Author: cyberinsiders

Aembit, the Workload Identity and Access Management (IAM) platform that enables DevOps and security teams to discover, manage, enforce and audit access between workloads, today announced the availability of a new integration with the industry-leading CrowdStrike Falcon® platform to give enterprises the ability to dynamically manage and enforce conditional access policies based on the real-time security posture of their applications and services. This integration signifies a significant leap in Aembit’s mission to empower organizations to apply Zero Trust principles to make workload-to-workload access more secure and manageable. 

Workload IAM transforms enterprise security by securing workload-to-workload access through policy-driven, identity-based, and secretless access controls, moving away from the legacy unmanaged, secrets-based approach. 

Through this partnership, the Aembit Workload IAM solution checks to see if a CrowdStrike Falcon agent is running on the workload and evaluates its real-time security posture to drive workload access decisions to applications and data. With this approach, now enterprises can protect their workloads from unauthorized access, even against the backdrop of changing conditions and dynamic access requirements. Additional customer benefits from this partnership include:

  • Managed Workload-to-Workload Access: Enforce and manage workload access to other applications, SaaS services, and third-party APIs based on identity and policy set by the security team, driving down risk.
  • Seamless Deployment: Drive consolidation by effortlessly integrating the Aembit Workload IAM Platform with the Falcon platform in a few clicks, providing a unified experience for managing workload identities while understanding workload security posture.
  • Zero Trust Security Model: Embrace a Zero Trust approach, ensuring that every access request, regardless of the source, is verified before granting access rights. Aembit’s solution enforces the principle of least privilege based on identity, policy, and workload security posture, minimizing potential security vulnerabilities.
  • Visibility and Monitoring: Gain extensive visibility into workload identities and access permissions, enabling swift detection and response to potential security threats. Monitor and audit access logs based on identity for comprehensive security oversight.

This industry-first collaboration builds on the recent CrowdStrike Falcon Fund strategic investment in Aembit, underscoring the global cybersecurity leader’s commitment to fostering innovation within the space. The investment reflects the recognition of the growing demands for securing workload access.

Aembit Workload IAM is available in the CrowdStrike Marketplace, a one-stop destination and world-class ecosystem of third party products. See more here

Supporting Quotes:

“Today’s attacks are increasingly identity-based, which is why enforcing identity-protection across the enterprise at every layer is critical for modern security. The CrowdStrike Falcon platform is rapidly becoming the center of cybersecurity’s ecosystem. This integration with Aembit enables organizations to secure machine identities as part of a holistic approach to security.” said Daniel Bernard, chief business officer at CrowdStrike.

“The launch of the Aembit Workload IAM Platform on the CrowdStrike Marketplace represents a significant advancement in our joint mission to securely manage workload-to-workload access,” said David Goldschlag, CEO and co-founder at Aembit.

“We are excited to bring the power of Aembit’s Workload IAM to the CrowdStrike Marketplace. This collaboration enables us to deliver Zero Trust for workload access in a way that simplifies and automates the evolving security challenges faced by DevOps and DevSecOps teams,” said Apurva Dave, CMO at Aembit.

The post Aembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload Access appeared first on Cybersecurity Insiders.

Welcome to the world of data privacy, where safeguarding your digital life takes center stage! Every year, on the 28th of January, we celebrate Data Privacy Day – a global initiative dedicated to spreading awareness and championing best practices in privacy and data protection. This international event resonates in the United States, Canada, Nigeria, Israel, and across 47 European countries.

The roots of Data Privacy Day can be traced back to the European Data Protection Day, marking the historic signing of Convention 108 on January 28, 1981 – the first-ever international treaty addressing privacy and data protection. Fast forward to 2009, when the U.S. House of Representatives and the Senate officially recognized National Data Privacy Day. More recently, in 2023, the National Cybersecurity Alliance extended the celebration into Data Privacy Week, themed “Take Control of Your Data.”

Beyond the festivities, Data Privacy Day and Week serve as dynamic platforms for collaboration and education. These events cover various topics, from webinars and workshops to panel discussions, including data privacy laws, security tips, ethics, innovation, and trust. Emphasizing individuals’ proactive role in securing their data, these initiatives encourage us all to make informed decisions, adjust privacy settings, and navigate the digital landscape responsibly. After all, data privacy isn’t just a right – it’s a shared responsibility for every internet user. So, let’s embark on this journey to empower ourselves and shape a more secure online world!

