Category: Expert Commentary

By Holger Schulze, Scott Gordon

The increasing sophistication, targeting, and volume of cyber threats facing organizations, coupled with attack surface management dynamics, requires cybersecurity solutions to move towards curated findings that help security teams become more efficient in handling the increased likelihood of exposures, attacks and breaches. This does not necessarily mean building out a bunch of AI prompts.

Modern security tools like Extended Detection and Response (XDR) have significantly improved SOC capabilities over the years. These tools progress detection and response by integrating various data sources and providing a comprehensive view of the threat landscape. Additionally, advancements in Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms have streamlined security operations, allowing for enhanced incident management .

Today’s Cybersecurity Challenge

Despite substantial investments in cybersecurity tools, the number of successful attacks is increasing. Over 80% of cyber breaches result from external threat actors conducting phishing, session hijacking, account takeover, and malware attacks – putting organizations under mounting pressure to improve their security posture and automate cyber response. This increase in successful attacks stems from an ever-expanding attack surface combined with increasing coordination and advancement of attack methods.

Factors contributing to the expanding attack surface include the use of multi-cloud services, distributed applications, unaccounted-for internet-facing assets, siloed technology acquisitions across business units, and broader supply chain dependency – all introducing more potential attack points for cyber adversaries​​​. Criminal and state-sponsored adversaries are taking advantage of attack surface soft spots with increasingly AI-gen augmented attack methods to exploit susceptible users and vulnerabilities in systems to accomplish their objectives.

The sheer size, scope, and velocity of attacks and issues are inundating security analysts with alerts—often exceeding 11,000 per day for large organizations—leading to missed exposures, delayed action, and analyst burnout​. Conventional threat intelligence tools provide security teams with relevant information, but still requires analysts to exert consideration assessment, research, and inference workload. Even with alert reduction capabilities, analysts must exert effort to examine, investigate, and validate. This overload has real-world consequences, as seen in notable breaches where overwhelmed analysts were unable to prioritize and focus on the most serious threats. For example, in the case of the 2023 T-Mobile data breach, crucial threats were missed due to the SoC team struggling with prioritizing alerts and managing threats, leading to data exposure that affected millions of customers. Other breaches, such as the 2024 Mintlify and Acer Philippines, demonstrate threat actor sophistication and third-party risk.

Continuous Threat Exposure Management (CTEM)

Given this reality, organizations are adopting more proactive processes and advanced security tools that enable security operations teams to respond faster and enable their companies to become more resilient against rapidly evolving threats. One innovative approach is Continuous Threat Exposure Management (CTEM), which focusing on workflows processes to mitigate potential threats before they escalate.

Introduced by Gartner in 2022, CTEM addresses the limitations of reactive vulnerability management by proactively anticipating threats. In a nutshell, CTEM operates through a cyclical process of five key stages: Scope, Discover, Prioritize, Validate, and Mobilize. This structured methodology ensures that organizations not only identify and understand their attack surface but also respond to risks and remediate vulnerabilities in a more strategic and proactive manner.

  • Scope: Define the organization’s total attack surface and risk profile, including internal and external vulnerabilities.
  • Discover: Utilize advanced tools to identify potential threats and vulnerabilities within the defined scope.
  • Prioritize: Rank threats based on their likelihood of exploitation and potential impact on the organization.
  • Validate: Confirm the existence and severity of identified threats using techniques like automated penetration testing and breach simulation.
  • Mobilize: Implement remediation measures for validated high-priority threats, ensuring alignment with business objectives and effective communication across departments.

Balancing Security Posture and Defense

CTEM strikes an important balance between maintaining a robust security posture and being capable of dynamic response. This balance is crucial because a purely defensive stance may leave organizations vulnerable to novel attack vectors, while a focus solely on response may lead to unaddressed vulnerabilities and missed threats. By integrating posture and response, CTEM enables organizations to prioritize and address the most critical vulnerabilities in real time, aligning security efforts with business objectives and operational realities​.

The Need for a Better Approach

As discussed earlier, traditional threat intelligence sources and assessment tools fall short in refining the signal-to-noise ratio, covering the extended attack surface and managing threat volume and sophistication. This still leaves analysts coping with how to more efficiently triage and respond to the deluge of often irrelevant, inaccurate, and outdated alerts and intelligence data – often missing truly critical findings.

To bridge this gap, TacitRed was developed by continuous intelligence solutions provider Cogility to empower security teams with tactical attack surface intelligence. Unlike traditional tools that often overwhelm analysts with data, TacitRed delivers fully curated, prioritized, and detailed findings on pertinent cyber issues. This allows security teams to take immediate, decisive actions on compromised and at-imminent-risk assets to mitigate exposures.

Tactical Attack Surface Intelligence with TacitRed

TacitRed continuously monitors, maps, and analyzes an organization’s external attack surface, offering an on-demand assessment of an organization’s security posture and providing curated, valid, and detailed active threat findings.

As a turnkey, Software-as-a-Service (SaaS) solution, TacitRed automatically maps an organization’s external attack surface and correlates connections and threat activity between its digital presence, cyber adversaries, and third-party entities.

Security operations, security analysts, and risk analysts can instantly examine curated attack surface risks and active issues of over 18 million U.S. entities on demand by simply entering a business domain name. Users can examine compromised and imminent target assets and novel attack findings categorized by severity, threat type, and cyber kill chain stage. The on-demand, accurate, and actionable intelligence with full contextualization sets TacitRed apart from conventional, query-based external attack surface management tools.

Attack Surface Intelligence Process

TacitRed’s approach to attack surface intelligence can be summarized in five key steps that are closely aligned with the principles of Continuous Threat Exposure Management (CTEM) model discussed earlier, which serves to anticipate and mitigate potential threats before they can escalate:

  • Inventory: Continuously maps and analyzes internet-facing assets, while dynamically monitoring the connections and threat activity and active exploits.
  • Discover: Identifies compromised and at-imminent-risk assets, helping security teams understand the overall security posture of their organization’s external attack surface. A calculated Threat Score based on active threat actor activity informs analysts about the extent of assets that are compromised or are at imminent risk and require priority action.
  • Investigate: Provides comprehensive, curated findings enabling analysts to readily examine compromised and high target assets with full contextual details of affected machines and users, prioritized by severity and categorized within the cyber attack chain stage. This allows analysts to focus their investigation on valid security issues with high fidelity.
  • Respond: Expedites mitigation efforts by sharing curated findings with incident response teams, including asset severity rating and detailed exposure evidence. The system enables the integration of active attack surface asset enumeration and threat findings to existing SIEM, SOAR, and IT Asset Management tools via API.
  • Extend: Enables security teams to assess their extended attack surface of third-party entities, such as subsidiaries, partners, suppliers, agents, and service providers. By sharing threat scores and critical security insights, organizations can facilitate corrective actions to reduce supply-chain risk.

