88f0988d

Cybervio Earns Bronze Award in Defence Employer Recognition Scheme for Armed Forces Support

Fri, 17 Jan 2025 13:55:44 GMT

Cybervio is proud to announce that it has been awarded the prestigious Bronze Award in the Defence Employer Recognition Scheme (ERS). This accolade underscores our ongoing commitment to supporting the Armed Forces community and upholding the values of the Armed Forces Covenant.

What is the Defence Employer Recognition Scheme (ERS)?

The Defence ERS is a UK Ministry of Defence initiative that recognises employers who demonstrate exceptional support for the Armed Forces community. The scheme has three tiers—Bronze, Silver, and Gold—each reflecting increasing levels of commitment. The Bronze Award is granted to organisations that have pledged their support to the Armed Forces Covenant, making a tangible commitment to being Armed Forces-friendly employers.

Cybervio’s Commitment to the Armed Forces Covenant

At Cybervio, we recognise the invaluable skills and dedication that members of the Armed Forces bring to the civilian workforce. Our commitment to the Armed Forces Covenant is a testament to our support for:

Promoting the Armed Forces
Supporting Veterans
Supporting National events & Armed Forces Charities
Providing commercial support to members of the Armed Forces and Veterans who utilise our Services

Why This Matters

Earning the Bronze Award is more than just a recognition; it’s a reflection of our values as an organisation. At Cybervio, we believe in fostering a culture of respect, support, and opportunity for all, particularly those who serve or have served in the Armed Forces. By integrating these principles into our recruitment practices, workplace policies, and community engagement, we aim to set a standard for other employers to follow.

Final Thoughts

We are incredibly honoured to receive the Bronze Award and remain steadfast in our dedication to the Armed Forces community. Cybervio will continue to work hard to ensure that our workplace is inclusive, supportive, and empowering for those who have served our country.

To learn more about our initiatives and how we support the Armed Forces community, visit our website or reach out to our team.

Together, we can make a difference.

Cybervio Attends the 2024 Healing Military Minds Ball

Thu, 12 Dec 2024 19:29:18 GMT

Cybervio Attends the 2024 Healing Military Minds Ball

Last month, Cybervio were honoured to attend the 2024 Healing Military Minds Ball, held in support of Combat Stress, a vital organisation dedicated to helping veterans overcome the mental health challenges of service. This annual event, hosted in November, serves as a powerful reminder of the ongoing need to support the Armed Forces and veteran community—a cause Cybervio is deeply committed to through our pledge to the Armed Forces Covenant.

The evening was a celebration of camaraderie, gratitude, and generosity. We were thrilled to join other supporters of this meaningful cause, demonstrating the enduring appreciation for the sacrifices made by service personnel and their families.

One of the highlights of the night was the fundraising auction, where Cybervio proudly contributed by securing a prized item: a signed England Rugby match jersey from Ellis Genge. This remarkable piece of sports memorabilia not only represents a cherished moment for our team but also signifies our commitment to making a tangible difference. The funds raised from the auction, including our contribution, will directly support the invaluable work of Combat Stress.

We would like to extend our heartfelt thanks to the event organisers for creating such an impactful evening and for their continued efforts in championing this cause. At Cybervio, we remain steadfast in our support of those who have served our country, honouring their resilience and commitment by working to ensure they receive the care and recognition they deserve.

Here’s to many more opportunities to stand together for our Armed Forces and veteran communities!

Implementing Secure by Design in UK HMG: A Comprehensive Approach with NIST and NCSC Guidance

Fri, 29 Nov 2024 18:07:00 GMT

Implementing Secure by Design in UK HMG: A Comprehensive Approach with NIST and NCSC Guidance

In an increasingly digitised world, cyber threats have become a pressing concern for governments and organisations worldwide. The UK government has taken a proactive stance on cybersecurity by adopting the principles of Secure by Design (SbD). This approach prioritises embedding security measures at the earliest stages of system development, ensuring resilience against evolving cyber threats. Leveraging guidance from the National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre (NCSC), SbD has become a cornerstone of the UK government’s strategy. In this post, we will explore the successes, challenges, and risks overcome in implementing this approach across UK government systems.