Terry Storrar, Managing Director, Leaseweb

“In recent years, cloud trends have changed significantly – from the initial gold rush to the cloud and the additional push during the pandemic to the cloud repatriation we’ve been seeing more recently. However, although people are continuing to change how and to what extent they are utilizing cloud technologies, one thing is certain: the cloud is continuing to grow. In fact, this year, global spending on cloud computing infrastructure is forecasted to exceed $1 trillion for the first time.

“With this uptake, the priority for 2024 needs to be ensuring that the data held within – and transferred between – these platforms is secure. Thankfully, there are many things businesses can do to ensure a comprehensive data recovery program is in place. For example, by choosing a trusted hosting provider, customers can gain access to 24/7 security-related support services, standard security training for all employees, and robust disaster recovery solutions.

“In an age where the risks of data loss are broad and in many cases inevitable, it’s essential that organizations make sure they have the right tools to back up and recover quickly and effectively should this take place. Data Protection Day is a great opportunity to take stock of how secure your data is and remember it’s always worth going the extra mile when it comes to putting plans in place before you need to execute them.”

Kevin Cole, director, product and technical marketing, Zerto, an HPE company

“Data is one of the most valuable assets that an organization has. For this Data Privacy Day, it’s critical to consider data protection and recovery as part of any comprehensive privacy strategy. When data is compromised, operations can be halted for extended periods of time, and there is a significant risk of financial loss or brand impact. Protecting both customer and company data should be the top priority for all organizations, especially in light of growing ransomware threats. And yet, shockingly, more than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place, according to a Zerto survey. This is in a digital environment where, as reported by SpyCloud, over 80% of organizations have been impacted by ransomware in the past 12 months. With ransomware attacks on the rise, better data protection is desperately needed.

To address this need, a cyber vault should be an important part of any organization’s data protection plan. Having an isolated data vault containing an untouchable, immutable copy of company data ensures that even during a ransomware attack, a safe data copy will remain. However, vault storage is only one piece of the data protection pie: disaster recovery is also essential to reduce downtime and get organizations back up and running before significant financial consequences are incurred. Combining disaster recovery and cyber recovery together helps ensure data integrity, data protection, and ultimately, data privacy.”

Carl D’Halluin, CTO, Datadobi

“On January 28, we celebrate Data Privacy Day. Initiated in the United States and Canada in 2008 by the National Cyber Security Alliance, its aim is to raise awareness and promote privacy and data protection best practices.

I would say the number one data privacy best practice is pretty simple: make sure you can get the right data to the right place at the right time. Wherever the data is in its lifecycle, it should be protected and only accessible as needed. Of course, this tends to be easier said than done. But, there is perhaps nothing more critical and imperative than implementing the right strategies and technologies to do so. After all, while data is an organization’s most valuable asset (in addition to its people), it also represents its greatest potential risk.

Balancing these two aspects is key. In other words, effective data management enables you to optimize your business intelligence, make faster and smarter decisions, and gain a competitive edge, as well as better meet business requirements such as internal governance and legal mandates, external regulations, and financial obligations and goals.”

Konrad Fellmann, VP, IT Infrastructure & Chief Information Security Officer, Cubic Corporation  

“Data Privacy in 2024 must look at the unique security and privacy considerations for organizations that partner with the public sector. In response to the recent surge in security and privacy mandates within public sector contracts, it is imperative that our security and privacy teams collaborate closely with our contracts department. This joint effort is essential to ensure a comprehensive understanding and assessment of these new requirements, as well as to evaluate the resources needed for compliance. Proactive engagement and deep knowledge of these stipulations will not only streamline contract execution but also optimize both time and financial investments throughout the duration of the contract. Embracing this approach is key to navigating the evolving landscape of public sector agreements with efficiency and expertise.

