Author: cyberinsiders

[By Phil Robinson, Principal Security Consultant, Prism Infosec]

Cyber maturity is all about ensuring the organisation is prepared for a cyber attack and that can only be determined by establishing where the risks lie and whether the controls that are in place are appropriate and proportionate. The level of cyber maturity of the business is its strategic readiness to mitigate threats and vulnerabilities. This is achieved by testing the level of preparedness at regular intervals to help identify areas for improvement, thereby boosting the resilience of the business. Yet, cyber maturity testing is not widely practised.

According to ISACA’s The State of Cybersecurity 2023 report, only 65% of businesses measure their cyber maturity today and the intervals at which they do so can vary greatly. The majority (39%) carry the assessment out annually with the next most common interval being every six months or less (19%) but there are some that only test every one to two years (7%) or even two years or more (3%). The reasons given for infrequent testing were primarily due to a lack of time (41%), personnel (38%) and internal expertise (22%) and, given that the current economic climate and growing skills shortage both of which are likely to see resource become even less, we could well see those gaps widen further.

A work in progress

The report goes on to describe cyber maturity as a ‘work in progress’ and this is because the needle hasn’t moved over the past two years (2021-2023). The suggestion is that adoption has plateaued when it was expected that more organisations would have begun baselining their cybersecurity posture as standard. Without doing so, they’re unable to determine exactly where those weaknesses lie in terms of their preparedness and the robustness of the measures they have in place to prevent a threat from adversely impacting the business.

But there’s also the fact that organisations are under increasing pressure from insurance underwriters to demonstrate their level of cyber maturity. Cyber insurance premiums are becoming more expensive as the industry grapples with pay outs, leading providers to conducting due diligence and checking that certain measures have been taken and a required level controls are in place to mitigate the risk of a successful attack. In fact, according to the State of Cyber Defense 2023 report from Kroll, trailblazers (i.e. those who actively chose to focus on achieving a high level of cyber maturity) experienced less security incidents, which proves the insurers are correct. But the upshot of this is that those who don’t choose to assess their cybersecurity posture are likely to face higher insurance premiums in the future or may even find themselves uninsurable.

In fact, benchmarking the cyber security posture in order to achieve cyber maturity has never been as important as it is today. Faced with escalating threats, increasing compliance demands and the need to justify security spend and investment during these tough economic times, an assessment can help provide the hard evidence needed to win over the board. But while the drivers are there, the problem now is a lack of resource.

Maturity is not assured by size

Conducting a cyber maturity assessment inhouse is challenging for businesses of all sizes but for different reasons. Some may be completely unaware of their risk profile or may only have partially recorded their information assets in a suitable register, for example. Small businesses don’t have the capacity or expertise required and while large organisations do have dedicated teams for internal audits and established risk management processes overseen by a CIO, they are often overburdened. It’s for these reasons that many are now choosing to outsource the process to a third party.

But interestingly cyber maturity is not a matter of who has the deepest pockets. The Cybersecurity Maturity Report 2023 found that the countries with the highest levels of maturity were also those with the most stringent regulations, i.e. Norway, Croatia and Japan. Whereas the US, UK and Germany which tend to have higher cyber spend, lagged behind. Moreover, SMBs outpaced larger organisations although this was primarily down to the relative size of their assets and the attack surface. That said, it did deduce that correctly identifying areas of risk and implementing policies and processes could make massive differences to cyber maturity levels.

What the process entails

Whether you choose to undertake the process inhouse or outsource, a maturity assessment is a risk-based exercise and so an established cybersecurity framework can be used against which to rate the level of resilience in different areas. The NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) is often described as the gold standard in this respect and it lends itself readily to the process as it has five clear areas (identify, protect, detect, respond, and recover) against which the assessor can rate the level of protection.

The assessor will typically document the findings by interviewing stakeholders, reviewing documents and policies, and observing processes and procedures and security controls in operation. Areas they are likely to look at include asset management, supply chain risk, identity and access management (IAM), employee security awareness, data protection, monitoring and threat detection and incident response and recovery. The end report then summarises the maturity level of each and provides the C-suite with actionable advice on where and how improvements can be made.

A final word to the wise

Methodically assessing the capabilities and controls that the business has in place is just the start, however. As the ISACA report intimates, it’s just as important to test regularly and often and preferably more than once a year because this will ensure that the defensive capabilities of the business continue to align with the sensitivity and amount of its information assets (as well as an ever changing landscape of how/where they are stored and accessed) and the risks posed to them which will fluctuate as the threat spectrum changes. Thus, it’s worth remembering that maturity is not a one way process and it is possible for the business to regress unless there is a constant approach to due care and attention and regular assessments of the threats and how mature the controls are to defend against them.

The post Immature equals insecure: why cybersecurity maturity testing is a must appeared first on Cybersecurity Insiders.

[By Ram Movva, CEO, Securin]

As ransomware attackers continue to evolve and adapt their techniques, organizations must refine and adapt their security strategies to stay ahead of these threats.   

Human-augmented, actionable threat intelligence plays a critical role in every organization’s strategy – and Securin’s 2023 retrospective on a year’s worth of ransomware threats and attack groups brings additional insight to help enterprises learn, proactively mitigate risks and strengthen their security posture.  

2023 Year in Review: Ransomware Through the Lens of Threat and Vulnerability Management analyzes the 230,648 Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database (NVD), prioritizing them on severity, affected systems and vulnerability characteristics. Here’s what we’ve learned.  

