pieces of malware are
created daily.
8
insights.pecb.com
Malware is a piece of code (software) that can be installed Pharming — Attacker uses Domain Name System
easily on your server, laptop or desktop, mobile device, (DNS) cache poisoning attack and manipulates DNS
tablet, etc., and it is used to leak private information or entry, to then redirect to a fake landing page to
gain unauthorized access to data, information, or systems. capture user credentials
Voice Phishing – SMS Phishing – Attackers use phone
As stated by Datto, some types of malware are:
calls or text messages to manipulate users in order to
Viruses — These infect applications by attaching collect information
themselves to the initialization sequence. The virus
replicates itself, infecting other files or code in the 3. Ransomware
computer system. Viruses can also attach themselves Ransomware is malware that encrypts critical data of a
to executable code or associate themselves with a file user or an organization so that they cannot access files,
by creating a virus file with the same name but with databases, or applications. The attacker decrypts the data
a .exe extension, thus creating a decoy that carries and makes it available to the victim only after the ransom
the virus. is paid. If the victim does not get access to the private key,
Trojans — A program hiding inside a helpful program it is impossible to decrypt those encrypted files that are
with malicious purposes. It is commonly used to steal being held by ransom. According to snap-tech.com, global
information or establish a backdoor to be exploited ransomware damage costs are predicted to exceed $265
by attackers. billion by 2031.
Worms — Unlike viruses, they do not attack the host,
being self-contained programs that propagate across 4. Cryptojacking
networks and computers. Worms are often installed
Cryptojacking is another form of cyber-attack. It involves
through email attachments. They are commonly used
the malicious act of the hacker, entirely hidden from the
to overload an email server and achieve a denial-of-
victim, to unauthorized use of the victim's computing
service attack.
resources for mining cryptocurrency.
Spyware — These programs are installed on laptops,
mobiles, and other devices and are used to collect
information about users, their systems, or browsing 5. Drive-By Attack
activities, sending the data to a remote user, the hacker. In a drive-by attack, sometimes referred to as a drive-by
download, the attacker seeks vulnerabilities in various web
2. Phishing browsers, plugins, or apps, to launch the attack. No action
from the victim is required to initiate. With the help of this
Approximately 6.4 billion fake emails are sent every day.
attack, hackers can hijack the device, install malware,
For this reason, the attacker targets many victims for a
keylogger, or spyware to spy on the user's activity in an
phishing attack.
attempt to steal critical data or personal information.
The most common and popular cyber-attack is Phishing,
which indicates sending mass quantities of fraudulent
6.MitM (Man-in-the-Middle) Attack
emails to unsuspecting users, in a manner that appears as
a reliable source. This is the most common attack and it is performed
through public Wi-Fi. The attacker inserts themselves
Phishing attacks can also occur via social media, direct between the public Wi-Fi AP and the visitor’s device
messages, or other online communities targeted by users and starts intercepting a two-party communication or a
with hidden intent. transaction. From there, cyber-attackers can steal the
password credential and other sensitive information, or
There are multiple types of phishing attacks, as follows: potentially manipulate data by intercepting traffic.
9
insights.pecb.com
8. Password Attack
Because passwords are the most basic used mechanism
to authenticate users to an information system, obtaining
passwords is a common and effective approach to attack.
Hacker uses sniffing, social engineering, and other
techniques to get access to passwords, to a password
database, or outright guessing. The last approach that
can be done, in either a random or systematic manner, is
T H E E XPE RT
9. Rootkits
Hackers install rootkits inside legitimate software,
therefore, once the victims install this software on their
system, it is activated and attackers can gain remote
control or administration-level access over a system. Later,
the attacker uses it to steal passwords, keys, or other
credentials, and retrieve critical data.
10
14. Cross-Site Scripting
A cross-site scripting attack sends malicious scripts 7. Software supply chain attacks have increased by
into content from reliable websites (unprotected or less 650%, in 2021.
protected). The malicious code serves with the dynamic 8. The healthcare industry has seen a 51% increase
content to the victim’s browser. Usually, this malicious in breaches and leaks since 2019. Furthermore,
code may have JavaScript code executed in the victim’s 70% of surveyed organizations reported healthcare
browser but can include Flash, HTML, and XSS. ransomware attacks.
11
T H E E XPE RT insights.pecb.com
12
insights.pecb.com
Vijay Kumar
Ethical Hacking, VAPT, CEH,
CompTIA Security+, CySA, Linux,
and Networking Trainer
13
PECB is Delighted
to Receive the
“Most Innovative
Cybersecurity Training”
Award 2022
This award is presented to PECB by the
prestigious Global InfoSec Awards 2022, which
honors companies that present a unique and
valuable scheme for their services
and products.
Ethical Hacking vs
Penetration Testing
B Y B A S S E M L A M O UC HI
D
OPIN ION
16
insights.pecb.com
What is ethical hacking exactly, and what It is possibly one of the most effective, time and cost-efficient
does it constitute? ways to enhance an organization's cybersecurity posture due
to its flexible nature and realistic practices.
In simple terms, ethical hacking is an authorized, simulated
attack against a computer, network, or organization to
identify existing cybersecurity vulnerabilities and system Are such practices legal?
misconfigurations, gauge the risks, and protect them from
The target organization explicitly authorizes these operations
real threat actors (malicious hackers).
in order to assess their security posture and fix any weaknesses
that exist within.
A. Vulnerability Assessment
Usually considered an audit against a target or a list of targets
that vary in nature (networks, computers, or applications) and
attempts to find all known vulnerabilities.
17
insights.pecb.com
2. Scanning
First, the operator needs to make sense of the target 3. Gaining System Access
infrastructure and understand the big picture; this usually
4. Persistent Access and Housekeeping
is a tricky phase since the operator has no guarantees that
the target will be fully visible, and even if it is, it is even 5. Analysis and Reporting
tougher organizing their digital footprints.
1. Planning and Reconnaissance
2. Asset prioritization and target configuration This phase covers describing and defining the scope as well
as limits of the test and a preliminary, (often automated)
This part of the assessment is completed by organizing the
information gathering mission in order to understand the
assets into clearly ordered priorities and organized attack
infrastructure and topology of the target entity. By the
metrics, this is not necessary if the customer can afford
end of this step, the pentester team will have as much
a full scan on each and every single one of its assets, but information as possible to map the attack surface.
most cannot afford it, so they resort to scanning their most
critical assets, which are usually public internet facing web
applications, servers, or internal critical infrastructure, 2. Scanning
such as a domain controller, some targets require finer This phase, based on the information acquired from
tuning than others depending on their nature, criticality, phase one, attempts and gets not only a complete top-to-
and robustness. bottom granular technical overview of the target entity's
technology stacks (services, defensive measures, etc.),
but also a list of vulnerabilities that can be exploited.
