Author: cyberinsiders

By Chester Avey

The Covid-19 pandemic has caused seismic change for business. Not only have markets and industries had to find ways to adapt, but companies of all sizes have faced an unprecedented scenario. It can be easy to understand then, that cybersecurity may not have been a huge priority for businesses 

However, it has now been well established that over the period of the pandemic there has been an enormous rise in cybercrime. Some studies suggest that between 2020 and 2021 there was a 50% increase in overall attacks on corporate networks, and a 40% increase in cyber attacks globally. Cleary, this is a major problem that businesses need to start taking very seriously. 

But what has driven this rise in cybercrime? Certainly a part of the issue is simply the number of businesses that are taking their work online. This relates to both having to start an ecommerce site if they couldn’t sell physically, or put their work on servers and provide access to employees. 

Another major element of the cybersecurity crisis is the fact that so many people are now working from home. It could be the case that the increased level of remote working is something of an unseen problem for businesses, as companies are yet to fully understand the dangers and what they can do about them. 

Lack of office protection 

Many in-office workers are used to doing their job with a degree of simplicity with regards to cybersecurity. The IT infrastructure within offices generally puts a great deal of focus around cybersecurity and keeping workers safe, including by enforcing good cybersecurity practices such as the closing down of machines and the use of strong passwords. 

When these workers then come to do their job remotely, some are not really prepared or perhaps even aware that what they are doing could be detrimental to the overall cybersecurity of the company. 

“With remote working the new norm, it’s easy to slip into bad habits,” says Juliette Hudson, Senior SOC Analyst at cybersecurity specialists Redscan “however, with cybersecurity risks being greater than ever and remote workers lacking office protections, it’s important to maintain a high standard of security awareness”. 

Additionally, there are powerful protections offered by software such as the company firewall and other software. 

Opportunities for business email compromise

Business email compromise (BEC) is a form of attack where a cybercriminal takes control of the email account of a member of your organization. With this account, they make a request such as for an employee’s bank details to be changed, or for a payment to be paid to someone outside of the company. 

These requests can easily be granted as they come from the genuine email address of the colleague. In this sense, they are more of a threat than a standard phishing attack. 

Remote working makes BEC attacks more dangerous because staff become more used to the idea of communicating entirely through devices. So, if a member of staff asks a member of the accounts team to make a payment via email, they may well take it at face value. In that scenario in the office, it is more likely that the accounts team can easily check with the person face-to-face.

The dangers of shadow IT

Another challenge for companies with remote workers is the issue of shadow IT. Shadow IT refers to any kind of application, software or hardware that is used by a member of staff without the knowledge or sign-off from the IT team. 

This is actually a very common issue for businesses; members of staff will find pieces of software or applications that provide them with advantages when working, and so they will simply install it and start using it. 

In theory, that is a benefit as it could allow for a more productive working day – but on the downside, many applications have flaws and vulnerabilities. It is therefore typically a part of the remit of the IT to assess them to ensure that there is nothing that could put the company at risk. 

With remote workers, the danger is actually much greater as they are more likely to make use of their own software and not run it by the IT team. 

Final thoughts

Remote working clearly has a broad range of benefits for companies and workers, but there can be no doubt that it has created challenges for cybersecurity too. It is really worth implementing strong procedures and policies, and providing staff with training to help minimize the risk of cybercrime for your company.

The post Is Increased Remote Working Fueling a Cybersecurity Crisis? appeared first on Cybersecurity Insiders.

By Guy Golan, CEO and Founder of Performanta

The Russian attack on Ukraine has been an eye opener for everyone, and industries across the world have been rattled by the sheer aggression demonstrated across the European territory, both on the physical side and on the cyber plains. The initial cyber-attacks on Ukrainian organisations leading up to the invasion has been recognised as the first step in the wider war strategy.

Taking out critical infrastructure and disrupting communication channels is a tactical strike to weaken the victim, before then launching the main physical campaign. It’s the equivalent to blindfolding your opponent before delivering the final blow, leaving them defenceless.

Russia’s actions have also sparked cyber retaliation. Hacktivist group Anonymous has also declared ‘cyber war’ on Vladimir Putin in response to his invasion of Ukraine, targeting Russian websites and TV networks in an effort to broadcast the hidden truths of the horrors taking place in the country.

