Contributing Factors in Building Cyber Resilience in Complex Organisations

Introduction: This master thesis explores the concept of cyber resilience and aims at identifying cyber resilience enhancing measures relevant to a complex organisation. Cyber security is a highly relevant field as the world gets more digitalised, and evaluating sufficient cyber protective measures is essential. Cyber Resilience can be seen as an extension of Risk Management and Cyber Security by providing a necessary layer of protection the fields currently lack; to continue operations and functions despite a threat. Methods: Semi-structured interviews with practitioners, senior management and expert informants were conducted, and relevant cyber-resilient frameworks were analysed to identify cyber-resilient enhancing measures. Results: The analysis showed that cyber resilience enhancing measures for complex organisations originate from understanding the construct, and adding it to existing structures is beneficial. However, for this to be effective, there must be a clear definition, directives and standards from which complex organisations can build a resilience understanding. The main findings include fostering a resilient mindset through adaptability, trust and flexibility, aligning to working with the complexity of such an organisation

Two Heads are Better than One: A Theoretical Model for Cybersecurity Intelligence Sharing (CIS) between Organisations

So-called ‘social bots’ have garnered a lot of attention lately. Previous research showed that they attempted to influence political events such as the Brexit referendum and the US presidential elections. It remains, however, somewhat unclear what exactly can be understood by the term ‘social bot’. This paper addresses the need to better understand the intentions of bots on social media and to develop a shared understanding of how ‘social’ bots differ from other types of bots. We thus describe a systematic review of publications that researched bot accounts on social media. Based on the results of this literature review, we propose a scheme for categorising bot accounts on social media sites. Our scheme groups bot accounts by two dimensions – Imitation of human behaviour and Intent

Information Makes A Difference For Privacy Design

In the current information age, information can make a difference to all aspects of one’s life, emotionally, eth ically, financially or societally . Information privacy plays a key role in enabling a difference in many dimensions such as trust, respect, reputation, security, resource, ability, employment, etc. The capability of information to make a difference to one’s life is a fundamental factor; and privacy status of information is a key factor driving this difference. Understanding the impact of these two factors to one’s life within an IS context is an import ant research gap in the discipline. This paper studies “information + privacy”, ontologically and integrally, in making a difference to one’s life, within the IS context. In recognition of the importance of the Privacy- by -Design approach to IS development, a methodology is proposed to understand the grounds of information and model fundamental constructs for using Privacy- by - Design approach to develop robust privacy - friendly information systems

Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyberattacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived eight key findings and discuss how existing gaps should be addressed by future research

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.Comment: 26 page