An Example of How AI Unleashes the Full Potential of Threat Intelligence

Leveraging Expert AI and event stream processing technologies, TacitRed is able to deliver accurate, actionable threat intelligence at scale. At the heart of TacitRed is Cogility’s patented Hierarchical Complex Event Processing (HCEP) analytic. It applies pattern-matching logic at machine speed to dynamically process billions of streamed records each hour through its cloud-scaled event stream processing engine – while maintaining state. By synthesizing available industry threat intelligence with proprietary sources, such as domain and internet routing registries, malware and botnet logs, bulletproof hosting, C2 node identification, and internet traffic sampling, TacitRed provides the best possible curated threat insights that can enable organizations to respond to and prevent incidents. The Expert AI behavioral analysis identifies active cyber attacks, including threat actors, targeted entities, exposed assets, compromised credentials and sessions, and malware activities. Additionally, TacitRed evaluates third-party risks and presents actionable results with similar details as first-party risk assessments.

This is presented in a simple, intuitive SaaS GUI allowing analysts to ascertain risk, examine active compromised and target assets, and mobilize mitigation efforts using detailed threat contextualization – or to push findings to other internal systems via API.

“The interface is straight-forward and purposely uncomplicated. The speed, depth, and usefulness of threat detail from TacitRed is astonishing – saving us considerable time and potential claim loss,” according to Ross Warren, VP of E&O and Cyber at ATRI Insurance Services.

CONCLUSION

In conclusion, TacitRed is a game-changer in delivering tactical attack surface intelligence that can help organizations realize the promise of Continuous Threat Exposure Management. The SaaS solution’s ability to provide continuous, curated, prioritized and detailed active security findings empowers security teams to assess active threats faster and mitigate them more efficiently. By enhancing security analyst capacity and capability, the tool can help fortify the way SOC operations manages external attack surface risk.

For more information, visit https://tacitred.com and check out their free 30-day trial at https://tacitred.com/trynow

The post Transforming SOC Operations: How TacitRed Curated Threat Intelligence Boosts Analyst Efficiency and Delivers Tactical Attack Surface Intelligence appeared first on Cybersecurity Insiders.

A robust IT infrastructure is non-negotiable in today’s digital age. Central to this infrastructure is structured cabling, the unsung hero ensuring that data flows securely and efficiently across networks. As cyber threats grow more sophisticated, the strategic importance of structured cabling in safeguarding sensitive information cannot be overstated. This backbone of modern IT not only supports the rapid transmission of data but also fortifies defenses against the ever-evolving landscape of cyber vulnerabilities.

1 – Enhanced Network Performance and Security

Reliable and swift network performance is essential in defending against cyber threats. Structured cabling ensures high-speed data transmission, crucial for the effective implementation of robust security protocols. Networks that operate efficiently are less likely to be compromised by attackers who exploit delays in data transfer, particularly during critical updates or security deployments.

Structured cabling’s organized architecture greatly assists in pinpointing and managing potential security breaches. Efficient data pathways reduce system complexity, facilitating quicker detection of irregular traffic patterns and swift response to potential threats. This rapid detection is key to stopping cyber attacks early, minimizing potential damage.

Additionally, the dependability of structured cabling systems guarantees the uninterrupted operation of security applications. Stable network conditions are vital for continuous operations of security measures like intrusion detection systems and ongoing data encryption, ensuring a fortified IT environment against cyber vulnerabilities.

2 – Efficient Problem Detection and Resolution

Structured cabling systems enhance an organization’s ability to quickly identify and address network issues, significantly impacting IT security management. The streamlined layout inherent in structured cabling services allows IT professionals to efficiently troubleshoot and resolve network faults. This rapid identification and correction of issues reduce the risk of security breaches that can occur when vulnerabilities are left unchecked.

This systematic organization not only aids in regular maintenance but also plays a critical role during security breaches. By enabling clearer visibility and easier access to the network’s physical and logical layouts, technicians can swiftly isolate affected areas, preventing the spread of potential security threats across the network.

Moreover, the predictability and order provided by structured cabling enhance monitoring efforts. IT teams can more effectively oversee network traffic, quickly spotting deviations from normal activity patterns that may indicate security threats. This proactive approach to network monitoring ensures that any irregularities are addressed before they escalate into major security concerns.

3 – Improved Risk Management with Scalability

The scalability of a structured cabling system is a cornerstone of effective IT security management. As businesses grow and their data needs evolve, the ability to expand network capabilities without compromising security is paramount. Structured cabling systems are designed to accommodate future growth seamlessly, enabling organizations to integrate new technologies and increase capacity without exposing new vulnerabilities.

This adaptability is crucial in maintaining security standards in a dynamic technological landscape. As organizations scale, structured cabling ensures that upgrades and expansions can be implemented swiftly and securely, reducing the exposure time during which systems are vulnerable to attacks. The infrastructure’s flexibility also means that security enhancements and new defensive technologies can be adopted as they become available.

Moreover, a scalable network underpinned by structured cabling minimizes disruptions during updates and expansions. Maintaining continuity of service is essential, as interruptions can lead to security lapses, providing openings for cyber attacks. By facilitating smooth transitions during scale-up phases, structured cabling protects against potential security breaches that could arise during critical growth periods.

4 – Minimized Network Downtime

The reliability of structured cabling systems plays a pivotal role in minimizing network downtime, a critical factor in maintaining continuous IT security. Downtime not only hampers productivity but also creates opportunities for cybercriminals to exploit system vulnerabilities. A well-designed structured cabling infrastructure ensures that networks are less prone to failure, reducing the frequency and duration of outages.

