Content – CyberSecurity Confabulation

Ten 10 essential tips to bolster information security

Posted 1 year ago by Naveen Goud

In today’s business landscape, information security is of paramount importance. With nearly all business operations going digital, companies are increasingly vulnerable to cyber threats. Malicious actors are constantly on the lookout for weak links that they can exploit for financial gain. To bolster your organization’s information security posture, here are ten essential tips and actionable guidelines.

1. Prioritize Employee Education and Awareness

In a 2022 study by Edapp, it was revealed that 74% of data breaches occur due to human error. Therefore, investing in employee training and fostering awareness about the ever-evolving cyber threat landscape is crucial. This empowers your workforce to recognize and thwart phishing attempts, avoiding the pitfalls of clicking on malicious links and falling victim to email scams. Regular training sessions are essential to keep your staff updated on current cyber threats.

2. Keep Software and Hardware Updated

Regularly updating technology software and hardware is imperative. Outdated devices can lead to data breaches and ransomware attacks, as threat actors seek to exploit vulnerabilities in operating systems, web browsers, applications, and hardware.

3. Implement Strong Passwords and Authentication

Unauthorized logins are often the result of password guessing attacks. Protecting your data and applications with strong passwords and multi-factor authentication is a sound strategy in the current cyber landscape. Ensure that passwords consist of a mix of uppercase and lowercase letters, numbers, and symbols. Consider using a password manager for added security.

4. Embrace Data Encryption

Data encryption is an effective way to safeguard sensitive information. Encrypting data both at rest and in transit prevents threat actors from stealing or manipulating it during transmission.

5. Enhance Network Connection Security

Securing network connections is essential to prevent data leakage to unauthorized parties. Educate your staff to avoid using public Wi-Fi networks for transmitting sensitive information, thereby thwarting eavesdropping and man-in-the-middle attacks.

6. Deploy Anti-Malware Solutions

Installing reputable anti-malware and antivirus solutions is crucial for keeping malicious infections at bay.

7. Prioritize Data Backup

Regularly backing up your data is essential to secure it when facing threats like ransomware attacks. This not only facilitates data restoration but also helps you avoid paying substantial ransoms. Ensure that your backup solution is automated and includes two to three copies stored in off-site locations to maintain data integrity and reliability.

8. Implement Network Intrusion Prevention

Utilizing network intrusion software to analyze anomalies in network traffic patterns and behavior is key to defending against unauthorized activities and breaches.

9. Embrace Regular Auditing

While some companies may shy away from security audits due to budget concerns, they are essential in preventing losses resulting from malware attacks and breaches. Engaging companies that offer preventive services such as penetration tests is a wise move.

10. Develop an Incident Response Plan

Having a well-defined incident response plan is essential for mitigating losses during cyber incidents. It not only enables a quick recovery but also facilitates communication with employees and partners, outlining steps to mitigate risks stemming from an incident.

The post Ten 10 essential tips to bolster information security appeared first on Cybersecurity Insiders.

Most Organizations Expect Ransomware Attack Within a Year

Posted 2 years ago by cyberinsiders

BullWall, global leaders in ransomware containment, and researchers with Cybersecurity Insiders, today published the Cybersecurity Insiders 2023 Ransomware Report. Based on a survey of 435 cybersecurity professionals, the findings identified gaps, misunderstandings and obstacles in organizational security posture, attack prevention and ransomware remediation.

These findings emphasize the importance of shifting from a purely preventative approach, such as relying on EDR, to a layered, comprehensive strategy that includes rapid containment of ongoing attacks to limit the damage inflicted and reduce recovery time.

Cybersecurity Insiders CEO and Founder Holger Schulze will join Steve Hahn, BullWall EVP at 11:00am ET on June 15, 2023, to review the findings and share recommendations during the webinar “Why EDRs And Other Preventative Measures Cannot Stop Ransomware and What To Do Instead.”