Ransomware Is Up 

Ransomware attacks are becoming more common and costly for businesses. On average, a data breach caused by a ransomware attack costs approximately $5.11 million and results in significant downtime lasting days or weeks, severely disrupting business operations.   

Unfortunately, even high-level businesses such as banks and famous casinos are now frequent targets of these attacks, attracting more publicity than ever before.  

Compared to the 344 attacks counted in 2022, we found 38 new ransomware-associated vulnerabilities by the end of last year. This brings the total number of ransomware-specific CVEs to 382 – a growth of 11.05% by the end of Q4 2023. While the CVSS scoring system notes that 17% of the 382 CVEs are low or medium risk, they remain a viable ransomware target.   

Since 2020, there has been an annual increase of approximately 50 new ransomware-related vulnerabilities. Of the 382 vulnerabilities linked to ransomware, 67.5% are connected to MITRE’s 2023 Top 25 Most Dangerous Software Weaknesses. This implies that 258 of the 382 vulnerabilities are considered the most widespread and harmful in software and should be avoided by developers.  

In addition, the number of kill chain vulnerabilities has increased since Q1 2023. Attackers now have 21 more pathways for start-to-finish exploitation than they did last year. Kill chain vulnerabilities are CVEs that allow attackers to go from network infiltration to data extortion. By exploiting just one vulnerability, bad actors can compromise an organization’s network and put their entire systems at risk. 

With the increase in attacks, there emerged some established as well as some new prominent players…  

New Threats on the Block 

The year’s dominant ransomware groups included Cl0p, BlackCat, and LockBit 3.0, and all three are poised to continue their attacks in 2024. The groups relentlessly exploited and weaponized some of the year’s most critical vulnerabilities, including the Progress MOVEit Transfer, CitrixBleed, and Fortra GoAnywhere Managed File Transfer.   

In addition, our cybersecurity experts noticed the emergence of ten new ransomware families this year. These families consist of one or more ransomware groups characterized by unique tactics and malware.  

On top of these newly established families, three Advanced Persistent Threat (APT) groups – Scattered Spider, FIN8, and RomCom – began using ransomware in 2023. These groups are highly specialized threat actors and can operate within a system or network for a prolonged period without detection, often with state backing. This brings the total number of APT groups using ransomware to 55. This expanded arsenal is a cause for concern, as APT groups now have additional destructive tools to use alongside their already sophisticated attack technologies.  

These ransomware groups have increasingly begun targeting the education, healthcare and financial sectors. These sectors are particularly vulnerable due to the vast amounts of critical data they handle, including sensitive personal information, authentication data, and financial records. Ransomware groups have shifted their focus toward these sectors because they can leverage this highly confidential data to extort costly ransom payments from victims by threatening to publish or destroy the stolen information. The consequences of these attacks can be devastating for both the targeted organization and the individuals whose data is compromised.   

Taking Control of Security 

The emergence and sharp increase in threats and attacks pose a significant challenge for security teams. Sensitive data and credentials are constantly at risk from newly discovered vulnerabilities and weaknesses. It’s imperative that security leaders prioritize staying ahead of the latest ransomware threats and implement preventative measures that can effectively defend against such attacks.  

Training and refreshing employees on basic security practices like password protection, complexity, and updates can go a long way in safeguarding a company’s systems. Too often, employees are overlooked in security practices, creating a new layer of vulnerability in organizational systems. By educating and empowering them to take proactive security measures, organizations can implement a more comprehensive cybersecurity approach that considers all angles. 

External attack surface management and periodic penetration testing play a key role in providing a holistic view of potential entry points or weaknesses in the attack surface. Scheduling regular backups can ensure that organizations can restore critical data if the system is compromised during a ransomware attack.  

It is crystal clear that cyber resilience is no longer an option – it is a necessity if we want to create a secure future. The nature and severity of attacks are constantly evolving, from AI-driven threats to the rising number of ransomware groups. Finding continuous monitoring solutions and implementing prompt patching is crucial to protecting business operations. Organizations must take a proactive approach and implement mitigation and defensive strategies to strengthen their systems and pave the way for a safer future. 

The post Navigating Ransomware: Securin’s Insights and Analysis from 2023 appeared first on Cybersecurity Insiders.

[By Rebecca Krauthamer Chief Product Officer and Co-Founder of QuSecure; and Michelle Karlsberg, QuSecure Fellow]

Imagine a labyrinth, continuously twisting and turning, morphing its layout so just when you think you’ve identified a safe path, the landscape shifts. Navigating it would be a Herculean task. Welcome to the new world of cybersecurity – an ever-changing, intricate maze where new threats lurk around every corner. The biggest challenges of this digital labyrinth stem from the rise of intelligent technologies. Online hackers are our modern-day Hydra (Hydra was a many-headed monster in Greek mythology that was slain by Hercules, whose head when cut off was replaced by two others), and cutting-edge cyberattacks are their weapon of choice.

The wave that is cresting today is artificial intelligence, and right behind it is quantum computing. But these new technologies are not all evil. On the one hand, they lead to an age of unprecedented technological capabilities and advancements. On the other hand, they can be used to create brand-new threats, introducing vulnerabilities previously unimagined, leaving our current cybersecurity systems defenseless. As these threats continue to rise, one thing is clear: Our approach to cybersecurity must evolve. It’s time that we equip ourselves with advanced defenses to match these advanced threats. Organizations need to arm themselves with AI and quantum-resilient shields.

Artificial Intelligence and Advanced Threats

There is no limit to the new vulnerabilities that arise from AI and quantum computing. With each innovation and advancement, Pandora’s Box opens wider, unleashing a swarm of cryptographic threats.

