Emails are a crucial element of communication when it comes to business. If you are running an Exchange Server, it is vital to make sure that the server runs properly to ensure uninterrupted email communication. There are many things that can happen to an Exchange Server. When a disaster strikes, you need to ensure that the server is recovered in the least possible time, with minimal disruption and no data loss. In this guide, we will see how to recover Exchange Server and the data after a major failure.

In case of Exchange Server failure, the major concern of admins is recover the server within minimum time and without data loss. You can follow the below given steps to recover the server after failure within minimum downtime.

Pre-Recovery Checklist

In case of failure or any issue, you must first go through the following checklist:

• Check the Event Viewer and the Exchange Server logs to confirm the extent of damage and allocate some time to troubleshoot, before going for a full rebuild.
• Confirm that the backups are in order and available, in case a full restore is needed.
• Confirm that the documentation of the server is fully updated. Ensure that the Operating System, Exchange Server version, and Cumulative Update level are updated, and roles are defined.
• Have all the media and licenses in hand so that the server can be rebuilt to the same specifications and software level.
• Confirm that the disaster recovery document is in place and the required people are informed and the teams are engaged.
• Make sure to have a copy of the certificates used on the Exchange Server, with respective passwords.

Rebuild the Exchange Server

Rebuilding the Exchange Server involves creation of the same environment. As all the configuration is stored in the Active Directory Schema, you can use the recover server process to rebuild the same server. However, it is to be noted that certificates and custom send/receive connectors are not stored in the Active Directory Schema.

When rebuilding the server, the first part is to reset the computer account from the Active Directory Server using the Active Directory Users and Computers. For this, right-click on the computer name and click on the Reset Account. This will allow you to join the Active Directory domain using the same computer name.

From the documentation, you can build a server with the following specifications:

• Same operating system
• Same server configuration in CPU, drives/letters, memory, network cards/VLANs, and other specifications
• Same computer name and IP addresses

Once this is complete, you should join the server to the Active Directory domain. Once this is complete, you can get the installation media of your Exchange Server and run the setup.exe file using the recoverserver parameter.

Although you would not see much activity, the server will be installed and reconfigured from the configuration found in the Active Directory Schema. The installation will take around 45 minutes, depending on the performance of server. Once this is done, you will have an operational Exchange Server without any mailbox data.

Recover the Databases

The next step is the recovery of databases. Since you have the same data drives with the corrupted or orphaned databases, the Exchange Server will fail to mount the databases. In this case, you can try using the EseUtil command to change the database state from Dirty Shutdown to Clean Shutdown.

You can run the below command to check the state of database.

eseutil /mh “M:\ExchangeDatabases\DB01\DB01.edb”

If the state is Dirty Shutdown, you can start by trying soft recovery using the command as given below.

eseutil /r E00 /l “M:\ExchangeDatabases\DB01\Logs” /d ” M:\ExchangeDatabases\DB01″

This command will replay the transaction logs in the folder and try to bring the database to a consistent state. After the command is completed, you can recheck the state of database. If the state is Clean Shutdown, you can mount the database.

In case the database state is still Dirty Shutdown, you can use the hard recovery mode but it is highly not recommended. This will guarantee data loss as it will create a new database and literally purge any items which are deemed as corrupted. In addition, it will take an extensive amount of time and storage to complete.

An Alternative Solution to Recover Databases

If the databases are corrupted, soft recovery can only fix minor corruption issues and hard recovery can result in data loss. On the other hand, recovering databases from backup will also result in data loss – from when the backup was taken to when the server failed. However, specialized Exchange database recovery tool, like Stellar Repair for Exchange, can reduce the recovery time to a minimum and guarantee recovery of databases.

The tool supports all versions of Exchange Server and can open any database of any size and in any state, without the need of a running Exchange Server. After a quick or extensive scan, you will be presented with the full structure of database. You can granularly export user mailboxes, user archives, shared mailboxes, disabled mailboxes, and public folders, to PST and other file formats. You can also export the EDB file data directly to a live Exchange Server database of any version with automatic mailbox matching, priority export, and parallel exports. The tool can also be used to migrate mailboxes and public folders to Microsoft 365 (Exchange Online).

Conclusion

When there is a major disaster on Exchange Server – be it standalone or with a high availability (Database Availability Groups), you must ensure that it will be recovered within the least possible time and without any major data loss. Though you can easily rebuild the Exchange Server, recovering databases without data loss is a challenge. Restoring databases from backup can result in data loss. For quick recovery of databases without data loss, you can take the help of an Exchange repair tool, such as Stellar Repair for Exchange. This tool can repair corrupted database (EDB file) of any size and recover all the mailboxes and other items with complete integrity.

Bharat Bhushan
Stellar Data Recovery

The post How to recover an exchange server after a major failure: A step-by-step approach appeared first on City Security Magazine.

A secure website isn’t just about protecting data – it’s about protecting your business, your customers, and your reputation. While security might feel technical or overwhelming, most breaches come from simple oversights.

Thankfully, there are clear and manageable steps you can take to reduce your risk, without needing a full IT department to make it happen.

Start with a strong setup

Every good website begins with a solid foundation. That means:

• Using a trusted web host that offers strong security protocols
• Installing a valid SSL certificate (so your domain shows as secure)
• Keeping your content management system and plugins updated

Neglecting these basics leaves your site open to common automated attacks that scan the internet for vulnerabilities.

