Cyberattacks waged by organized crime groups are simultaneously targeting a wider array of industries worldwide, which is why cross-industry threat information sharing is more critical than ever, says Brian Engle, executive director of the Retail Cyber Intelligence Sharing Center.

While attacks targeting the financial services sector and other business sectors may go after different information, the tools and methods of attack used are basically the same, he says. "We are seeing a lot of the same types of threats across healthcare, aviation and, to a degree, even the automotive industry," Engle says during this interview at Information Security Media Group's recent Fraud & Breach Prevention Summit in London.

"We're definitely seeing an organized element of criminal behavior that is able to leverage common infrastructure and tools and toolsets," Engle explains. "The number of organizations that can be attacked concurrently, and somewhat arbitrarily by industry type, is increasing. ... But information, in general, is being exfiltrated from organizations, whether it's healthcare, retail or financial services - and that's happening with ... a capability that is really staggering."

International Collaboration

As head of the information sharing and analysis center for retail organizations, Engle says he's pushing for more cross-industry collaboration and threat-intelligence sharing that spans international borders.

"The threats that we're seeing are definitely not divided by boundaries of borders or even oceans," he says. "We definitely see that the operations of U.S.-based entities are affected by the same threats as those that are operating overseas."

R-CISC has been working with the financial-services sector for the last two years to enhance and automate cross-industry information sharing. Now Engle says it's time to expand that sharing into other sectors, which he hopes, in time, will be facilitated more through governments.

During this interview (see audio link below photo), Engle also discusses:

In his role as executive director, Engle supports the R-CISC's mission of sharing cybersecurity information and intelligence. He also leads the Retail and Commercial Services Information Sharing and Analysis Center. Engle serves as an advisory partner on the leadership team of the ISAO Standards Organization. He previously served as CISO and cybersecurity coordinator for the state of Texas, CISO at the Texas Health and Human Services Commission, CISO at Temple-Inland and as manager of information security assurance at Guaranty Bank.

Legislation , Privacy

Britain has enacted a new mass surveillance law that continues to draw criticism from privacy advocates. The Investigatory Powers Act 2016 was passed by Parliament and signed into law by the Queen this week.

See Also: API vs. Proxy: Understanding How to Get the Best Protection from Your CASB

The home secretary, Amber Rudd, hailed the IP Act using typical political bravado, lauding it as "world-leading legislation" providing "unprecedented transparency and substantial privacy protection" while allowing police and intelligence services to better battle terrorists.

But the new law enshrines the government's right to "bulk data collection" despite the EU's high court ruling that such untargeted collection violates human rights. And the inventor of the world wide web, Tim Berners-Lee, has slammed the new law, calling it a "security nightmare."

"This Snooper's Charter has no place in a modern democracy - it undermines our fundamental rights online," he tells the BBC. "The bulk collection of everyone's internet browsing data is disproportionate, creates a security nightmare for the ISPs who must store the data - and rides roughshod over our right to privacy. Meanwhile, the bulk hacking powers in the bill risk making the internet less safe for everyone."

Many privacy rights groups, which have been fighting the bill every step of the way, also remain concerned. Jim Killock, executive director of the Open Rights Group, has branded the IP Act as "one of the most extreme surveillance laws ever passed in a democracy," noting that it gives "police and intelligence agencies ... unprecedented powers to [monitor] our private communications and internet activity, whether or not we are suspected of a crime."

Numerous privacy experts predict that the bill will now be used by authoritarian regimes to justify their own domestic surveillance regimes.

The #snooperscharter is now law. If you wish to show your opposition to such extreme surveillance just send an email to, well, anyone really

Petition Seeks Overturn

A Parliament petition calling for the law to be repealed now has more than 140,000 signatures, which will require Parliament to consider debating the measure.

The Home Office has already responded to the petition, claiming that the new law was subject to "unprecedented scrutiny prior to and during its passage" and that more than 1,700 amendments to the bill were proposed and debated this year.

"The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers," it claims. "It protects both privacy and security and underwent unprecedented scrutiny before becoming law."

If At First You Don't Succeed

This wasn't the first attempt by the government to push through the controversial law, which has been branded the Snooper's Charter by critics because of its focus on giving the government greater surveillance powers (see UK Debates Rebooted "Snooper's Charter").