Regardless of which side you stand, cyber warfare will impact us all. Stray bullets in physical battle are devastating – and we’re likely to see the cyber equivalent moving forwards.

Cyber shots fired

Through Russia’s invasion of Ukraine, we have essentially witnessed a declaration of another international war, but this time, not a single shot was fired in the first instance. Instead, the ammunition used took the form of DDoS attacks, and the trigger was a computer keyboard.

Russia’s initial cyber-attacks on Ukraine, as an attempt to destabilise the country’s economy, infrastructure and government, not only illustrated Russia’s ability to knock out Ukrainian systems, but also emphasised Ukraine’s lack of preparedness. Understandably, few countries would anticipate a full-blown international attack, but everything’s changed, and this is now a very real possibility moving forwards to which other countries should take heed.

In addition to Anonymous’s retaliation, we’ve also witnessed the rise of the IT Army of Ukraine, a group of volunteer hackers from around the world dedicated to bringing down Russian government and financial websites. With over 311,000 members, the group has entered a new league of cyber warfare, driven by an international digital army.

Cyber war has been on the cards for years, with organisational bodies like NATO preparing for its arrival. And the increased level of activity from Anonymous and the IT Army is just a taste of what could develop in the near future.

Private concerns become public

Experts have known for years that cyber campaigns of this size, scale and sophistication are possible, but only now are these fears being realised. Attacks have been directed at critical infrastructure before, the finger often being pointed at rival countries on some matter of conflict. The Colonial Pipeline attack is a prime example.

But this is the first time a cyber-attack has been publicised as being a declaration of war. While this level of attack has happened before, it hasn’t been made visible to the public, or taken as far as recent events have. The Russian invasion in Ukraine, from a cyber war perspective, is providing invaluable insight in the sense that people are connecting the dots between cyber-attacks and the beginnings of war. We have entered an age where countries can be brought to their knees without using a physical army.

One of our biggest concerns now is that the cyber-attacks launched by Russia before the invasion were just the tip of the iceberg. As the devastation continues, experts are contemplating the probability of further cyber campaigns, particularly in the US. Whether this is true or not, we are still unsure, but we’d be naïve not to learn from past events.

One thing we can say for certain is that the Russia-Ukraine conflict is not the first to adopt a cyber campaign, and it won’t be the last. Some countries have begun strategizing for this very real possibility, but how prepared are they?

The importance of preparedness

The recent events are a major concern for other countries with less developed cyber structures, and should act as a wake-up call for those who have failed to address their cyber requirements over the last few years. As we well know, criminals and nation states have become increasingly sophisticated in recent years, with access to advanced technology and resources that could easily contribute to global devastation if applied to a war scenario.

Tensions are high, and governments and businesses alike are turning their focuses inwards to ensure defences are up to scratch. Satellite operators are being advised to be on high alert following a cyber-attack that disrupted internet services in Europe. And the NCSC has been urging businesses to gear up and boost cybersecurity efforts amidst the ongoing conflict.

While attacks like Russia’s invasion of Ukraine are few and far between, it demonstrates the different levels of conflict that can occur. And organisations across the world should ensure they’re ready to face similar threats head on in case they too find themselves a target.

The post Cyber warfare is a ‘watershed moment’ for the industry appeared first on Cybersecurity Insiders.

By Jessica Day – Senior Director, Marketing Strategy, Dialpad

The world of IT security is complex and changeable. Recently, many companies have adopted, and continue to carry out remote working, increasing internet use, and further technical vulnerabilities for cybercriminals to exploit.

According to the FBI, cyber threats have tripled to 3,000 per day. Small and medium-sized businesses (SMBs) are most vulnerable to attack because they don’t have the resources to purchase advanced security tools.

With a 50% increase in cyberattacks year on year, it’s becoming progressively tasking and expensive for a business to protect their systems from threats like malware, ransomware, phishing, and data theft.

An effective cybersecurity infrastructure is vital to protect networks and data. However,security as a service can offer an affordable and convenient solution that meets your needs.

What is security as a service?

Security as a Service (SECaaS) is cloud-based software that provides the tools and services you need to create a robust, tailored cybersecurity solution.

Outsourcing your IT security to a third-party provider for a monthly subscription removes the need for in-house cybersecurity personnel and infrastructure.

Do not confuse SECaaS with software as a service. SaaS provides cloud-based software solutions, but if you want a complete guide to SaaS content strategy look elsewhere. SECaaS deals exclusively in cybersecurity services.