3. Vulnerability scanning
The most important step of the process, using a massive
database of publicly known vulnerabilities and the 3. Gaining System Access
ability to scan, probe, and attempt to check the target’s The penetration testers parse all the information they have
service vulnerabilities. It is only a matter of time until the acquired throughout phase one and phase two and look for
vulnerabilities are identified and the report is generated misconfigurations and exploitable vulnerabilities that will
based on a predefined baseline. At this stage, the pentester allow them to gain network or system access belonging to
team must well configure the vulnerability scanners to the target then run the payload to exploit the target.
reduce the number of false positives.
18
insights.pecb.com
19
OPIN ION insights.pecb.com
5. Analysis and Reporting Operators will use tactics that emulate known adversaries
(criminals, state actors), as well as develop their
The penetration testers compile the results and findings
own tactics.
of their operation into a report, findings such as the
vulnerabilities exploited, a list of machines successfully Red teaming follows an attack lifecycle very similar to
infected, and weaknesses found in security systems. penetration tests, but unlike penetration tests, where
the target is to map out and exploit every attack vector
This report will be sent to the target organization for
possible, the red team's target is to reach a well-defined
analysis. In the meantime, the penetration testers will
objective, such as access to a server, access to a network,
work with the corresponding team to fix any weaknesses
creating a successful data breach, or acquire domain
they find. It is pivotal that organizations running critical
controller admin account. Usually, red teaming operations
infrastructure conduct, regularly and often, penetration
follows the MITRE ATT&CK framework and mostly deliver
tests to get the most accurate and complete overview of
the attack using social engineering.
their security posture.
20
insights.pecb.com
21
insights.pecb.com
My Success Story
Jan Carroll
S UC C E S S S TORY
22
insights.pecb.com
23
insights.pecb.com
support. While it was a temporary situation, I made some who share your vision and see value in the experience, not
permanent changes by resigning from a role I loved, but it just financial goals.
was for the right reasons. I missed teaching and I wanted
to build something, a company that would close the cyber As a member of the committee of Cyber Women Ireland,
skills gap by offering training to professionals to upskill we work to increase girls' and women’s entry, retention,
or move into information security and cybersecurity. This and return to the cybersecurity industry. Returners are
is how Fortify Institute came to be. The mission of Fortify close to my heart as often women have left their successful
Institute is to provide quality cybersecurity, information careers due to overwhelming childcare costs. They make
security, and physical security training to professionals. this decision for their families at the time but when their
As a woman and someone who moved into cybersecurity children have grown or their relationships have broken
in my 40s, I wanted to offer these training opportunities to down, they need the support that the dedicated returner
women and older people too. program provides to return to work.
If I could offer advice to anyone considering a career change As a member of The National Cyber Awareness Task
is to look to cybersecurity and information security. There Force, our mission is to create learning resources for
are so many opportunities and many skills we have acquired frontline workers to support women suffering from tech-
by that stage of our lives that are transferable. Other facilitated abuse such as cyberstalking. This will take the
skills can be learned via accessible, affordable training. form of online training for police, health care workers,
Often our age, experience, and confidence are a great teachers, etc. ENISA, the European Cyber Agency, do
advantage. Get involved in your local cyber community, it fantastic work in researching cybersecurity trends
is a brilliant and fun way to grow your network and learn. and I am a member of the ENISA Ad-hoc working
One of my proudest accomplishments in my cyber career group for Cybersecurity Markets. ENISA often seeks
was to deliver a talk on cyber learning opportunities at security experts to join their working groups and it is a
BSides Dublin 2022, which is a wonderfully, community- wonderful opportunity to contribute to the community
focused organization. and connect with international experts. I mentor those
who enter cybersecurity but do not know where to start.
It is tough as many do not yet know where they
My Journey with PECB want to specialize.
When I created Fortify Institute, I looked at the certification
So, I encourage them to immerse themselves in cyber.
bodies out there whom I could reach out to, to gain
certification, and deliver certification and education as
a trainer. PECB has been a fantastic support to me and
Fortify Institute. Through PECB I am a Certified ISO/IEC
Lead Implementer, and I became a PECB Certified Trainer
which has opened so many opportunities for me.
24
insights.pecb.com
Do some short free courses, listen to podcasts, read the Not an accumulated wealth perspective. I get to do the job
books, watch YouTube classes, sign up for national alerts I love in a thriving industry so yes; I am successful. I have
but most importantly, get involved with the community, recently been shortlisted as Cyber Educator of the Year
network, and volunteer. The rest will come. 2022 in the EU Cyber Awards which I am immensely proud
of. I see busy years ahead of me as I scale Fortify Institute
and partner with other organizations.
What the Future Holds
When I began writing this piece, I questioned whether I I will continue to learn and keep my skills up-to-date.
was successful. I am extremely fortunate; I am happy and I will continue to be active in the security community
healthy with wonderfully supportive family and friends. and support and mentor those who are entering the
Success is subjective and I consider it from a work-life industry. If I can aid you with your success, please connect
balance perspective. on LinkedIn.
25
insights.pecb.com
B Y S A A D S HE I KH
5
G deployments have grown exponentially during the
last 24 months, according to industry reports the
world will reach +1 billion 5G connections in 2022,
and +4.87 billion connections by 2027, combined with the
fact that 6.5GB average consumption per subscriber, with
the reach of 15GB in 2022. This is a scale of networks the
world has not seen before and the risk of not knowing what
we are going to manage is greater than any value that will
come from technology advancements.
26
insights.pecb.com
This is because almost every real-use case of 5G and Therefore, although government support to accelerate
monetization sits outside the data center or a central new technology rollouts like 5G and Edge was created,
colocation. Large scale deployments of 5G means that what came natively was increased spending on security.
typical Telco will need to deploy thousands of mini 5G
networks for enterprise, each of which will have unique Alone, the global spending on network security has reached
needs. In addition, they cannot afford data aggregation $168 billion in 2022 which is over 15% in comparison to
in datacenters, so it must be broken out and processed at the previous year. What is obviously causing this is the
the nearest point of value, which mostly will be near to the horrendous growth of “data” to a level that we can safely
source at the Edge. say today’s business is all about data and an organization’s
unique capability to manage it in a secure manner.
This makes Telecom security discussions more challenging
because Edge is where IT&OT really meet the Telco world. Google does it by knowing people search habits
It also means that simply Telecom security architecture Facebook does it through social circle
will not be enough and that to make any real-use case from
Uber by navigating world’s traffic
this complexity there is only one promised deployment
model which is based on “Network Disaggregation”. Telco’s by monetizing their Pole position
What it really entails is that merely one view on security is Maybe it would have been nice if we started off from the
not enough, it also means we need to enable new and agile IT world and brought the latest and greatest to meet
methodologies in Telecom around security with "intrinsic Telco service needs. This could mean a more pragmatic
security” as a base and foundation to design and build approach to an operating model as 5G and future networks
any network. will scale.
