Here is a summary of a GenAI Cybersecurity memo from the perspective of a CISO at Highgate Cyber Security:

Memorandum

To: Highgate Cyber Security Leadership Team
From: S Alexander, CISO team
Date: November 9, 2024
Re: Key Insights from SlashNext Phishing Report 2023 – Increasing GenAI Cybersecurity threats

The newly released SlashNext Phishing Report highlights several concerning GenAI related cybersecurity trends that I believe warrant our attention as leaders of Highgate Cyber Security.

The rapid proliferation of generative AI technologies like ChatGPT is dramatically empowering threat actors.

Since ChatGPT’s launch, SlashNext has observed a 1265% increase in phishing emails. This exponential growth is driven by cybercriminals leveraging AI chatbots to craft highly convincing and tailored BEC attacks at scale. We must stay ahead of this GenAI Cybersecurity advancing danger curve by further developing our own AI capabilities.

Equally troubling is the continued rise in mobile and multi-channel threats.

Mobile phishing now accounts for nearly 40% of attacks, with most involving malicious links sent via SMS. Attackers are also executing sophisticated multi-stage campaigns spanning email, mobile, and collaboration platforms. This highlights the need for us to provide protection across all communication channels especially as GenAI powered cybersecurity attack ware is growing exponentially.

The report estimates that BEC attacks now comprise a staggering 68% of phishing threats.

I recommend we redouble our efforts to help customers detect and prevent the diverse forms of business email compromise. We should particularly focus on thwarting payroll diversion schemes, invoice fraud, and executive impersonation tactics.

Overall, it is clear that the threat landscape is evolving at an unprecedented pace.

As leaders in cybersecurity, Highgate must continuously adapt our strategies, technologies, and services to meet these challenges. I propose we convene a meeting to discuss concrete ways Highgate can address the key threats outlined in SlashNext’s report. Our customers are counting on us to keep them secure amidst the rising generative AI storm. I look forward to discussing next steps.

The post GenAI CyberSecurity Threats are Getting Worse first appeared on .

As the CISO for a bank aiming to prevent a successful ransomware attack and create a comprehensive security incident response plan, what must you know to ensure you have the best security posture?

Let’s see what you need to review:

Current Security Infrastructure

Information about your bank’s existing security measures, including firewalls, intrusion detection/prevention systems, endpoint security, and other relevant tools.

Network Architecture

Understanding your bank’s network topology, including the separation of critical systems and sensitive data from the rest of the network.

User Access and Privileges

Insight into user access controls and the levels of privileges granted to different user roles within the organization.

Data Backup and Recovery

Details about the bank’s data backup policies, including the frequency of backups, where they are stored, and how quickly data can be restored in case of an incident.

Employee Training and Awareness

Information on the cybersecurity training and awareness programs in place for bank staff, as human error is a significant factor in successful ransomware attacks.

Incident Response Team

Identification of key personnel responsible for incident response, their roles, and their contact information.

Communication Protocols

A clear outline of communication procedures during an incident, both internally and externally (e.g., with customers, regulators, law enforcement).

Incident Classification and Escalation

Criteria for classifying the severity of an incident and the corresponding escalation procedures.

Legal and Compliance Considerations

Understanding of the legal and regulatory obligations your bank must adhere to during and after an incident.

Vendor and Third-Party Risks

Awareness of risks posed by third-party vendors and partners that have access to your bank’s systems or data.

Monitoring and Threat Intelligence

Details about your bank’s monitoring capabilities and use of threat intelligence to detect and respond to potential threats.

System Patching and Updates

Information on how the bank handles software and system updates to minimize vulnerabilities.

Incident Documentation

Guidelines for proper documentation of incidents, including capturing relevant details and actions taken during the response.

Containment and Eradication Strategies

Strategies to contain the spread of ransomware and eradicate it from affected systems.

Forensics and Analysis

Procedures for conducting post-incident forensics and analysis to understand the attack’s origin and refine security measures.

Continuous Improvement

Plans for learning from each incident and improving the overall security posture of the ban

This list is not exhaustive but it should get you going ! For further information, please contact BD@HighgateCyberSecurity.com.

The post Protecting a Bank from Ransomware first appeared on .

If your organization has been attacked by ransomware, it’s crucial to act swiftly and decisively to mitigate the impact and minimize further damage.

Here are 12 steps you could take as a CISO: (Ransomware CISO Actions)

Activate the Incident Response Plan

Immediately activate your organization’s incident response plan. This plan should outline the steps to be taken in case of a cybersecurity incident and provide guidance on how to handle ransomware attacks specifically. Gather your incident response team and initiate the response process.

Isolate all Infected Systems

Quickly isolate the affected systems from the network to prevent the ransomware from spreading further. Disconnect compromised machines from the network, including any servers, workstations, or other devices that may have been compromised.

Assess the Extent of the Attack

Conduct a thorough assessment to determine the scope and impact of the ransomware attack. Identify which systems have been infected and the type of ransomware involved. Gather evidence and document the attack details for further investigation and potential law enforcement involvement.

Inform Relevant Stakeholders

Communicate the situation promptly and effectively to key stakeholders, including senior management, IT teams, legal counsel, and other relevant parties. Provide regular updates on the incident, the actions being taken, and any potential impacts on business operations.

Engage Law Enforcement and External Experts

Contact your local law enforcement authorities and report the ransomware attack. Their involvement can help with investigations and potentially identify the attackers. Additionally, consider engaging external cybersecurity experts who specialize in ransomware incidents to assist with the investigation, containment, and recovery process.

Determine the Ransomware Variant

Identify the specific ransomware variant that has infected your systems. This information will be crucial for understanding the potential risks, available decryption methods (if any), and any public resources or assistance available to deal with that specific variant.

Evaluate Data and System Backups

Determine if you have recent and secure backups of your critical data and systems. Evaluate the integrity of these backups and their potential use for recovery purposes. This step is essential to avoid paying the ransom and potentially restore systems from clean backups.

Contain and Eradicate the Ransomware

Develop a plan to contain and eradicate the ransomware from your systems. This may involve re-imaging infected machines, applying security patches and updates, and ensuring that any vulnerabilities that allowed the initial infection are addressed.

Decrypt Data and Restore Systems

If possible, use the available decryption tools or assistance from cybersecurity experts to decrypt your data and systems. Restore them from secure backups, ensuring that all systems are thoroughly scanned and verified for any traces of malware.

Strengthen Security Measures

Conduct a post-incident review to identify any security gaps or weaknesses that contributed to the ransomware attack. Implement additional security measures, such as multi-factor authentication, regular patching, network segmentation, employee awareness training, and robust backup and recovery processes, to strengthen your organization’s defenses.

Educate Employees

Provide comprehensive training and awareness programs to educate employees about ransomware threats, best practices for email and web browsing, and how to detect and report potential security incidents. Emphasize the importance of adhering to security policies and protocols.

Monitor and Learn

Continuously monitor your systems for any signs of suspicious activity or potential reinfection. Learn from the incident and update your incident response plan and security practices accordingly. Stay informed about the latest ransomware trends and emerging threats to proactively defend against future attacks.

It is important to respond by involving legal counsel throughout the process, especially regarding communication, potential legal obligations, and compliance requirements.

Ransomware CISO Actions will differ dependent upon the individual circumstances. Each ransomware incident is unique, so adapt these steps to your specific situation and leverage the expertise of cybersecurity professionals to guide you through the recovery process.

The post We just got attacked by ransomware. What do I do now? first appeared on .