One imminent threat is AI-based malware attacks. In a project to understand emerging cybersecurity threats, IBM Research developed DeepLocker in 2018. DeepLocker blends AI and traditional malware – foreseeing a dangerous threat on the horizon. According to IBM, “This AI-powered malware is particularly dangerous because, like nation-state malware, it could infect millions of systems without being detected. But, unlike nation-state malware, it is feasible in the civilian and commercial realms.” DeepLocker showed us the potential for a dangerous combination of AI and malware even back five years ago, highlighting the urgency for new, robust, and agile defenses.

Fast forward to 2023, generative AI has hit the scene and naturally hackers are already using this new technology for attacks. Today, cybercriminals are using ChatGPT and other large language models to make phishing emails and code malware. Checkpoint Research has found that, “Cyber criminals are working their way around ChatGPT’s restrictions and there is an active chatter in the underground forums disclosing how to use OpenAI API to bypass ChatGPT’s barriers and limitations.”

As we speed into the age of artificial intelligence, it’s clear that our current cybersecurity methods will not keep up. It is critical to continuously develop our defenses and remain agile to combat these emerging threats.

The Shield of Cryptographic Agility

In our ever-evolving digital labyrinth, cryptographic agility – cryptoagility for short – is a crucial defense mechanism. It gives us the capability to rapidly modify the use of cryptographic algorithms and keys, a necessary action to stay ahead of future evolving cybersecurity threats.

An example of the need for cryptoagility can be drawn from the 2014 Heartbleed Bug attacks. The bug revealed a crucial weakness, allowing attackers to read the memory of thousands of systems and steal valuable information. The companies that managed to recover quickly were those that demonstrated cryptoagility, swiftly replacing their compromised cryptographic keys and algorithms with new secure ones. This incident serves as a clear example of the importance of cryptoagility in our ongoing battle against dynamic cybersecurity threats.

Although the Heartbleed Bug has been solved, there is always a new threat on the horizon. Today, quantum is that threat that can break through all our defenses. Before all is lost, we must adopt cryptoagility to defend ourselves, available in today’s leading post-quantum cryptography (PQC) solutions. Evidence of the impending threat of quantum computing is already here, especially with techniques such as Store Now, Decrypt Later (SNDL) already in play. SNDL is a method in which encrypted data is stolen and stored until hackers can decrypt it later with a quantum computer. This signifies a looming threat. Data encrypted by today’s standards, but stored for future decryption, will be at risk since quantum computers will eventually break today’s encryption methods. Hence, SNDL is a ticking time bomb and a stark reminder of the urgency to upgrade our encryption methods to be quantum-safe. The PQC approach addresses the need for cryptoagility. With vulnerabilities such as SNDL presenting a clear and present danger, the time is now for a quantum-leap in our cryptography.

As we navigate the challenges of an emerging quantum ecosystem, using agile quantum-resilient PQC solutions is our best approach. Such agility is not just about defending against threats but also about the capability to adapt and evolve in the quantum landscape.

The Future of Cybersecurity: AI-Powered Cryptoagility

As cybersecurity threats evolve and become increasingly advanced, it’s critical to not just keep pace but stay one step ahead. Looking to the future of cybersecurity, it’s clear that the integration of artificial intelligence and cryptoagility will play a pivotal role in our defense. This combination brings a proactive and dynamic approach to combatting the rising threats posed by AI and the emerging threats of quantum computing.

One way to integrate AI and cryptoagility is through threat detection. This is done using machine learning models to identify patterns in threat behavior, thus enabling a faster and more accurate response to cyberattacks. Furthermore, these AI models can predict future attacks by extrapolating patterns from past data, allowing preemptive measures to be taken. Such a system learns from every attack it counters, continually improving its models and becoming more efficient at predicting, detecting, and countering threats. Then cryptographic keys and algorithms can be automatically updated and swapped out the moment a potential threat is predicted or detected.

AI and cryptoagility together are a continuously evolving defense mechanism that learns and grows stronger with each passing moment. The future of cryptoagility will look vastly different from today’s relatively manual processes. AI-powered cryptoagility could become a real-time, proactive and adaptive process, not a reactive one.

As we stand on the verge of the AI and quantum age, it’s clear that the digital labyrinth will only become more complex and unpredictable, with formidable digital threats akin to the many-headed Hydra or the cunning Minotaur of ancient Greek myths. We must use AI and cryptoagility to our advantage, leveraging them in the battle against cyber threats.

Today’s cybersecurity leaders are the vanguards tasked with safeguarding our most invaluable digital asset – data. By wholeheartedly adopting crypto-agile post-quantum cryptography (PQC) to defend against quantum computing cyberthreats, these leaders are not merely defending our data. They’re pioneering a resilient digital future, ushering in a cutting-edge era of cybersecurity capable of countering any threat and adeptly navigating the intricate corridors of the digital security labyrinth.

The post Navigating the Labyrinth of Digital Cyberthreats Using AI-Powered Cryptographic Agility appeared first on Cybersecurity Insiders.

A staggering 81% of SMBs in the defense industrial base (DIB) have initiated the process for CMMC (Cybersecurity Maturity Model Certification) compliance, yet face significant hurdles in achieving certification levels, reveals a new report by RADICL.

The DIB Cybersecurity Maturity Report | 2024 surveyed 423 IT practitioners from companies with 101 to 250 employees, focusing on their cybersecurity practices, challenges, and status of CMMC compliance. This effort aimed to assess how these crucial businesses are preparing to defend against cyber threats and adhere to stringent security standards required by government defense contracts.