For our colleagues in the Defense Industrial Base, there is a growing anticipation that the Department of Defense (DoD) might finalize the Cybersecurity Maturity Model Certification (CMMC) 2.0 rule in 2024. Given this potential development, it’s crucial to initiate or advance our compliance assessments against the CMMC framework. Conducting a thorough gap analysis now will position us strategically, ensuring we are fully prepared and compliant when CMMC requirements start being integrated into DoD contracts. This proactive measure is not just about meeting compliance standards; it’s about reinforcing our commitment to cybersecurity excellence and maintaining our competitive edge in the defense sector.

Additionally, when it comes to various U.S. state privacy laws, it becomes evident that one of the key differences among them often lies in the timelines for reporting incidents. It’s my perspective that organizations can effectively navigate the complexity of these varying state regulations by embracing Generally Accepted Privacy Principles (GAPP). Adhering to GAPP can provide a robust framework, enabling compliance with a wide array of state privacy regulations. While the idea of a unified federal privacy standard is appealing for its potential to simplify compliance processes, the uncertainty surrounding its enactment means that for now, leveraging GAPP stands as a practical and comprehensive approach for organizations seeking to meet diverse state requirements in the U.S. data privacy landscape.”

Tom Ammirati, CRO, PlainID

“This year’s theme is ‘take control of your data,’ and the key to that is an organization protecting its data and the applications from cyberattacks. If a bad actor, which can include an employee, has gained access credentials, ensure that they don’t have automatic access to any or all data.

We know now that smart security solutions must be “identity-aware,” but they also call for a smart, dynamic authorization solution. One of the most significant benefits of zero trust is the process of granting an authenticated entity access to resources. Authentication helps ensure that the user accessing a system is who they claim to be; authorization determines what that user has permission to do. Arming your IT team with smart security solutions can be the key difference between a full-blown security incident and a security alert.”

Richard Bird, Chief Security Officer, Traceable AI

“Data privacy faces significant challenges at both consumer and federal levels. Many companies overlook the risks associated with seemingly harmless data, focusing instead on its value for user services and revenue growth. However, the data that is valuable to companies is also valuable to malicious actors, and failing to acknowledge this can lead to devastating lapses in data security.

In addition, companies today have no incentive to honor data privacy. Fines and lawsuit settlements clearly aren’t changing their behaviors or forcing these organizations to be good stewards of their customers’ trust.

Consumers must also exercise caution in oversharing data with companies, approaching privacy settings with a worst-case scenario mindset, as historical patterns reveal companies often neglect user privacy and safety concerns.

In addition, the recent executive order on artificial intelligence by the Biden administration enumerates a laundry list of digital privacy rights that the US government has already shown its inability to protect. This can be seen in incidents like the OPM hack, PPP loan fraud, and IRS refund processing, which raises doubts about the effectiveness of these guidelines and standards.

As we observe Data Privacy Day, let’s turn awareness into action. Advocate for stronger data protection measures, demand transparency from companies, and stay informed about your digital rights. It’s a collective effort to safeguard our privacy in an increasingly interconnected world.”

Dave Hoekstra, Product Evangelist, Calabrio

“Data Privacy Week reminds us of the critical need to protect sensitive information. Dave Hoekstra, Product Evangelist at Calabrio, emphasizes that now more than ever, securing customer-related information—a company’s most valuable assets—is a key strategic initiative.

In the realm of contact centers, where copious amounts of customer information and inquiries are processed, Calabrio places immense care in protecting this data. The commitment extends beyond Calabrio’s operations, as they actively encourage privacy consciousness among their partners. This dedication becomes even more vital in a landscape witnessing a surge in AI integrations.

As we navigate a world increasingly shaped by artificial intelligence, Calabrio’s proactive approach to data privacy meets industry standards and sets a benchmark for fostering trust. By prioritizing privacy consciousness, they can help secure information and contribute to building a foundation of trust in an evolving technological landscape.”

Cris Grossmann, CEO and founder, Beekeeper

“When we celebrate ‘Data Privacy Day,’ we can’t overlook our frontline workforce who don’t traditionally sit behind a computer, yet still need their personal information and sensitive data protected. Frontline industries can tend to depend on outdated processes of communications, ranging from pen and paper to personal text chains that leave workers vulnerable to data leaks. Companies need to prioritize leveraging technology that allows for secure messaging and takes their workers’ privacy into account.