Understanding Secure by Design

SbD focuses on integrating security features and practices into every stage of a product’s lifecycle—from initial concept and design to deployment and ongoing maintenance. This contrasts with traditional methods, where security was often retrofitted or considered only after a system’s development. By embedding security from the outset, organisations can significantly reduce vulnerabilities, minimise risks, and improve resilience against sophisticated attacks.

For UK government systems, this approach is not optional—it is essential. With sensitive citizen data and critical national infrastructure at stake, SbD supports robust cybersecurity aligned with the Government Cyber Security Strategy 2022-2030. This strategy aims to ensure that all government organisations have strong cybersecurity measures and can respond effectively to threats.

The Role of NIST and NCSC in Secure by Design

Both NIST and NCSC provide critical frameworks and guidance to enable SbD.

1. NIST’s Role

NIST’s Cybersecurity Framework (CSF) is a globally recognised standard. It provides a structured approach to managing cybersecurity risks, emphasising six core functions: Identify, Protect, Detect, Respond, Recover and Govern. For SbD, the NIST CSF offers actionable guidelines for integrating security at every stage of the system lifecycle. NIST’s SP 800-160 publication also focuses on systems security engineering, detailing principles for building secure and resilient systems.

2. NCSC’s Contributions

As the UK’s authority on cybersecurity, the NCSC provides tailored guidance to help government departments implement SbD. Its principles emphasise the importance of understanding risks, adopting secure development practices, and ensuring systems are resilient by design. Notable frameworks include the NCSC’s Cloud Security Principles and Cyber Assessment Framework (CAF), which align with SbD practices.

Together, these resources enable organisations to adopt a structured, internationally benchmarked approach to security while addressing UK-specific challenges.

Successes in Implementing Secure by Design

The UK government has made significant strides in implementing SbD, with notable successes including:

1. Improved Baseline Security Standards

The adoption of the NCSC’s CAF has helped standardise security requirements across government departments, ensuring a minimum baseline for protecting systems. This has been particularly effective in securing critical infrastructure and cloud services.

2. Increased Awareness and Training

SbD has driven greater awareness of cybersecurity among developers and system architects. Training programs emphasising secure coding practices and system engineering principles have reduced common vulnerabilities such as injection flaws and misconfigurations.

3. Resilience Against Attacks

By embedding threat modelling and security testing in the development cycle, government systems have become more resilient against cyberattacks. For instance, systems designed with robust identity and access management (IAM) features have successfully mitigated risks associated with unauthorised access.

4. Alignment with International Standards

The integration of NIST frameworks ensures that UK government systems align with international cybersecurity best practices. This fosters better collaboration with global partners and enhances trust in cross-border data exchanges.

Challenges in Adopting Secure by Design

While the benefits are clear, implementing SbD is not without its challenges. Key obstacles include:

1. Legacy Systems

Many government departments rely on aging IT infrastructure, which was not designed with modern security principles in mind. Retrofitting these systems to align with SbD can be complex and costly, requiring significant resources.

2. Cultural Resistance

Shifting the mindset from a reactive to a proactive approach to security has been challenging. SbD requires buy-in from all stakeholders, including developers, managers, and policymakers. Resistance to change can slow adoption.

3. Skills Shortages

The demand for cybersecurity professionals with expertise in secure system design far exceeds supply. This shortage has been a barrier to fully implementing SbD across all government projects.

4. Balancing Security and Usability

Designing systems that are both secure and user-friendly remains a challenge. Overly stringent security measures can hinder usability, potentially leading to workarounds that undermine the system’s security.

Overcoming Risks and Challenges

To address these challenges, the UK government has adopted a range of strategies:

1. Legacy System Modernisation

A phased approach to modernising legacy systems has proven effective. By prioritising the most critical systems and leveraging secure migration practices, departments have reduced risks while minimising disruptions.

2. Cultural Transformation

Continuous engagement and education campaigns have fostered a culture of security awareness. For example, the introduction of mandatory cybersecurity training for civil servants has increased understanding and support for SbD principles.