This finding is particularly eye-opening, as it highlights a critical gap in the readiness and capability of these SMBs to meet the required benchmarks for national defense security standards. It underscores the need for a comprehensive approach to cybersecurity that encompasses not just initial compliance but also continuous improvement and adaptation to evolving threats.

“This report should be a wake-up call for the Department of Defense, U.S. policymakers, and SMB CEOs. There are concerning gaps in the ability of SMBs to deter, detect and respond to cyberthreats. CMMC/NIST 800-171 compliance, which mandates fundamental IT security controls, is also behind pace,” said Chris Petersen, Co-Founder and CEO of RADICL. “In contrast, nation-state cyberthreats are not behind pace and will continue to compromise DIB SMBs, steal their data, and disrupt their operations.”

This speaks to the urgent necessity for ongoing education, support, and resources to bridge the gap in cybersecurity readiness. The path forward requires a concerted effort from all stakeholders, including government agencies, industry partners, and the SMBs themselves, to foster a more secure and resilient defense supply chain.

By prioritizing cybersecurity and advancing toward full CMMC compliance, DIB SMBs can not only protect themselves against sophisticated cyber adversaries but also contribute more effectively to the collective defense and security of the nation.

The post New Report Finds 81% of Defense SMBs Have Begun CMMC Compliance, Yet Struggle to Reach Certification appeared first on Cybersecurity Insiders.

[By John Gallagher, Vice President of Viakoo Labs]

Biometric security is often viewed as superior to passwords when it comes to protecting sensitive systems or data. The interface between physical and software security, verified by unique personal identifiers like iris scans, fingerprint scans, or voice verification, seemed to render biometrics invulnerable to the types of attacks that systems of either variety were susceptible to independently. Recent news has proven otherwise.

The Widening Gaps in Biometric Security

Earlier this year, an Arizona mother received a late-night ransom call with her 15-year-old daughter pleading in distress on the other line. “The voice sounded just like Brie’s, the inflection, everything,” she told reporters – but it wasn’t her daughter on the line. It was an AI-generated clone of her daughter’s voice print generated from snippets of audio and used to create a fake recording with enough fidelity that even the child’s mother could not tell the difference.

We saw a remarkable surge in the frequency and quality of deepfakes last year. The increasing availability of biometric data makes these types of scams relatively easy to execute. Threat actors can mine IoT-connected devices like video databases for iris, fingerprint, and facial recognition data – think of a typical office environment where a person might pass a high-resolution camera multiple times a day for several months. A bit of the iris here, a partial fingerprint there – with enough repetition, compute power, and time, threat actors could “crack” a person’s full biometric profile with relatively little effort (not to mention capturing passwords if the cameras are positioned to read keyboards). As the technology evolves rapidly, attackers can now insert the deepfake right into the video feed, avoiding some of the liveness checks that biometric systems offer. For this reason, securing video surveillance systems and the data they generate will be crucial in the upcoming year. IoT devices are among the largest unsecured attack surface for most modern organizations. As cybercriminals become increasingly clever and sophisticated, lax IoT security poses a greater risk than ever before.

Leveraging Emerging Technologies and Processes to Overcome Challenges

These issues, combined with advances in artificial intelligence (AI) and quantum computing, have the potential to break biometrics. The solution? Greater use of AI by defenders at all levels–specifically using AI to drive more rapid expansion of zero trust approaches, threat detection mechanisms, early eradication of bots and malware, and use of digital authentication methods such as certificates.

Organizations must make strong, proactive investments in improving their security posture to stay ahead of the evolving threat landscape. As attackers use AI to find and exploit vulnerabilities, IT and security teams should leverage AI at every level of defense to act as a force multiplier, aggregating and prioritizing data, identifying likely attack paths, revealing lateral access, highlighting back doors, and compiling potential remediation actions.

Despite the size and scale of its potential impact, the “end” of biometrics is also the continuation of an increasingly popular trend: the move to zero trust. The cloud era ushered in the decline of the traditional security perimeter, and the shift to remote work amid the Covid-19 pandemic delivered its last rites. Zero trust should be the default position for all organizations – meaning that each user is continually verified not only based on their credentials, but on the data they’re accessing. A sophisticated zero trust capacity can identify and confront unauthorized access faster than any traditional security protocol. Regardless of the method of attack, zero trust enables organizations to regulate network access to a granular degree in real time, limiting the risk of any unauthorized access.

Preparing for the Future

While the end of biometric security has deep implications for organizations across industry and government, there are concrete actions leaders can take to protect against the threats that will emerge in the gap. By expanding the use of AI in cyber defense, along with investing in tools to achieve a comprehensive zero trust network state, organizations can defend against these threats and evolve with threats in the era of AI and quantum computing.

The post Are We Experiencing the End of Biometrics? appeared first on Cybersecurity Insiders.

[By André Ferraz, CEO and Co-Founder of Incognia, the innovator in location identity solutions]

Generative artificial intelligence (GenAI) is a hot topic of conversation – particularly the risks it poses to users’ online safety and privacy. With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it’s important to remember that excessive regulation can stifle experimentation and impede the development of new and creative solutions that could change the world.

For example, in the early days of telecommunications, regulatory bodies had a strong grip on the industry, yielding monopolies via limited competition. It wasn’t until the U.S. government took anti-trust action in the 1980s that deregulation led to waves of innovation, including the development of technologies that accelerated the adoption of the internet, mobile phones, and broadband services.

