Cyber Security Today, Week in Review for the week ending Friday, March 24, 2023

Cyber security today podcast with Howard Solomon and Terry Cutler

The following is an edited transcript of one of the topics in our discussion. For the entire conversation, play the podcast)

Howard: I want to touch on a report issued last month. It was published by the U.S. Cybersecurity and Infrastructure Security Agency on a red team assessment of an unnamed critical Infrastructure organization. A red team is a penetration test team for those who don’t know. A blue team is the defenders. The agency produced a detailed report showing all the steps the red team took to get around this organization’s defences. So, for IT and security teams, it provides many valuable lessons, and I think it’s worth reading.

Terry Cutler: This report highlights the importance of identifying and addressing vulnerabilities promptly — and that’s the keyword: timely — as well as the effectiveness of the incident response and recovery teams. We have to test all the time. Let’s say an outsourcing provider is monitoring a company. The company is always on their toes. 

When they engage teams to do penetration tests unannounced and start attacking the IT system, they expect a phone call from the managed provider. But often, it doesn’t come because they’re not watching the environment properly. Many companies invest in traditional technology — a firewall, an antivirus, and encryption and think they’re safe. 

But they don’t have proper detection technology to know that a hacker bypassed defences, got into the environment, and has been lingering there for six to 18 months before being detected. In the worst case, they don’t have a proper response plan to get the attacker out. So, by performing these types of exercises, we [penn testers] can light up the dashboard to see what’s working and what’s not. 

Another type of test that would complement or replace a penetration test could be an adversarial test. It’s where we would come in with specialized software That could mimic a ransomware attack, a vertical or lateral escalation in an environment or even privilege escalation attacks.

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.