27
insights.pecb.com
principles;
28
insights.pecb.com
The main security requirements to secure the upcoming As such, service layer mechanisms are defined within
IoT/5G services fall under the following main categories: the domain of the service provider and cover aspects,
such as service authentication, confidentiality, integrity
Identity Access Management and Authentication protection, and privacy.
Communication Security Application layer security: Service providers
Data Security (Confidentiality, Integrity, Availability) implement their services by providing applications to
their subscribers. In addition to the security provided
These security requirements should be distributed over
by the service layer, each application may implement
the below security layers:
additional or different security mechanisms. These
Network Layer Security: This layer can be split in two could cover security mechanisms, such as end-to-end
parts: network access (part of the control plane) and data encryption and integrity protection.
network application (user plane). Different types of Device or Endpoint security: Certain devices are
access, i.e. 3GPP (5G, LTE-M, NB-IoT, etc.), or non 3GPP required to implement security mechanisms in order to
(Wi-Fi, Zigbee, etc.) can be considered. make sure only authorized users have access to device
Under the umbrella of 3GPP, 5G/IoT will benefit from resources and in order to make sure that assets, such
all the security and privacy mobile features, such as the device identifier cannot be manipulated. Those
as support for user identity confidentiality, entity mechanisms are covered within the device security
authentication, confidentiality, signaling protection, layer. In addition, aspects as provisioning the UE with
and data encryptions. service or network access subscriptions, device theft,
Although 3GPP defines several key security device integrity, and grouping of devices (e.g. for bulk
methodologies into its specification, CSPs still need to authentication and management) are covered.
do the provisioning and configuration.
The security requirements should be defined per use case,
Service layer security: Services can be split into but at the end it follows the CIA triad (Confidentiality,
those that are defined by 3GPP, i.e. 3GPP services and Integrity, Availability), the below are different use cases for
services that are provided by service providers or connected cars with the required security profile level, as
third parties. shown below:
Connected car In-Vehicle Entertainment & Internet Access Massive IoT Medium
29
insights.pecb.com
Cloud Infrastructure Security Based on GSMA FASG and Linux Foundation – Anuket, work
and definition in MITRE framework the Multi Cloud Security
With the future networks based on open and standard
Architectures should address the following needs:
open infrastructure it is important that security is enabled
as a standard foundation in infrastructure that promises 1. Policy controls: where Telco’s can declare the intent
and guarantees SLA for the secure infrastructure, the or policy, and workloads can traverse across clouds
foundation of such a resilient architecture should comprise while complying to that policy SLA’s
of following reference architecture blocks: 2. Real time visibility: where a common data model
IN N OVAT ION
1. Safe BIOS: mitigates the risk of BIOS tampering with approach to capture events and behaviors across all
infrastructures
integrated firmware attack detection
3. Security SoC: where all security related features are
2. Safe ID: protects an IT and cloud infra using biometric
monitored to give both the end-to-end view and also
security
enable a timely response
3. Cloud Security: all the way from TPM to HSM
4. CI/CD of Security Pipelines: which will focus on
4. UEFI Secure Boot Customization: will protect your end-to-end automation of critical activities focusing
infrastructure from security vulnerabilities during boot on continuous security assessments, compliance
5. SafeSupply Chain Tamper-Evident Services: verify monitoring, and security configurations control.
nothing happens to the device during transport. “Finally, the most important piece will be the
These tamper-evident seals are added to the device Operational model because there will be workloads
and the box at the factory, prior to shipping. Pallet that will be distributed across different cloud
seals can also be added to increase security environments in such a case how we can ensure a
consistent single pane of glass.”
6. SafeSupply Chain Data Sanitization Services:
prevent spyware or illicit agents from being injected Below is one holistic view on how Dell Technologies is
into the hard drive supporting customers to deliver secure infrastructure and
7. Data control: using NIST 800-88 standards to ensure security solutions, like cyber recovery, to enable true Multi
even in the case of 5G networks that are hosted on Cloud Era Security Architectures:
Public Clouds, the customers can manage to keep
their data secure and control it
8. RSA Secure ID and remote attestation: to
cryptographically determine the identity of
Baremetal servers CYBER RECOV
Long Term Retention
9. Cyber Recovery for Sheltered Harbor: is a fast, cost- (Object/Cloud Tier) Cyber Recovery
effective, and efficient mean to protect critical data Storage System
Immutable
by adopting the vault mechanism and to recover the
Copies
data in case of a network security attack
OFF PREMISE
30
insights.pecb.com
Conclusion
As 5G and future networks are scaling and more services
are being migrated, the “Security” and “data control”
become a central discussion.
B Y F RA NC I S KURI A
A
s most involved in the cybersecurity field, my day
also consists of a long and tiring schedule, but also
as most cybersecurity experts, I love my job and
this industry. Working towards a better and more secure
digital space is a great motivation each morning. Because
of this field I have had the please, and still do, of meeting
and working with a great array of cybersecurity experts
who have a great deal of experience, however, I still get
to meet and work with a great number of aspiring youth
with a passion for this industry. As it comes with many
challenges, requires a lot of time and effort, studying,
staying up-to-date with all new innovations or potential
threats, and a great deal of time, for many, an imbalanced
work-life schedule, with time away from loved ones and a
lot of focus on work. I am sharing with you a day in my life
and the balance that I have found.
Getting Started
5:20 AM: It starts this early with the annoying alarm
clock emitting a random pattern of beeping sounds. I get
tempted to actually chase after the clock in order to shut it
off, but fortunately, my wife gets to it before I do, and just
like that, the first ‘false positive’ alert of the day officially
checks in. I turn sides and continue sleeping for the next
15 minutes. It happens that the 5:20 AM wake-up alert was
for Jeff, the 4-year-old, whose bus driver will be hooting
outside the gate at 5:50 AM. After he leaves, it will be my
turn out of the same gate at 6:30 AM.
32
insights.pecb.com
Getting Work Done I will identify and reach out to the established cybersecurity
firms and create a business case for them to consider
I review and reply to emails ranging from security logs to
strategically entering into the untapped East African
admin issues and business development. I complete tasks
cybersecurity market. On the list of benefits that I will
related to the review of the expected receipts, plans for
include in the proposal, to such potential firms, is the need
expenses, follow-up on customer leads and I must say
to tap into the local affordable talent that this part of the
that having had a business background early in my career
world is currently able to produce.
comes in handy, otherwise, I would take the whole day
with these tasks. As an ISO/IEC 27002 Lead Manager, I have to understand
and be able to help organizations implement 93 security
controls (previously 114), and having first-hand exposure
and experience with solution providers that address the
required controls allows me to deliver effective solutions
to customers on consulting projects. At the same time
be a very effective IS auditor, when on an Audit, and
Assurance engagement.