Among the 2023 Ransomware Report’s key findings:

Overconfidence about attack detection: 77 percent of respondents incorrectly believe their endpoint security solution (EDR) can sufficiently protect their servers against malware attacks.
Substantial gap in confidence between detection and remediation: while 76 percent were highly confident in the organization’s ability to prevent an attack, only 35 percent were confident in the organization’s current ability to remediate ransomware after it locks or encrypts data within their systems.
Recovery time expectations are overly optimistic: 35 percent of respondents believe they can recover from an attack in a few days, despite research showing that recovery averages weeks or even months.
Troubling expectations: 79 percent of respondents said a threat is moderately to extremely likely to happen to their organization within the next year.
Data at risk: 69 percent report that financial information is at risk, 61 percent report that customer information is at risk, and 56 percent say employee information is at risk.
Ransomware’s biggest negative impacts: 82 percent cite downtime, 75 percent cite financial losses, and 68 percent cite reputational damage.
Main obstacles in enhancing defense strategies: 47 percent cite the evolving sophistication of attacks and 45 percent cite budget constraints.

“This research was very interesting for us,” said Holger Schulze. “We’ve been researching the state of ransomware for years, but a new trend is now starting to emerge. Organizations are becoming almost resigned to the eventuality of a ransomware attack, and are starting to indicate that the golden standards of prevention are not enough. These findings emphasize the importance of shifting from a purely preventative approach, such as relying on EDR, to a more layered, comprehensive strategy that includes rapid containment of ongoing attacks. By implementing solutions that can quickly shut down active attacks, organizations can limit the damage inflicted and reduce recovery time, better protecting their valuable data, operations and reputation.”

“The Cybersecurity Insiders team is providing invaluable insight that’s clearly needed now more than ever,” added Steve Hahn. “Ransomware is capable of infecting over 45,000 files per minute per infected device, and last year there were over 217 million attacks in the U.S. alone according to experts. A last line of defense when ransomware gets in – and it almost always does – is absent in most organizations, and urgently needed in all.”

To receive the full Cybersecurity Insiders 2023 Ransomware Report, please visit: https://bullwall.com/2023-ransomware-report/?utm_source=2023-ransomware-report&utm_medium=press-release&utm_campaign=2023-ransomware-report

To register for the webinar “Why EDRs And Other Preventative Measures Cannot Stop Ransomware And What To Do Instead” on 11:00am ET, June 15, please visit: https://register.gotowebinar.com/register/5763097225180979552?source=BW

BullWall Enters North American Market:

The findings follow BullWall’s May, 2023 expansion into North America following dramatic success in Europe. Its fully automated, patented last line of defense against ransomware is used in many European mission-critical enterprises across industries such as healthcare, education and government.

BullWall continuously monitors file shares, application servers and database servers in the cloud and in the data center, preventing server data encryption within seconds and thwarting attempts to both encrypt and exfiltrate data.

For more information about Bull Wall’s solutions and services, visit the company’s website at www.bullwall.com.

About BullWall

BullWall is a cybersecurity solution provider with a dedicated focus on protecting data and critical IT infrastructure during active ransomware attacks. We are able to contain both known and zero day ransomware variants in seconds, preventing both data encryption and exfoliation. BullWall is the last line of defense for active attacks.

The post Most Organizations Expect Ransomware Attack Within a Year appeared first on Cybersecurity Insiders.

Special Report: The State of Software Supply Chain Security 2023

Posted 2 years ago by cyberinsiders

Attacks on software supply chains surged in 2022. A few years after word of the SolarWinds hack first spread, software supply chain attacks show no sign of abating.

In the commercial sector, attacks that leverage malicious, open source modules continue to multiply. Enterprises saw an exponential increase in supply chain attacks since 2020, and a slower, but still steady rise in 2022. The popular open source repository npm, for example, saw close to 7,000 malicious package uploads from January to October of 2022 — a nearly 100 times increase over the 75 malicious packages discovered in 2020 and 40% increase over the malicious packages discovered in 2021.

Here’s what software development and security operations teams need to know about the state of supply chain security. Download the report ‘The State of Software Supply Chain Security 2023‘ to learn about:

✓ Key trends in software supply chain security
✓ How and where supply chain threats have mounted
✓ New federal mandates for supply chain security (EO 14028 etc.)
✓ Emerging best practices to get ahead of supply chain risk in 2023

The post Special Report: The State of Software Supply Chain Security 2023 appeared first on Cybersecurity Insiders.

Adoption of Secure Cloud Services in Critical Infrastructure

Posted 2 years ago by cyberinsiders

Adoption of cloud services, whether consumed as 3^rd party services provided by various vendors or in the form in-house developed software and/or services leveraging Platform-as-a-Service (PaaS) from major Cloud Service Providers (CSPs) has been steadily on the rise in critical infrastructure (CI) related industries[i]. This represents a significant shift for such industries which have traditionally relied on isolation via air-gapped networks. The “move to cloud” presents significant cybersecurity challenges for critical infrastructure related industries, that still put a premium on one element of the C-I-A triad (confidentiality, integrity and availability) over others, namely availability[ii].