As AI continues to find its way into the workforce, companies need to be mindful of using these tools to empower their workers, not exploit them. A first step employers can take is making sure their tech is GDPR compliant.

Supplying your frontline workers with an updated and secure frontline success system is a crucial step in fostering a culture of trust and security within the organization. By embracing modern technologies that prioritize data privacy, companies not only safeguard sensitive information but also empower frontline workers to perform their roles confidently, knowing that their personal data is handled with the utmost care.”

Steve Moore, Vice President & Chief Security Strategist, Exabeam

“Data Privacy Day presents an opportunity to reflect on the question ‘who is in charge of data privacy, the individuals sharing their data or the organizations in charge of protecting it?’

An individual’s digital identity — their username and password — will always be stolen, traded, sold, and reused. One of the easiest ways for threat actors to conduct these attacks is credential stuffing — where adversaries leverage account information from prior breaches. It’s important that both organizations and individuals understand what these attacks are, and just how prevalent they can.

So, who takes the blame when cyberattackers abuse reused customer passwords but companies don’t push for better hygiene?  While an unsatisfying answer, the liability in these scenarios is often shared across both parties.

A key takeaway here is that companies could, and should, exert more of their own power and security tools to protect customers against increasingly aggressive adversaries. And individuals can make these attempts more difficult just by following best practices like implementing multi-factor authentication (MFA) and not recycling the same passwords.

In the end, high-profile data breaches are only getting more frequent. Data privacy isn’t just a one-day ordeal; it’s a year-round endeavor that requires the participation of both companies and their customers to combat cyber adversaries.”

Or Shoshani, Co-Founder and CEO, Stream.Security

Especially considering the rise of AI-driven social engineering, Data Privacy Day reminds us of the urgency in maintaining our security structure to protect our data both on-prem and in the cloud. 72% of organizations are defaulting to cloud-based services when upgrading their tech. So it’s not surprising that recent surveys show cloud security incidents on the rise with 27% of organizations having experienced a public cloud security incident, up 10% from 2022.

Effectively managing your cloud security processes is the most crucial step in protecting your data. You can successfully prevent threat activity by fine-tuning and enhancing the steps associated with securing your cloud environment. Promote security awareness, follow compliance procedures, and educate yourself and your team to maintain the security of your data with the latest versions of your cloud security tools. Protecting your data in the cloud starts with education and ends with action.

Connie Stack, CEO, Next DLP

“Data privacy has taken on increased importance in the last few years. According to Gartner, by the end of this year, 75% of the world’s population will have its data covered under modern privacy regulations, meaning organizations have a duty – and quickly – to instill compliant procedures, technologies, and culture. Customers will be far more vigilant of how their data is being protected when choosing vendors in the coming years (if they aren’t already). What a vendor does to ensure a potential customer’s sensitive data is appropriately protected will become a key selling point. For these vendors, this means enacting compliant privacy solutions that protect customer data and provide businesses with behavior separate from the users.

What’s more, we’re also seeing intensifying pressure on CISOs to streamline their cybersecurity tools. The adoption of consolidated solutions from major tech companies stems from two primary challenges – the scarcity of skilled cybersecurity professionals and the internal drive for cost efficiency. While this move towards consolidation is becoming a norm, it’s vital to remember that depending on a single solution provider for all security requirements can be risky.

While cost reduction will always be top of mind for executive teams (especially CFOs), organizations should be looking to implement robust Data Loss Prevention (DLP) and Insider Threat Management (IRM) controls, which become essential when consolidating. No organization runs solely on the likes of Microsoft applications, Microsoft file types, and nothing else, for example. In an era where data security and privacy are paramount, DLP and IRM solutions safeguard data regardless of location. By keeping a vigilant eye on data movements and access patterns, these solutions ensure that while the organization benefits from the efficiencies of a streamlined security infrastructure, data privacy requirements are not compromised.”

Kayla Underkoffler, Lead Security Technologist, HackerOne

“Data Privacy Day serves as a reminder that it’s the collective responsibility of businesses, governments, and individuals to protect sensitive data. As cyber threats continue to become more sophisticated and pervasive, we all must stay vigilant and proactive.