During an outage, the integrity of data and systems can be compromised as security measures may become temporarily inoperative. By establishing a stable and robust cabling system, the risk of unplanned downtime is significantly decreased, thus safeguarding sensitive information from being accessed or corrupted during these vulnerable periods.

Additionally, structured cabling facilitates faster recovery times when disruptions do occur. With a clear and organized cabling layout, IT personnel can quickly locate and address the source of a problem, restoring services more rapidly and securely. This prompt response is essential in preventing potential security breaches during downtime, ensuring that protective measures are quickly reinstated.

5 – Future-proofing and Security Compliance

Investing in a structured cabling system is an investment in future-proofing your IT infrastructure. As technology evolves and security demands intensify, the ability to adapt swiftly and seamlessly is paramount. Structured cabling provides a robust foundation that supports the integration of new technologies and compliance with emerging security standards.

Future-proofing through structured cabling ensures that an organization is not only prepared for current security challenges but also equipped for future developments. This adaptability is crucial for staying ahead of potential cyber threats that evolve with technological advancements. It also facilitates compliance with new regulations and standards, which often require updates to network infrastructure to ensure data protection and privacy.

Moreover, a future-oriented cabling infrastructure allows businesses to leverage the latest security technologies without extensive overhauls. This capability to upgrade and adapt with minimal disruption is vital for maintaining continuous security measures and protecting against both present and emerging cyber threats.

Wrapping Up 

The strategic implementation of structured cabling systems is integral to bolstering IT security management. By enhancing network performance, simplifying troubleshooting, supporting scalability, minimizing downtime, and future-proofing infrastructure, businesses can maintain a high level of security against evolving cyber threats. Investing in structured cabling is not just about upgrading technology; it’s about safeguarding your organization’s future in an increasingly digital world.

 

The post 5 Reasons Structured Cabling Networks are Critical for IT Security Management appeared first on Cybersecurity Insiders.

We’re sure you have heard this before: the rate of technological change is accelerating. It is unpredictable and unprecedented. As the World Economic Forum acknowledges, the fourth industrial revolution brings “developments in previously disjointed fields such as artificial intelligence and machine learning, robotics, nanotechnology, 3D printing and genetics and biotechnology [that] are all building on and amplifying one another.”

This unprecedented disruption of society by technology introduces many changes in the workforce as well. In the words of the World Economic Forum “more than a third of the desired core skill sets of most occupations will be comprised of skills that are not yet considered crucial to the job today.” 

The key to surviving and exceling the digital future of the fourth industrial revolution is leading it. That requires two key elements: awareness of disruptive technology and professional development that can make you stand out from the competition.

Technologies will transform economies in 2025

It is very exciting to see the pace and transformative potential of today’s innovative technologies being applied to solve the world’s most pressing problems. The World Economic Forum recently published 17 ways technologies have the potential to transform economies in 2025.

AI-driven manufacturing

Companies that design and build products will rapidly adopt cloud-based technologies to aggregate and intelligently transform product and process data from manufacturing lines throughout their supply chains. By 2025, this ubiquitous stream of data and the intelligent algorithms processing it will enable manufacturing to continuously optimize towards higher levels of output and product quality, reducing overall waste by up to 50%. As a result, we will enjoy higher quality products, produced faster, at lower cost to the environment.

Quantum computing

By 2025, the first generation of quantum commercial devices will be able to tackle meaningful, real-world problems. One major application will be the simulation of complex chemical reactions, a powerful tool that creates new avenues in drug development. Quantum chemistry calculations will also aid the design of novel materials with desired properties, for instance better catalysts for the automotive industry that lower emissions and help fight climate change. 

5G-enabled mobility

The COVID-19 crisis has moved businesses and classrooms to video conferencing, highlighting poor-quality networks. Low latency 5G networks would resolve this lack of network reliability and even allow for more high-capacity services like telehealth, telesurgery and ER services. Businesses can offset the high cost of mobility with economy-boosting activities including smart factories, real-time monitoring, and content-intensive, real-time edge-compute services.

Personalized healthcare

By 2025, engineering biology and machine learning will establish a framework for decentralizing healthcare, moving it from institutions to the individual. Medicine has always been on a quest to gather more knowledge and understanding of human biology for better clinical decision-making. AI will enable us to extract more insights at an unprecedented level from all the medical ‘big data’ that has never really been fully taken advantage of in the past. It will shift the world of medicine and how it is practiced.

Carbon-free industries

Over the next five years, carbon-heavy industries will use machine learning and AI technology to dramatically reduce their carbon footprint. Climate change, regulatory pressure, and market volatility are pushing these industries to adjust. As a result of increasing digital transformation, carbon-heavy sectors will be able to utilize advanced technologies, like AI and machine learning, using real-time, high-fidelity data from billions of connected devices to efficiently and proactively reduce harmful emissions and decrease carbon footprints.

Privacy is pervasive

Despite the accelerating regulatory environments, we are now just seeing the tip of the privacy iceberg, both from a regulatory and consumer standpoint. Five years from now, privacy and data-centric security will have reached commodity status – and the ability for consumers to protect and control sensitive data assets will be viewed as the rule rather than the exception. As awareness and understanding continue to build, so will the prevalence of privacy preserving and enhancing capabilities, known as privacy-enhancing technologies (PET).

Businesses need future cybersecurity leaders

These technologies will have huge benefits for many companies, but they will also create new security challenges. We have already seen that criminals are eager to adopt emerging technologies to launch highly sophisticated attacks. Cyberattacks have become a common hazard for individuals and businesses. The World Economic Forum Global Risks Report 2020 ranks cyber-attacks as the seventh most likely and eighth most impactful risk, and the second most concerning risk for doing business globally over the next 10 years. 5G networks, quantum computing and AI are creating not only opportunities but also new threats.

The proliferation of disruptive technologies has created an expanded digital footprint for businesses. Although these technologies have created amazing new organizational capabilities, they have also created new complexities, interconnections, and vulnerability points which cyber criminals have quickly learned to exploit. Traditional perimeter and rules-based approaches to cyber security no longer apply to the new digital organization since users are now accessing the organization’s most sensitive resources remotely and beyond the traditional perimeter security.