The bill was first proposed by former Home Secretary Theresa May, who's now the country's prime minister. Critics say its passage may have been aided by Parliament's focus on Brexit.

The government says some provisions contained in the new law will need to be extensively tested and won't take effect for some time. But other parts of the law will take effect almost immediately. For example, before Dec. 31, when the current Data Retention and Investigatory Powers Act 2014 expires, ISPs and mobile phone services will be required to retain for 12 months the internet browsing, voice call, email, text, internet gaming and mobile phone usage records for every subscriber.

Backdoors Subvert Security

The new law also gives the government the power to demand that companies that do business in Britain weaken their crypto, on demand. That led many technology giants - including Apple, Facebook, Google, Microsoft, Twitter and Yahoo - to warn Parliament earlier this year that the bill stood to undermine personal security.

In particular, technical capability notices, as defined under clause 217 of the bill, can be imposed on any telecommunications operator, requiring them - in the bill's language - to remove any "electronic protections" on encrypted communications. The government can also legally prevent the organization from publicly discussing that it's been served with such a notice.

But strong crypto - meaning any strong encryption scheme with no backdoors - is essential for helping individuals, organizations and governments defend themselves against everyone from corrupt law enforcement agents and cybercriminals to foreign powers and bored teenagers.

"What a lot of politicians and lawmakers fail to understand is that if the U.K. government has a backdoor into encryption software, so does every other government on the planet," Dublin-based cybersecurity expert Brian Honan tells me. "So that means the Chinese, the Iranians, the North Koreans can get to that data. And they may not have the same qualms or structures in place to make sure that only authorized people get those keys or those keys are only used under certain conditions."

Thus, while the British government trumpets that its new surveillance law will help to better battle criminality and terrorism, if the government uses the law to weaken crypto by demanding backdoors, then it stands to make us all less safe.

Awareness & Training , Continuous Monitoring , Cybersecurity

By identifying steps in the attack chain, you can deploy appropriate defenses at each stage to prevent breaches from happening in the first place.

When dealing with attacks against the enterprise, many people might not realize that the actual infection is only one part of a chain of events leading up to a network breach. In this blog, we're going to break down the attack chain, link by link, and tell you how to prevent a breach at each step.

1. Profiling

The first thing an attacker will do is profile your machines to determine whether they should launch the attack or not. They'll check your OS, your browser, plugins, IP address, and what security products you have installed. They can do this via malvertising exploit attack, which employees can be exposed to by simply visiting a popular news site.

In addition, cybercriminals will identify the low hanging fruit in the form of employees who post their role within the company and details of their job on unsecured social media pages. This information can be used to quickly identify a user who would fall for a specially crafted spear-phishing attack.

2. Delivery

The next stage of an attack is the delivery. In the malvertising example, once the attacker determines you're an interesting target, they'll redirect you to the exploit landing page. In the case of spear phishing, the specially crafted email will appear to come from a trusted source, usually including a link or malicious attachment.

3. Exploitation

After the attacker determines you're an interesting target and they've redirected you to the attack server, the attack server will exploit your browser and your Flash or Word applications to deliver and remotely execute the malware payload.

4. Payload Execution

Once on the system, and depending on the malware used, the attacker can accomplish any number of nefarious tasks, including installing additional malware, identifying networked drives and important files, ransoming important business files using ransomware, and of course obtaining network admin credentials through privilege escalation.

5. Malicious Behavior

Finally, the attack reaches its apogee, which in many cases is completely compromising the network to steal data, disrupt operations, or establish a pivot point to enter the networks of other organizations. This stage is where the breach occurs, and if an attacker has made it this far, it's usually game over.

Disruption

Understanding the attack chain means that you know that while there are multiple ways in which your network could be compromised, there are also multiple ways to disrupt the actual attack.

By advising your employees to lock down their social media profiles and be aware of what kind of information they are posting online, you can greatly reduce the information criminals have at their disposal when profiling a target.

Providing educational training for your employees on how to identify and confirm spear-phishing attacks, as well as employing the use of anti-exploit technology to prevent drive-by malvertising attacks, can disrupt the delivery phase. These same tips, combined with real-time malware protection technology that detects and blocks malware as it executes, can greatly reduce the risk from spear phishing and drive-by exploits.