Keep passwords strong and unique

It might seem obvious, but password strength is still one of the biggest weaknesses across the web. Reused, predictable passwords make things easy for hackers, especially if login pages aren’t protected.

Avoid using default usernames like “admin” and consider tools like password managers to help generate and store complex passwords securely.

Even one compromised password can be enough to access sensitive data or lock you out entirely.

Limit access to those who need it

If you’re not the only person managing the site, make sure roles and permissions are clearly defined. Someone writing blog posts doesn’t need full admin access.

Outdated or unused accounts should be removed. Any access given to agencies, freelancers or temporary users should be reviewed regularly. This reduces the chance of accidental changes or malicious activity.

You should also keep a close eye on login activity and audit logs, especially if something doesn’t seem right.

Use Penetration Testing as a Service (PTaaS)

While good practices go a long way, there are vulnerabilities you simply can’t see. especially as your site grows or changes. A Penetration Testing as a Service (PTaaS) provider simulates real-world cyberattacks to test how your site would hold up.

These services are valuable for identifying flaws in security architecture, user access, or data handling. It’s particularly useful for e-commerce websites, platforms dealing with customer data, or companies with compliance needs.

Even just running penetration testing once a year can provide insights no basic scanner can match.

Always back up before you need to

Security is also about recovery. If your website were suddenly taken offline or corrupted, how quickly could you restore it?

Backups should be:

• Stored offsite (not just on your web server)
• Taken regularly, daily or weekly, depending on how often your site changes
• Easy to restore, so you’re not left guessing when time matters most

Several plugins and services now automate backups in the background, but it’s worth testing your restore process now and again.

Complete website security, one step at a time

Website security isn’t a one-time fix; it’s a regular part of maintaining a modern online presence. While the risks are real, most threats can be prevented with straightforward steps and some ongoing attention.

From managing passwords and limiting access, to working with professionals like PTaaS providers when needed, keeping your website secure is more about consistency than complexity.

Paul Cronin
Rootshell Security

The post Six Steps to creating a Secure Website appeared first on City Security Magazine.

In today’s digital landscape, cybersecurity has evolved beyond the confines of IT departments to become a cornerstone of business resilience and success. Organisations must recognise that cybersecurity is not merely a technical concern but a strategic imperative that safeguards operations, protects reputation, and ensures long-term viability.

CIS Security aims to exemplify this approach by integrating cybersecurity into its core business strategy. The company acknowledges that significant investments in cybersecurity alone are insufficient if not guided by a coherent, risk-based strategy tailored to address specific vulnerabilities.

By conducting thorough risk assessments, potential threats unique to its operations can be identified and targeted measures to mitigate them implemented.

This dynamic approach to cybersecurity is further supplemented by regularly updating the strategies used to respond to the evolving threat landscape. This includes investing in security solutions, conducting regular audits, and engaging with external experts to bolster internal capabilities. Such measures not only protect the organisation but also reinforce trust with clients by demonstrating a steadfast commitment to data security.

The right cybersecurity strategy involves a comprehensive understanding of organisational risks, a culture prioritising security, and the agility to respond to emerging threats. CIS Security’s proactive stance serves as a model for integrating cybersecurity into the fabric of business operations, ensuring resilience and sustained success in an increasingly digital world.

Understanding risk: the first step

A robust cybersecurity strategy commences with a precise and comprehensive risk assessment. Organisations must diligently identify their most valuable assets – such as customer data, intellectual property, and critical operational systems – and understand their vulnerabilities and potential threat actors targeting them.

This process is not a one-time task but an ongoing exercise. As organisations evolve, so too must their understanding of the shifting threat landscape. Regular, rigorous risk assessments are essential to ensure that security measures remain relevant and effective. Without continuous evaluation, security strategies risk becoming misaligned, potentially exposing critical areas, and increasing susceptibility to cyber threats.

Proper risk management ensures that security investments are strategically deployed, focusing on areas where they can have the most significant impact, rather than being misallocated to less critical zones. This strategic allocation not only optimises resource utilisation but also enhances the organisation’s overall security posture.

By embedding regular risk assessments into their operational framework, organisations can proactively address vulnerabilities, adapt to emerging threats, and maintain robust defences against the ever-evolving cyber landscape. This proactive approach is vital for safeguarding both the organisation’s assets and its clients’ data.

Embedding a culture of awareness

While technology plays a significant role in cybersecurity, the human element remains paramount. Human error is a leading contributor to data breaches, often exploited through tactics such as phishing attacks, inadequate password practices, and unintentional data mishandling.

Cultivating a culture of cybersecurity awareness is vital for bolstering defences. Relying solely on sporadic training sessions is insufficient; instead, security consciousness must be integrated into daily operations and workplace culture. Leadership supports this integration by emphasising the importance of cybersecurity through consistent communication, practical advice, and relatable examples that connect with employees in their everyday responsibilities.

To ensure cybersecurity remains at the forefront of our employees’ working day, we implement ongoing training that includes regular simulated phishing emails. These exercises are designed to test and reinforce our staff’s ability to recognise and appropriately respond to phishing attempts, thereby reducing our vulnerability to such attacks. Employees who interact with these simulated threats receive immediate feedback and additional training to address any gaps in understanding.