What businesses need right now are talented, experienced, and knowledgeable employees that understand both the potential and the risks associated with emerging technology. As technology becomes more fabricated into business processes, these experts can lead the challenge of making cybersecurity awareness and safety an enabler of business success.

Will you be the future cybersecurity leader?

The business need for talented people represents a great opportunity for cybersecurity professionals like you. But the future security leaders need a broad set of skills that job experience alone does not arm you with. You will need to invest in training to acquire these skills to build a solid foundation, feel self-confident and make an impact in your organization. Learning can get you the technical and soft skills required to be a great leader.

The World Economic Forum concurs: “Across nearly all industries, the impact of technological and other changes is shortening the shelf-life of employees’ existing skill sets. The talent to manage, shape and lead the changes underway will be in short supply unless we take action today to develop it.”

The role of future cybersecurity leaders is to support the mission of their organization by ensuring that cyber risks are managed at an acceptable level. Since no enterprise is immune to cyber threats, organizations need to be prepared for when a breach happens. The end goal of every organization should be resilience, the ability to identify and minimize the impact of an incident to allow business continuity as effectively as possible.

How CISSP helps

Security certifications are a token of proof of your expertise and knowledge. Among all certifications available in the market, the ISC2 Certified Information Systems Security Professional (CISSP) certification is the one that can provide you with the knowledge and the skills required to perform any cybersecurity role effectively and link your knowledge back to the business needs. CISSP can help you become the next cybersecurity leader.

Earning the CISSP certification comes with many benefits, such as boosting your career and creating more opportunities, acquiring a versatile and fundamental knowledge of cybersecurity, building self-confidence, and gaining respect and recognition from your peers and your employers.

The CISSP is recognized as a gold standard for cybersecurity professionals. The CISSP is ideal for experienced security practitioners, managers and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the positions of Chief Information Security Officer (CISO), Chief Information Officer (CIO), Director of Security, Security Systems Engineer, Security Analyst, Security Manager, and Security Consultant.

ISC2 is the leader in security certifications and is acknowledged by companies worldwide. ISC2 can help you discover the right path, create your plan, and thrive throughout your career. To learn read the ISC2 Why It Has Never Been More Important To Be A Q Qualified Cybersecurity Professional whitepaper. 

 

The post The Digital Future Needs Cybersecurity Leaders appeared first on Cybersecurity Insiders.

SAST is now an indispensable resource for maximizing source code security and mitigating cyber risk. SMEs can benefit immeasurably from writing, maintaining, and implementing static application security testing. 

Recall that open-source or first-party code is a high-priority target for hackers. Cybercriminals routinely probe apps for vulnerabilities, some known, others unknown. Indeed, a dramatic uptick in ransomware attacks has occurred since the pandemic. This resulted from a massive and unprecedented shift to remote work, offering many platforms on IoT devices and the accompanying security weaknesses.

Many SMEs are held hostage to ransomware syndicates, preferring to pay the extortionists than risk losing their valuable data, credibility, and clients. Indeed, there are lags between the time a vulnerability is detected and the patch is implemented. Cybercriminals exploit these windows to implement their nefarious schemes. When choosing a SAST tool for your business, it’s essential to understand precisely what it entails and what attack surfaces it protects. Security is sacrosanct, and all source code and software must be protected. 

SAST is defined as Static Application Security Testing. This type of service, or resource, is capable of deep-scanning your applications’ binary code or source code. It is a white box solution and scans the source code for security flaws and known weaknesses. Many of the top-ranking SAST solutions focus on threats based on severity. 

The more dangerous the threat to your source code and applications, the higher its priority. Remember, SAST does not analyze apps in runtime. This tool works with static code. Typically, they use AppSec (application security teams), but individual developers invariably use it. By offering solutions for line of coding weaknesses and vulnerability scanning, SAST allows developers to identify, detect, and correct problematic source code.

Making SAST Work

Identifying the right SAST tool in application security is crucial for strengthening the software development lifecycle against cybersecurity threats. The tool’s capability to seamlessly blend into Continuous Integration/Continuous Deployment (CI/CD) workflows is essential to this selection process. This facilitates automated security assessments without disrupting the development pace. 

For developers or security consultants seeking to deepen their understanding of SAST tools’ integration and automation features, the 2024 Ultimate SAST Guide for CISOs, AppSecs, and DevOps offers comprehensive insights. Available at a leading AppSec Knowledge Hub, this guide sheds light on the strategic role of SAST solutions. It is particularly effective in early vulnerability detection and mitigation, underscoring their importance in minimizing the attack surface and embedding security into the heart of development processes.

Practically speaking, SAST tools identify many false positives. Developers may ignore these and focus on a handful of outcomes. The time it takes to complete the scan varies from one SAST system to the next. Since they operate in a silo style fashion, along with other security systems like SCA, SAST tools are part of a hybrid security network for safeguarding company software, functionality, credibility, and data integrity. 

Viewed in perspective, it’s important to identify the key criteria when selecting a SAST system. We briefly examine several such elements, notably the accuracy of a SAST resource, the performance of SAST systems with other security tools, developer usage of SAST solutions and versatility in terms of language coverage etcetera.

The Accuracy of SAST Systems

Accuracy is sacrosanct with any security tool. Those generating a high rate of false positives should be avoided. Not only are they disruptive to security development, but they flag way too many potential faults, detracting from the efficacy of the security team’s performance. SAST resources incapable of identifying vulnerabilities and source code errors are doing a disservice to developers; they don’t identify the threats. However, those that flag too many non-errors are inefficacious to the extreme and wasteful of resources.

The Performance of SAST Systems

Recall, most of the source code that apps run on is from third parties. Many apps also use a variety of APIs for all sorts of services. Open-source repositories usually bundle data into packs. This practice delivers single lines of code, making it easier for developers who would otherwise spend excessive time integrating payment modules and GIS handling systems. 

Effective SAST systems work hand-in-hand with security tools to scan and monitor all parts of applications. Recall Software Composition Analysis as a case in point.

Developer Usage of SAST Solutions

It’s critical to have static application security testing systems that are easy to learn to use. The requisite number of users should use the tools to determine the overall difficulty level. Effective SAST tools should minimize repetition and maximize easy-to-understand workflow. Also, SAST tools offering too many false positives should be customized (or at least be able to be customized) to direct alerts to the appropriate security team members. Burdening everyone with false positives is a hard no.

