#NSBCS.010 - From the desk of the CEO | Goals v Systems - The Quest for Cyber Resilience

Cyber Resilience
Written By Shane Bell

Source: NSB Cyber

 

From the desk of the CEO | Goals v Systems - The Quest for Cyber Resilience

by Shane Bell, CEO NSB Cyber

Now that (the southern hemisphere) summer holidays are over, it is cyber planning season. It is the time of year when those of us with cyber accountabilities and responsibilities set out our goals and map out our weeks, months, quarters and years.

This could be because you are also approaching your internal budget process and are looking for maximum funding (call me biased, but I think cyber budgets should grow year on year!), or it could just be because you have an existing program and you are in the midst of demonstrating ‘return on investment’ and progress against what you said we would achieve. No matter the reason, cyber planning season is in full swing for many.

So how has that gone for you historically? Are you a goals or a system person? Do other people put you in the motion or action category? Do you even know what I am talking about?

In all my years setting plans I have had varying degrees of success. Not in achieving the outcome (I am ex-military, we always execute!), but in how rewarding the process has been when I reflect each year, and therefore variability in how much I enjoyed the execution overall. Over time I have learnt that a goal signifies intent and is great, but if your system is no good, too hard, not fun or not repeatable (or habitual) then you either won’t achieve what you set out to achieve, or you will but you won’t have fun doing it at all.

I am reading a lot about burn-out in cyber at the moment, and maybe this is one of the contributing factors? Is it the systems that are flawed, or have lots of cyber folks just stopped having fun? It could be a bit of both.

For those that are avid readers, you may have picked up on some of my cues in this blog. There is a book out there (a NY Times bestseller no less!) that explains all of this far better than I can, called Atomic Habits by James Clear. Brilliant book, I read it many times a year and it is very applicable to cyber planning, as well as for managing and running cyber teams and programs. I highly recommend it (this is not an advert!).

Here are some teasers (that I have put in my own words based on my own interpretations) for those of you in the midst of cyber planning without time to read the whole book:

  • Goals are great, you should definitely outline them but then you need to think smaller. If you have no underlying system, your goal is irrelevant and you likely won’t achieve it. Invest all of your time in building your system.

  • Execution is critical. An idea without execution is just a thought, it is (basically) a dream.

  • Consistency is success all on its own. If you don't turn up, stuff just won’t happen.

  • Discipline is key, and is easier to master than you think by forming good habits.

  • Don’t be a motion person, be an action person. Get sh*t done!

  • If you don't enjoy it, you won’t do it for long or consistently. Make it fun.

  • Form a system that you can execute even on your worst day. Don't just plan for your best day, you need to be able to execute on your worst.

If Cyber Resilience is the goal, then what is the underlying system for getting there (not the framework, we all know what that is, but what is the actual measurable roadmap), what are the habits we (and others in our team) need to be able to execute and do we have them, and what does resilience look like on our worst day? All good questions to ask and I am sure you can think of many more.

Happy cyber planning and remember, No Steps Backward!

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

  • Citrix warns of new Netscaler zero-days exploited in attacks - Two new zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549 have been discovered in Citrix Netscaler appliances. These vulnerabilities impact the Netscaler management interface and can expose unpatched Netscaler instances to remote code execution and denial-of-service attacks. Only customer-managed NetScaler appliances are affected by the zero-days and Citrix is urging customers to patch their Netscaler appliances immediately. They have released patches for both vulnerabilities.

  • Atlassian warns of critical RCE flaw in older Confluence versions - Atlassian has warned of a critical remote code execution (RCE) vulnerability in older Confluence versions. This vulnerability is tracked as CVE-2023-22527 and could allow unauthenticated attackers to execute code remotely on affected systems. All Confluence versions before December 5, 2023 are affected by the vulnerability. However, Atlassian fixed the flaw in Confluence Data Center and Server versions 8.5.4 (LTS), 8.6.0 (Data Center only), and 8.7.1 (Data Center only), which were released in December.

  • Hackers Weaponise Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer - Cybercriminals have been exploiting a now-patched Windows vulnerability tracked as CVE-2023-36025 to install Phemedrone Stealer, an open-source information stealer. Phemedrone Stealer specifically targets data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord. The vulnerability allowed attackers to bypass security measures by tricking users into clicking specially crafted Internet Shortcut (.URL) files or hyperlinks pointing to them. During the attack, stolen data would then be sent to the attackers via Telegram or their command-and-control server, posing a significant security risk for cryptocurrency users.

  • US Gov Issues Warning for Androxgh0st Malware Attacks - The United States (US) government has issued a warning over Androxgh0st malware creating botnets that can target and identify vulnerable networks. This malware steals credentials from .env files and web applications containing sensitive data including credentials from Microsoft Office 365 and Amazon Web Services (AWS). The malware can also abuse the Simple Mail Transfer Protocol (SMTP) for scanning and exploit stolen credentials and APIs, and web shell deployment. Likewise, the Androzgh0st operators have been been using scripts to identify websites plagued by vulnerabilities including CVE-2017-9841, which is a PHPUnit bug that leads to PHP code execution via HTPP POST requests.

  • GitHub Rotates Keys to Mitigate Impact of Credential-Exposing Flaw - GitHub has rotated its keys as a precaution against a vulnerability tracked as CVE-2024-0200, that could have allowed attackers to gain remote code execution on unpatched servers. The vulnerability required authentication with an organisation owner role, but GitHub took steps to mitigate this risk through authentication requirements. Customers using GitHub’s commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys will need to import the new public keys. This is necessary to ensure that they can continue to use these features without interruption. The new public keys can be found in the GitHub Security tab.

References
https://www.bleepingcomputer.com/news/security/citrix-warns-of-new-netscaler-zero-days-exploited-in-attacks/ 
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/ 
https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html 
https://www.securityweek.com/us-gov-issues-warning-for-androxgh0st-malware-attacks/  
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
Shane Bell
Previous

#NSBCS.011 - Strategic & Operational Intelligence - What's right for your business?
Next

#NSBCS.009 - X Marks the Spot - Protecting your Digital Identity