What further compounds an already complex architectural and security landscape is the fact that critical infrastructure industries in various countries tend to be either partially or fully government controlled; with many providing “essential services” such as Healthcare, Water, Power, Emergency Services and Food production.

Impact to “essential services”

The US Government’s Cybersecurity and Infrastructure Security Agency or CISA lists about 16 industries that it considers as falling within the ‘critical infrastructure’ umbrella, including several which can be considered as “essential services” including transportation sector, water sector, food and agriculture sector, healthcare and public health sector, chemical sector, dams sector, energy and utilities sector (E&U), emergency services sector[iii]. UK’s CPNI agency also lists about 13 sectors or industries which have a significant overlap with the US list, with several industries offering essential public services directly (such as Water, Food, Health)[iv].

Cyber threats from rival nation states and rogue actors are very plausible and are also becoming increasingly common owing to the geopolitics of the current era. This has in several cases, resulted in loss of continuum of public services that are offered to common citizens.

In an example from last year, lack of risk-based adoption of cloud software and lack of controls to prevent access to ICS networks caused service disruption at a US drinking water treatment facility, where cyber-attack via poorly controlled cloud software (desktop sharing) had increased sodium hydroxide levels in drinking water[v].
In another example from this year, a version of the Industroyer malware that spreads via spear phishing emails which are part of cloud-based email systems, got access to power grids and almost shut down power supply to a portion of Ukraine’s capital (lack of or poor implementation of cloud native controls to detect and avoid phishing). This attempt had actually succeeded back in 2016, and remains a potent threat[vi].

In short, essential services affects us all and any disruption will tend to impact the way we carry out our daily tasks, not to mention the significant economic costs associated with them.

Current Security Landscape of Critical Infrastructure Industries

Cybersecurity is relatively still very new within CI sectors, which is traditionally lower down the priority list for many these organizations. Critical infrastructure related industries have certain things in common, which in spite of the extreme diversity of their product or service offerings, ties them together:

Industrial Control Systems (ICS) or OT Systems

These industries variously and extensively use ICS systems such as Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), smart transformers, smart grids, Remote Terminal Units (RTUs) and other such systems.

ICS systems are integral to CI industries, and form the backbone of all their facilities (except corporate offices) such as plants, refineries, workshops, substations etc. These systems are traditionally air-gapped from the corporate and external networks based on the Purdue Reference Model.

Purdue Reference Model

Most industries in CI, at least on theory try to align their networks and operations to the Purdue reference model. The Purdue reference model separates various operations and functions into loose logical swim lanes across the enterprise[vii]. There are hierarchical divisions on the basis of which a network is built.

IoT sensors and devices

Most plants and facilities have a high degree of IoT sensors and devices communicating wirelessly using very specific protocols, and very often interacting with cloud-based services for receiving and providing different telemetry data.

These unique characteristics of these industries present unique challenges from a security standpoint:

Lack of Risk Based decision making when adopting cloud services

Cloud services are adopted to meet specific requirements such as a third-party assessment tool, GRC tool, tools for corporate segmentation etc. Risk assessments including understanding of threat vectors due to introduction of new technologies is not typically or adequately addressed.

Using Purdue model for segmentation as a gold standard

Purdue model served the need for logical enterprise architecture for decades until the proliferation of IoT devices, cloud services and myriad of other enterprise-wide software and tools. Specifically in E&U industry, smart grids and smart transformers present a challenge that is not neatly addressed by Purdue model (by definition smart devices are IoT enabled devices that have cloud connectivity beyond the control networks)

Lack of robust segmentation and micro-segmentation practices

Most networks have devices that are traditionally sold by automation vendors such as Rockwell, Honeywell, Mitsubishi, Yokogawa etc., which come with defined enterprise network architectures focused on optimum deployments and performance of their equipment. This makes implementing best practices around segmentation within ICS networks very challenging owing to interoperability of solutions, especially with the penetration of cloud services

Ubiquitousness of Legacy Devices

Legacy devices exist in ICS networks, and depending on the organization and industry they operate within, their percentage varies. Upgrading these legacy devices are often complex projects that are not necessarily undertaken, given the extreme importance placed on ‘zero downtime’.