This proactive approach enhances individual awareness and strengthens our overall security posture. By understanding the “what” and the “why” behind security protocols, our workforce is better equipped to adhere to best practices, significantly reducing the organisation’s exposure to common attack vectors. Ultimately, this leads to a more resilient and security-conscious organisation.

Preparing for the inevitable

In the current landscape, organisations must acknowledge that no defence is impenetrable. Cybersecurity incidents are not a matter of “if”, but rather “when”. Therefore, organisations must be prepared to respond swiftly and effectively when breaches occur.

A comprehensive incident response plan is crucial for this preparedness. Such a plan should clearly delineate key roles, escalation procedures, communication strategies, and recovery protocols. Additionally, these plans must be rigorously tested through realistic scenario exercises to ensure readiness in the event of a real incident. Regular drills help identify potential weaknesses in response strategies, allowing organisations to refine their procedures continually.

Being well-prepared minimises disruption and reputational damage while allowing organisations to recover more rapidly from incidents. Those who take pre-emptive action and develop a clear response plan will be in a significantly better position than those who scramble in the wake of a breach without a concrete strategy.

Leveraging managed security services

In today’s complex digital landscape, many organisations find it increasingly challenging to manage their cybersecurity needs solely with internal resources. Factors such as a shortage of skilled professionals, the rapid evolution of cyber threats, and stringent regulatory requirements can overwhelm in-house teams. Consequently, organisations often seek external expertise to bolster their security posture.

Managed Security Services Providers (MSSPs) offer a comprehensive solution to these challenges. They provide continuous monitoring, expert incident response, and access to advanced threat intelligence, significantly enhancing an

organisation’s ability to detect, respond to, and adapt to emerging risks.

Key benefits of partnering with an MSSP

One primary advantage of engaging with an MSSP is access to specialised cybersecurity expertise. Building and maintaining an in-house security team with the necessary knowledge can be resource intensive. MSSPs employ professionals proficient in various areas of cybersecurity, ensuring organisations benefit from specialised knowledge without the overhead costs.

Additionally, MSSPs assist organisations in adhering to industry-specific regulations, such as GDPR, by implementing necessary security controls and conducting regular audits. This proactive stance not only mitigates risks but also reinforces trust among stakeholders.

Furthermore, MSSPs offer scalable solutions that adapt to changing requirements, ensuring continuous protection as businesses expand and enter new markets.

Selecting the right MSSP

Choosing an appropriate MSSP is crucial for effective cybersecurity. Organisations should consider the following when evaluating potential partners:

Technical expertise: Ensure the provider possesses the necessary technical skills and certifications to address specific security needs.

Industry knowledge: Select a provider with experience in the organisation’s sector to address unique challenges and compliance requirements.

Reputation and reliability: Assess the provider’s track record and client testimonials to gauge their reliability and effectiveness.

Service Level Agreements (SLAs): Review SLAs to ensure they align with the organisation’s expectations for response times and service availability.

Cybersecurity as a strategic enabler

Cybersecurity has evolved beyond a mere defensive measure to become a strategic enabler that fosters innovation, growth, and resilience. It is no longer sufficient to view cybersecurity as a standalone function or a reactive expense; it must be integrated into the very fabric of an organisation’s operations and culture. This shift in perspective is essential for organisations aiming to thrive in a landscape where digital risk translates directly into business risk.

A robust cybersecurity framework enables organisations to innovate confidently, knowing that their digital assets and customer data are protected. It fosters trust among clients and partners, which is crucial for long-term business relationships and growth.

Moreover, a well-implemented cybersecurity strategy enhances operational resilience, ensuring that organisations can swiftly recover from disruptions and continue to deliver value to their stakeholders.

Senior management play a pivotal role in embedding a cybersecurity ethos throughout the organisation. Their leadership and commitment are crucial in establishing a culture where cybersecurity is viewed as a shared responsibility and a core component of business success. By leading by example, adhering to security protocols, participating in training, and prioritising cybersecurity in decision-making, senior leaders set the tone for a security-conscious culture.

Their involvement goes beyond symbolic gestures; it requires active engagement in shaping and promoting cybersecurity initiatives. This includes allocating resources for advanced security technologies, comprehensive training programmes, and robust policies that protect both the organisation and its clients’ data against evolving threats. Such proactive measures not only mitigate risks but also reinforce trust among stakeholders, demonstrating a commitment to safeguarding digital assets.

Steve Downs

Technical Development Manager,

CIS Security

www.cis-security.co.uk

The post Choosing the right cybersecurity strategy appeared first on City Security Magazine.

 In early 2025, a series of cyber security incidents disrupted operations across some of the largest retail brands in the UK: Marks & Spencer, Co-op, and Harrods. In mid-May, threat intelligence vendors claimed similar attacks in the US – though names are unconfirmed.

The attackers are a known group named, variously, Scattered Spider, Octo Tempest, and UNC3944, depending on the intelligence vendor. This native-English-speaking collective – believed to be a loose network of teenagers and young adults across the UK and US – was also behind high-profile attacks on MGM and Caesars casinos.

As usual, the incidents were labelled “sophisticated cyber security attacks”. Yet UNC3944’s methods are well-known, and the full attack narrative is unusually clear.