This is particularly crucial amidst the whirlwind of excitement around advancements like generative artificial intelligence (AI). As AI simplifies tasks that were previously highly technical, it is imperative humans remain at the center of shaping and monitoring this automation. Without oversight, overreliance on these tools can exacerbate data security and privacy challenges with flawed code and outputs. Basic security hygiene and human-in-the-loop processes help us remain proactive about reducing this risk in new eras of innovation. Basic tenets such as robust patch management, stringent password policies, and meticulous access control are non-negotiable components in safeguarding organizational data.

As we celebrate Data Privacy Day, organizations must remember following the fundamentals of security ensure the protection of data, our resilience against evolving threats, and a safer internet for everyone.”

The post Navigating the Digital Frontier: Insights from Leading Experts on Data Privacy Day appeared first on Cybersecurity Insiders.

As companies increasingly embrace digital transformation, the cybersecurity threat environment constantly evolves. However, there is a notable shortage of skilled cybersecurity leaders. This is where the CISSP certification from ISC2 plays a crucial role in bridging this gap. Achieving this certification opens up a myriad of opportunities for professionals. Recognized globally as the premier cybersecurity certification, the CISSP is ideal for information security leaders looking to demonstrate their expertise in both the strategic and practical aspects of cybersecurity.

Source: 2023 Cloud Security Report produced by Cybersecurity Insiders

CISSP – YOUR PASSPORT TO GLOBAL CYBERSECURITY LEADERSHIP

The cybersecurity field is navigating a challenging landscape marked by economic volatility, swiftly evolving technologies, diverse regulations, and growing gaps in workforce and expertise. These factors contribute to significant uncertainty, as well as opportunities, for professionals tasked with safeguarding global infrastructure and systems.

In this context, the CISSP certification emerges as a vital tool. Certified Information Systems Security Professionals possess the advanced knowledge and technical capabilities necessary to shape and maintain an organization’s security strategy effectively. The CISSP certification is a vendor-neutral certification reflecting expertise and technical skills required to design, implement, and manage a best-in-class cybersecurity program across various environments. To be eligible for the CISSP, aspirants must have at least five years of cumulative, full-time professional experience in at least two of the eight domains
in the CISSP Exam Outline.

WHY IS CISSP A PREFERRED CHOICE?

In a rapidly evolving cybersecurity landscape, the CISSP stands out with unique features that set it apart as a top-tier certification. Here are its key differentiators:

• CISSP is acknowledged as the gold-standard, vendor-neutral certification for cybersecurity leaders, emphasizing industry best practices. This certification showcases skills that are applicable across various technologies and methodologies.

• Known as the premier certification in the industry, CISSPs are present in over 135 countries. This credential is often a requirement or a preferred qualification by the most security-conscious organizations and government entities worldwide.

• CISSP holds ANAB/ANSI Accreditation and is approved by the DoD.

• CISSP is recognized as the #1 security certification demanded by hiring managers on LinkedIn.

• CISSPs are required to engage in continuing professional education. To maintain their certification, they must remain current on new threats, technologies, regulations, standards, and best practices.

BENEFITS OF CISSP CERTIFICATION

The CISSP certification not only elevates professional expertise in cybersecurity, but also opens doors to a multitude of benefits. Here are the key advantages that CISSP holders experience:

  1. Career Opportunities and Advancement: Achieving CISSP status enhances visibility and credibility, leading to new and exciting career paths.
  2. Versatile Skills: The certification builds vendor-neutral skills applicable across various technologies and methodologies.
  3. Credibility: CISSP holders demonstrate a robust foundation in addressing and mitigating cyber threats.
  4. Leadership: The credential fosters a comprehensive skill set, both technical and nontechnical, which goes beyond what job experience alone can provide.
  5. Strong Peer Network: Becoming an ISC2 member unlocks access to exclusive resources, educational tools, and opportunities for networking with peers.
  6. Higher Salaries: According to Certification Magazine’s 2023 annual survey, CISSP professionals earn an average salary of $140,230 in the U.S. and $115,080 globally.
  7. Expanded Knowledge: CISSP certification leads to a deeper, broader understanding of the cybersecurity landscape.
  8. Stronger Skill Set: CISSP enhances the skills and knowledge necessary to effectively perform organizational cybersecurity roles.