Versatility and Language Coverage

App development teams typically use a variety of languages. Do the SAST resources provide coverage for all of these languages? Ideally, a single SAST tool is better suited to application security, but sometimes that’s not feasible. Beyond the number of languages in use, due consideration must be given to the quality of language coverage. 

Language includes Python and Java, .Net, and others. If your SME plans to add additional languages, they should be factored into the equation regarding SAST selection.  Naturally, other considerations are also important such as how quickly SAST systems complete scans, maintenance of these systems, ability of SAST systems to be updated, upgraded, integrated with other systems, etc.

Overall, there are many factors to consider when choosing the right SAST tool for your business. We have highlighted a handful of them in this guide.

The post What to Take into Consideration When Choosing a SAST Tool for Your Business appeared first on Cybersecurity Insiders.

Match Systems, a leading authority in crypto crimes investigations and crypto AML solutions provider, has published a comprehensive research report examining the potential implications of Central Bank Digital Currency (CBDC) implementation.

The report, crafted under the guidance of Match Systems CEO Andrei Kutin, meticulously examines the potential implications of Central Bank Digital Currency (CBDC) implementation on a global scale. It addresses the economic, regulatory, and societal impacts of adopting such digital currencies.

Match Systems, a leader in crypto crimes investigation and crypto AML solutions, has historically played a pivotal role in shaping the conversation around cryptocurrency regulations. With increasing incidents of crypto fraud and more sophisticated methods of asset theft, there is a pressing need for a balanced approach towards digital currency regulation.

In the report entitled “Analyzing the Prospects for CBDC Implementation,” Kutin explores the complex dynamics between freely circulated cryptocurrencies and centralized digital currencies governed by national banks. He proposes a middle-ground solution where global standards could harmonize the benefits of cryptocurrencies with the regulatory assurances provided by CBDCs.

“The dichotomy between free cryptocurrencies and centralized CBDCs presents society with two extremes,” remarks Andrei Kutin. “The optimal solution likely lies in a middle ground, where governments establish unified global standards for cryptocurrency circulation, safeguarding individuals while preserving economic autonomy.”

This report is especially significant at a time when the digital currency landscape is becoming increasingly contentious. It provides insights that could help inform policymakers, business leaders, and technologists about the potential routes forward in the evolution of global financial systems.

The full analytical report, titled “Analyzing the Prospects for CBDC Implementation,” is now available for public access on the Match Systems website: https://matchsystems.com/analyzing_the_prospects_for_cbdc_implementation/

The post New Report from Match Systems Sheds Light on Central Bank Digital Currencies (CDBC) appeared first on Cybersecurity Insiders.

[By Claude Mandy, Chief Evangelist for Data Security at Symmetry Systems] 

The 15th of April, commonly referred to as Tax Day (15 April) in the US, is rapidly approaching. Tax Day brings with it the hope of refunds and the stress of deadlines for the unprepared. There is also unfortunately the cyber risk that taints tax season. It is well known as a prime time for cybercriminals’ to hunt for victims. In this crucial period, sensitive personal and financial data gets exchanged en masse. According to the IRS, over 213 million returns and other forms were filed electronically in 2022. This treasure trove attacks a range of  attackers, employing sophisticated scams aiming at individuals and tax professionals alike. Claude Mandy, chief evangelist at Symmetry Systems, delves into the heightened risk of tax-related cyberattacks, outlining actionable defenses to ensure a cyber-secure tax season.

The Bullseye on Tax Season

While individuals scramble to compile their financial records, and tax consultants crunch numbers and collect evidence, cybercriminals see a golden opportunity. The abundance of personal information and financial data being exchanged is irresistible bait. From phishing scams mimicking legitimate tax correspondence to sophisticated malware designed to compromise credentials, exfiltrate data or wreck havoc, the arsenal used by these criminals is both varied and dangerous.

Decoding the Threat: The How and Why

Individuals filing tax returns, tax software and tax preparation firms, find themselves under a form of siege. Cybercriminals exploit the hectic nature of tax season, with phishing attacks being particularly prevalent throughout the year, claiming 300 497 victims according to the FBI’s 2022 Internet Crime Report.  These methods aim to steal personal information, or gain unauthorized access to networks, and ultimately exfiltrate data or wreck ransomware havoc More sophisticated scams involving the offer of fraudulent tax preparation services will undoubtedly appear, seeking to swindle unsuspecting victims by promising to aid in their tax filings.

For Individuals: Protecting Your Personal Information

For individuals, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on victims’ lives. Individuals should focus on protection of their own information and credentials, and in particular stay vigilant against phishing, take active steps to keep their computer and networks updated, and take steps to verify the legitimacy of communication with legitimate tax preparers. The IRS offers some great suggestions themselves.

Recognize Phishing Attempts

Phishing scams, particularly during tax season, can come in many forms. The IRS publishes an annual overview of the “dirty dozen” tax scams they have witnessed. Whether it’s a cybercriminal pretending to be from the IRS, tax companies, or other official entities, phishing can unfortunately be difficult to spot when you’re under stress. You can easily overlook the  generic greetings, typos, and suspicious links because it’s from the dreaded IRS. These communications might urge you to click on malicious links or provide personal information, purportedly to check the status of your refund or rectify an issue with your tax filing. Remember, the IRS does not initiate contact with taxpayers by email, text, or social media to request personal or financial information.

Secure Personal Computers and Networks

Individuals should ensure their computer is protected with up-to-date antivirus software, firewalls, and anti-spyware programs. Regular updating the software, including your network routers, that you use is crucial as they often include patches for newly discovered security vulnerabilities. It goes without saying that you should use strong, unique passwords for different accounts and consider a reputable password manager to keep track of them, and monitor for potential compromise.

Verify the Legitimacy of Tax Preparers

Before entrusting personal and financial information to a tax preparer, Individuals should conduct thorough research on the legitimacy of the preparers. You can verify their credentials (such as a Preparer Tax Identification Number), check reviews, and seek recommendations from trusted sources. Ideally you should ensure they have robust security measures in place to protect your data, including secure portals for document exchange rather than email. This helps verify ongoing communication with them is legitimate, and the data is secured.