Scattered Spider act as access brokers for a Ransomware-as-a-Service (RaaS) group called DragonForce. Once access is gained, DragonForce affiliates deploy ransomware. But the breach relies more on psychology than technology: they target IT help desks, using social engineering techniques to bypass security controls.

While the follow-up is carefully planned, it’s a stretch to call an attack that hinges on help desk impersonation “advanced”. Attackers pose as staff, using publicly available information and social cues to trick help desk agents into resetting credentials –  a risk larger organisations, ironically, are more prone to. These attacks are preventable with the right processes, but few organisations implement them consistently.

Once inside, attackers aim for domain control. A primary target is NTDS.dit – Active Directory’s core database, which stores all password hashes. Tools like Mimikatz, secretsdump.py, or Volume Shadow Copy manipulation are used to extract it. Weak or reused passwords fall quickly under offline cracking, giving attackers broad lateral movement.

Next: encrypt critical infrastructure. There’s often a focus on virtualisation hosts – especially vulnerable if admin credentials or interfaces are exposed. Ransomware is deployed, virtual

machines are encrypted, and business operations halt.

Operation-specific impact

Marks & Spencer took the hardest operational hit. Online orders, mobile apps, customer services, and possibly logistics were all disrupted. The initial attack struck over the Easter bank holiday. By mid-May, online ordering remained unavailable. Financial losses were estimated at £30 million, with ongoing revenue losses of up to £15 million per week. M&S brought in CrowdStrike, Microsoft, and Fenix24 to support recovery.

Co-op initially denied data loss, but later confirmed personal data had been leaked. Payment processing issues were widespread, and some areas — like the Scottish islands – reported product shortages. Co-op responded quickly, disconnecting systems to avoid ransomware spread, and recovered more rapidly as a result.

Harrods detected the attack early and cut off internet access as a precaution. So far, no significant operational or reputational damage has been confirmed.

Attribution in cyber incidents is always difficult, but UNC3944 were identified through technical indicators, leaked data, and their own communications. Selective data leaks – used to pressure victims into ransom payments – evidenced their claims.

Familiar script

This playbook – social engineering, credential reset, Active Directory compromise, ransomware on hypervisors – isn’t new. It’s well-documented. What’s striking is how effective it remains.

Despite years of guidance and public awareness, the same structural flaws persist: help desks without layered verification, weak passwords, and enterprise networks with flat trust models offering all-or-nothing access. These weren’t unprecedented attacks. They were predictable, preventable. What they reveal isn’t attacker brilliance, but architectural fragility. Which leads to an important question: why are known weaknesses still built into critical systems?

Why the fix isn’t more cyber security

If we judge security by how well we respond to breaches, we’ve already failed. These incidents make it clear: we don’t need more expensive cyber solutions – we need less insecure design.

Too many organisations are pouring money into layered technologies in a desperate attempt to hold broken systems together. Detection, response, and managed services aren’t bad – but they’re compensating for deeper flaws. They’re papering over cracks, and every breach makes those cracks more visible.

At the root of these failures is a simple truth: our systems weren’t designed to be secure. They were built for convenience, speed, and scale – then retrofitted with security once the need could no longer be denied.

The identity illusion

Take identity. The bedrock of modern access control, and often the weakest link. For all the talk of zero trust, many organisations are still vulnerable to anyone who knows a few employee names, the help desk number, and how to sound confident.

Help desk impersonation was the first step in these attacks. It shouldn’t have worked – but it did, across multiple large retailers. That’s not a training failure, it’s a process design flaw.

A reset process that accepts scraped LinkedIn details as proof of identity isn’t secure – it’s theatre.

Muti-factor authentication helps, but less so when it’s reset by the same help desk agent who’s just been manipulated. Tying brittle directories into SSO systems only amplifies the fracture radius when something inevitably breaks.

Active Directory: predictable catastrophe

The next failure is just as familiar: Active Directory. Still the foundational pillar of enterprise identity, AD is a single point of total failure and every attacker knows it.

Once inside, attackers extract NTDS.dit – the skeleton key to the kingdom. A few cracked hashes later, they’re logged in as privileged users, forgotten service accounts, or administrators. The fact that this vital file is so often accessible is a damning indictment. Domain controllers shouldn’t be this exposed. Service accounts shouldn’t have excessive rights. A single cracked password should not allow a pivot across half the organisation.

Legacy assumptions kick in: implicit trust, flat networks, privileges handed out “just in case” and never revoked. We’ve known better for years. We just haven’t done better.

Virtualisation: the jackpot

Admin access in hand, attackers target the real crown jewels: virtualisation infrastructure.

Hypervisors like VMWare ESXi consolidate the organisation’s digital estate. Compromise one host, and you’ve effectively compromised everything it runs.

Ransomware on a desktop disrupts a user. Ransomware on ESXi shuts down the business. That’s what happened at M&S: encrypted VMs, compromised backups, and recovery plans not designed for this scale of impact.

The mistake isn’t just poor patching or weak credentials. It’s assuming these systems are secure by default. They’re often reachable from the network, managed with domain credentials, and administered using outdated tools.

They’re rarely segmented, infrequently audited, and almost never treated with the level of sensitivity they deserve. That makes them perfect ransomware targets – and leaves defenders improvising under pressure.

Security tooling isn’t a fix

Faced with this kind of failure, the instinct is to buy another solution: EDR, XDR, SIEM, SOAR, NGAV, and another dashboard to plug them all together.