CISSP is recognized worldwide as the gold standard. The whole premise of it is not just passing the exam but demonstrating you have the verifiable experience to perform at a high level. The ISC2 Code of Ethics is important. The ongoing CPE requirement is tough, but it helps make sure your skills stay up to date. It all adds up to a very credible certification.” — Angus Macrae, Head of Cybersecurity from Cornwall, England

PATH TO CERTIFICATION

Earning the CISSP certification involves a structured and comprehensive journey, ensuring that candidates are thoroughly prepared and qualified. Here is an outline of a typical path to become CISSP certified:

BECOME AN ISC2 CANDIDATE: Start your CISSP journey by joining ISC2 as a candidate. This grants access to various benefits ISC2 certified members receive, including attractive discounts on training and textbooks. More details are available at isc2.org/candidate.

OBTAIN THE REQUIRED EXPERIENCE: To be eligible for the CISSP, candidates need a minimum of five years of cumulative, full-time experience in at least two of the eight domains in the CISSP Exam Outline.

For those without the requisite experience, passing the CISSP exam allows you to become an Associate of ISC2. Associates then have six years to gain the necessary experience required for CISSP certification.

STUDY FOR THE EXAM: ISC2 offers numerous self-study resources. While some candidates succeed through self-study, others may opt for an Official ISC2 Training to refresh their knowledge before the exam.

PASS THE EXAM: The CISSP exam, comprised of 125-175 questions, must be completed within a maximum time frame of four hours.

GET ENDORSED: Successful candidates have nine months from their exam date to complete the ISC2 endorsement process.

EARN CPE CREDITS: Once certified and a member of ISC2, maintaining your certification requires recertification every three years. This is achieved by earning Continuing Professional Education (CPE) credits and paying an annual maintenance fee (AMF).

FLEXIBLE TRAINING FORMATS

ISC2 offers various training options to cater to individual learning styles. These include online instructor-led training and classroom-based training.

By offering flexibility in training formats, ISC2 ensures that professionals can engage in a learning experience best suited to their needs.

Once professionals pass the exam and become ISC2 members, they must recertify
every three years by earning 120 CPE credits and paying a $125 Annual Maintenance Fee (AMF). Numerous opportunities exist for earning free CPEs, such as attending webinars, participating in think tanks and security briefings, and volunteering.

When you join as a candidate, you can enjoy member benefits before obtaining certification. As a candidate, there is a $50 AMF, but the first year is free.

CISSP gives you a lot of street credibility with the people who do this for a living because they all understand what it is. It’s definitely an important designation to have on your calling card. I see it as the gold standard in cybersecurity. It’s the most recognized credential in the security community.” — Theresa Grafenstine, Global Chief Auditor, Technology, Wilmington, DE, USA

ABOUT ISC2

ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates, and members, more than 500,000 strong, is made up of certified cyber, information, software, and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™.

For more information about CISSP certification and training, contact an Education Consultant in your region:

Americas | +1.866.331.4722 ext. 2 | Email: training@isc2.org
Europe, Middle East, and Africa | +44 203 960 7800 | Email: info-emea@isc2.org
Asia-Pacific | +852.5803.5662 | Email: isc2asia@isc2.org

The post REVIEW OF THE ISC2 CISSP CERTIFICATION appeared first on Cybersecurity Insiders.

Retail ERP systems are typically integrated with other key business systems, including eсommerce platforms, procurement and HR software, CRM, and POS tools. This turns them into centralized hubs for retail information, including customer information, payment data, purchase histories, customer preferences, and supply chain data, like information about stock levels and supplier details.

Data security should be one of a retailer’s top business priorities, as it allows them to comply with legal requirements, maintain consumer trust, and avoid reputational and financial losses. A 2023 IBM Security annual report states that the average data breach cost in the retail industry amounted to $2.96 million, and the most common types of compromised information are customer and employee personal identifiable information (PII). That is why, as a business entity, you should always keep in mind that you’re responsible for the security of data you collect.

Below, we enumerate the most common ERP data security issues and provide expert tips on how to protect your retail ERP system.

