SANS Experience Sharing Event

3 min leestijd

The Cyber Security Coalition and top cybersecurity trainer SANS  Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.

On cloud security and the Ukraine war

If there were ever two hot topics… The Cyber Security Coalition and top cybersecurity trainer SANS  Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.

Design for growth

A trek to the cloud does not absolve companies from the need and obligation to maintain secure information environments, particularly regarding the care for data. In his ‘Where does the data go?’ presentation, Simon Vernon, head of R&D at SANS Institute EMEA, points out that in the cloud, companies lose the erstwhile clear control over data – including sensitive data – of ‘on premise’ environments. Gone are the classic lines of defence, with a company’s ‘ID and Access Management’ (IAM) system becoming the new perimeter, in operationally dynamic systems.

Vernon stressed the importance of understanding and using available tools in AWS and Azure, in order to find the whereabouts of data and tracking the related processing paths. As well as the need to check how this data infrastructure is fused into the solution and code (e.g., in order to avoid forgetting authentication etc.).

To avoid data disasters, cloud solutions “must be designed for security, with an appropriate architecture with growth in mind.” This implies a strategy related to tracking data, as an element in the management structure of the environment. In one example, while reviewing an implementation, Vernon found out that a company was unknowingly replicating health-related data across a multitude of systems…

Bottom line: going ‘cloud’ isn’t simply a matter of throwing an on-prem solution over the wall. It requires solid attention to strategy and architecture, with the use of all available resources to stay on top of what’s going on in your cloud environment.

Stay calm and carry on

The war in Ukraine is also being fought on the cybersecurity battlefield, stirring fear regarding digital safety in government and industry organizations. Kevin Holvoet, lead van het Threat Research Centre of the CyTRIS department at the Centre for Cyber Security Belgium (CCB), provided in his ‘What can we learn from the war in Ukraine?’ presentation some thoughtful and very welcome insights and recommendations.

As the national authority for cybersecurity in Belgium and recipient of a wide variety of shared information, the CCB is well placed to restore some peace of mind.

Indeed, while Russia focused its cyberwar efforts on Ukraine, an overview of attacks indicates that Western countries and companies were by and large not afflicted, except for some indirect impact (e.g., loss of communication with wind power generators because of the Viasat attack). Some government organisations and companies were targeted because of statements or actions (e.g., withdrawal from the Russian market), with the publication of company and people information considered as potentially a more serious danger.

Actually, some usual threats, such as ransomware, decreased in number. However, a significant increase in espionage efforts was reported in Belgium and the rest of Europe, including attacks on information regarding Ukraine. Several groups of hacktivists also announced they were taking action (with announcements by Belgian actors quickly being quashed by the CCB). Clearly, not all activity, whether or not targeting Ukraine, originates from Russia.

Kevin Holvoet also warns against focusing all efforts on Ukraine-related threats, while neglecting other ongoing threats (e.g., a number of APT groups; new banking Trojans; access information being sold by Initial Access brokers; etc.).

Some conclusions: the rest of Europe was not the focus of Russia; information warfare is waged by both sides; most attacks were preceded weeks or months by preparatory activities; criminals and hacktivists align with one or the other side; and decisions and/or statements can change the hostile intent of actions.

Kevin Holvoet strongly recommends to keep calm, analyse all information and not to react crazily. “Keep doing what you’re doing,” “stick to your security plan” and “sit together with your risk management group, and learn from each other.”

And do consult his presentation for the interesting list of information sites!


On the picture: Tony Okeefe (SANS EMEA), Christian Mathijs (Cyber Security Coalition), Simon Vernon (SANS EMEA), Kevin Holvoet (CCB)

(Visited 167 times, 1 visits today)

About the author

Guy Kindermans is a freelance journalist, specialized in information technology, privacy and business continuity. From 1985 to 2014 he was senior staff writer at Data News (Roelarta Media Group).