Cybersecurity Training
2:00 PM - I get to work with aspiring cybersecurity
professionals, help them acquire cybersecurity skills
and also get them to pass top cybersecurity leading
certifications. I have to be creative with the instructional
design as the certification exams are recommended for
professionals who already possess some years of experience
in cybersecurity job roles. This is not always the case.
33
34
W ORK- L IFE BA L A N C E insights.pecb.com
insights.pecb.com
Most (about 60%) of those enrolled are recent computer As I alight, I promise myself to focus on good thoughts
science graduates with one year or less in the cybersecurity and leave the challenges of cybersecurity to official
space. To close this gap, I ensure that for each student, working hours.
I provide access to our lab infrastructure that will
simulate real-world business environments, processes,
Finally Home
and IT infrastructures. I will also ensure that they get
access to the latest penetration testing distribution It is now 6:00 PM and I am finally home. I find Jeff in the
tools and finally ensure I provide them access to the top sitting room and after some warm hugs, he quickly invites
open-source solutions, which they will use to protect me to check his new “invention”. It turns out to be a
the IT systems that I have provided to them. I will also combination of my old gadgets (cables, computer parts,
get them involved in the testing and evaluation of our and more related stuff) all precariously connected together
partner products as well, in any ongoing cybersecurity using my tool kit set as the base.
research. At this point, I am more than ready to
I make a good effort to listen to his explanation of how it
call it a day.
works, but as I listen all I can picture is his entire invention
coming down once I take my tool set kit, another example
The Evening Commute of a poor security design. He seems to be no different
from the software and application developers in the
It is 5:00 o'clock somewhere, and it is finally Nairobi's
world who ignore the need to implement secure software
turn. As the “city in the sun” prepares for sunset, it is time
development practices.
to get home to compare notes of the day with Jeff. For the
commute home, I will be using Nairobi’s public transport It is now 6:30 PM and the mom is home. It turns out
which consists of buses referred to as "matatus", very that this is the best time to pull my tool set kit from the
colorful with most having all the colors of the rainbow in invention. I will have a good laugh when I see the invention
a perfect balance, served with blaring music and branded come down. I also understand that I am about to start
with posters of legendary American rap artists as well as the final official workout of the day as I have to run as
free Wi-Fi on most of them. fast as I can.
Once inside, my attention is drawn to an IP camera at I will eventually get caught, just as it happens in the
the front, and just as I thought that cybersecurity work real world where getting hacked is a matter of when
was done for the day, I find myself where we all start, not if. And just like that, I will be looking forward to the
i.e., information gathering phase (Wi-Fi name and challenges of the next day.
password name in plain sight), I find myself asking the
question, “What other devices are connected in addition
Francis Kuria
to the IP camera?” Cyber Security Lead | CLEH,
CEH, CISA, ISO/IEC 27001
As I am about to jump to the weaponization phase, I make Lead Auditor
a quick glance around the bus, first at the young man
sitting next to me who has been engaged with his phone Francis is a cybersecurity lead who
the entire trip. lives in Nairobi, Kenya, with his
wife and 4-year-old son. He holds
His phone seems capable of handling advanced mobile a Master’s Degree in Information Systems from the
University of Central Oklahoma (USA). His current
penetration testing tools and I start thinking of what he
industry certifications include: Certified Lead Ethical
could be capable of accomplishing.
Hacker (CLEH) from PECB, Certified Ethical Hacker
(CEH) from EC Council, Certified Information Systems
I, now turn to the other passengers and start asking myself, Auditor (CISA) from ISACA, ISO/IEC 27001 Lead
“Are the hackers here?”, “Have they already taken over the Auditor (PECB), ISO/IEC 27002 Lead Manager (PECB),
IP camera?”, I question the thoughts in my head and even Network+ Certification (CompTIA), A + Certification
start asking myself if a medical doctor happened to be (CompTIA) among others. Francis is a PECB Certified
Instructor and serves as a mentor, helping individuals
on board, whether he would be sitting around imagining
navigate their careers in cybersecurity. His dream is
how one of us would look like after multiple fractures from for a robust cybersecurity framework for Africa. And
an accident. After that thought, I immediately stop and when not in the office, you will find him working
fortunately it is time to alight from the matatu. in his beautiful garden.
35
This upcoming PECB Insights Conference is an especially noteworthy event,
marking a return to in-person conferences after a three-year period! Designed
to ignite and inspire, this event will feature various new and exciting makings,
where you will be able to see all the trends, influences, and inspirations of this
decade, and where you can connect with C-level professionals.
This conference will host over 40 experts who will be discussing the latest trends
and developments in the world of Information Technology, Security, and Privacy
– with topics surrounding Information Technology, Digital Transformation,
Artificial Intelligence, Blockchain Technology, and much more.
Save the date for the PECB Insights Conference 2022 sessions, scheduled for
17-18 November!
Set to be held in the memorable city of Brussels, this event not only includes
two full days of interactive and immersive sessions but also features two Pre-
Conference Intensive Training Courses.
We are happy to let you know that we are launching the following Training
Courses as part of the Conference in Brussels from November 14-16:
ä Rinske Geerlings
ä Graeme Parker
These sessions and courses will convene the world’s most influential and
brightest minds across industries. By building bridges between specialists and
experts from various industries, we aim to create a community that is inclined to
embrace changes and join forces toward a safer world.
T
hese days cyber-attack trends are increasing in
magnitude, frequency, and sophistication constantly.
In recent years, we have witnessed escalated cyber-
attacks, such as distributed denial of service (DDoS)
attacks, phishing, ransomware attacks, man-in-a-middle
(MiTM) attacks, SQL injection, and much more, aimed at
major networks like Mailchimp, LinkedIn, Canva, Google,
Amazon, CNA, WHO, etc. It is safe to say that as technology
evolves, so do the bad guys.
38
insights.pecb.com
For instance, a DDoS attack will first, infect multiple nodes Blockchain technology is equipped with multiple features,
across different domains to produce a semi-coordinated configurations, and applications specific to improve
network called a “botnet.” Hackers then hijack each bot security. Configurations including public and private
and launch them against centralized targets. cryptographic keys, contracts, and identity control ensure
data protection through verification and authentication of
Meanwhile, other ways to make centralized targets less transaction records, privacy, and traceability maintenance.
vulnerable include database management, increased
software deployment, security protocols, and depending Blockchain technology is trustless and consensus-focused,
less on central "trust." which distributes transaction records across a network of
computers.
The decentralized solution relies on blockchain
technology to increase the resilience of cybersecurity. Thus, shifting record-keeping and transaction verification
processes from a central authority to a decentralized
network. Thereby, removing the single point of failure, thus,
enhancing resilience to attack and security.
2. IoT Security
3. Software Authentication
39
insights.pecb.com
5. DNS Security
2. Irrecoverable keys
Final Thoughts
Keys (private and public) are to blockchain what keys Cyberattacks like data breaches, DDoS attacks, phishing,
are to cars. These private keys enable device-to-device ransomware attacks, etc are cause for alarm especially
data encryption. But what happens when a driver as the attack keeps evolving with technology, growing in
loses his car keys? The car becomes inaccessible. volume and frequency.