Common ERP security attacks

Phishing attacks

Phishing remains one of the easiest and most popular methods to get hold of sensitive data like employees’ credentials that allow cybercriminals to enter the corporate ERP system. Such data breaches disrupt operational processes and lead to financial losses.

Cybercriminals send emails that look genuine, pretending to be trusted sources like vendors, customers, or coworkers. These emails typically contain harmful links or files that, when clicked or opened, steal ERP login details or inject malware into the ERP software or the whole IT ecosystem. Hackers can also create fake login pages mimicking the ERP system and trick employees into entering their credentials.

Malware

Cybercriminals may exploit the vulnerabilities and weaknesses of the retail ERP’s security mechanisms to infect the system with malicious software that steals sensitive customer information, financial data, and intellectual property files stored in the system for sale or ransom. In case your ERP system comprises a financial and accounting module, cybercriminals can use malware to initiate fraudulent transactions that lead to financial losses or disrupt the normal functioning of ERP software, causing system downtime and hindering critical business processes.

Insider threats

While data breaches caused by malware or phishing attacks prevail for now, insider threats are slowly but steadily increasing in frequency. There are several types of insider threats:

  • Malicious insiders who aim to steal confidential data from the ERP system and harm the organization.
  • Employees unaware that their credentials have been compromised and used to get hold of valuable data.
  • Employees who accidentally disclose sensitive information due to negligence or lack of security awareness.

7 ways to secure your ERP system

Data security is paramount for retail businesses using ERP systems, as they store sensitive customer information, financial data, and intellectual property. To ensure robust security, retailers should implement various measures, including:

Strong password policies and multifactor authentication

A strong password policy and multifactor authentication are essential to ensuring robust retail ERP security. A strong password policy requires employees to use complex passwords, prohibits the use of one password for multiple accounts, and mandates regular password changes to prevent compromise over time.

MFA is an extra layer of security requiring users to provide more than one form of authentication before accessing the ERP system. For instance, an ERP will first ask for login and password and then require an employee to enter a one-time password sent to their phone or authenticate their identity with biometrics. Multifactor authentication reduces the risk of unauthorized access and helps safeguard retail ERP data even if an employee’s password is compromised.

Network security

Implement network management tools to monitor network activity, detect and prevent suspicious traffic, and restrict access to unauthorized users and devices. These tools provide comprehensive visibility into network health, enabling retailers to identify and address vulnerabilities promptly.

Separation of duties

To reduce the risks of insider threats or other security incidents, consider implementing a separation of duties (SOD) approach. The SOD term describes the practice of appointing more than one person responsible for a task or its completion. For instance, one employee cannot request a fund transfer within an ERP system without the approval of another authorized employee. This practice can significantly reduce the risks of fraud and data breaches in retail ERP.

Continuous monitoring

By continuously monitoring your ERP, you can detect suspicious activities within the system in real time and identify potential malicious insiders by observing and identifying concerning user behavior in the system. Carefully assessing and proactively managing a potential intentional or unintentional insider threat will help prevent possible security breaches and losses of valuable customer or financial information.

Create an incident response plan

A well-defined incident response plan in place will help you swiftly counter a breach or attempted attack and minimize potential damage. Such a plan should outline clear procedures for reporting suspected incidents, provide step-by-step actions on how to contain incidents or identified threats, and describe how to correctly restore affected services and data from backups, minimizing operational disruptions.

Regular security audits and penetration testing

Routine security audits help identify weaknesses in your ERP solution and proactively mitigate them, keeping your ERP and the data stored there safe. Network management tools can also simplify vulnerability scanning and penetration testing, providing valuable insights into system security posture. In particular, we recommend regular vulnerability assessment to identify and eliminate known weaknesses promptly. Retail companies should also conduct periodic penetration testing that simulates real-life cyberattacks and can reveal how effective your ERP security mechanisms are, allowing you to upgrade your ERP security strategy before any data breach occurs.

Regular software updates

Hackers are fast to exploit undiscovered software vulnerabilities, so regardless of whether you have an on-premises or cloud ERP system, it is crucial to update your ERP system or install newly released patches as soon as they are available.