But these are compensating controls, not cures. You can’t fix bad architecture by stacking more products on top of it.

Each new tool adds complexity. Another agent to deploy. Another system to monitor. Another failure point. And as Crowdstrike’s recent outage showed, even the best tools can become critical liabilities.

Complexity doesn’t create resilience – it erodes it. Systems become harder to manage, harder to recover, and easier to break. Worse, layers of tooling create a false sense of safety. Alerting isn’t understanding. Correlating logs doesn’t equal insight (even if you plug AI into the picture). If your architecture allows one cracked password to collapse everything, no EDR in the world is going to save you.

Fixing the foundation

Secure by design isn’t a buzzword – it’s a mindset. It means building systems to resist compromise by default, not reacting to compromise after the fact.

It means removing implicit trust. Designing for failure. Segmenting access. Reducing privilege. Treating administrative operations as high-risk, high-scrutiny actions every time – not just at initial login.

We’ve known these principles since the 1970s. We still rarely see them taken seriously.

CHERI, a UK-supported hardware architecture, reworks how memory is managed at the chip level – removing entire categories of exploit. But we don’t need to wait for future hardware.

Secure architecture – zero trust, least privilege, or just good engineering – is achievable today. It includes redesigning help desk flows to verify identity properly. These aren’t costly changes, they just require thought, discipline, and the will to build better.

James Bore CSyP.  www.bores.com

Security Institute – Cyber Security Special Interest Group

www.security-institute.org

The post Retail Reality Checks appeared first on City Security Magazine.

The digital age has brought about a seismic shift in childhood, one that no previous generation has experienced . Young people now grow up in a world where they are connected 24/7.  Constant connectivity isn’t just an option—it’s the norm. This unprecedented access to the digital world is changing the way they develop, interact and experience life.

Tech brings significant benefits with huge advances in education, communication and global connectivity.  You would be hard pushed to find an adult who does not rely on devices daily and it’s unrealistic to imagine young people going back to a life without smartphones. Adapting to the digital era is crucial, so is there any reason for us to be concerned?

The Hidden Dangers Behind Screen Overuse

We need look no further than the tech creators themselves, who willingly admit to intentionally designing apps to be addictive. These very same tech leaders banned their own children from using the devices they created, with many opting for Tech Free schools. Why? Because they know devices trigger our brain’s dopamine receptors, firing dopamine at Olympic levels round the brain, creating a loop of gratification that can be impossible for even adults to resist, let alone children.  This constant dopamine hit means young people are now more sleep-deprived, less focused and exhibit far shorter attention spans. 

The consequences:  Focus, Productivity and Creativity

The fast-paced nature of the online world with its constant notifications, scrolling and instant gratification is eroding our young people’s ability to focus and be productive. Multitasking on devices, texting, checking social media and browsing the web reduces cognitive capacity. Studies show this mental juggling leads to shallow thinking and decreased ability to focus on complex tasks.

Creativity; one of the most prized attributes of childhood is also under threat. Where free play and imagination once flourished, time spent on devices now limits creative thought. Instead of dreaming up stories or inventing games, children are fed endless streams online, leaving little room for the kind of boredom that drives innovation and imaginative problem-solving.

Sleep Deprivation, Attention Deficits & Safety

Research shows that young people who spend extended hours on devices, especially before bed, struggle with getting enough sleep. Sleep-deprived teens are not only tired, but they’re also less able to focus, are less productive, less patient and more prone to mood swings.  Chronic sleep deprivation can lead to long-term cognitive problems, affecting memory retention and decision-making. This makes for a diminished skillset in the real world.

A lack of awareness of our surroundings undoubtedly compromises our safety.  When we are walking with our heads down, we are oblivious to external dangers. In a world that increasingly demands quick thinking & quick decision making, young people are robbed of the mental energy and streetwise knowledge they need to thrive and keep them safe.

 Brain Development and Mental Health

Perhaps most concerning of all is the evidence that overuse of devices can have lasting impacts on the development of the adolescent brain.  Prolonged exposure to screens can disrupt areas of the brain responsible for:  impulse control, emotional regulation and decision-making.  Young people’s ability to make real-world social connections is also suffering, as the rise of digital communication increasingly replaces face-to-face interaction.

Solutions: Educating and Empowering Youth

London based HIP Workshops see education as fundamental to success. By giving young people the opportunity to fully explore and understand the impact of device use, they are motivated to find their own balance between enjoying the benefits of technology and safeguarding their mental and physical health.

When we develop healthier habits we create a world where technology enhances, rather than diminishes growth. Educating the next generation to protect their free time, self identity and imagination will keep them safer in every aspect of their lives.

Dalia Tilsiter & Sharon Elton

For more details please visit www.hipworkshops.com  or email  info@hipworkshops.com

HIP WORKSHOPS

At HIP (Healthy, Inclusive, Positive) Workshops, Sharon & Dalia have developed a hands-on approach to help young people understand this and take control of their digital habits. Their immersive Digital Ninjas workshops, designed specifically for schools, teaches students the importance of taking conscious control of their own screen time. Through interactive games and mini-experiments, they demonstrate how screen overuse affects focus, productivity, sleep and overall emotional wellbeing.

The post How Device Overuse is Reshaping a Generation appeared first on City Security Magazine.

