BREACHES AND INCIDENTS

 

November 24th 2023. A ransomware attack on London & Zurich, a major direct debit provider based in Solihull, UK, has resulted in significant operational disruptions, causing customers to face six-figure backlogs.

The attack led to system outages, compelling at least one customer to secure a short-term loan due to cash flow difficulties. During the crisis, customers struggled to access support services, often encountering unresponsive phone lines. London & Zurich has not provided specific details to The Register regarding potential data breaches, the identity of the attackers, the breach method, or the attack's inception.

The incident affected only one system environment, which is now reconstructed in a new, secure setting. The company's API service is fully operational, with final tests being conducted on two remaining service areas. 

My Thought Process:

                                          Situation

London & Zurich experienced a ransomware attack starting November 10, leading to prolonged service outages and significant operational disruptions. This has resulted in substantial financial backlogs for its customers, with one managed service provider (MSP) reporting a backlog of over $124,000.

                                          Background

The company confirmed the ransomware attack on its website four days after the outage began. Communication from London & Zurich has been infrequent and unclear, causing confusion and additional difficulties for customers. The inability to process direct debit payments has severely impacted customers, including the MSP, which is facing challenges in making payroll and covering operational expenses.

                                                Findings

The incident reveals weaknesses in London & Zurich's cybersecurity defenses and crisis communication strategies. The financial strain on customers, especially smaller or debt-leveraged companies, is significant. There's a possibility that there might be a breach of PCI DSS compliance.

                                                   Impact

Immediate impacts include operational disruption, financial strain on clients, and reputational damage to London & Zurich. Long-term impacts could involve legal and regulatory repercussions, especially if there was a failure to protect customer data adequately.

                                                 Likelihood 

The likelihood of ransomware attacks is high in the current digital landscape, particularly for financial services providers.

                                                 Recommendation

Compliance Alignment: I would ensure that all measures comply with relevant data protection and financial regulations. This could include GDPR for data breach notifications and financial regulatory standards for operational resilience.

Enhance customer support capabilities to handle increased inquiries during crises.

Strengthen cybersecurity infrastructure to prevent similar attacks. Improve crisis communication plans to provide clear, frequent updates during outages.

Document training and awareness among employe

Referencing: https://cyware.com/cyber-security-news-articles

CLOUD SECURITY ANALYST

 

As a cloud security analyst, key points to always remember:

How to monitor API calls- AWS cloud trail.

Cloud Trail provides an audit trail of API calls and user activities for inspection. It shows precise events and changes initiated on AWS resources which is critical for security analysis and meeting compliance needs.

How to monitor applications and performance-AWS cloud watch. CloudWatch provides operational visibility through system and application performance monitoring, collecting metrics, logging, and triggering actions based on defined alerts. It gives insight into overall infrastructure health

Where are logs stored- AWS cloud watch. Tools like CloudTrail, Config, VPC Flow Logs, API logs, and custom app logs can feed into CloudWatch.

Logs can be analyzed in CloudWatch Insights or sent to services like Elasticsearch for retention, metrics, dashboards, and complex search.

RISK APPETITE

 

What defines a robust risk appetite? Firstly, it aligns closely with the business strategy. It incorporates both qualitative statements and quantitative metrics, along with exposure limits. Additionally, it adjusts to evolving circumstances, changes in business objectives, variations in skills, and resource availability. The more clearly defined your risk appetite and tolerances are, the more effectively you can optimize risk-reward outcomes and strategically leverage risks. 

                           Challenges in Real Workplace

Risk Appetite and Supply Chain

                                      Challenge 

Aligning Risk Appetite with Evolving Global Supply Chains

Example: An enterprise manufacturing smartphones sources components globally. Its risk appetite allows moderate risks in procurement to reduce costs. However, geopolitical tensions in a supplier country escalate, threatening supply chain stability.

                                   Likelihood Analysis

Moderate to High, as geopolitical tensions are unpredictable but not uncommon.

                                              Impact

High, as supply chain disruptions could lead to production delays, increased costs, and potential market share loss.

                                 Frameworks to Consider

ISO 31000 (Risk Management) and Regulatory Compliance: Controls from regulatory requirements GDPR for data protection, SOX for financial reporting.

                                          Gap Analysis

Conduct a gap analysis to identify areas where your current controls might not fully address the identified risks.

Cross-Functional Integration.

We continuously monitor. Regularly review and update the control mappings to reflect changes in the business environment and emerging risks.👌

The NIST CSF 2.0

 

The NIST Cybersecurity Framework, with its six pillars, is a dynamic document designed for continuous refinement and improvement. NIST is committed to integrating stakeholder feedback to adapt to the ever-changing cybersecurity landscape. Currently, NIST is actively developing CSF 2.0, a substantial update aimed at enhancing the framework for more effective cybersecurity risk management.

CSF 2.0's Governance domain addresses issues of accountability, confusion, and inefficiency in our environment. It emphasizes leadership and oversight, tied to finance, to establish and monitor the organization's cybersecurity risk management strategy, expectations, and policy.

The six pillars of NIST 2.0 are:

GOVERN: Establish and monitor the organization's cybersecurity risk management strategy, expectations, and policy.

IDENTIFY: Determine the current cybersecurity risk to the organization.

PROTECT: Use safeguards to prevent or reduce cybersecurity risk.

DETECT: Find and analyze possible cybersecurity attacks and compromises.

RESPOND: Take action regarding a detected cybersecurity incident.

RECOVER: Restore assets and operations impacted by a cybersecurity incident.

The release of the public draft is a significant milestone, providing organizations with the opportunity to contribute input before NIST finalizes the framework for anticipated publication in 2024.

Referencing : https://csrc.nist.gov/Projects/cybersecurity-framework/Filters#/csf/filters