What are the benefits of SECaaS?

It can be difficult choosing between cloud-based on on-premise solutions. However, several benefits should be considered when planning your IT security. Let’s take a look.

1. Expertise

For IT security to be effective, it needs to be managed by experts. With SECaaS you’ll have access to professionals with the knowledge and experience to handle your cybersecurity requirements without having to put them on the payroll. They’ll also have access to the most up-to-date tools and equipment available and will receive training on all the latest developments and threats.

2. Comprehensive security package

A SECaaS package will provide you with instant access to the latest and most advanced security tools that will be tailored to meet your company’s needs. Many providers allow you to combine different software to create a comprehensive package.

Most SECaaS providers offer varied pricing tiers, so you only pay for what you need.

3. Save resources

Having IT experts on your payroll is expensive. In-house security teams also require regular training, plus continuous investment in hardware and software which will also need to be regularly monitored and updated.

SECaaS offers a long-term, cheaper alternative.

Let’s not forget the time and labor costs involved with running cybersecurity. Using SECaaS frees up IT teams to focus on other tasks such as maintaining endpoint hardware, or answering questions from colleagues about the best voice recorder for meeting minutes.

Plus, there are also the associated costs if things go wrong. On average SMBs $85,000 to cyberattacks. This can be in the form of penalties, operational downtime, and damaged assets.

4. Automation

Cybercriminals don’t take time off, so neither should your cybersecurity solution.

SECaaS offers protection 24/7. You’ll get around-the-clock service that monitors for vulnerabilities and potential threats, provides automatic updates for the best protection, has prompt alert systems, and offers faster responses.

There’s no need to worry about alerts being missed over the weekend, followed by a delayed response which then allows a minor threat to then become a serious problem. SECaaS offers peace of mind that your cybersecurity is always on the job protecting your system from threats like ransomware.

5. Reporting

As well as automated responses, SECaaS provides regular analysis and reporting regarding the status of your security.

Collecting, analyzing, and correlating data from various systems and applications is a time-consuming and complex task for your IT team. SECaaS removes this headache and provides accurate, organized, and actionable security intelligence that can be used to help you make informed decisions regarding strategic planning.

6. Compliance

Increased use of the internet has brought with it additional regulations which can’t be ignored. If that were not difficult enough, regulations can vary across industries and countries.

Ensuring your company is compliant with the relevant standards and regulations can be a minefield, especially when it comes to cybersecurity.

With SECaaS you can be confident you have the correct policies and procedures in place that inform appropriate solutions and are applied and constantly reviewed for any possible risks and breaches.

Image Source

What SECaaS solutions are available?

There are varied and vast solutions available depending on your company’s needs. Let’s look at some of the most popular.

Network security

IT networks are high risk and complex due to multiple users and endpoints.

SECaaS provides tools that constantly monitor incoming and outgoing traffic, searching for risks and assessing threats before they occur. It can also limit access to high-risk websites.

Endpoint protection

Endpoints include laptops, mobile phones, servers, anything staff members are using to log onto your network. They’re a particular risk because they harbor several weak points that cybercriminals can exploit.

Anti-virus software is the most common endpoint protection, but SECaaS offers that and more with endpoint detection and response tools.

Data protection

Data protection is non-negotiable these days.

Data loss can cause significant disruption to operations and lead to considerable fines. SECaaS provides the tools to protect data and prevent loss or theft through constant monitoring and security checks.

Loss of customer data can be devastating to a company’s reputation. If you want to reduce customer acquisition cost, it’s vital that you protect their data from loss or theft and thereby retain customers who have confidence in your ability to keep their data safe.

Access management

Imagine you use a contact center as a service (CCaaS) provider to run your cloud-based contact center. Depending on the size of your business, you may have any number of employees logging in to your network at different times. How do you manage who can see specific areas of your system and avoid unauthorized access?

SECaaS provides cloud security access to agents to enforce your security procedures. It also offers intrusion protection that identifies and recognizes unusual activity and prevents unauthorized access.

You can also choose Single Sign-On tools to allow access to all your company applications and software with one set of credentials. This tool also provides a greater ability to monitor usage.

Email and web security

Poor email and web security can lead to malicious ads, phishing, and spam simply because it involves a lot of incoming and outgoing data. SECaaS solutions will block potentially dangerous emails and attachments before they can be opened and threaten your system.