Overreliance on perimeter firewalls and industrial IDS tools

Several industrial IDS tools that perform deep packet inspection of traffic have proliferated the market. Organizations have been confusing deployment of IDS tools that only indicate anomalous activity as equivalent of securing networks. Additionally, perimeter firewalls are heavily relied upon with little importance to lateral firewalls

A holistic cyber security program focused on cloud and third parties to improve security preparedness

There is no silver bullet when it comes to addressing security concerns within CI industries that provide essential public services. It is impossible and counter-productive to stop the proliferation of cloud services within corporate and even ICS environments. But also, to ignore the security challenges they pose is akin to burying one’s head in the sand, since this is a clear and present threat. Some of the best practices to consider in designing robust networks and enterprise architecture for public services industries are the following (by no means an exhaustive list):

Comprehensive security program that addresses all domains of cloud security[viii]:

Establishing a comprehensive cloud security program that consists of all domains such as Access Control, Communications Security, Data Security, Threat Modeling and so on focused on adoption of newer cloud technologies is imperative. This should also be backed by a governance program that proactively addresses security as it pertains to cloud services/software being brought in.

Risk Assessments of all 3^rd party cloud services and also PaaS services:

Performing a thorough risk assessment on a component-by-component basis to determine risk before any product is brought into the network is imperative. Threat modeling to ensure various threat vectors have been assessed and the risk has been quantified, will mitigate some of the risks

Security controls, not just at the perimeter, but spread across ICS networks

Securing ICS networks doesn’t just involve perimeter security, but a whole range of security controls that the security program must implement, including lateral segmentation, possibly micro-segmentation, device level security, and device access control. Special controls must be in place for IoT devices as well. Overreliance on IDS tools doesn’t help the case, as the mitigation strategies still need to put in place.

Purdue model by itself will not cut it any more, it needs to be revamped for a cloud world

Though Purdue model will continue to provide the foundation on the basis of which CI public service organizations will operate, a more hybrid model that takes into account the reality that IoT devices and cloud services don’t necessarily interact with devices based on logical or abstract boundaries in important. Knowing data flows including API calls within and outside of the networks is very critical to come up with the best segmentation strategy

It is not particularly difficult to list out ad-nauseum the best practice recommendations for cloud adoption to minimize disruption within CI industries that provide essential services. The fundamental point is that cloud is here to stay and grow in areas that make economic sense for organizations. Also, there is a gradual blurring of lines between corporate and ICS networks, which will only accelerate in future. How organizations prepare themselves to effectively react to security challenges that arise out of it, in an age of extremely volatile geopolitical happenings is what will determine whether essential services are sufficiently protected from remote (cyber) disruptions or not.

[i] https://icscsi.org/library/Documents/ICS_Vulnerabilities/DHS-OCIA%20-%20Risks%20to%20Critical%20Infrastructure%20that%20use%20Cloud%20Services.pdf

[ii] https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-82r2.pdf

[iii] https://www.cisa.gov/critical-infrastructure-sectors

[iv] https://www.cpni.gov.uk/critical-national-infrastructure-0

[v] https://www.cisa.gov/uscert/ncas/alerts/aa21-042a

[vi] https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

[vii] https://www.sans.org/blog/introduction-to-ics-security-part-2/

[viii] https://www.cisa.gov/sites/default/files/publications/Cloud%20Security%20Technical%20Reference%20Architecture.pdf

The post Adoption of Secure Cloud Services in Critical Infrastructure appeared first on Cybersecurity Insiders.

New eBook: 4 Steps to Comprehensive Service Account Security

Posted 2 years ago by cyberinsiders

There are countless service accounts in any given organization. The number of these non-human accounts – and the number of applications that rely on them – is growing each day. These accounts can become high-risk assets that, if left unchecked, may enable threats to propagate throughout the network undetected.

In the new eBook ‘4 Steps to Comprehensive Service Account Security‘, we’ll explore the challenges of protecting service accounts and offer guidance on how to combat these issues. Topics covered, include:

+ 3 key problems created by service accounts
+ Why current methods of securing service accounts fall short
+ 4 steps to comprehensive service account security
+ And more

Download the eBook here

The post New eBook: 4 Steps to Comprehensive Service Account Security appeared first on Cybersecurity Insiders.