For Tax Consultants and Organizations: Data Protection at Scale

For organizations, a successful cyber attack could lead to identity theft, financial fraud, and a long-lasting impact on their customers and employees’ lives.

Secure Access to W-2 Forms and Other Sensitive Documents

Organization’s should always limit access to sensitive tax information to only those who need it. The IRS is particularly concerned with the ongoing scams to obtain all the W-2’s of an organizations through a business email compromise scam.  You can simplify the management of access by employing role-based access controls, but still need to regularly audit who has access to what information. Although it is increasingly becomed outdated, physical documents are still printed for tax, and organizations should ensure physical documents are stored and transported securely and disposed of properly, using shredders for documents containing sensitive information.

Protect Tax information using securely configured Cloud Data Storage

Use strong encryption for storing and transmitting any personal information, especially Social Security numbers. For cloud storage solutions, organizations must select and configure providers that offer industry standard encryption of the data in transit and at rest. At a minimum, organizations must ensure that multi-factor authentication (MFA) is implemented for any users accessing the information. MFA provides an additional, but necessary layer of security, drastically reducing the chance of unauthorized access.

The Role of Technology in Protecting Tax Information

The battle against tax-season cyberthreats is not just about vigilance; it’s about leveraging cutting-edge technologies to secure data.

Data Security and Privacy Management (DSPM) Tools

DSPM solutions, like Symmetry Systems, offer a comprehensive approach to identifying, managing, and securing data across various environments. These tools can help tax professionals and organizations keep track of where sensitive tax information like Social Security Numbers resides, monitor access, and ensure compliance with privacy regulations.

Encryption and Advanced Cybersecurity Strategies

Encryption, both for data in transit and at rest, is a critical defense mechanism. Advanced encryption methods, like end-to-end encryption, ensure that data intercepted during transmission remains unreadable. Organizations should also consider employing comprehensive cybersecurity strategies, including regular security assessments, phishing simulation training for employees, and the adoption of secure communication platforms.

The Path Forward

As we navigate the complexities of tax season, the importance of cybersecurity cannot be overstated. By adopting a proactive stance, equipped with the right knowledge and tools, individuals and organizations can protect themselves against the lurking threats of cybercriminals. Protecting sensitive tax information not only safeguards personal and financial well-being but also contributes to the integrity of the tax system at large.

Bio: Claude Mandy is Chief Evangelist for Data Security at Symmetry Systems, where he focuses on innovation, industry engagement and leads efforts to evolve how modern data security is viewed and used in the industry. Prior to Symmetry, he spent 3 years at Gartner as a senior director, analyst covering a variety of topics across security, risk management and privacy, focusing primarily on what are the building blocks of successful programs, including strategy, governance, staffing/talent management and organizational design and communication. He brings firsthand experience of building information security, risk management and privacy advisory programs with global scope. Prior to joining Gartner, Mr. Mandy was the global Chief Information Security Officer at QBE Insurance – one of the world’s top 20 general insurance and reinsurance companies with operations in all the key insurance markets, where he was responsible for building and transforming QBE’s information security function globally. Prior to QBE, Claude held a number of senior risk and security leadership roles at the Commonwealth Bank of Australia, Australia’s leading provider of integrated financial services which is widely recognized for its technology leadership and banking innovation. He also spent five years at KPMG in Namibia and South Africa.

The post Safeguard Your Data and Financial Future This Tax Season appeared first on Cybersecurity Insiders.

In a decisive move against the escalating wave of cyber threats, ThreatHunter.ai has announced a groundbreaking initiative to offer its advanced cybersecurity services free for 30 days to all organizations. This bold step comes in response to the alarming increase in sophisticated cyber-attacks, including ransomware and nation-state threats, which have put the security of many organizations at risk.

James McMurry, the founder of ThreatHunter.ai, highlighted the urgency of the situation, stating, “In the past 48 hours alone, we have stopped hundreds of actual attacks and performed mitigations for our customers. Yet, the frequency and sophistication of these attacks are escalating at an alarming rate. Our mission is clear: to extend our protective reach to every organization in need, ensuring that the digital frontier is safe for all.”

This initiative draws attention to the volatile cybersecurity landscape, underscored by recent events like the resurgence of the LockBit ransomware group. Despite a significant law enforcement takedown, LockBit’s comeback illustrates the resilience and continuous evolution of cyber threats.

At the heart of ThreatHunter.ai’s defense capabilities is the ARGOS platform, powered by cutting-edge AI and machine learning technologies. This platform enables the company’s expert team of threat hunters, engineers, and cybersecurity specialists to deliver real-time threat detection and response, ensuring robust protection for their clients.

McMurry further emphasized the importance of proactive defense measures, “We see the problem getting larger, with cyber threats becoming more sophisticated by the day. Offering our services for free for 30 days is our way of bolstering the defenses of organizations across the globe. It’s a call to action for everyone, and to show that ThreatHunter.ai is much more than all the MDR’s offering automated alerts, we actually will stop threats, and how our team operates as part of our customers cyber team.”

This initiative is more than a temporary fix; it’s a wake-up call for organizations to recognize the importance of vigilance and proactive security measures in the face of growing cyber threats. ThreatHunter.ai invites organizations to take advantage of this unique opportunity to enhance their cyber defenses.

About ThreatHunter.ai

ThreatHunter.ai is at the forefront of cybersecurity, specializing in real-time detection, analysis, and mitigation of cyber threats. Powered by the innovative ARGOS platform, our approach combines advanced AI and ML technologies with the expertise of the industry’s most skilled professionals. We are dedicated to defending the digital infrastructure against the complex landscape of cyber threats, ensuring peace of mind for businesses and governments worldwide. ThreatHunter.ai, a 100% Service-Disabled Veteran Owned Small Business, is a leading provider of AI-driven threat hunting solutions. Its advanced machine learning algorithms and expert analysis help organizations detect, identify, and respond to cyber threats. Its solutions are designed to supplement existing security resources and provide a fresh perspective on how to address today’s complex cyber threats. Don’t miss the opportunity to safeguard your organization with the unparalleled cybersecurity protection offered by ThreatHunter.ai. Visit our website at www.threathunter.ai to explore our unique approach, learn more about our cutting-edge solutions, and discover how we can empower your business to stay ahead of cyber threats. To speak with our experts or schedule a personalized demo, reach out to our sales team at sales@threathunter.ai or call 714.515.4011. Take action today and ensure the security and resilience of your digital infrastructure.