You can also protect your websites and applications from malware and viruses that can potentially spread to any visitor or user endpoints by continuously checking the security of application program interfaces.

Security assessments

Once your SECaaS solution is up and running it doesn’t end there.

Cybersecurity is ever-changing, so you need to constantly monitor, review and adapt your package to keep up. Just like testing metrics, the package needs to be analyzed so it can be improved.

Most SECaaS packages offer ongoing security analysis that monitors for vulnerabilities, fixes bugs, identifies new threats, and provides real-time information that can help improve response times and reduce risks.

How to choose the right SECaaS provider for you

Outsourcing IT security to a third party requires careful consideration.

Before you start, it’s important to identify your company’s needs, then select the provider that can meet them.

When you’re ready to delve into the selection process you should consider the following points.

Availability

The reason you’ve opted for SECaaS is to provide 24-hour protection for your IT system. You, therefore, need a provider that responds around the clock.

Providers should be able to deliver a guaranteed response time for incidents, queries, and system updates.

Service loan agreement

Always check the service loan agreement meets your needs. It should outline the services provided, the available support, agreed response times, service fees, and any consequences for the provider due to non-compliance.

Varied pricing/scalability

You should not have to pay for services you do not need. Ensure your provider has varied pricing options and the opportunity for scalability. If your company grows you will need your cybersecurity package to grow with it and a flexible provider is essential.

Provider credentials

A little research can go a long way to help you choose your provider with confidence. You may use conversion funnel metrics to help you understand your customer’s journey from consideration to purchase. As you follow this process to choose your provider, check they deliver the service standards you expect from start to finish.

Verify their credentials. Do they have the required certifications? Do their staff have the correct qualifications, knowledge, and experience?

Check them out with other service end-users. Their feedback may provide insight you never considered.

Takeaway

Choosing to transfer your IT security to a cloud-based third party can be daunting, but there are plenty of benefits.

Such a decision depends upon the size of your company and its needs. Choosing SECaaS can make a complex task much simpler in the rapidly changing world of cybersecurity.

If you’re an email service vendor who wants protection from phishing, or a school, you want reliable, convenient, and affordable cyber protection. SECaaS can provide you with a varied and tailored package to meet your needs and reduce the workload of your internal IT team.

Bio:

Jessica Day – Senior Director, Marketing Strategy, Dialpad

Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. She has also written for sites such as VirtualSpeech and Globalization Partners. Here is her LinkedIn.

The post Introducing SECaaS (Security as a Service): A Comprehensive Guide appeared first on Cybersecurity Insiders.

By Murali Palanisamy, Chief Solutions Officer, AppViewX

Since the onset of COVID-19 and a rapid increase in the hybrid working model in Spring 2020, the workforce has adjusted to the work-from-home life. Initially, the primary concern was whether the workforce could work remotely long term, but since then things have changed. Nearly two years later, many still work from home and have plans to maintain this workstyle for the long term. While a majority of workers use Company Owned and Managed Device (COMD), many have been using their own laptop, desktop, and smartphone or opted out of one provided by their employer especially when they don’t need VPN and use SaaS services- this has caused a plethora of concerns for cybersecurity and IT professionals.

Institutions typically install proper security measures on any company-owned device. When it comes to personal devices or BYOD, however, IT teams have less control and even less control when it comes to ensuring an employee complies with the policies. Since it’s a personal device, there are only so many measures that can be taken. It’s imperative that each organization has its own BYOD policy and proactively enforces this policy to avoid any unwanted intruders on its network. The following outlines three considerations IT and security professionals should consider when developing this policy.

In a recent survey with Vanson Bourne, it was discovered that 90% of organizations say MIM is a top priority in their organization now that the concern for cyber breaches has risen since the onset of the pandemic. While these organizations are headed in the right direction with the decision to use MIM as an IT framework for BYOD, there is still work to be done.

Organizations still face numerous challenges as they enhance their Machine Identity Management approach. Some of the concerns at hand as organizations begin to adopt MIM are:

  • The complexity of ensuring that certificates are provisioned across all areas of their IT infrastructure – the complex number of devices being added due to the BYOD/hybrid work model has bottlenecked this.
  • A lack of skill sets within their IT/security team when it comes to MIM – from the IT talent shortage to the skills gap, IT leaders are struggling to find new hires and maintain current employees. According to Gartner, 80% of organizations shared that they are having a hard time finding and hiring security professionals.

