The differences between Cyber Security Policy and IT Policy within an organization:

1. Cyber Security Policy: Purpose: A cyber security policy provides guidance to an organization’s employees on how to act to protect sensitive information and defend against cyber threats. Coverage: IT Security: It defines rules and procedures for safeguarding the organization against cyber threats. Email Security: Specifies acceptable use of corporate email systems to prevent spam, phishing, and malware. BYOD (Bring Your Own Device): Establishes rules for personal devices used for work, ensuring security requirements are met. Components: Acceptable Use of Corporate Assets Incident Response Plans Business Continuity Strategies Regulatory Compliance Plans Impact: Helps protect the organization, reduces risk, and enables effective incident response.
2. IT Policy: Purpose: An IT policy focuses on secure practices related to the organization’s information technology systems. Coverage: Servers Networks Systems Processing Information Components: Secure Policies for IT Infrastructure System Usage Guidelines Access Control Rules Data Protection Measures Impact: Ensures proper functioning, security, and compliance of IT assets.

In summary, while both policies contribute to organizational security, the cyber security policy specifically addresses cyber threats, while the IT policyencompasses broader aspects of information technology.

Please contact us at [email protected] should you like to know more.

Malaysia’s Cyber Security Act 2024 (Act 854) has significantly elevated the cybersecurity standards for National Critical Information Infrastructure (NCII) entities. To ensure compliance and safeguard sensitive information, organizations must implement robust cybersecurity policies. This article provides a comprehensive guide to designing and implementing effective cybersecurity policies aligned with Act 854.

3 Key Steps to Designing Effective Cybersecurity Policies:

1. Comprehensive Risk Assessment

• Identify Critical Assets: Determine the organization’s most valuable assets, including systems, data, and infrastructure.
• Assess Threats and Vulnerabilities: Conduct a thorough risk assessment to identify potential threats like cyberattacks, data breaches, and insider threats.
• Prioritize Risks: Rank risks based on their potential impact and likelihood of occurrence.

2. Policy Development and Implementation

• Policy Framework: Establish a comprehensive cybersecurity policy framework that covers all aspects of information security, including: Access Control: Implement strong access controls to limit unauthorized access to sensitive systems and data. Data Protection: Develop policies to protect sensitive data, including data classification, encryption, and secure data handling practices. Incident Response: Create a detailed incident response plan to effectively respond to security breaches. Business Continuity and Disaster Recovery: Implement measures to ensure business continuity and minimize downtime in the event of a cyberattack.
• Employee Awareness and Training: Conduct regular cybersecurity awareness training to educate employees about best practices, such as: Strong password hygiene Phishing and social engineering awareness Secure remote work practices Data handling and privacy

3. Continuous Monitoring and Improvement

• Security Monitoring: Implement robust security monitoring tools to detect and respond to threats in real-time.
• Regular Reviews and Updates: Conduct periodic reviews of cybersecurity policies and procedures to ensure they remain effective and aligned with evolving threats.
• Incident Response Testing: Conduct regular incident response simulations to assess the organization’s preparedness and identify areas for improvement.

Compliance with Act 854

To ensure compliance with Act 854, NCII entities need to:

• Appoint Information Security Officers in charge: Designate a CISO responsible for overseeing cybersecurity strategy and compliance and at least 2 office at working levels.
• Conduct Regular Cybersecurity Assessments: Perform regular assessments to identify vulnerabilities and potential threats.
• Implement Strong Access Controls: Enforce strong access controls to protect sensitive information.
• Data Protection and Privacy: Implement measures to protect personal data and comply with data protection regulations.
• Incident Response and Reporting: Establish effective incident response procedures and promptly report security breaches to relevant authorities.
• Cybersecurity Awareness and Training: Conduct regular cybersecurity awareness training for employees.

Conclusion

By following these guidelines and adhering to the requirements of Act 854, NCII entities can significantly enhance their cybersecurity posture and protect their critical infrastructure. Remember, cybersecurity is an ongoing process that requires continuous vigilance and adaptation to evolving threats.

In today’s complex digital landscape, the importance of comprehensive logging cannot be overstated. Logs serve as the digital equivalent of a black box recorder, providing invaluable insights into system behavior, user activities, and potential security incidents. Despite this, a startling number of organizations remain vulnerable due to inadequate logging practices.

The Silent Threat: Undetected Breaches

Recently, NetAssist did our own study of 117 organizations and we found out that a staggering 73% of organizations that suffered a data breach were unable to detect the compromise until it was too late. This alarming statistic underscores the critical role of effective logging in incident response. By meticulously recording system activities, organizations can identify suspicious patterns, detect anomalies, and respond swiftly to threats.