The post ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On appeared first on Cybersecurity Insiders.

[Pieter Danhieux Co-Founder and CEO, Secure Code Warrior]

The doomsayers are, so far, losing the argument. The panic around AI replacing humans has been countered with a new narrative: “Let AI redefine your job rather than replace it.” According to a recent survey from Stack Overflow, 44% of developers are either using or planning to use AI tools—even though just 3% “highly trust” the accuracy of the results. Twice as many (6%) say they highly mistrust AI due to security concerns and inaccuracy.

There remains at least some debate among developers on whether to embrace these tools, though many businesses are testing them as much as possible. The UK government’s stance has been laissez-faire, with no “rush to regulate,” encouraging businesses to explore AI’s benefits. And many developers report good results, with some already claiming it increases their productivity and reduces time spent on repetitive tasks.

AI’s role in supporting developers will grow over time, but it cannot come at the expense of secure coding practices. Its quick-to-please mentality and propensity to “hallucinate” is a significant concern, rendering it impossible to fully trust. Until this is resolved—if it can be resolved—we’re going to need skilled developers that can ensure security is front-of-mind, and to check AI-generated code for any potential vulnerabilities.

GenAI: a journey companion

Beyond streamlining time-consuming and monotonous tasks, AI tools can proactively propose fresh lines of code, provide fast answers to technical inquiries, offer valuable research support, demystify complex processes and make what was a very difficult job, more accessible. Github surveyed developers about how managers should consider productivity, collaboration, and AI coding tools. Over 80% of developers anticipate that AI coding tools will promote greater collaboration within their team, and 70% believe that AI coding tools will give them a competitive edge in their professional roles, with benefits to code quality, speed, and incident resolution.

However, it also introduces a new security challenge—now it’s no longer enough to check your own code for vulnerabilities, but that of your AI helper. It’s already crucial to maintain a strong focus on secure coding practices in software development. Recent research from the Department of Homeland Security estimates that 90% of software vulnerabilities can be traced back to defects in design and software coding.

So while AI offers significant advancements in productivity, it is fallible and needs vigilance so advantages don’t come at the expense of more security issues.

Developers as security sheriffs

Blindly relying on AI output without verification is like using Wikipedia: while a good place to start, you can’t be certain about its reliability. We all still use Wikipedia, we just need to be aware of the risks and have the right processes in place to catch any potential problems.

The UK has already shown some initiative, starting with The AI Safety Summit. This gathering aimed to help establish a global consensus on AI and drive international efforts to enhance safety. These rules will be critical in shaping the future of AI security. Still, we cannot wait for governments to draft them—developers must act to ensure new technologies are used responsibly, or risk an AI-generated nightmare with insecure software.

Developers should be enabled to act as security sheriffs within their organisation to drive secure strategies while producing protected code. This can be done through:

  • Human oversight and expertise: While certain AI tools will flag potential vulnerabilities and inconsistencies, humans must still oversee this process. The code produced can only be as accurate as the prompts provided by the developer, who needs to understand how the AI recommendations are applied in the greater context of the project.
  • Pay attention to complexities and the overall strategy: In software production, developers can take on the role of a quality control team. They can be trained to review AI-generated code and ensure it meets the project’s standards. AI is not yet capable of independently handling complex components or generating innovative solutions for DevOps challenges.

Why “sheriffs?” Today’s AI frontier is the wild west, with little regulation and a real potential for danger. Organisations cannot wait for robust regulation—they need to integrate a culture of security today that extends across the entire business.

The post The human-AI partnership: a guide towards secure coding appeared first on Cybersecurity Insiders.

Organizations around the world are being targeted – often from an unseen enemy. Cyberthreats are a plague on systems and data, and combatting them is costly and time-consuming.

In order to defend against bad actors, organizations need the talent and skills on staff to detect and mitigate cyberthreats. This has led to massive opportunity in the field of cybersecurity. Research shows the global workforce needs a staggering influx of 2.7 million cybersecurity professionals to meet demand.1

Cybersecurity is a strong career choice for many reasons. It offers opportunities globally and in all industries. There are more than 50 career paths to choose from and it’s widely seen as a field that’s future-proof.

For those looking to get their foot in the door, some entry-level roles include security analyst, security specialist, security architect, junior pentesters and system architects. Eventually, many move into senior-level roles, including security manager or even CSO or CISO.

All cybersecurity roles require a core set of essential skills that demand more than technical knowledge. There are many non-technical skills professionals bring to the table. Here are some of the essential ones you’ll need to succeed:

Collaboration and teamwork There’s a saying in cybersecurity: “Security is everyone’s business.” Caring about and investing in cybersecurity is a mindset that goes from top management down to every employee in the organization. That’s why it’s imperative for cybersecurity professionals to bring a team work ethic to their role. Being able to collaborate is essential for getting buy in from all on security’s mission.

Leadership and communication –  Cybersecurity pros need to demonstrate credibility, responsiveness and ethics. Strong communication skills and the ability to give presentations can help you earn trust from senior management and your peers. It’s also important to be comfortable with presenting because team members are often asked to demonstrate return on investment for their efforts and present trends to the board and executive management.

Passion for learning – Cybersecurity is always evolving. Professionals in the field are expected to continuously learn the latest cybersecurity trends, technologies and challenges facing organizations.

Determination – Part of the evolution of cybersecurity is among the bad actors who target organizations. They’re almost always changing their tactics. That’s why determination and persistence is important to deal with the dynamic threat landscape.

Analytical and critical thinking – Cybersecurity pros need to be analytical regarding how incidents occur, the attack surfaces prone to exploitation and how to minimize cyberattacks. An analytical and insightful professional anticipates how hackers will exploit the network and its applications.

While training, experience and certifications are all important to prepare for a role in cybersecurity, it’s also important to bring these and more core non-technical skills to your job search.