This isn’t to say that GenAI shouldn’t be regulated, it’s just important to differentiate between hypothetical doomsday scenarios associated with AI and the real-world impact of technology today. The concern with large language models (LLMs) and GenAI is the potential for misuse by bad actors to generate harmful content, spread misinformation, and automate and scale malicious or fraudulent activities. Any regulations or new technologies introduced should be focused on addressing these particular challenges.

Worried About the Wrong Things

There is often a focus on events that may or may not materialize in the distant future – with governments and citizens worldwide expressing concerns about the potential for AI to become uncontrollable, leading to unforeseen consequences. This fixation on existential risks diverts attention from the immediate and tangible challenges AI poses today – namely, the profound implications of GenAI on fraud prevention strategies and user privacy. While it’s essential to anticipate and address a variety of long-term possibilities, it’s equally vital to concentrate on the real-world impact of GenAI in daily life at the present moment.

AI-Driven Benefits

AI has already demonstrated its capacity to revolutionize industries and improve various aspects of our lives. From healthcare, where AI aids in early disease detection, to autonomous vehicles that enhance road safety, AI’s contributions are promising. Additionally, AI has already become an integral part of our digital lives through voice assistants that streamline tasks and improve accessibility to recommendation algorithms that personalize our online content.

Overregulation across use-case contexts can hinder the development of new and creative solutions that could benefit society. We need to strike a balance, recognizing that while risks are indeed present, AI’s potential for good is immense, and our focus should be on harnessing this potential responsibly.

Stopping the Bad Actors

One of the most immediate and pressing concerns in the GenAI landscape is the misuse of the technology by malicious actors, and the looming threat posed by rapidly advancing artificial intelligence cannot be ignored. Today, numerous industries, including financial institutions and online marketplaces, heavily rely on document scanning and facial recognition technologies for robust identity verification protocols. However, the stark reality is that the proliferation of deepfakes coupled with GenAI capabilities has rendered these traditional methods increasingly vulnerable to exploitation by fraudsters.

Facial recognition, once considered a reliable authentication tool, is now susceptible to manipulation. Our digital footprints, readily available on social media platforms and various online databases, serve as fodder for fraudsters to craft sophisticated masks, circumventing facial recognition systems with ease. Even liveness detection mechanisms, previously hailed as a safeguard against impersonation, have been compromised by the advancements in GenAI.

The reliance on publicly available information for identity verification is proving inadequate in thwarting fraudulent activities. While these methods may superficially fulfill compliance requirements, they fall short in effectively combating fraud.

The proliferation of data breaches has rendered personally identifiable information (PII) essentially public domain, further undermining the efficacy of conventional identity verification techniques. Document verification, facial recognition, and PII authentication are all vulnerable in the face of GenAI’s evolving capabilities.

Addressing this challenge requires a multifaceted approach that goes beyond regulatory measures, and focuses more on the introduction of new technologies. Pattern recognition, for instance, plays a pivotal role in identifying abnormal and potentially harmful behaviors. By training GenAI models to recognize patterns of behavior associated with malicious intent, it can swiftly identify and respond to potential threats.

Real-time detection is another essential component in spotting, stopping, and combating bad actors or harmful generated content and activities. AI systems can monitor user behaviors during interactions and transactions, flagging suspicious activities and allowing for immediate intervention, thus preventing or mitigating potential harm. Additionally, user behavior profiling can provide valuable insights into identifying malicious actors, anomalies, and potential threats. By creating detailed profiles of typical user behaviors, AI systems establish a baseline for normal behavior and quickly flag deviations that may indicate fraudulent intent or harmful actions.

GenAI is a Dynamic Field

GenAI holds vast potential to reshape industries, drive innovations, and improve various aspects of our lives. However, with great power comes great responsibility, and AI is no exception. While responsible and effective regulation is essential, it’s important to avoid overregulation that could impede progress and innovation.

The challenge posed by GenAI is not merely transitory; it represents the future landscape of fraud prevention. Organizations relying solely on these traditional approaches for Know Your Customer (KYC) and Identity Verification (IDV) procedures must urgently reassess their strategies.

Additionally, businesses in the fraud prevention space shouldn’t expect users to protect themselves. To tackle the real dangers of AI, a targeted approach is needed – leveraging solutions that prevent GenAI abuse, to protect users and their data. This nuanced strategy considers the diverse risks and benefits of various AI applications and, instead of adopting a one-size-fits-all approach to regulation, can consider the multifaceted nature of the emerging technology. The future of AI regulation should strike a balance between safeguarding ethical practices and fostering creativity and progress in the AI landscape.

Companies should invest in fraud prevention solutions that use GenAI to find data points that allow them to more uniquely identify their users with a proactive approach, being the first risk signal to determine the misuse of GenAI.

The post GenAI Regulation: Why It Isn’t One Size Fits All appeared first on Cybersecurity Insiders.

Network security professionals protect the confidentiality, integrity and availability of information across the network. They’re expert at applying strategies, processes and technologies that guard against unauthorized access and harm.

Are you ready for a career in network security? ISC2, creator of the leading advanced cybersecurity certification, the CISSP, recommends these specific steps.

  1. Become an ISC2 Candidate. Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization, more than 500,000 members, associates and candidates strong. As part of their One Million Certified in Cybersecurity pledge to help close the workforce gap, you’ll be able to access free Official ISC2 Online Self-Paced Training for Certified in Cybersecurity entry-level certification and a free exam. Candidates can also tap a full range of benefits, including 20% off online training and up to 50% off textbooks. Sign up now to get your first year free.
  2. Start your journey toward SSCP certification. Systems Security Certified Practitioner (SSCP) certification demonstrates you have the knowledge and skills to implement, monitor and administer IT infrastructure using information security policies and procedures. You’re key to protecting the confidentiality, integrity and availability of data for individuals and organizations.