40
insights.pecb.com
Rudy Shoushany
Founder of CryptoTaks
and DxTalks
41
insights.pecb.com
B Y C HRI S TO P HE R M A G NA N
I
Definition
nternet-of-Things (IoT) security integrates processes
and tools that defend networks from cybersecurity
threats. These threats continuously evolve and exploit
IoT device’s vulnerabilities. Proactive threat analysis and
risk mitigation strategies counteract these threats through
policies, technology, and people. IoT networks are diverse,
so a single strategy or industry standard will not apply to all
networks. Device (also called endpoints, nodes, or sensors)
manufacturers design are not forced to comply with
security standards, old devices with outdated technology
are integrated into the IoT network, devices are placed
outside a secure perimeter, different communication
protocols, and ad-hoc reconfiguration increase IoT security
complexity. This article will summarize recent adoption
trends, list common security threats, present underlying
IoT vulnerabilities, recommend risk mitigation strategies,
and present common security tools to strengthen the
IoT security posture. Given the breadth of this article,
references have been hyperlinked to aid further analysis.
Significance
IoT technology has catalyzed global digital transformation,
identified in many reports as the greatest business
driver. Corporations harness the technology to improve
processes, develop new capabilities, quickly pivot to new
markets, or compile data for strategy development. Smart
cities, smart homes, telehealth, and industrial automation
are applications driving this adoption. Consumers now
rely on IoT to improve daily habits, automate home
appliances, and for entertainment. Technology adoption
has accelerated despite supply chain disruptions, a global
semiconductor shortage, and the COVID-19 pandemic.
Technology catalysts include decentralized processing
capability, cloud computing, cheap hardware, wireless
spectrum access, and scalability.
42
insights.pecb.com
43
insights.pecb.com
The following two threats are exclusive to sensors and Skills critical to maintaining the security posture include
hardware located outside the security perimeter (also hands-on experience with tools, technical writing,
identified as defense-in-depth). system design, data analysis, and technology lifecycle
management. Traditionally, cybersecurity professionals
Physical theft is the removal of the endpoint or started in information technology (IT) and transitioned
infrastructure from its location. Most likely the network into cybersecurity. However, Generation Z and Millennials
will not be accessed through the stolen node, but service have completed self-paced or university education to
continuity is at risk if it is used to relay data from other enter the profession but lack technical acumen. Finally,
L E A D E RS H IP
endpoints or commands from the enterprise. analysts show that cyber professionals are predominantly
male (76%) and Caucasian (72%) in the United States and
Reverse engineering techniques will examine the stolen the United Kingdom. These three trends quantify severe
hardware to replicate the node design. The design can be limitations with current hiring strategies.
manufactured and integrated into the network to collect
network data or distribute malware across the network. Budgets are also not keeping pace with accelerated IoT
adoption. An executive survey reports IoT cybersecurity
spending will not increase year over year (YoY). Budgets
Issues
limit staffing, tool acquisition, training, corporate culture,
Analysts report that IoT adaptation has exceeded and risk management capabilities. Recent inflation further
growth expectations. However, IoT security has limits budget and spending impact. Executives also need
lagged the accelerated technology deployment; many to identify critical vulnerabilities that pose the greatest
systems are deployed without any cyber readiness or corporate threat and dedicate resources to mitigate risk.
vulnerability assessment. The underlying concern is an
exponentially growing vulnerability gap that also has IoT nodes can range from simple sensors that digitize and
exceeded projections. transmit data to complex command and control systems.
Endpoint design standards do not exist and designs
Common causes leading to the gap are designs, sensor range in processing capabilities, local storage, firmware,
security limitations, asset management, corporate policies communication protocols, and memory. Unfortunately,
and procedures, and education. security features are not a design requirement and it is
the responsibility of the system designer to implement
Rapid adoption also requires technical talent capable security controls. Many manufacturers also do not update
of managing enterprise assets. However, the necessary software nor release patches to mitigate discovered
talent pool size is also not growing proportionally. As stated vulnerabilities. Nodes with patches and new software have
by an ISC2 report, analysts estimate a global 2.7 million finite processing power, memory, and storage that limit
cybersecurity professional shortage in 2021. data collection or processing while upgrading software.
44
insights.pecb.com
In many IoT systems, IoT nodes are located outside In the event the network breach is caused by an unknown
security perimeter and communicate via unregulated sensor, forensic analysis and an incident management
wireless channels in the Industrial, Scientific, and Medical remediation plan will be unable to quickly quarantine the
(ISM) bands. Wireless transceivers in these bands are affected sensor and mitigate damage.
commercially available and access barriers do not exist.
Hackers actively exploit the vulnerabilities through the Corporations adopting IoT typically lack system design
wireless channels to penetrate the network. expertise and outsource the project to engineering firms.
One common mistake is omitting a cyber professional’s
Consumer IoT adoption is also a developing vulnerability. design assessment of its cyber readiness. Cyber
Employees link their wearables (such as biometric trackers) professionals can also advise on asset management,
and virtual assistants to both public, home, and enterprise event management, and cyber awareness training.
wireless networks. Consumers are predominantly ignorant Unfortunately, cyber specialists are in high demand, and
about cybersecurity and poorly managed risk. Wearable adding them to the design team significantly increases
manufacturers rarely design security features nor update project costs. Finally, policies to assess cyber readiness
operating software to patch vulnerabilities. Since personal continuously through audits are not implemented to
devices are not corporate assets, they rarely adhere to improve the security posture.
enterprise compliance and risk mitigation standards.
Recent surveys have also reported password management
According to ArchonSecure, recently, many older is a significant IoT vulnerability. In many sensors,
endpoints have been integrated into IoT networks. This passwords are never implemented nor changed from
practice is common in manufacturing facilities that do the default one set by the manufacturer. Because many
want to disrupt optimized industrial processes. These sensors are not managed by the IT, corporate policies for
nodes are no longer supported by the manufacturers password complexity and periodic password changes are
and operate on antiquated firmware that predate basic never enforced. As a result, generic or default passwords
security features. In many corporations, the assets are are easily deciphered.
not managed by the enterprise IT team but are managed
by industrial engineers or facilities maintenance. Many
sensors operate on outdated communication protocols,
such as RS-232, that are not compliant with internet based
schemas, such as Transmission Control Protocol (TCP) or
User Datagram Protocol (UDP). To effectively communicate
with the corporate network, these sensors are connected
to aggregators which translate data and commands from
multiple sensors between the native protocol and the
network. This strategy increases network vulnerability
because these sensors do not have an IP address and are
isolated from asset and configuration management tools.