Learn about specific job roles in cybersecurity and what it takes to get started in the field. Download the ISC2 eBook, Is a Career in Cybersecurity Right for Me?

1 2021 ISC2 Cybersecurity Workforce Study

The post What It Takes to be a Cybersecurity Professional: The Non-Technical Skills You Need appeared first on Cybersecurity Insiders.

[By Mike Toole, Head of IT and Security at Blumira]

It’s no secret that news about breaches and cyberattacks emerge daily. As a result of this constant exposure, even the most dedicated professionals understandably experience “data breach fatigue” and become desensitized to persistent threats.

This mentality can create new unseen risks detrimental to a company’s cybersecurity, such as negligence and lack of education, or in some cases, fatigue from security budget spending that ultimately doesn’t fix all the issues that arise. These challenges contribute to how most companies experience breaches, with 90% of all cyber claims stemming from human error or behavior.

While most employees strive to protect sensitive data, rapidly evolving threats and constant changes make that extraordinarily difficult. With empathy for these challenges, companies have an opportunity to support their teams with reasonable systems and collaboration that proactively strengthen cybersecurity. The goal is to build resilience against threats through proactive planning and training.

Let’s examine how companies can enact change and set their teams up for cybersecurity success.

A five-step framework for countering cyber complacency

Organizations must establish and follow a robust cybersecurity framework in the digital age to overcome complacency. This framework serves as a comprehensive strategy encompassing several critical steps to prevent and respond to cyber incidents.

  1. Conduct a vulnerability assessment

A vulnerability assessment can pinpoint weaknesses in the organization’s systems and processes that malicious actors could exploit. The assessment actively counters complacency by systematically identifying and evaluating security weaknesses within an organization’s infrastructure. It also serves as a regular reminder of the potential risks and underscores the necessity of vigilance in cybersecurity practices. In addition, an assessment prevents security risks from becoming normalized by continuously bringing them to the forefront, reminding organizations to regularly update their defenses and maintain awareness of potential issues.

An assessment starts with identifying and cataloging assets and then uses a combination of automated and manual testing to uncover security gaps. Companies can use the assessment results to remediate existing issues and schedule ongoing reassessments to strengthen cybersecurity measures as emerging threats arise. Typically, a team of individuals with specialized knowledge and expertise in information security, such as in-house or external IT teams or security consultants, conducts a cybersecurity vulnerability assessment.

  1. Develop and communicate security policies

As part of a proactive cybersecurity approach, it is vital to define security policies. Security policies should address password management, data classification, acceptable technology use, managing mobile devices, and more custom elements depending on your organization, vertical, or compliance needs.

To effectively enact cybersecurity policies, companies should develop clear and comprehensive protocols with stakeholder input and approval from company leaders. Policies should be regularly reviewed and updated to adapt to new threats, feedback and company changes, ensuring they remain relevant and robust. Revisiting policies over time establishes a solid cybersecurity foundation and promotes a culture of continual vigilance and improvement within the organization. When developing or revising policies, it can be beneficial to gauge current knowledge and practices to uncover gaps where further policy detail or training is needed.

Equally important is effectively communicating these policies to all employees. Ensure that personnel know and understand the security policies to help achieve successful implementation. Regular communication, including sharing need-to-know updates and policy changes, helps to promote adherence to established guidelines and best practices in cybersecurity. Another effective best practice to reinforce the information is to make cybersecurity personal and relevant to individuals, demonstrating how it impacts their role or team functions.

It’s important to emphasize that cyber threats aren’t just an issue for specific people or groups within the company—anyone at any level can fall prey to an attack.

  1. Prepare an incident response plan

In addition to clearly laying out company cybersecurity policies, organizations will need an effective incident response plan. The plan should outline the specific steps during a cybersecurity incident, including procedures for identifying, containing, eradicating, recovering from and analyzing security incidents. The ongoing effectiveness of the incident response plan hinges on regular testing and updates. Conducting simulated exercises to test the plan’s efficacy enables the organization to identify potential gaps or areas for improvement.

Utilize lessons learned from these exercises to update and refine the incident response plan. Regular testing and updates contribute to the organization’s preparedness and resilience in mitigating the impact of cybersecurity incidents.

  1. Invest in employee skills development

Investing in employee and IT team skills development in cybersecurity is crucial for several reasons. Cybersecurity threats constantly evolve, and employees are often the first line of defense against attacks. Investing in their skills can help them recognize and respond to threats, protecting sensitive company and customer information. All employees—regardless of tenure or seniority—need to participate in training to bolster the company’s security position. For example, companies can simulate a phishing attack where employees receive fake phishing emails to gauge their responses and improve their ability to identify threats.

Employees well-trained in security are less likely to fall victim to common threats like phishing attacks or social engineering. In a security incident, well-trained employees can respond quickly and effectively, minimizing the impact of an incident and facilitating a faster recovery. Swift responses can save the business time and resources while maintaining its reputation.

While technology plays a crucial role in cybersecurity, the human element is equally important. Team members who understand how to use security tools effectively can maximize their impact, making the overall security infrastructure more robust.

  1. Implement easy-to-use cybersecurity software
    For small and medium-sized businesses, actively adopting cybersecurity solutions remains a critical yet often neglected aspect of many organizations’ security postures. By choosing cybersecurity tools that are accessible and straightforward, organizations can significantly enhance their security posture. User-friendly software encourages consistent use and adherence to security protocols by IT staff, thereby decreasing the risk of breaches caused by human error.

Cyber complacency ends now

When it comes to cybersecurity, complacency is not an option. By fostering a culture of vigilance and resilience, companies can transform cybersecurity from a daunting challenge into a manageable and integral part of their daily operations. By recognizing employees as a critical line of defense, fostering a positive security culture and equipping teams with knowledge and tools, organizations can fortify their cybersecurity posture and navigate the evolving challenges of the digital realm.

About the author

Mike Toole, Head of Security and IT at Blumira, has over a decade of experience in IT. Prior to joining Blumira, he managed IT for Duo Security and Censys. He has broad experience with a range of IT and security focus areas, including compliance, network design, log monitoring, project management, and cross-platform IT.

The post Five Steps to Overcoming Cyber Complacency appeared first on Cybersecurity Insiders.