In the City of London Police’s Cyber Crime Unit, we hear these questions more than any other: what is the most likely cyber attack? How can prevent it? What are the police doing about it?

Cyber threats

The complexity and severity of cyber threats have steadily increased in recent years. In the year leading up to September 2023, England and Wales reported over 898,000 computer misuse incidents, marking a 30% rise from the previous year. Including reports of cyber-enabled attacks, which are traditional crimes that make use of computer networks, figures show 2.39 million businesses in the UK experienced a cyber crime in 2023.

On analysis, high volume, low sophistication attacks still make up the significant majority of reports. Phishing, an attack which stems from social engineering or manipulating the user, stands out as one of the most prevalent amongst these.

Trend analysis of the same data indicates that criminals have focused their efforts on refining and disseminating these well-known attacks to make them resistant to security improvements rather than moving on to newer attack types. Even in the case of investigations into intricate cyber attacks, social engineering, despite its simplicity, often serves as the gateway for more complex intrusions.

Prevention

When it comes to prevention, the information is clear. Having security measures focused on resisting socially engineered attacks offers numerous security benefits.

Addressing these proactively targets both the most likely attack and the gateway to some of the most severe threats in today’s cyber landscape. Moreover, because socially engineered attacks are a familiar threat, a variety of tried and tested security measures are already available for our use. Additionally, establishing these defences confers a lasting security benefit, as information suggests that attackers intend to keep using these methods.

Indeed, even with the advances made with generative artificial intelligence (AI), and amidst concerns that this technology could facilitate new security risks, early examples suggest that much of its malicious use has been focused on enhancing existing social engineering techniques.

Fortunately, a variety of both technical and non-technical defences exist which counter this attack type. Employing a blended approach which leverages both is highly recommended. However, as these attacks primarily target users rather than systems, comprehensive training and awareness has long been recognised as essential in protecting against the effects of one of the most prolific attacks in today’s landscape.

Cyber Griffin

Awareness around this challenge is one that policing continues to advocate, alongside actionable advice to prevent it.

Since 2017, Cyber Griffin, the programme within the City of London Police’s Cyber Crime Unit dedicated to protecting the community against cyber criminality, has designed and delivers services which address cyber threat.

The Baseline Briefing, Cyber Griffin’s end user training, is specifically created to address high volume, low sophistication attacks and to equip attendees with the security knowledge needed to prevent them. To date, more than 50,000 people in the Square Mile have received this training, which is continually updated to ensure the latest advice is included. The Baseline Briefing 5.0 is due to be released this summer and will include new sections dedicated to AI vulnerabilities and how to secure against them, led by officers who conducted this research.

As new security challenges are identified, Cyber Griffin produces services designed to protect against them. The latest of these is free Incident Response Hydra Training, which provides realistic exercise scenarios for security teams who want to train for a live cyber incident and learn from how this is approached in policing.

Cyber Griffin’s offering has been carefully designed to reflect the current threat landscape our community faces and just as importantly, to ensure we all know the answers to the questions asked at the beginning of this article.

To learn more about Cyber Griffin visit www.cybergriffin.police.uk

Inspector Charlie Morrison

City of London Police

Cyber Crime Unit

The post A blended approach to preventing a cyber attack appeared first on City Security Magazine.

A global IT outage caused significant disruption on Friday 19^th July 2024. Organisations impacted included health services, such as the NHS, airlines and broadcasters. It was not the result of a security incident or malicious cyber activity but due to an update to the Windows security platform provided by CrowdStrike.

Increase in phishing

The National Cyber Security Centre has noted “an increase in phishing referencing this outage, as opportunistic malicious actors seek to take advantage of the situation. This may be aimed at both organisations and individuals. Organisations should review NCSC guidance to make sure that multi-layer phishing mitigations are in place, while individuals should be alert to suspicious emails or messages on this topic and know what to look for.

Crowdstrike publish Preliminary Incident Review

Ahead of a full investigation and analysis, Crowdstrike have published a review of the fault that caused the outage. This is summarised below:

On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows security platform Falcon Sensor.

Previous testing of similar updates in March this year had led to trust in how these checks were performed.

However, when this update was deployed, it contained ‘problematic content’ which resulted an unexpected exception that could not be gracefully handled, resulting in a Windows operating system crash (BSOD).

The defect in the content update was reverted on Friday, July 19, 2024 at 05:27 UTC. Systems coming online after this time, or that did not connect during the window, were not impacted.

Crowdstrike have committed to implementing measures to ensure this does not happened again around the areas of software resiliency and testing, rapid response content deployment and third party validation.

In addition to this preliminary Post Incident Review, CrowdStrike will publish releasing the full Root Cause Analysis once the investigation is complete. Read the full preliminary Post Incident Review.

An eye opener for the business world?

Guy Golan, CEO and Executive Chairman of global cybersecurity company Performanta said on the day:

“A mistake of this magnitude is an epic failure and a huge eye opener for the cyber world and the business world more broadly. It should not have happened. This appears to have been a failure of process and QA, releasing something that was incorrect, perhaps driven by intense market pressures in the vendor race to have the best and greatest features, or in response to the evolving threat landscape and increased need for detection.