This isolation compromises asset management since the
legacy sensors are often not properly catalogued, managed,
and decommissioned when the system is permanently
removed from service.
45
insights.pecb.com
Business leaders are also concerned with the lack of cyber Defenses
awareness and accountability. Trending vulnerabilities
Countermeasures to mitigate the risks listed above involve
are not disseminated to employees. Also, employees’
processes, people, and tools (e.g. technology). Processes
cyber awareness is not audited, and refresher training
define the expectations and the sequences implemented
is rarely presented. Employees also develop risky habits,
to improve the security posture. People need to be trained
for example, people who telework may travel overseas
to follow processes and management’s expectations. Tools
and work from unsecured locations with public WiFi. In
aid people with event detection, enforce policies, and
addition, employees should be held accountable for IT
L E A D E RS H IP
Data Wipe
Engage cyber team
1
Hardware Demolition
in planning and
ANALYSIS
design to mitigate
2
cyber risk
9
DISPOSAL PLANNING
Incorporate
Cyber Tools
Cyber Scorecard
8
EVALUATION
System 3
DESIGN
Development
Lifecycle
Event Management
Security Control
4
Compliance
7
Asset Management DEVELOPMENT
MAINTENANCE
Continuous monitoring
Training
6
DEPLOYMENT
5
TESTING
Test system for
cyber readiness
Security Controls
46
insights.pecb.com
Event management is a critical gap in cybersecurity. When VLANs partition the network and will restrict traffic from
a data breach or virus infection occurs, key players must the vulnerable sensors into the enterprise. VLANs can also
react to isolate the affected areas, remedy the vulnerability, quarantine compromised devices from the network itself.
collect lessons learned, and recommend strategies to Firewalls and firewall rules can be implemented between
mitigate future risks. VLANs to enhance security between different network
subnets.
To prepare for events, roles and responsibilities must
be clearly defined and processes must be planned and The growth of personal IoT devices used on enterprise
broadcast to the key players. Periodic simulations or networks has increased network vulnerability. The best
rehearsals with key players help refine event sequences,
risk mitigation strategy is to deploy an unsecured wireless
identify dependencies, and address any discovered gaps.
network firewalled from the corporate network. A policy
Asset management has been identified as a key defense mandating these personal assets connect to this network
against cyber risk. IT personnel must track the IoT assets needs to be released and enforced. Tools, such as Network
throughout the lifecycle and manage software updates, Access Control (NAC) can be used to enforce these policies.
configuration changes, repairs, and decommission.
2-Factor Authentication (2FA), also loosely referred to as
If properly managed, the sensors can be properly retired Multifactor Authentication, enhances Access Management
when they are no longer useful. The assets must also have by adding another access variable to strengthen the
their memory wiped and hardware must be demolished so enterprise network’s access portal. The three main types
data is not compromised nor can the hardware be repurposed of authentication are:
or re-engineered to enable unauthorized network access.
“What I possess?” - Examples include a cell phone
Virtual Private Networks (VPN) can mitigate the risk to receive SMS messaging, an e-mail to receive a
incurred by employees’ use of personal home networks. temporary password, or a key card
VPN’s establish a secure and encrypted internet connection
between the workstation and the corporate network.
“What I know?” - Ranges from username and password
through security questions that pertain to you
Unfortunately, the VPN’s security is as robust as the device “Who am I?” - Such as a fingerprint or facial recognition
accessing it. If an employee is using their personal device
on the VPN, then any viruses or malware installed on it 2FA protects against asset theft or password compromise.
can migrate to the corporate network. The best practice In terms of network access via the IoT endpoints, the
with teleworking employees is to distribute laptops with first two options (What I possess and What I know)
enterprise antivirus software and other security tools. are implemented.
47
insights.pecb.com
Enterprise Enterprise
Cloud Cloud
(a) (b)
Enterprise Enterprise
Cloud Cloud
(c) (d)
48
insights.pecb.com
Intrusion Detection Systems can also be configured physical access. Designers can also house the nodes in
to alert administrators when black-listed devices try weather-resistant enclosures with locks. The enclosures
to communicate with the network. IDS can also be can be designed to include an alarm trigger that notifies
configured to alert users of anomalous traffic, such staff when a node is accessed or damaged. The design
as a device repeatedly trying to access one device tradeoff is cost and accessibility to service the nodes.
or cycling through a string of network addresses.
IDS is a monitoring tool and is not used to actively Risk matrices can help identify which vulnerabilities
manage the network. are most likely to cause significant damage and drive
cybersecurity budgets.
Many sensors are placed outside the organization’s secure
perimeter and are not protected by fencing, access A risk matrix is a high-level analysis tool organizations use
controls, and guards. These endpoints are not protected to identify key areas that require the most resources.
from theft or damage. To mitigate risk, designers can
explore placement in inaccessible locations to limit The matrix compares different risks in terms of the
CONSEQUENCE
Moderate
2 Low 4 Moderate High High
Unlikely 2 6 8 10
occurrence probability and the potential damage. Figure 3 that require immediate attention while green-colored
shows a generic risk template. cells have minimal impact or probability and can be
passively monitored.
The cells in the matrix are also color-coded to highlight
criticality. Each risk is scored on a scale of 1 to 5 on its A generic scorecard is a dashboard used to continuously
occurrence and impact respectively. Red-colored cells assess cybersecurity training, policies, and infrastructure.
identify risks with the greatest probability and impact A scorecard should be simple and easy to read, however,
49
insights.pecb.com
Cyber Risk C B is just an example, but the key data points are the overall
score, the score breakdown to the individual metrics,
RESILIENCY SAFEGUARD such as patch management, the score weighting, and
the trending score over the past year. Other data points
not presented in this scorecard are key security events,
Security Rank
D A such as a data breach or bullets describing deficiencies. A
L E A D E RS H IP
Information Disclosure
team plans the roll-out. The implementation team then
Website Security Fraudulent
integrates the strategy during the Do phase. During the
Check phase, the implementation is evaluated against its
key success factors, and lessons learned are also discussed.
CYBER RISK TREND Finally, in the Act phase, the next improvement is selected
100 based on the success and lessons learned. The Deming
Cycle is repeated as the iteration is planned, implemented,
and evaluated.
75
50
25
0
2016-10 2016-11 2016-12 2017-01 2017-02 2017-03
SCORE DETAILS
50
insights.pecb.com
ACT PLAN
Continuous
Improvement
CHECK DO
Conclusion
IoT technology represents transformational opportunities
for many businesses. The benefits include; data mining,
new business opportunities, and reduced cost. However,
IoT is a growing vulnerability within enterprise networks.
Many factors, such as training, oversight, and system
design, contribute to this vulnerability. Fortunately, there
are many tools and strategies that can mitigate this risk.
Organizations must determine what their greatest risk
is, develop a strategy to mitigate it, assess the strategy’s
efficacy, and improve the strategy.