To qualify for the SSCP, candidates must pass the exam and have at least one year of cumulative, paid work experience in one or more of the seven domains of the ISC2 SSCP exam outline.

If you don’t yet have the required experience to become an SSCP, you can become an Associate of ISC2 after successfully passing the SSCP exam. You will then have two years to earn the experience needed for SSCP certification.

  1. Keep learning

Network security never stands still. It’s a constantly evolving field that requires continuing education to stay in front cyberthreats and on top of trends. Professionals can choose from a variety of flexible learning options, including:

ISC2 Certificates turn a laser focus on specific subject matters. And with courseware created on the hottest topics by cybersecurity’s most respected certifying body, you’re assured the most current and relevant content. Choose from online instructor-led or self-paced education with content created by industry experts:

Online Instructor-Led*
• Prerecorded lessons led by an ISC2 Authorized Instructor
• Instruction that complements self-paced content
• Digital badges upon passing certificate assessments

Online Self-Paced
• Online learning at your own pace
• Videos available for download on demand
• Digital badges upon passing certificate assessments

Current ISC2 Certificate areas of focus include cloud security, risk management, CISO leadership, healthcare, security engineering, and security administration and operations.

ISC2 Network Security Skill-Builders will help you learn valuable skills as you pursue a career in network security. Grow what you know with short-format learning designed to fit your busy schedule.

A career in network security provides the opportunity to make a significant impact on the world. Qualified professionals are indispensable to organizations, safeguarding their information and systems. See yourself in network security and get started today. Learn More

More questions about SSCP? Get Answers in the Ultimate Guide, everything you need to know about SSCP. Download Now.

*Online instructor-led only available for select certificates.

The post Thinking about a Career in Network Security? Follow This Path appeared first on Cybersecurity Insiders.

[By Lydia Zhang, President and Co-founder of Ridge Security]

Organizations face constant threats from vulnerabilities that can exploit their systems and compromise sensitive data. Common Vulnerabilities and Exposures (CVEs) are one such concern, posing significant risks to organizations of all sizes.

Adopting a comprehensive security framework like continuous threat management helps to mitigate these threats effectively. So, let’s explore how this helps protect organizations from CVEs and fortifies their security posture.

Before diving into the role of continuous threat management, it is essential to grasp the basic concept of CVEs. CVEs are publicly disclosed security vulnerabilities and exposures that are assigned unique identifiers. They can exist in software, hardware, or network components, making them prime targets for cybercriminals to exploit weaknesses and gain unauthorized access.

The Role of Continuous Threat Management

Continuous threat management is a comprehensive security framework that combines threat intelligence, event management, and proactive monitoring and testing to strengthen an organization’s security posture. Here’s how it plays a crucial role in protecting against CVEs.

Threat Intelligence – Intelligence feeds gather information about emerging vulnerabilities and threats, including CVEs. By continuously monitoring reputable sources such as vulnerability databases, security bulletins, and threat intelligence platforms, organizations are informed about the latest CVEs relevant to their systems. This early awareness enables proactive measures to address vulnerabilities promptly. By generating reports and visualizations, security teams can track vulnerabilities, patch progress, and identify patterns or trends related to CVEs.

Vulnerability Assessment – Conducted across an organization’s infrastructure, applications, and network components, these assessments identify known CVEs and assess their potential impact on the organization’s systems. By performing comprehensive vulnerability scans and analyzing and validating the results, remediation efforts can be prioritized to eliminate the risk and impact of exploitation.

Patch Management – This process facilitates the deployment of security patches, updates, and fixes for identified vulnerabilities and exposures across the organization’s systems. Automated patch management tools integrated within the continuous threat management framework ensure timely patch application, reducing the window of opportunity for cybercriminals to exploit CVEs.

Incident Detection and Response – Continuously monitoring network traffic, logs, and security events will reveal any signs of exploitation related to CVEs. Continuous threat management identifies potential attacks and alerts security teams by correlating security events and applying behavioral analysis. Rapid incident detection and response minimizes the impact of CVE-related incidents.

Empowering Organizations to Unlock Operational Efficiencies

Advanced correlation and analysis allow security teams to identify patterns, anomalies, and indicators of compromise in real-time. With streamlined incident response workflows and automated alerts, continuous threat management platforms enable organizations to respond swiftly and effectively to mitigate the impact of CVE-related incidents.

A common platform for collaboration promotes cross-functional coordination, enhancing operational efficiencies and ensuring that security tasks are effectively executed. Security teams can easily share critical information, track vulnerability management progress, and monitor the status of patches and configuration changes. Continuous monitoring, testing, validating, and applying patches promptly enable organizations to adhere to security best practices and support regulatory requirements.

Designed to scale with the organization’s needs as they grow and face new threats, continuous threat management accommodates increased data volumes, expands monitoring capabilities, and integrates with other security tools. This scalability ensures that operational efficiencies gained are sustained over time and aligned with the organization’s evolving security requirements.

Security Validation Platforms Support Continuous Threat Management

Today’s new generation of AI-powered security validation platforms stands at the forefront of proactive security measures, offering a dynamic and continuous cycle of testing, validation, prioritization, and resolution of vulnerabilities and exposures.