The Problem at Hand

What does this mean exactly? When it comes to protecting an organization’s network and data, there is a scale, and each organization can choose how aggressive it wants to be. For example, endpoint security allows bridged devices to stay connected but will still maintain and protect the network when under attack. By securing the endpoints or entry points, it is a much more difficult task for hackers to access the network. But this method is not flawless, and organizations fall victim to attacks through phishing, email attachments, accidental downloads and more. With this vulnerability in mind, cyber professionals have looked at additional ways to protect the network.

Machine Identity Management at Work

One method of security that is often overlooked is Machine Identity Management (MIM). Under every organization’s BYOD policy, MIM should be implemented, and employees should follow its best practices. This means having certificates for users and the machines to uniquely identify the machine – and those that are not identifiable are denied access. Despite the organization not owning the device, IT or the information security team is able to transfer trust to the device the employee owns with a digital identity that the user themself would manage. Having the ability to issue and revoke accessibility for the device is a critical step in managing who accesses the network without taking full control of employees’ individual devices. If at any time, an employee’s computer is lost, stolen, damaged or compromised, the employee himself or the IT will be able to revoke that device certificate and access will be denied.

A few best practices for BYOD that are recommended include:

  • In a BYOD scenario the employee is trusted, and that trust is transferred to the device that he owns, in that scenario he should be able to revoke the device without having to manually interact with another team or person
  • The Global Information Security team or Central team should be able to control the policy and access of any device from a single console especially during an incident
  • A move to a short-lived certificate which is valid for 10/30 or 60 days with automated renewal and reissuance would be best especially when the devices are outside the perimeter.
  • The Global Security team should be able to reissue and revalidate certificates across all devices within a short period of time maybe less than an hour that provides crypto agility.

The Enterprise, The Cloud, and MIM

With the cloud transforming the physical data center, and compute and data moving to cloud steps in which data is stored accessed has greatly changed. The pandemic has changed the retail office space and since the onset of COVID-19, the number of ransomware attacks has greatly increased due to BYOD being adopted by many. The attacks on major infrastructure have required security professionals to reevaluate steps to protect organizations. While these attacks may have not been instituted by BYOD entry, IT professionals have agreed that it is critical to look at every vulnerable access point and address it.

While BYOD has been around for years, the IoT visibility gap has led to difficulty for organizations running in multiple cloud environments. Maintaining security measures across each cloud environment plus the relationships between each environment and every device in the network has become quite the challenge, especially when numerous devices were introduced as part of work-from-home amidst the pandemic. Many organizations are still playing catch up when it comes to distributing and revoking certificates as they work to identify the number of devices added to their network in mid-2020.

To get ahead and quickly make way with MIM efforts in the cloud for BYOD, it is recommended that organizations:

  • Create central visibility of all the issued identities
  • Define a central policy that can be audited, reported and enforced across hybrid environments
  • Have an out-of-band validation option which can audit and report on compliance of identities

The overwhelming stress a ransomware attack puts on an organization including the reputational impact, requires that security teams put an assertive BYOD policy into place to protect the network and greater organization. As we look back on lessons from 2021, the pandemic and remote workforce has made organizations more vulnerable to unwanted invaders. As attacks in sophistication, the steps taken to block them should evolve as well. With MIM implementation – organizations are one step closer to protecting their networks.

Can Murali provide more specific recommendations for BYOD and MIM as a service. A few bullet points would be great.

Can Murali provide more specific recommendations for BYOD and MIM in the cloud? A few bullet points would be great.

The post Machine Identity Management (MIM): Responding to Critical Security Needs in the BYOD Era appeared first on Cybersecurity Insiders.

[ This article was originally published here by Indusface.com ]

Thinking about all the high-profile cyber threats that businesses face today can make you feel overwhelmed. The most devastating security breach incidents that made headlines, show the incidence of API abuse. Take Venmo, Panera, Equifax, WikiLeaks, and Uber’s hacks for example. With these incidents, it is clear that cybercriminals are becoming smarter, and many businesses are not focusing much on API security.

As our API-related development increases, so does the cybercriminals’ desire to take advantage of it – driving new evolutions in API security threats.