It is also a good idea to start investing in specialized anti-malware tools such as anti-ransomware technology, which actively hunts for ransomware-like behavior and kills any applications identified as ransomware. This kind of technology protects your organization against both malware that the security community knows about as well as the stuff that hasn't even been compiled yet.

It's important not only to understand the layers and precautions needed when it comes to developing a solid network security plan, but also to understand what methods attackers will use to find the holes in your armor and exploit your vulnerabilities. By identifying steps in the attack chain, you can deploy appropriate defenses at each stage to prevent breaches from happening in the first place.

The surprise election of Donald Trump as the 45th U.S. president is still sinking in for his supporters, opponents and the rest of the world. Over the next four years, Trump's administration will have vast influence over privacy, surveillance and data security. Fearing the worst, the Internet Archive, a nonprofit organization based in San Francisco, has started a fundraising campaign to set up a replica of its archive in Canada.

See Also: 12 Top Cloud Threats of 2016

Since launching in 1996, the Internet Archive has amassed one of the largest digital archives of publications, movies, software and books. It also runs the Wayback Machine, which saves 300 million web pages per week; it's one of the few services that index screenshots of web pages for posterity. Brewster Kahle, the internet entrepreneur who started the archive, envisioned the project as a way to partially preserve the ever-morphing web.

But Kahle believes that the Internet Archive may be threatened by Trump, particularly if he loosens libel laws, giving people greater power to force the removal of material online that they don't like. Accordingly, the Internet Archive is seeking donations to replicate its 20-petabyte archive on Canadian soil in a move that he believes would help shield it from U.S. government influence.

The election was "a firm reminder that institutions like ours, built for the long term, need to design for change," Kahle writes in a blog post.

There's historical precedent for libraries disappearing, Kahle notes, citing Egypt's Library of Alexandria, which was lost to fire in a period of war.

The project to establish a repository called the Internet Archive of Canada would cost millions, he says, but allow the archive to withstand the uncertain political future in the U.S. "For us, it means keeping our cultural materials safe, private and perpetually accessible," he adds. "It means preparing for a web that may face greater restrictions. It means serving patrons in a world in which government surveillance is not going away; indeed it looks like it will increase."

The Ephemeral Web

Presumably, the Internet Archive has backups in place. But war and natural disasters aside, Kahle says deeper, intentional actions have previously affected libraries, citing in particular "legal regimes" and "institutional failure."

"Throughout history, libraries have fought against terrible violations of privacy - where people have been rounded up simply for what they read," he writes. "At the Internet Archive, we are fighting to protect our readers' privacy in the digital world."

Never before have humans had so much access to information than through the capabilities of the internet. And never before have governments, spies, cybercriminals and others been able to exploit it for profit, surveillance and influence. This year's presidential election showed that that real battleground was the internet, where the lines between fact and fiction were always open for debate.

Fake News Surges

One hallmark of the recent U.S. presidential election was that policy discussions faded into the background as Russian hackers essentially fed news cycles with steady streams of confidential emails that largely amounted to inconsequential fluff. Although hard to quantify, the influence of fake or questionable material presented as legitimate news undeniably tilted perceptions, and is now prompting soul-searching by the likes of Facebook and Google over how to reengineer their systems to avoid them being used for gross manipulation of the public.

That's one reason why the Internet Archive's Wayback Machine is so important: it captures what's been on the web, before it has been modified or disappears. I've used it countless times as a journalist. While its snapshots are often too infrequent for my liking, it's often still an indispensable research tool.

Change is Constant

The internet is in a constant state of revision, from vanishing tweets to slight word changes in corporate blog posts. I've long since learned to compulsively make PDFs of web pages that even have a hint of controversy since - in a blink - they're destined to vanish. Thus there's great value in having a reliable repository for showing just how something appeared online at a certain point in time.

Now, Kahle is preparing for a dark future that hopefully will not come to pass: widespread censorship or restrictions on access to information within the United States. This is not uncommon in other parts of the world, and one needs to look no further than at the long list of authoritarian regimes that closely monitor what content is viewed and transmitted on their domestic internet.

Kahle's worries may seem extreme or perhaps even unfounded, given America's history. But from a technology standpoint, his plan is well-grounded in common sense and well-tested IT maxims: Back up frequently, and keep those backups in different places, to guard against unexpected events. Because who knows what the future holds?