The impact of one vendor by some of the world’s biggest organisations can bring the world to its knees and the repercussions will be unprecedented. It’s going to cost companies billions, it will lead to legal action, and it will affect businesses and users in a way we’ve never seen before. Attackers may have more awareness of who is using CrowdStrike as a result of watching this unfold which could cause further cyber security complications down the road.

This isn’t the fault of one vendor – perhaps market pressures have led to such a catastrophe. More outages should be expected unless organisations of all sizes start to understand that the digital world is just as significant in the 21st century as the physical world. It’s about time we elevated cyber issues to the top of the agenda and understood the full effects of market pressures.”

The post Repercussions of the major IT outage on 19 July 2024 appeared first on City Security Magazine.

The Code of Honor is an easy-to-read, well-structured guide to establishing a code of ethics and conduct for those working in cybersecurity roles. Although potentially a dry-sounding topic, the inclusion of many real-life scenarios, expert views and straight-forward lists of advice makes this an accessible and useful guide.

Does cybersecurity really need a code of ethics?

Against a backdrop where cybercrime is estimated to be a $6 trillion problem annually, the authors believe that above all cybersecurity is a human business. Of course, it requires expert skills around software and technology, but those working in this field also need a clear understanding that the purpose of their role is to keep people and organisations safe. The authors say: “As cyber professionals, we serve human beings; we do not serve technology”.

It is apparent that many professions, such as law and medicine have overarching codes of ethics and conduct. The authors of The Code of Honor  believe the absence of an ethical standard for cybersecurity is a significant threat to the safety of consumers and businesses around the world.

How is this book structured?

The Code of Honor provides a set of ethical tenets that together form a code of honour. The authors propose that everyone across the cybersecurity sector signs up to this code or something similar.  They believe there is high value in having one consistent ethical code that ties together practitioners across the industry.

Each tenet is introduced in its own chapter with real-life case studies and exercises for the reader to work through “to “build ethical decision-making muscles, which can quicken your response time and improve your decision making during critical situations.”

Who is Code of Honor for?

 The blurb says: “It is aimed at managers and executives who seek to sharpen their knowledge of cyber ethics and security, The Code of Honor will also be of interest to security analysts, incident responders, threat hunters, forensic experts, and penetration testers, providing a hands-on framework for the integration of ethical standards from across the cyber world.”

The opening chapter states its purpose as: “A systematic and thoughtfully constructed program for building best practices regarding ethics in decision-making in the tech industry with a particular focus on cybersecurity.”

What are the tenets within the Code of Honor?

The tenets cover areas such as honesty, teamwork, collaboration and privacy.  Most of us would agree to them readily. The usefulness of this book lies in how they explain not just the glib promise that people can make, but the intricacies and implications of what this means in the cybersecurity workplace.

About the Authors

PAUL J. MAURER, PhD, is the president of Montreat College, USA, a national leader in cybersecurity education and workforce development. After being approached by the NSA to create a curriculum on cybersecurity ethics for  students preparing for cybersecurity careers, Paul was convinced this book needed to be written. He speaks and writes frequently on a wide range of topics, but regularly does so on cybersecurity across the USA.

ED SKOUDIS serves as president of the SANS Technology Institute College, the USA’s leading provider of cybersecurity professional development. Ed began teaching at the SANS Institute in 1999 and has trained over 30,000 cybersecurity professionals in incident response and ethical hacking, codifying many of the practices used throughout the industry today.

The Code of Honor: Embracing Ethics in Cybersecurity

by Paul J. Maurer and Ed Skoudis (ISBN: 9781394275861)

Published June 2024 by Wiley

The post Book Review: The Code of Honor: Embracing Ethics in Cybersecurity appeared first on City Security Magazine.

 As the Olympic Games kick off on July 26th, there’s a heightened threat of cyberattacks in Paris, especially targeting key sponsors and those closely associated with the event. All involved parties should be hyper vigilant against cyber-attacks such as ransomware, identity management breaches, and physical attacks on hardware like CCTV and ticket gates.

According to the NTT Corporation, the Tokyo 2021 Games experienced an estimated 450 million cyberattacks. Businesses are at their most vulnerable during periods of high user traffic because increased activity strains security infrastructures, making it easier for cybercriminals to exploit weaknesses and infiltrate systems.

“Organisations associated with the games will soon enter an IT ‘freeze’ period, meaning their systems will be left as they are to avoid any periods of inaccessibility or disruption,” said Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. “Whilst this makes sense, it also makes systems incredibly vulnerable because of a lack of proactive security updating.”

Securing computing environments and infrastructure from cybersecurity threats requires a combination of resources, people, and technology.

For those at risk throughout July, Tenable recommends:

• Patch and Permission: Conduct a full inventory check of all software updates, apply patches, and revise user permissions.
• Bolster User Access: Identify admin accounts and strengthen access with multi-factor authentication.
• No ID, Not Getting In: Carefully consider access and identity management, creating accounts only in exceptional circumstances.
• Behaviour Monitoring: Implement continuous monitoring for signs of abnormal behaviour or suspicious activity.
• Stand By for Action: Ensure security teams are on standby, ready to take immediate action if a critical vulnerability is identified.

“The Olympic motto is Citius, Altius, Fortius, meaning Faster, Higher, Stronger. While Olympians live and breathe this sentiment, so too do the hackers and scammers preparing to exploit the Games,” Montel continued.