Christopher Magnan
Senior Manager of Network
Consolidation | Cloud |
Cybersecurity | Unified
Capabilities
Christopher manages a
telecommunications program
supporting the Defense Information Systems Agency
(DISA). During his career, he has led a team that
has implemented cybersecurity technologies and
best practices, integrated telecommunications, and
implemented Bring Your Own Device (BYOD) to a diverse
global enterprise. Prior to SuprTEK, he managed the
design and deployment of Smart City technology across
Naval District Washington. He received his MBA and
Master’s in Electrical Engineering from the University of
Maryland – College Park.
51
BUS IN E S S & L E ISURE
insights.pecb.com
Economic Activities
The city is the industrial and commercial hub of the
Western Region. Some of the prominent industries in the
city include; cement factories, flour mills, harbor, crude
oil production, cocoa processing, timber production, and
fishing. Also, the majority of government installations can
be found here.
54
insights.pecb.com
55
BUS IN E S S & L E ISURE
We, at The-Eye-See-T, are very willing and available to He holds PECB certifications in ISO/IEC 27001, ISO/
support individuals to successfully attain their preferred IEC 27002, ISO/IEC 27032, ISO 22301, and ISO 37301, in
PECB certifications in Ghana. addition to CCISO and PCIP.
56
insights.pecb.com
57
BOOKS insights.pecb.com
Understanding how to create a secure environment for its users against any malicious activity has become
most organization’s highest priority. Exploiting your organizations vulnerabilities through a process of
evaluating a system for potential security breaches or data threats, in order to fix any vulnerabilities
prior to cyber-attacks is highly important. Get a better understanding on staying protected through the
books listed below:
Internet of Things: What You Need to Know About IoT, Big Data,
Predictive Analytics, Artificial Intelligence, Machine Learning,
Cybersecurity, Business Intelligence, Augmented Reality and Our
Future by Neil Wilkins
With an excellent coverage on IoT and a thorough explanation, this book also
covers topics such as; ethical hacking, predictive analytics, machine learning,
artificial intelligence, cybersecurity, big data, business intelligence, augmented
reality, virtual reality, and much more. With the growth of internets usage this book
presents an understanding of where our future is going and how to be prepared
for it. It covers concepts and methods powering the most aspiring technological
concepts of our century, the Internet of Things (IoT), meanwhile elaborating on
gadgets and tools to use to stay better prepared for the future of the internet. A
well-written and knowledge-based reference book for anyone who is interested in
deepening their knowledge on IoT and relevant technologies.
58
insights.pecb.com
This book delves into recent trends in threats and cyber defense, with great information
included on various recent or growing technologies such as; Zero Trust, Cloud Security,
Cyber Kill Chain, identifying types of cyber-attacks, and much more. It offers an
understanding of how cyber-criminals gain access to organizations and provides a
framework of how organizations could protect themselves with cybersecurity defense
strategies that are well laid out and easy to follow. A highly informative book for a wide
range of audiences, from those who are new to cybersecurity to experts who want to
self-review. For those new to the security field, this book provides an understanding
that is required to define strategies, implement procedures, and refine the tools at
your disposal to impact the security posture of your organization, whereas, for senior
executives, a high-level holistic view of what the current threat landscape looks like
is provided. With no shortage of case studies of real-world occurrences, cybersecurity
specialists can use this book as a manual to improve their organization’s security posture
through the methods explained.
Nowadays threats are organized, professionally run, and for-profit. All types of
organizations and institutions, from financial institutions, health care organizations,
law enforcement, government agencies, to other high-value targets, need to reinforce
their IT infrastructure and human resources against advanced targeted attacks from
motivated professionals. This book incorporates social engineering, programming, and
vulnerability activities into a multidisciplinary method for targeting and compromising
high-security environments. The author portrays highly advanced topics and in-
depth understanding of penetration testing through each chapter about sample
hacking scenarios, with each chapter exploring different hacking methods in various
environments with real-world examples of hacking networks. Commonly penetration
testing involves low-level hackers attacking a system with a list of known vulnerabilities,
and defenders preventing those hacks using an equally well-known list of defensive
scans. The hackers’ professionality of today's threats operate at a much more complex
level and this book shows you ways to defend your high-security network.
In this book, Hubbard lays out the foundation for decision-making and strategy within
cybersecurity through a solid approach to quantitative risk analysis. Using examples and
common tools, he shows how to apply probability concepts easily to solve questions that
many businesses face today regarding cybersecurity. By presenting a clear framework
for non-mathematicians to become statistically literate, this book debunks common
misconceptions and allows readers to move beyond qualitative “spotlight charts” into
quantifiable probabilities. Presenting a whole new approach to measurement, the author
opened the business world’s eyes to the critical need for a better measurement system,
besides the common; Low, Medium, and High measurements used in cybersecurity. An
insightful read, How to Measure Anything in Cybersecurity Risk motivates organizations
to do a closer examination of its own risk management practices in the context of
cybersecurity. The aim is to airtight data protection and ensure your organization’s
safety, prior to any malicious attacks.
59
The Updated
Version of ISO/IEC 27002
is Available!
The Impact of
AI on Cybersecurity
T E C H N OL OGY
B Y JO HN A . A D E L O Y E
C
yber-attacks are a key concern for every organization
today. As the development of more new technology
to make lives better increases, the chance of being a
victim of a cyber-attack is also on the rise as every system
supposedly has a vulnerability that attackers can exploit
to compromise the system for the purpose of stealing
information, demanding ransom, and to misinform the
public. With the increase in cyber threats that each
organization now has to deal with on daily basis, ranging
from phishing, distributed denial of service, rootkits,
man-in-the-middle, and a few others more. There is now
an urgent need for assistants who can help the security
analysts more proficiently and faster, and this led to the
involvement of artificial intelligence in cybersecurity that
can analyze data faster than humans could do and give
better predictions in the very shortest time possible.
IN THE AGE OF AI
Now in this age of artificial intelligence, where automation
has now become the essence of the fourth industrial
revolution, ranging from web search technology, human
speech analogy, self-driving cars, and a few others. There
is now a higher risk of the system being compromised.
As more systems are now automated, thanks to AI;
now there is also a greater need for its protection to be
automated as well. Many pieces of research have shown
that 2021 recorded the most cybersecurity attacks, and
this number is intensively expected to increase by the
end of 2022 with the majority global workforce grinding
away from the secure confines of a cooperative network as
recorded by Fortinet.
62
insights.pecb.com
While many are leaning towards learning, those on the HOW AI MADE CYBERSECURITY RELIABLE
part are becoming more advanced with new discoveries of
With the involvement of AI, the sustainability of
tools, libraries, and machines.
cybersecurity is continuously greatly improving. It has also
increased system reliability and dependability by helping
Back then, one can use any of the varieties of an antivirus
the system to behave as expected even when it processes
to repel attacks, but now, the attackers are also following
a false input (at least periodically).
trends by becoming smarter in their deployment and
using updated tools. With the help of an AI-based security On the other hand, AI helped in system response
system, an attack can now be detected and repelled advancement - most of the works done previously have
before it even gets to the system, and the data collected relied on applications, and sometimes they take a long time
from the attacks will also be useful in training the AI if it is to load or encounter loading failure due to low memory or
a supervised or a semi-supervised learning model. other possible reasons.