Moreover, the average time to detect a data breach is said to be more than 108days, according to some survey we gathered. This extended detection window provides ample opportunity for attackers to escalate privileges, exfiltrate data, and cause significant damage. Comprehensive logging can significantly reduce this timeframe by enabling early detection and containment.

The Challenges of Comprehensive Logging

Implementing a robust logging strategy is often hindered by various challenges. Resource constraints, including a shortage of skilled cybersecurity personnel, budget limitations, and technological complexities, can impede progress. Additionally, the sheer volume of log data generated by modern IT environments can overwhelm organizations, making it difficult to extract meaningful insights.

Our own survey found that 54% of organizations struggle with log management due to lack of skilled personnel, while almost half of then cite budget constraints as a major obstacle. Furthermore, the average organization generates more than 2 terabytes of log data per month, making it challenging to store, analyze, and retain this information effectively.

Building a Strong Foundation for Cybersecurity

To address these challenges and build a resilient security posture, organizations must prioritize comprehensive logging. Here are some essential steps:

• Identify Critical Assets: Determine which devices and applications are most critical to your business operations. Prioritize logging for these systems to ensure maximum protection.
• Centralized Log Management: Consolidate logs from various sources into a centralized platform for efficient analysis and correlation.
• Data Retention: Establish appropriate log retention policies to balance compliance requirements, incident investigation needs, and storage costs.
• Log Analysis and Monitoring: Implement advanced analytics tools to detect anomalies, identify potential threats, and generate actionable alerts.
• Incident Response Playbooks: Develop detailed playbooks outlining steps to be taken in response to different types of security incidents.
• Leverage Managed Security Services: Partner with a reputable managed security services provider (MSSP) to offload the burden of log management, analysis, and incident response.

The Power of Partnership

By entrusting log management to an MSSP, organizations can benefit from specialized expertise, advanced technology, and round-the-clock monitoring. MSSPs can help optimize log retention policies, develop robust detection rules, and provide expert incident response capabilities.

In conclusion, comprehensive logging is an indispensable component of a proactive cybersecurity strategy. By addressing the challenges and investing in the right solutions, organizations can significantly enhance their ability to detect, investigate, and respond to cyber threats. Partnering with a managed security services provider can be a game-changer in this endeavor.

NetAssist is committed to helping organizations build a strong security foundation through comprehensive logging solutions. Contact us at [email protected]today to learn more about how we can protect your business.

Over the years, I have been asking myself on how to have great work quality as a Cybersecurity Service Provider. This is a very important topic because it determines the survivability of the company. If our company are able to deliver good quality of services, we will enter into a good virtuous cycle where more customer will engage us and revenue will increase. We can then pay better to retain good employees and attracted more talents. And that will help us to gain even more customer and grow better.

As a cybersecurity service provider, maintaining high work quality is not only essential for client satisfaction but also critical for safeguarding digital assets. Here are some of the actionable steps to raise the standard of our services:

1. Continuous Learning and Skill Enhancement

• Develop a culture of continuous learning among all staff. Training other is a better way to learn. We will assign different staff to conduct periodical knowledge sharing to fellow members in order to provide avenue of training for presentations skill and sharing of knowledge with others.
• Encourage the team members to pursue certifications (e.g., CISSP, CEH, CompTIA Security+) and attend industry conferences.
• Stay updated on emerging threats, tools, and techniques through webinars, workshops, and online courses.

2. Robust Documentation and Reporting

• Document all assessments, findings, and remediation steps meticulously. And periodically audit the work to ensure continuous compliance of standards.
• Provide clients with clear, concise reports that highlight vulnerabilities, risks, and recommended actions. Incorporate elements of graphics, charts, pictures and tables to ensure easily comprehensions of the reports.

3. Effective Communication

• Regularly communicate with clients to understand their unique needs and concerns. Make it as a written communication is the most effective ways. Sending written summary to reconfirm the communications is very crucial to reduce mis communications.
• Explain technical concepts in plain language to bridge the gap between technical experts and non-technical stakeholders. Provide screen shorts, graph or demo as much as possible to illustrate.

4. Thorough Risk Assessments

• Conduct comprehensive risk assessments for clients, considering technical, operational, and business risks.
• Prioritize vulnerabilities based on impact and likelihood.
• Incorporate more other tools to see risk from different angle for example cyber risk scoring tools for 3rd part supply chain risks, darbweb crawling and etc.

5. Holistic Security Approach

• Move beyond vulnerability scanning and penetration testing. Consider wider coverage for example security architecture review, clouds security, API assessments, secure coding practices, employee training and etc.
• Adopt more other proven concepts for example Implement defense-in-depth strategies to protect against multiple attack vectors, conduct risk gap assessment using proven framework like ISMS, NIST and etc.