3. Building a Skilled Workforce

Investments in cybersecurity education and apprenticeship programs are helping to bridge the skills gap. Collaborations with academic institutions and private sector partners have also bolstered talent pipelines.

4. Integrating User-Centered Design

To balance security and usability, the Government has adopted user-centered design principles. By involving end-users early in the design process, systems can be both secure and practical.

Key Lessons Learned

The UK government’s journey in implementing SbD offers several lessons:

• Early Investment Pays Dividends: The cost of addressing security issues during development is significantly lower than post-deployment remediation.

• Collaboration is Critical: Effective implementation requires close collaboration between cybersecurity experts, developers, and end-users.

• Adaptability is Key: Cyber threats evolve rapidly, so SbD must be an ongoing, iterative process rather than a one-time effort.

Future Directions

As technology continues to evolve, so too must SbD. Emerging trends such as artificial intelligence (AI) and quantum computing will introduce new challenges and opportunities. The UK government is already exploring how these technologies can be harnessed securely, with frameworks like NIST’s Post-Quantum Cryptography Standardisation providing valuable guidance.

Additionally, the push towards a “zero trust” architecture—where no entity is inherently trusted and verification is required for all access—will further strengthen the SbD approach.

Conclusion

Implementing SbD across UK government systems is a complex but essential undertaking. By leveraging guidance from NIST and NCSC, the Government has made significant progress in creating resilient systems capable of withstanding modern cyber threats. While challenges such as legacy systems, cultural resistance, and skills shortages persist, the successes achieved thus far demonstrate the value of embedding security at the core of system development.

As the cyber threat landscape continues to evolve, the UK Government’s commitment to SbD will remain a critical pillar of its cybersecurity strategy. Through collaboration, innovation, and adherence to international best practices, the UK can ensure that its systems remain secure, trustworthy, and fit for purpose in the digital age.

Monitor Your Child's WhatsApp

damien_gillett@hotmail.com (Damien Gillett) — Tue, 27 Apr 2021 21:35:42 GMT

What is WhatsApp?

WhatsApp is a messaging platform that has become extremely popular, more than 2 billion people in over 180 countries use WhatsApp. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world. And yes, the name WhatsApp is a pun on the phrase What's Up. Facebook purchased WhatApp for a staggering $19 billion in 2014. So what, well due to it's popularity, ease of use and availability is has become the de-facto messaging platform for all ages. Well what does WhatsApp provide?

Texts - Simple, Reliable Messaging
Group Chat - Groups to keep in touch
Voice and Video Calling
Voice Messaging
Photos and Videos
Document Sharing
Location Sharing
End-to-end encryption

That sounds great, so why should I worry about my child's WhatsApp? Well it's not a matter of IF your child will end up on WhatsApp, but WHEN will your child end up on WhatsApp and HOW they will use WhatsApp.

Having a child that has recently received her own phone I have ensured parental controls are in place, screen time is limited and boundaries are set. We'll now highlight how you can ensure your child(ren) can use WhatsApp safely, some tips on how to introduce it to your child it and how to monitor your child’s WhatsApp.

With your child, review the WhatsApp Profile setting and select a picture that your child likes and you approve of. Following this go to Settings -> Account -> Privacy. You should ensure that as a minimum you set your child’s privacy settings to 'My Contacts'. The options here are 'Everyone', 'My Contacts' and 'Nobody', none of your child's Privacy settings should be "Everyone". Furthermore, you should restrict the 'Live Location' settings to 'None'

Next select 'Two-Step Verification' and enable it. You will be required to provide a PIN and email address but in doing so you greatly increase the overall security of your child's account
If utilising an Apple product you can also enable 'Screen Lock', this then requires 'Touch ID' to re-open WhatsApp and provides an additional layer of security to your child's account

How to monitor WhatsApp for Free:

On your home laptop or PC, browse to https://web.whatsapp.com/
On your child's phone follow the instructions provided:

Once synced you should be able to monitor chat history

Many may see this as being overprotective however, we must be open and honest with our children. There are online dangers such as bullying, sexting, pornography, stranger danger, etc. Therefore, it is essential to discuss with your child such issues:

Teach your child to protect their WhatsApp account. Given that it doesn't require a password and unless you have set up 'Touch ID' your child may leave their phone unattended and unlocked. Someone may think it funny to send messages purportedly from your child. This may be harmless fun but may also have significant consequences if deemed inappropriate
Has your child observed any foul language and if so could it be considered bullying? This should be discussed with your child to ensure that inappropriate behaviour is curtaile d
Sexting: Sexting is when you send a sexual message, photo or video to someone else. It could be a picture of you, but sometimes people send pictures and videos of other people. Learn more about sexting
Fake News & Hoaxes: As adults we've become accustomed to 24/7 news and have a better grasp on what may be deemed 'fake news'. Children however, are likely to struggle with this concept at first. Have a conversation with your child about what is real news, what is fake
Stranger Danger: Whilst we have set the Privacy settings to 'My Contacts' your child may innocently add a stranger to their contacts list. Therefore, it is still important to have a conversation with your child about stranger danger
Finally, block WhatsApp before bedtime, set screen time. Apple devices are extremely easy to set up and it ensures that your child can get a good nights sleep

Should you wish to discuss this blog or any child online safety concerns please contact us at:

info@cybervio.co.uk

AWS Mindmap for Detection Capabilities

Fri, 29 Jan 2021 17:34:39 GMT

AWS Mindmap for Detection Capabilities

Whilst working in Cloud environments it is essential to understand what data sources are available to aid detection capabilities. In doing so, Blue Teams can align their monitoring in an attempt to identify potentially anomalous activity. One of the most useful sources of information whilst monitoring an AWS environment is derived from CloudTrail , this provides detail of any API calls made.

The mindmap provides a useful resource for Blue Teams to aid detection capabilities, for example, an analyst may identify 'CreateUser' followed by 'CreateKeyPair', then followed by 'PutUserPolicy' or 'AttachUserPolicy' in conjunction with 'AddUserToGroup'. This identified activity would map to Mitre's ATT&CK framework, specifically, the Tactics Persistence and Privilege Escalation.

Therefore, your Blue Team can utilise the mindmap in order to align detection capabilities to specific AWS API calls that map to ATT&CK Tactics and Techniques. Our previous blog post Sigmac: A Sigma to SIEM converter describes how a Blue Team can utilise Sigma rules, whilst making use of Pacu (an AWS exploitation tool) to create Use Cases and detection alerts to aid SOC analysts. Furthermore, the mindmap can be utilised to aid proactive threat hunting.

There will likely be False Positives (FP's) in relation to the identified API calls as legitimate activity occurs within your environment. By utilising items such as authorised user/admin lists, standard operating hours and the principle of least privilege you can greatly reduce the overall amount of FP's.

Overall, the mindmap can be utilised in a number a ways to enhance your security posture and reduce both the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).

Cybervio can assist your Blue Team in utilising the ATT&CK framework for Cloud in order to build detection capabilities against Tactics, Techniques and Procedures (TTP's) in an AWS environment.

Sigmac: A Sigma to SIEM converter

damien_gillett@hotmail.com (Damien Gillett) — Wed, 02 Sep 2020 16:00:37 GMT

What is Sigma?

As @cyb3rops describes it, Sigma is an open standard for rules that allow you to describe searches on log data in generic form. These rules can be converted and applied to many log management or SIEM systems and can even be used with grep on the command line.

Having been working through potential Splunk Use Cases and trying to take the viewpoint of an attacker I made use of the modules within Rhino Security Labs Pacu, an AWS exploitation framework. In doing so I came across Sigmac written by Florian Roth. In essence by utilising Sigmac you can take Sigma rules and convert them to a number of SIEM platforms, in this case Splunk.

The setup, configuration and use is fully documented on Florian's GitHub page so I won't go into detail here. Essentially, by converting known, well documented Sigma rules into Splunk SPL you can aid detection of potentially anomalous activity within your environment.

The resultant Splunk SPL search will likely require review for your environment, however, it will provide the basis to create useful content from. In doing so you can map Use Cases against exploitation frameworks, e.g. Pacu and detection frameworks such as ATT&CK.