New Report Reveals AWS Cloud Security Challenges

Posted 2 years ago by cyberinsiders

Cloud environments are increasingly complex, while threats continually evolve. This trend makes simplified cybersecurity imperative to meet both operations and compliance requirements. To close security gaps, organizations are looking for unified cybersecurity platforms to better manage complexity and maintain both visibility and control.

The new 2022 AWS Cloud Security Report [download here] is based on a comprehensive survey of over 500 cybersecurity professionals to reveal how AWS user organizations are responding to evolving cloud security threats, and what tools and best practices cybersecurity leaders prioritize as their cloud infrastructures mature.

Key survey findings include:

• Virtually all organizations in our survey have some public cloud footprint. While AWS is still the predominant cloud provider, a majority of organizations (87%) use two or more cloud providers.

• More than two of three organizations (67%) use between three to six different dashboards to configure cloud security policies, significantly increasing the cost and complexity of managing security across multi-cloud environments.

• Ninety-five percent of organizations agree that it would be helpful to have a single cloud security platform with a single dashboard to configure all policies needed to consistently and comprehensively protect data across their cloud footprint.

• Eighty-one percent of organizations have an intermediate to leading cloud maturity level. However, despite this growing maturity level with the cloud, consistent with previous years, 95% of security professionals are moderate to extremely concerned about the security of public clouds, signaling a need for adoption of better security tools and practices.

• Fifty-eight percent of organizations state that they will deploy a new cloud security solution in the coming year.

We would like to thank Fidelis Cybersecurity for supporting this important research.

We hope you find this report informative and helpful as you continue your efforts in securing your journey into the cloud.

The post New Report Reveals AWS Cloud Security Challenges appeared first on Cybersecurity Insiders.

Report Finds 49% of Security Teams Plan to Replace their ASM Solution in the next 12 Months

Posted 3 years ago by cyberinsiders

Team Cymru recently surveyed 440 security practitioners in the US and Europe. Each survey participant works for a company that currently uses an ASM platform. These professionals were able to provide first-hand knowledge about the benefits and drawbacks of ASM tools today. They shared what they liked and disliked about the tools they use.

The Team Cymru State of Attack Surface Management Report covers a broad spectrum of topics. With over 30 questions, it sheds light on everything from why organizations deploy ASM solutions, to their experience, and how they use it.

Two of the key survey results center around the cost of ASM solutions and the future plans of current users. Here we’ll focus on these two key findings.

How Satisfied are Security Teams with ASM today?

The message conveyed by the results of this survey is loud and clear: many security leaders do not feel their current solution provides value to the security organization.

An alarming number of respondents indicated they were ready to throw in the towel concerning their current solution. Only 51% said they have no immediate plans to stop working with their ASM vendor. That means that an astounding 49% have had enough and are ready to throw up their hands in defeat.

What Security Professionals Say about Price Versus Performance

Many ASM users do not realize the benefits promised when they acquired their solution. Legacy ASM solutions fail to deliver adequate value for modern cloud-based enterprises.

Of those that indicated they were ready to stop working with their current ASM vendor, only 21% said it was because of cost. That tells us that the vast majority of unhappy users are not discouraged by the costs; instead, they fail to see value in what their current solution can do for them.

How Security Teams Plan to Move Forward

That 49% of teams have plans to stop working with their ASM vendor in the next 12 months begs the question, what do these disaffected ASM users plan to do to manage their attack surface?

The survey reveals that 30% of those that plan to stop using their current vendor do not intend to replace their platform. Presumably, these are very small organizations that can go back to spreadsheets and checklists to manage their assets and infrastructure.

However, the inverse of that statistic tells us that 70% of these disgruntled ASM users plan to find a better solution to manage their attack surface. Their move-forward plan is to find a more modern ASM solution that provides value to their security team.

Conclusion

We believe this survey clearly indicates that it is time for companies to rethink their ASM. For many years, ASM has been a fundamental tool for discovering hidden assets and inventory management. Still, this is no longer enough when faced with the growing risk of breaches from external vulnerabilities.

Digital business risk for the organization drives business decisions and must also drive security threat and vulnerability mitigation and remediation strategies. Capabilities like continuous discovery, automated classification, risk-based security decision-making, and more are quickly becoming imperative.

Don’t let your attack surface outpace your ASM solution. Learn how to integrate robust threat intelligence, automation, and risk-based vulnerability remediation to stay ahead of modern threats.

The post Report Finds 49% of Security Teams Plan to Replace their ASM Solution in the next 12 Months appeared first on Cybersecurity Insiders.