“There are many sponsors and suppliers preparing to successfully deliver Paris 2024, all of whom will have dedicated infrastructure and resources. Unfortunately, this makes them prime targets for hackers over the next month.”

Tenable provides holistic visibility into OT networks and critical infrastructure, such as those targeted in the Paris Games. For further information, visit www.tenable.com.

The post Ready, Steady, Secure – All Eyes on Paris as Sponsors Become Prime Cyber Targets appeared first on City Security Magazine.

Data privacy is at risk more than ever before with the rise of generative AI. Over 77% of companies are either using or exploring the use of artificial intelligence, and amid this widespread adoption, more than three-quarters of these companies have experienced AI-related security breaches.

Nearly one-third of employees have admitted to placing sensitive data into GenAI tools and 39% cited the potential leak of sensitive data as a top risk to their organization’s use of public GenAI tools. With this in mind, the experts at cybersecurity and compliance company Kiteworks have shared their advice on how to keep sensitive data secure when using GenAI tools.

1. Avoid Using Personal or Proprietary Information in GenAI LLMs

Data security and privacy should be the top priority when using large language models (LLMs) and generative AI tools, which may be subject to different regulations across countries and regions.

Given the allure and ubiquity of GenAI LLMs, it’s essential for employees to remove any personal or proprietary data when using these tools. This includes customer information, financial data, proprietary strategies, personally identifiable information (PII), or any confidential documents.

This approach helps mitigate risks of unauthorized access to sensitive data as GenAI LLMs typically store the data they’re given and can re-purpose it for similar queries.

2. Create a Company Policy on AI and Privacy

LLMs and generative AI tools present significant accuracy, accountability, privacy, and security challenges. Implementing and enforcing company policies that specify what can and cannot be shared with LLMs and generative AI tools can mitigate many of these risks. It is imperative therefore for employees and business owners to work together to ensure these policies are clearly communicated and consistently followed.

Ongoing training for employees is crucial to keep them informed about the latest data privacy standards, potential risks, and the correct usage of AI tools. Implementing data loss prevention(DLP) technologies can help in identifying and protecting sensitive information, ensuring that it is not inadvertently shared or accessed by unauthorized entities. Additionally, monitoring file activity, such as downloads and uploads, can provide insights into unusual or unauthorized actions, allowing for swift intervention.

3. Manage Data Privacy Settings

To prevent company data from being used for AI model training, it’s vital to safeguard sensitive information. Most GenAI tools have a feature that disables the tool from storing queries and information uploaded. A typical disablement feature looks something like this: navigate to “Settings” and, under “Data Control,” disable the “Improve Model for Everyone” option. Regularly review permissions to prevent unnecessary data access, ensuring privacy and thwarting unauthorized access.

Ensure chats are deleted to reduce the risk of sensitive information being stored. OpenAI typically deletes chats within 30 days, however, it is specified in their usage policy that some can be retained for security or legal reasons. To delete chats, access the AI tool’s settings, and find the option to manage or delete chat history. Periodically delete all chats to maintain data privacy and minimize vulnerabilities.

4. Regularly Change Passwords and Use Data Access Controls

Strong passwords and data access controls are vital for safeguarding accounts from cybercriminals, especially for securing accounts linked to AI systems. A six-character lowercase password can be cracked within minutes. Ensure password strength by creating long and complex passwords, with at least eight characters and special symbols.

Use unique passwords for each AI-related account, consider a password manager for tracking, and enable multi-factor authentication (MFA) for added security. MFA options like email, SMS, app, or biometric authentication add an extra layer of protection, significantly reducing the risk of unauthorized entry to AI systems and enhancing overall security posture.

5. Audit AI Interactions and Monitor Data Breaches

Private, work-related content should never be shared in public LLMs. However, almost 1 in 20 global employees (4.7%) have admitted to entering confidential corporate data into ChatGPT.3 Regularly audit activity logs to monitor suspicious file activity, particularly GenAI logins and file uploads. If the logs show these activities, investigate immediately to mitigate potential risks and maintain data integrity.

Utilize automated tools and anomaly detection systems to flag irregular patterns and behaviors that may indicate a potential breach or misuse. Conduct regular security assessments and penetration tests to identify vulnerabilities in your AI systems. Additionally, establish a response protocol for breaches that includes immediate containment measures, notification procedures, and steps for data recovery and mitigation.

Patrick Spencer, spokesperson at Kiteworks shared his thoughts:

“Ensuring data security and privacy is essential when utilizing LLMs and generative AI tools. With rigorous data privacy regulations across regions and industries, it’s imperative to use anonymized and encrypted data to mitigate risks.

We recommend organizations establish clear policies that prohibit employees from sharing specific details like customer information, financial data, and proprietary strategies to protect sensitive information. Implementing robust company policies and utilizing private AI systems can significantly enhance security and compliance, providing tailored and efficient solutions while safeguarding against breaches.

Regularly updating passwords and managing data privacy settings are also vital steps in maintaining data integrity and preventing unauthorized access to sensitive corporate data. Training employees on AI usage and data privacy is just as crucial. Start by identifying necessary or popular AI technologies. By investing up front in employee training on proper GenAI tool usage, organizations not only enhance employee skills but also mitigate the risk of exposing sensitive content.”

The post How to keep sensitive data secure when using GenAI tools. appeared first on City Security Magazine.