“By using APIs, companies may inadvertently open up the door to all of their corporate data,”

                                    -Chris Haddad, chief architect at Karux LLC.

Source: Techtarget

So, how can you avoid becoming an API hack headline? The best way to leverage the power of APIs without confronting insider threats and external attacks is by following these API security best practices:

API Security Best Practices for Web Apps  

  1. Implement A Zero Trust Philosophy  

When it comes to “What is API Security?”, many people would highlight API authentication, but API security is more about API threat prevention. Zero Trust is a security policy centered on the principle that companies should not trust anyone by default and instead must verify everything trying to access their systems.

Zero-Trust ideology should be applied to even authorized API endpoints, authenticated clients, as well as unauthenticated and unauthorized entities.

Critical factors to consider while implementing a zero-trust policy on your API include API Protocol Support, API Deep Request Inspection, Cloud-native Deployment Method, API Discovery – Up to date API Inventory, and Data leakage prevention.

  1. Identify API Vulnerabilities and Associated Risks

It is dangerous to ignore API vulnerabilities and risks. Many API vulnerabilities and errors can be caught in the initial stage; hence, fixing them becomes easy and quick.

With thorough API security testing, discover which parts of your API are vulnerable to the known threats. Refer to the OWASP’s Top 10 API Security Vulnerabilities list to make sure the biggest vulnerability categories are mitigated. Also, identify all the data and systems that get affected if a vulnerability is exploited and create an appropriate recovery plan to reduce the risks to an acceptable level. Assess the API endpoints before any code changes to make sure any data handling requirements and security are not compromised.

  1. Enforce Strong Authentication and Authorization

Though authentication and authorization play different roles, when implemented together, these two API best practices work as a powerful tool for API security. Authentication is necessary for securely verifying the user of the API and authorization is concerned with what data they have access to. API authentication allows to restrict or remove users who abuse the API. API authorization usually starts after the identity is confirmed through authentication and verifies if users or applications have permission to access the API.

API authentication and authorization serve the following purposes:

  • To authenticate calls to the API to legitimate users only
  • To track the requesters
  • Tracking API usage
  • Enabling different levels of permissions for different users
  • Blocking the requester who exceeds the rate limit
  1. Expose Only Limited Data

When we think of web API security best practices, we often think of blocking out malicious activity. It can also be helpful to limit the accidental exposure of sensitive information. As APIs are a developer’s tools, they often include passwords, keys, and other secret information that reveal too many details about the API endpoints. Make sure APIs only expose as much data as is needed to fulfill their operation. Further, enforce data access controls and the principle of least privilege at the API level, track data, and conceal if the response exposes any confidential data.

  1. Implement Rate Limits

DDoS (Distributed Denial of Service) is the most common practice of attacking an API by overwhelming it with an unlimited API request. This attack affects the availability and performance of APIs.

Rate limiting, also known as API limiting is a process of enforcing a limit on how often an API is called (to ensure that an API remains available to legitimate requests). Beyond DDoS attack mitigation, it limits other abusive actions like aggressive polling, credential stuffing, and rapidly updating configurations. API rate limiting not only deals with fair usage of shared resources but also can be used to:

  • Implement different access levels on API– based services
  • Meter the API usage
  • Guarantee API performance
  • Ensure system availability
  1. Implement Web Application and API Protection (WAAP)

We recommend a Web Application and API Protection (WAAP) solution for business use cases where API calls are made from the web and mobile apps. These apps commonly have access to ample amounts of sensitive information and APIs in these channels are tough to defend. Common security tools like traditional firewall and API gateway are insufficient to prevent API attacks. WAAP solution is centered around four consolidated capabilities: DDoS protection, Web Application Firewall, Bot Management, and API protection.

Source: Indusface

It employs a fully managed and risk-based application security approach by monitoring traffic to detect abnormal activities and malicious traffic across all four-vectors. With the data collected across all the applications, it assesses risks and updates the mitigation strategies to enhance cyber defense in real-time. WAAPs also aid to reduce operational complexity by reducing the number of parameters that need to be managed, streamlining security rulesets, and automatically suggesting rules with its AI capabilities. While WAF protects against OWASP top 10 attacks and API gateway defends against standard attacks, AI-enabled behavioral analysis of WAAP ensures the defense against automated and more sophisticated attacks.

