XDR and cybersecurity threats…
XDR and Open XR are latest innovations in the cybersecurity toolkit for crime prevention.
Cybersecurity products-software and hardware protect the computer network from unauthorized access, modification, destruction, and misuse. Cybersecurity products protect assets on the network:
XDR – extended or Everything Detection and Response – is a single platform that unifies detection and response across the technology security chain. XDR unifies the telemetry in a single dashboard. Advanced products such as XDR can correlate and analyze threats with recommendations about how to neutralize them. XDR is a single, stand-alone solution that offers integrated threat detection and response capabilities, that offers threat detection and response functionality across endpoints, networks, and cloud computing environments. XDR features incident correlation, built-in automation, multiple streams of telemetry, multiple forms of built-in detections, and multiple methods of response.
Open XDR was initially created by Stellar Cyber, the platform is open and can integrate with third-party security tools. Some components are built-in, and others are added through third-party integrations. The Open XDR relies on a wide ecosystem of third-party tools for telemetry sources and response, who do not offer any built-in components. Open XDR also allows companies to leverage existing investments while making them more valuable by automatically correlating their data with data from other tools and sensors, to work seamlessly with other third party technologies.
More advanced Open XDR platforms leverage AI and machine learning where instead of managing thousands of alerts from a dozen or more tools, XDR combines cyber alerts into high-level incidents and automatically dismisses alerts based on what it picks up as normal behavior in a given environment.
Reference
Cybersecurity Magazine, March 15 2022. By Steve Garrison who works at http://stellarcyber.ai.
Classification of cyberattacks.
Technological advances have resulted in organizations digitalizing many parts of their activities. The threat landscape of cyberattacks is rapidly changing and the impact of such attacks is unknown due to lack of effective metrics, tools and frameworks to assess harm from cyber-attacks. This paper reflects on the literature on harm, from disciplines such as criminology and economics, and investigates how risk and impact relate to harm. Based on an extensive literature survey the study identifies various types of harm to create a taxonomy of cyber-harms encountered by organizations. This taxonomy comprises five broad themes: physical or digital harm, economic harm, psychological harm, reputational harm, and social and societal harm. In each of these themes, the paper presents several cyber-harms that result from cyber-attacks. To provide initial indications about how these different types of harm are connected and how cyber-harm in general may propagate, in real-world Sony, JPMorgan and Ashley Madison provide a good real world scenario. Analytical tools for organizational cyber-harm, based on a taxonomy does help crime prevention. These would allow organizations to identify corporate assets, link these to cyber-harm, measure such harms and, finally, consider the security controls needed for the treatment of harm.
Technological advancements have forced organizations to digitalize parts of their functionality. While investments in IT may result in profit and prosperity, cyber-attacks are always possible. The threat landscape of cyber-attacks is changing and the impact of such attacks is uncertain. There is a lack of effective metrics, tools and frameworks seeking to understand and assess the harm organizations face from cyber-attacks.
According to CUNA organizations are not incentivized to prioritize security. It is of paramount importance for board members to obtain a comprehensive cost-benefit analysis on how cutting-edge technologies and investments in implementing strong cybersecurity practices may hedge the risk of a cyber-attack and its harmful impact. Organizations lack sufficient models to estimate the harm, direct and indirect, from cyber-attacks. What is further evident from our analysis of the case studies is that organizations remain oblivious to the harms that consumers or their employees experience. Therefore, it is impossible without a complete understanding of all possible attacks, for organizations to prioritize controls to eliminate such harms. Current practices that companies adopt, calculate the harm from a cyber-attack or estimate financial damages from the stock-market exchanges. Indirect harms resulting from cyber-attacks and indeed harms that consumers experience; may have longitudinal effects.
Based on a thorough literature review on analyzing a series of cyber-incidents, the study presents a taxonomy of cyber-harms aimed at providing further insight into the direct and indirect harms which organizations and individuals undergo. The study proposes taxonomy that provides the essential broad knowledge of harms for organizations, enabling them to consider indirect harms to consumers and other corporate and non-corporate actors, as well as shift the current tendency of organizations to remain inactive or tolerate harms which impact non-corporate sector. The reality is that cyber-attacks can have much more significant and long-lasting damage beyond what is perceived. The proposed taxonomy in the study would help to elucidate these, and thereby support better decision-making in risk management and the selection of security controls.
Such a taxonomy elucidates key aspects of cyber-harm for organizations, A key activity, therefore, is further expansion of the taxonomy, and characterization of more rigorous and useful harm quantification metrics and magnitudes.
Although there has been significant research in the space of understanding the impact of cyber-incidents, as discussed in previous sections, the lack of a model which can support analytics regarding the detection, measurement, prediction and prioritization of cyber-harms is evident. The taxonomy developed and presented in this article is important for the creation of such a model, which can then underpin analytics—such analytics include a more functional understanding of how one might go about modelling the interconnections that exist between harms, and so the possible cascading effects.
Such an approach encourages organizations to focus on their core assets, and think beyond current threats to consider the full range of harms that might potentially result to assets. Reflecting on the taxonomy and the case studies presented in the study, such a model should comprise six different stages in defining and assessing the notion of cyber-harm. These are: identifying core assets; identifying direct harm to assets; determining the stakeholders that hold an interest in direct harm; identifying different types of cyber-harm occurring from the direct harm; measuring the overall indirect harm (i.e. propagating harm) for all the stakeholders; and understanding this variety of cyber-harm and security controls in place that might be able to treat it.
Every stakeholder may perceive or experience harm differently, and the consequences of cyber-attacks should be assessed based on their views, resulting in the existence of different perspectives to quantify cyber-harm. As technologies such as the IoT and Artificial Intelligence (AI) mature and become widely deployed, and organizations look to manage risk—be it through internal methods or investment in cyber-insurance. The study suggests that majority of successful cyber-attacks exploit well-known vulnerabilities and the inertia of organizations to provide appropriate cybersecurity policies due to the misconception of the risks that emerge. It is, therefore, crucial for board members to obtain an accurate estimate of direct and indirect harm from cyber-attacks before reconsidering the threat landscape the company faces.
Reference
Ioannis Agrafiotis, Jason R C Nurse, Michael Goldsmith, Sadie Creese, David Upton
Journal of Cybersecurity, Volume 4, Issue 1, 2018.
CyberSec101: 
Leave a comment