At the heart of AI-powered security validation is automated penetration testing. By thoroughly scanning an organization’s network to identify and exploit vulnerabilities, it mimics the tactics of actual cyber attackers. Adeptly uncovering threats, such as software flaws, unauthorized command executions, credentials exposure, distributed denial of services attacks, sensitive data leakage, and database intrusions, it provides tangible proof of attack consequences and executes automated remediation. The result is a set of risk assessment reports that are both prioritized and accurate – with zero false positives.

Comprehensive reporting can include intricate details such as the attack structure, the specific pathways taken, the exposed surfaces, and the particulars of the vulnerabilities and risks involved, with actionable solutions for each identified issue. These platforms can also shed light on the mechanics of the attack, providing insights into the payloads used, exploit codes, and snapshots of the attack in progress.

Beyond mere detection, cybersecurity risk management and governance are elevated to new heights, empowering organizations to bolster their defenses and resilience by supplying critical data and guidance on cybersecurity risk management, strategic planning, and governance. This can include detailed information on each vulnerability and risk, such as the Common Vulnerability Scoring System (CVSS) score, severity ranking, descriptions, and references.

AI-powered security validation can go further by suggesting specific remediation strategies, whether patching, updating, reconfiguring, or encrypting, to address and mitigate each identified risk. Insights can be provided into the network’s security policies, rules, and configurations and how to enhance them using state-of-the-art reinforcement learning techniques and sophisticated algorithms.

Shielding Organizations from CVEs

A continuous threat management security framework helps organizations protect themselves from CVEs that cybercriminals can exploit. By deploying technology such as security validation with automated penetration testing, they can significantly improve operational efficiencies, collaboration, and compliance by using threat intelligence, vulnerability assessment, automated patch management, and incident detection and response. Their security posture is strengthened by identifying, prioritizing, and remediating CVEs across the organization’s digital systems.

About the author

Lydia Zhang is the President and Co-founder of Ridge Security. She holds an impressive entrepreneurial-focused resume that includes 20 years of leadership roles in network and cyber security. Lydia leads a Silicon Valley cybersecurity startup that develops automated penetration testing with the goal of delivering innovative security technologies to all.  Prior to founding Ridge Security, Zhang held Senior Vice President and Product Management roles at Hillstone Networks and Cisco Systems. She holds a double Master’s, MA, and MS from USC and a degree from Tsinghua University in Biomedical Engineering.

The post Continuous Threat Management’s Strong, Proactive Protection Against CVEs appeared first on Cybersecurity Insiders.

[By Joao Correia, Technical Evangelist at TuxCare (www.tuxcare.com), a global innovator in enterprise-grade cybersecurity for Linux]

Today’s threat actors are driven by a variety of potential motivators for attacking systems and networks. They may aim to disrupt entire economies, advocate for certain causes, infiltrate government structures or exploit intellectual assets. Yet of all these incentives, the pursuit of financial gain remains the most coveted factor. Understanding how attackers capitalize on cybersecurity breaches can provide valuable insights into threats and vulnerabilities that organizations confront in the realm of cyber-attacks.

The allure of financial gain in cybercrime is undeniable. According to a report released by the FBI at the end of 2023, Royal ransomware had outstanding requests for over $275 million just between September 2022 – November 2023. Whether it’s through ransomware attacks, financial fraud, identity theft, or the sale of stolen data on the dark web, the ongoing quest for monetary profit serves as a powerful driving force behind cyber-attacks. Ransomware attacks in particular have emerged as a favored tactic as attackers have found they can encrypt valuable data and demand significant ransomware payments for its release.

As a result, cybersecurity remains tricky to solve because incentives remain high on all sides. There are motives to keep finding vulnerabilities, exploiting them, stealing information or deploying ransomware to as many targets as possible. On the security researcher side, the payouts for big bounties are not up to par, making it an uneven fight. For example, a ransomware gang can encrypt and withhold valuable data from a company unless they fork over a ransomware payment. But the company is not guaranteed that they will actually get their data nor can they be confident it is not a big ger trap for more havoc if they do provide the ransom.

It’s easy to be overconfident on security matters. During a recent episode released by Enterprise Linux Security Podcast, Jay LaCroix said the only way to ensure maximum security is to follow 3 steps: never own a computer, never turn on a computer, and never use a computer.  This is because no matter how secure one thinks they are, risk still abounds. One of the biggest mistakes companies make is the “it won’t happen to me” mentality. Whether you are a small private business fresh on the market, or a long standing firm with generational wealth behind you, all are seen equal in the eyes of a cyber criminal. When the payout opportunities are this high they are not picky on their targets. They want to hand out ransomware demands like candy and maximize their targets to better their chances of success.

Hackers have all the time in the world to spend excruciating amounts of time going over every inch of a company’s enterprise network searching for flaws and unpatched vulnerabilities. All it takes is one to gridlock company operations and cost millions of dollars in data recovery. This is why such an emphasis is placed on proper patch management. It can be the deciding factor in whether a company goes under, or narrowly avoids a damaging attack.

Unfortunately, the concept of patch management continues to be viewed as a time-consuming and highly disruptive process that not only places daily operations at risk, but burdens overworked security teams in the process. Conventional patching for the Linux kernel requires system reboots to load the patched code into the kernel. Because of this, the process often requires extensive coordination between maintenance, stakeholders, and security teams to schedule operational downtime and disrupt systems. These delays can negatively impact customer satisfaction, hurt revenue generation and take time away from other high-priority issues.