Conclusion

As APIs become a strategic necessity to offer your business the speed and agility needed to succeed, your ultimate goal should be defending them from evolving attacks. These API security best practices for web applications may not be a fool proof strategy in enhancing API security but can go a long way in making your API’s protection tough to penetrate.

The post Top 6 API Security Best Practices for 2022 appeared first on Cybersecurity Insiders.

By: Jason Elmer, CEO, Drawbridge

The cyber landscape has changed dramatically over the last year. As companies increasingly adopted permanent remote and hybrid work policies, cybercriminals attempted to remain one step ahead – and in many cases succeeded. In fact, the global volume of ransomware attacks increased by 151% in just the first six months of 2021, with the average cost of a breach recorded at US $3.6 million per incident.

The types of attacks threat actors execute has rapidly evolved. In a recent attack on Nvidia, threat actors demanded product updates and open sourcing – a stark contrast from traditional monetary demands by ransomware groups. We are also now seeing the proliferation of weaponized cyberattacks in the face of geopolitical events. This new era of attacks demonstrate that the cyber landscape will never be the same.

How are businesses responding? Cyber and information security is at the top of the list of planned investments for CIOs in 2022, with 66% reporting they expect to increase associated investments. But while planned investments look good on paper, they can only help protect your firm if they are adequately designed and deployed.

Now is the time for businesses to immediately evaluate and buttress their cyber defenses. To begin, here are six strategic cyber investments your business should immediately assess to protect yourself for the next six months – and beyond:

  1. Secure Access Service Edge (SASE) – SASE is merging many of the great technologies that are critical in hybrid work environments. Zero Trust access to multiple cloud and SaaS services (similar to SSO) with the addition of layered security normally found on physical end points or offices, such as web-filters, mail-filters, and Data Loss Prevention (DLP) tools.
  2. Single Sign-on (SSO) – The core technology that allows disparate systems all to identify users from a single set of credentials. SSO centralizes access and simplifies management of services and permissions over Clouds and SaaS from a single management point.
  3. Extended Detection and Response (XDR) – XDR combines the power of endpoint detect and response services with other traditional network security controls to provide a better overall picture of abnormal activity from more than one data point. Abnormal network activity can be tracked and blocked on endpoints before it reaches devices. XDR continues a trend in the cybersecurity marketplace where technologies communicate for better security coverage.
  1. Real-time vulnerability management – Real-time vulnerability tracking keeps firms secure even in remote environments by monitoring installed software, network information and more. Real-time cyber risk monitoring enables firms to protect their most sensitive data and safeguard against internal and external threats. Continuous risk mitigation solutions and reporting and cyber programs tested using real-world scenarios provide a clear picture of how the business would defend against and respond to an incident.
  1. Thorough cyber risk assessment – A cyber risk assessment will help your firm make thoughtful cybersecurity procedure decisions. Risk assessments can identify risks to organizational operations and assets resulting from the use of information systems. In the event of a breach or a potential breach, the assessment can reveal the signs early, allowing your business to mitigate the impact of damages, additional risks, or stolen assets and information.
  1. Employee training – Employees are your first line of defense against cyberattacks and should be prioritized as such. Employee training can heighten employee awareness surrounding critical data and dramatically reduce the likelihood of employees falling victim to phishing attacks. Phishing attacks are particularly concerning as they often begin via email or text message and can result in a widespread breach that affects the entire business. Conducting training with simulated cyberattacks can better prepare your employees for what they may encounter.

Selecting the right solutions that meet your needs

Regardless of the size of your business or the industry in which you operate, you must make cybersecurity a top priority or risk falling victim to malicious parties that can compromise your business operations, third-parties and clients.

But where do you begin? Start by assessing your current cybersecurity program. List all components that are working well, and which features require improvement. Then prioritize your needs and direct your investments to best protect the business and your critical data. This type of proactive assessment and investment is key to remaining vigilant and ensuring your business does not fall prey to devastating ransomware attacks, data breaches or reputational damage.

An attack can happen at a moment’s notice. It simply cannot be overstated – the time is now to prioritize your cyber defenses and invest in protecting your business against the growing number of threat actors. And remember: Cybersecurity is not a one-time, all-or-nothing check box exercise. It is an ongoing, continuous journey to ensure your business is protected.

The post Six strategic cyber investments for the next six months – and beyond appeared first on Cybersecurity Insiders.