6. Review of Cyber Security Policy

• Advise clients to either establish or review their cyber security policy.
• Set up SOP to audit the security practices periodically.
• Help clients develop incident response plans.

• Conduct exercises to simulate real-world incidents and test response capabilities.

7. Ethical and Transparent Behavior

• Uphold ethical standards in all interactions.
• Be transparent about limitations, risks, and potential outcomes.

8. Collaborate with Peers and Researchers

• Engage with the cybersecurity community.
• Share threat intelligence and collaborate on research.

9. Client Education

• Educate clients about security best practices.
• Empower them to make informed decisions regarding risk management.

Conclusion

By consistently adhering to these best practices, We can enhance work quality, build trust with clients, and contribute to a safer digital ecosystem.

Remember, cybersecurity is not just about technology; it’s about people, processes, and a commitment to excellence.

In today’s complex threat landscape, enterprises often invest heavily in sophisticated security solutions like next-generation firewalls, intrusion detection systems (IDS), endpoint detection and response (EDR), and intrusion prevention systems (IPS). While these tools provide a robust defense, they may be overlooking a critical vulnerability: the Domain Name System (DNS).

DNS, a foundational component of the internet, was designed for a much simpler era. Its inherent trust and vulnerability have made it a prime target for malicious actors. By exploiting DNS queries and responses, attackers can exfiltrate or infiltrate sensitive data undetected.

One common tactic is DNS tunneling. This involves concealing malicious traffic within legitimate DNS requests, allowing attackers to bypass traditional security controls. Techniques like slow drip, IP spoofing, and the use of multiple DNS record types further obfuscate these attacks.

A recent DNS security survey revealed the alarming prevalence of this threat: 46% of respondents experienced DNS exfiltration, and 45% encountered DNS tunneling. These statistics underscore the urgent need for organizations to address this overlooked vulnerability.

Recommendations to Mitigate DNS-Based Threats:

1. Conduct a Comprehensive Assessment: A thorough security assessment can identify potential vulnerabilities in your DNS infrastructure and highlight areas that may be susceptible to exploitation.
2. Implement Robust DNS Security Solutions: Consider investing in specialized DNS security solutions that can detect and prevent DNS tunneling, exfiltration, and other malicious activities.
3. Educate Your Staff: Raise awareness among employees about the risks associated with DNS-based attacks and provide training on best practices for identifying and reporting suspicious activity.
4. Partner with a Trusted Managed Security Services Provider (MSSP): An MSSP can offer expert guidance, monitoring, and incident response capabilities to help protect your organization from DNS-related threats.

By taking proactive steps to secure your DNS infrastructure, you can significantly reduce your risk of data breaches and other cyberattacks. Contact us today to learn more about how our managed security services can help safeguard your organization from the silent threat of DNS tunneling.

NetAssist as a MSSP that focus on Security Operation Center (SOC) Service, often received questions about what type of cyber threats a SOC can detect. The types of Cyberattacks a Security Operations Center (SOC) can detect should be categorized into a few groups:

Network Intrusions:

• Malware: SOCs constantly monitor for viruses, worms, Trojans, ransomware, and other malicious software infiltrating networks and endpoints.
• Phishing: Phishing attacks aiming to steal credentials or lure users to vulnerable sites are identified through suspicious email patterns and network traffic analysis.
• Botnet activity: SOCs track for signs of compromised devices participating in botnets, often used for DDoS attacks or spam distribution.
• Zero-day exploits: SOCs monitor for signs of attackers leveraging unknown vulnerabilities in systems or software before patches are available.

Data Breaches:

• SQL injection attacks: SOCs analyze database activity for suspicious queries that attempt to steal or manipulate data.
• DDoS attacks: SOCs detect sudden spikes in network traffic aiming to overwhelm and crash servers.
• Man-in-the-middle attacks: SOCs monitor network traffic for signs of attackers intercepting and tampering with communication.
• Data exfiltration: SOCs watch for unauthorized data transfers out of the network, indicating potential data breaches.

Social Engineering:

• Whaling attacks: SOCs analyze email communication for tactics targeting high-profile individuals for financial gain or information theft.
• Business email compromise (BEC): SOCs watch for spoofed emails impersonating legitimate individuals to trick employees into transferring money or sensitive data.
• Social media scams: SOCs monitor employee social media activity for signs of engagement with phishing attempts or fake profiles used to gather information.

Beyond these categories, SOCs also detect:

• Insider threats: Malicious or accidental activity by authorized users that could compromise system security.
• Denial-of-service (DoS) attacks: Attempts to overwhelm systems with traffic, making them unavailable to legitimate users.
• Zero-day attacks: Novel attacks exploiting previously unknown vulnerabilities.

Please reach out to us at [email protected]if you are keen to know more.

#SOC #securityoperationcenter #cyberattacks #mssp