While outsourcing patching to a third party like a Managed Security Service Provider (MSSP) can aid organizations in handling this task, MSSPs are typically swamped with their own extensive security to-do lists for their clients and unable to provide the strict attention required for continuous vulnerability monitoring. This is where live patching enters to streamline the process significantly.  With live patching, DevOps, IT and SOC teams can put their security patching on autopilot in the background and deploy patches as soon as they become available, minimizing the windows of exploitable vulnerabilities and requiring no downtime.

The ability to deploy security patches without bothersome maintenance windows not only reduces unnecessary patch delays but also helps companies stay compliant with regulatory patching requirements. Fighting automation with automation can not only significantly reduce exposure to zero-day exploits but it can streamline vulnerability management in a way that limits pressures on IT security teams. Gone are the days when resources were burned through just to provide a weeks-long delayed patch or emergency reboots required that cost businesses valuable time.

Instead, the patching workload becomes reduced, and vulnerabilities are immediately recognized, patched and secured before a money-hungry hacker can pounce. The pursuit of financial gain continues to exert a profound influence on the landscape of cyberattacks, continuously underscoring the critical need for organizations to remain vigilant. Prioritizing vulnerability management at this level enables organizations to establish a proactive vs reactive environment that successfully combats constantly escalating threats. Regardless of company size or logistical complexity, CISOs and SecOps teams should embrace an automated approach to security with confidence.

Joao Correia serves as Technical Evangelist at TuxCare (www.tuxcare.com), a global innovator in enterprise-grade cybersecurity for Linux.

The post Proactive Patching Translates into Less Ransomware Payouts appeared first on Cybersecurity Insiders.

[By Rob McNutt, SVP Network Security at Forescout]

The greatest threat to zero trust is not among a group of the usual cybersecurity suspects. It is the marketing hype that has led to unrealistic expectations about its capabilities.

The ability to achieve “100% Security” with zero trust is enticing, but it is a fallacy. The idea that organizations can purchase “zero trust in a box” as some sort of plug-and-play solution is misleading at best. Likewise, deploying zero trust takes time and ongoing management, you cannot “set it and forget it.”

Let’s dispense some of these misconceptions that can negatively impact an organization seeking to implement zero trust. It is time to bust some zero trust marketing myths.

Myth #1: Zero Trust is a Product You Can Buy

Contrary to marketing claims, zero trust is not a product that can be purchased off the shelf. It is an architectural approach that includes multiple aspects. According to the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model, the pillars of zero trust include identity, device, network/environment, application workload, and data.

Each one of these pillars has its own unique challenges and requirements, which may necessitate multiple solutions to address. For example, zero trust networking requirements include authentication and authorization, least-privilege access, and continuous risk assessment. Various solutions, including multi-factor authentication (MFA), identity and access management (IAM), network segmentation, network monitoring, and zero trust network access (ZTNA) contribute to achieve these requirements.

Unfortunately, ZTNA has been overhyped to the point that it is negatively impacting zero trust networking and zero trust as a whole.

Myth #2: Zero Trust Network Access Provides 100% Network Protection

Zero trust networking is a crucial component of a zero trust architecture; however, the industry’s attempt to market ZTNA as an all-encompassing solution conflates its role within the larger framework.

While ZTNA provides initial access control, it falls short in offering continuous visibility and control once access is granted. ZTNA can also fall victim to compromised credentials and insider attacks.

The reliance on software agents and decryption of endpoint traffic creates management complexities, especially concerning the diverse landscape of the Internet of Things (IoT) and operational technology (OT) devices.

Education is key to dispelling marketing claims about ZTNA. Understanding the hierarchy of terms—zero trust networking, ZTN, and ZTNA—reveals that ZTNA is just one component. It offers access but lacks the broader visibility and control required for a comprehensive zero trust architecture, it does not even provide complete zero trust networking.

Myth #3: Zero Trust = Zero Risk

There is a notion that implementing zero trust removes risk from the equation, but unfortunately this is not the truth. Hypothetically speaking, a perfect implementation of zero trust could eliminate almost all risks, but the reality is that perfection is impossible to achieve.

Implementing zero trust is a complex and on-going process because there are so many interconnected parts. There are very few organizations that have achieved a fully mature zero trust implementation. But even among those that have, it can be difficult to account for blind spots and to close certain security gaps.

In particular, gaining visibility and control into unmanaged devices, OT devices, and IoT devices can represent a significant risk, even for organizations that have implemented zero trust solutions. Without visibility into all devices and endpoints, their collective vulnerabilities and exposures remain unknown.

The dynamic nature of modern threats, and the constant evolution of the modern enterprise network, requires continuous risk assessment and refinement of zero trust policies. Another reason that zero trust cannot completely eliminate risk is because of the trade-off between security and productivity.

If the user experience is hindered by zero trust, then users may resort to less secure methods, such as shadow IT, creating unknown risks due to a lack of visibility. However, if zero trust policies are too relaxed, then compromised user accounts become an effective attack vector.

Organizations must strike a balance between zero trust security and the user experience by leveraging comprehensive visibility, which can provide the additional context needed to enforce zero trust policies without negatively impacting productivity.

One-Size Fits None

Zero trust is not a simple solution, it is a comprehensive framework that requires careful consideration. It comprises multiple pillars, each addressing crucial aspects of security. The integration of insights from multiple sources illustrates the importance of dispelling zero trust marketing myths to better understand its nuances.

By approaching zero trust with a realistic mindset and acknowledging its multifaceted pillars, organizations can fortify their cybersecurity posture in an era where marketing claims often overshadow the true essence of transformative technologies.

The post Don’t Believe the Hype: Myth-busting Zero Trust Marketing appeared first on Cybersecurity Insiders.