63
insights.pecb.com
But in this era of AI, most of the work is now done at a click
of a button (thanks to machine learning algorithms running
either on the machine or in the cloud, and its operation
consumes lower memory and performs more functions
at a shorter time frame). This machine learning model
understands the system that sends the request and what an
expected output is supposed to look like due to its ability to
read and understand the system’s data (for an unsupervised
T E C H N OL OGY
64
insights.pecb.com
DRAWBACKS OF AI ON CYBERSECURITY
While it is true that AI is a smarter machine that can process,
evaluate, and predict faster than human intelligence, it
requires constant updates and enhancement to meet up
with the current trends of attacks, and most times when
this is not done on time, the system can become more
vulnerable due to the AI model limitations to associate
with its usability. AI is not human; it is a machine trained
by a developer (supervised) or allowed to train itself with
available data (unsupervised) to recognize some particular
patterns or do certain tasks based on conditions. Due
to this, AI can raise false alarms when it discovers
discrepancies that are irrelevant as low as web traffic
or network instability, this may lead to the organization
making unnecessary moves to curtail a supposed attack
that never happened and that can even sometimes make
the system more vulnerable during the process of stopping
or discovering what never happened.
65
insights.pecb.com
from attackers now involves AI, and that has provided the
attacker with more influence to attempt to gain full or
partial control of the target systems remotely and went as
far as changing its behavior if necessary or desiring.
CONCLUDING OVERVIEW
Cyber infrastructures are now more exposed to diverse
interruptions and warnings that may be due to the
processing of complex information.
66
insights.pecb.com
We must fully agree that AI has helped advance the John A. Adeloye
field of security and provide some sophisticated ways of Python Developer | Web Developer |
analyzing, evaluating, predicting, and repelling an attack, Data Analyst | Data Entry Specialist
| CyberSecurity Personnel |
and due to this providence, old hardware conventional
Technology Write
cybersecurity measures are not adequate anymore in
fighting the ever-increasing cyber threats.
John graduated at Brigham Young
The existing cybersecurity methods are now becoming University-Idaho, Rexburg; Idaho.
obsolete due to ineffectiveness. The old common method He currently works as a research Assistant at Strategic
Alpha Investment Advisors Inc., Irvine; California. John is
of cybersecurity through firewalls now has limitations
a solution-driven programming analyst with measurable
in the security process. Therefore, there is now a heavy
experience in Data Analysis using Python Programming and
demand for efficient security measures to defend
Excel, Microsoft Power VI, and Tableau. Well-versed in all
against these newly modern clustered attacks as cyber
phases of Information Technology, and with a strong working
interventions that are carried out by intelligent agents are knowledge of algorithms. Proven success in engineering
not sufficient to meet the pace of these cyber threats, but customized solutions, data entry, computer networking,
also we should not quickly forget the challenges that lie in computer hardware and software, health and safety, and
fully relying on the AI to do all tasks that IT engineers are improving business processes, operations, and profitability.
expected to take care of. You can reach him at [email protected].
67
Certified
Lead Ethical Hacker
T E C H N OL OGY
68
Become a CMMC Certified
Professional
LEARN MORE
69
insights.pecb.com
Certification
O
rganizations today are facing fascinating, yet
distressing advancements of technology. The
evolution of technology and its wide application has
come with many limitations, challenges, and countless
sophisticated risks. The frequency of cyber-attacks has
grown exponentially during the last few years and hearing
news of big data breaches is becoming very common. In
order to protect and secure their cyberspace, organizations
must take preventive and safety measures. Cybersecurity
is considered to be in the top five ranked risks of 2022.
72
insights.pecb.com
5. Penetration Tester
73
insights.pecb.com
B Y P A B L O B A RRE RA
T
o talk about network security and management,
we need to split this subject into smaller bits of
information, concepts, and a bit of history. First, let
us go back to the concept of security and where it comes
from. Security is described as the state of being free from
danger or threats. Discussing a network free of dangers or
threats is something utopic and unrealistic, which is why
when we talk about network security we should focus on
reducing or controlling threats to an acceptable level to
the organization and its processes.
74
insights.pecb.com
The precious cargo we mention is data, sometimes sensitive We are changing the way we access our information and
and critical. And as we know from the basic cybersecurity how we share it. These new ways of being interconnected to
awareness courses, humans are the weakest link in the networks and how we work, consume, and share information
chain. Networks are now extended to places outside the provides a solid base to create new conversations, that we
physical constraints of an office or a corporate network, they as security practitioners, need to address and respond to
have extended to public Wi-Fi at coffee shops, our desktop or according to our organizational priorities.
dining table while doing home office, and even sometimes
the bench on a sandy beach while nomad working. We need to ask ourselves what new risks we face and if we
are ready to provide our organization and users with the
The way we use devices now, statistics are incredible, they right strategies, policies, processes, and technologies to
show that mobile devices represent about 68% of the total secure information and assets. Therefore, Network Security
traffic on different websites globally, and desktops are is still a growing and exciting field, with new strategies to be
becoming a thing of the past. developed, and new technologies to be invented.
75
insights.pecb.com
This expands the threat horizon even more, if our devices Is it a visibility problem?
are the “last mile” of our networks, it means that they are
We have discussed a bit about cybersecurity, network
an entry point to our network and our information.
security, and threats, and this discussion led us to
Another entry point that represents high risk and that understand that network security is not only a technology
sometimes we do not see as a real threat are suppliers. problem. As engineers, we say that the more information
Supply chain attacks have been in the news more recently we have, the better decisions we make. Visibility in the
and the impact we know is that those attacks can become networks is something all cybersecurity professionals
want to achieve, yet, how can we achieve visibility in an
T H E E XPE RT
76
insights.pecb.com
77
My ongoing time at PECB University is leaving me with
an open mind and critical important skills, particularly
in communication and project management skills,
which I have begun to deploy to my work. My vision has
broadened to the endless opportunities available to make
a difference in a field that is important to my career.
PETER OKOLOH
Executive MBA in Business Continuity Management
PREPARE FOR A BETTER FUTURE
INVEST IN KNOWLEDGE!
rograms
Cybersecurity
Governance, Risk, and Compliance
Business Continuity Management
insights.pecb.com
82
insights.pecb.com
83
insights.pecb.com
SPECIAL TH
TITANIUM
FRANCE
GOLD PA
e o A a
RC 658913
...promoting excellence and value
HANKS TO
PARTNERS
ARTNERS
85