May 26 2019
When delivering the Meirc Certified Cyber Security Specialist course under the PLUS Specialty Training division, it is essential that we provide our attending participants with the very latest information on the state of Cyber Threats, and of course to offer them robust advice and knowledge on the latest products and services with which to mitigate and manage the associated state of ‘insecurity’. To achieve this, we continually research the latest threats and dangers, and select the best of breed solutions to deliver security – all of which we include in the Certified Cyber Security Course.
In May 2019 a very good friend of mine called Davey Winder who is a respected, acknowledged journalist and researcher published an article titled ‘Microsoft Office 365 Accounts under Attack – What You Need to Know’. The article covered the revelation made public by Barracuda Networks who reported that hackers were (and still are) targeting Microsoft Office 365 accounts with a high degree of success resulting in hackers being able to send in excess of 1.5 million malicious and spam emails. The report went on to highlight how hackers and cyber criminals had gained access to business email accounts with nefarious intent to conduct social engineering, brand impersonation and phishing campaigns.
Considering the now known-known security exposure, it was interesting when looking back at a White Paper published in January 2019, sponsored by Egress covering the limitations, and potential areas of weaknesses associated with Microsoft Office 365 - in particular which commented that as a result of their research ‘Third-Party solutions should be seriously considered for deployment, either as replacements for the native capabilities available from Microsoft, or as supplements that will provide enhanced functionality to meet specific organizational requirements’ - In other words, to enhance the level of security to an acceptable and robust level.
With the known risk in mind, and the words of the White Paper in our minds, we decided to look for some new cyber-security capabilities to mitigate this risk, and to add into our Certified Cyber Security Course, and this we have done by including a product called Galaxkey which is already in use within the UAE. This application is a robust tool which interfaces with Outlook, iOS, and Windows to apply robust layer of Encryption to mitigate the aforementioned risk by assuring that emails are secured with the functionality of applying Security Classification, Mail Time-Out (time-to-live), Revocation, Digital Signing, Authorized Data Distribution and Policy Management – See Fig 1 below.
Fig 1 – Interface
Thus, from our next course to run in Dubai in June 2019, we will be introducing the areas of risk associated with MS Office 365, and helping our delegates to understand what security defenses can be deployed with leverage of some of the very latest cyber security technologies to deliver robust mitigations – one of which we are showing here.
We will also be introducing the most burning Cyber Security issues of the day to assure that our delegates are supported with the most current public knowledge available, as well as other security related issues that are not, at this time are not in the public arena.
About the Author
Prof. John Walker FBCS CISM CRISC CITP ITPC FRSA
John is a leading expert in the field of Cyber-Security. With over 30 years of international experience, he is a World Class Info-Crime, Cyber Security Researcher who has worked within the Covert Worlds of CESG, GCHQ, ‘TK’ Sky Technology, with the Security Services. He has delivered over 90 Global Presentations, and has originated over 100 Papers, & Articles on Cyber-Security.
He is actively involved with supporting the countering of eCrime, eFraud, and on-line Child Abuse, an ENISA CEI Listed Expert and an Editorial Member of the Cyber Security Research Institute (CRSI). John is a Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts (RSA), Board Advisor to the Digital Trust and Writer for SC Magazine UK. He was the Originator of DarkWeb Threat Intelligence, CSIRT, Attack Remediation and Cyber Training Service/Platform, Accreditation Assessor and Academic Practitioner and Accredited Advisor to the Chartered Society of Forensic Sciences in the area of Digital/Cyber Forensics.
John is also a practicing Expert Witness in the area of IT, and the originator, and author of a CPD/MSc Module covering Digital Forensics, and Investigations.
Professor John Walker is a Visiting Professor at the School of Computing and Informatics, Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia, CEO of HEXFORENSICS LTD, and Independent Consultant in the arena of IT Security and Forensics, and Security Analytics.Blogs