Employee training

Employees in many organizations have a poor understanding of security policies, weak passwords, or total ignorance of cybersecurity attacks, and many of them don’t even realize that their actions can cause cybersecurity issues and place a retail business at risk. This is why retail companies need to invest in cybersecurity training for their employees to teach them to discern popular ERP cyberattacks, like phishing or malware injections.

In conclusion

Whether you are only considering implementing an ERP system into your retail business or have already adopted one, make data security your priority. A solid data security strategy can be expensive and complicated to establish, but the repercussions of sensitive customer or employee data breaches can cost you times more. In case you lack resources or relevant skills to ensure your ERP security, consider hiring third-party experts with experience in retail ERP systems and the security domain.

The post Ensuring Data Security in Retail ERP appeared first on Cybersecurity Insiders.

In the face of escalating global cyberthreats, the demand for cybersecurity professionals has skyrocketed. Research highlights a need for 3.4 million additional experts in this field. The ISC2 Certified in Cybersecurity (CC) certification, offered by the globally renowned ISC2, is a strategic response to this talent shortage, providing a streamlined entry into the cybersecurity industry.

The ISC2 Certified in Cybersecurity (CC) certification distinguishes itself in the cybersecurity credentialing landscape through several key differentiators, making it a unique and valuable asset for professionals seeking to enter or advance in this field.

THE BENEFITS OF THE ISC2 CC CERTIFICATION

Unparalleled Accessibility
Unique in its approach, the ISC2 CC certification requires no previous experience or formal education in cybersecurity. It’s designed to be inclusive, welcoming a wide array of candidates – from IT professionals and college students to career-changers and executives seeking foundational knowledge. This approach significantly broadens the potential talent pool in cybersecurity. 

The Pathway to Cybersecurity Excellence
The CC certification serves as a crucial first step towards advanced cybersecurity knowledge and leadership roles. It equips entrants with essential skills in security principles, network security, and access controls, preparing them for success in entry-level positions and beyond.

Organizational Impact
For businesses, the ISC2 CC certification is a vital tool for developing skilled cybersecurity teams and narrowing the cybersecurity skills gap. It ensures that certified individuals are equipped with a solid understanding of fundamental cybersecurity concepts, enhancing the organization’s defense capabilities.

Vendor-Neutral Certification
One of the primary differentiators of the CC certification is its vendor-neutral nature. Unlike certifications that are tied to specific technologies or products, the CC certification focuses on broad, foundational cybersecurity principles and practices. This approach ensures that certified professionals possess a well-rounded understanding of cybersecurity that is applicable across various technologies and platforms. It prepares them for a diverse range of challenges in the cybersecurity space, rather than limiting their expertise to a single vendor’s tools or solutions.

Accreditation and International Standards
The CC certification is distinguished by its adherence to and accreditation under prominent international standards, including ISO/IEC 17024, 17788, 17789, 27017, and 27018. These standards are critical in the cybersecurity field, as they represent best practices and guidelines for cloud security, data protection, and information security management. Accreditation under these standards signifies that the CC certification maintains a high level of rigor, relevance, and quality, aligning with global benchmarks in cybersecurity.

Continuing Professional Education
Another significant aspect of the CC certification is the requirement for certified professionals to engage in continuing professional education. This is a crucial requirement, given the fast-evolving nature of cyber threats, technologies, and regulations. By mandating ongoing education, the CC certification ensures that its holders stay current with emerging trends, threats, and best practices in cybersecurity. This commitment to continuous learning is vital for professionals to remain effective and relevant in their roles, as cybersecurity is a field characterized by rapid change and evolution.

ADVANTAGES OF THE CC CERTIFICATION

The CC certification not only elevates professional expertise in cybersecurity but also opens doors to a multitude of benefits. Here are the key advantages that CC certification holders experience:

  1. Gateway to Advanced Certifications: The CC credential serves as an excellent starting point for more advanced certifications like the CISSP, offering a progressive career path within cybersecurity.
  2. No Prior Experience Required: Candidates can take the CC exam without previous cybersecurity work experience or formal education, needing only a basic understanding of IT.
  3. Validation of Foundational Skills: Earning the CC certification demonstrates to employers that you possess the essential knowledge and skills for entry- or junior-level cybersecurity roles.
  4. Access to ISC2 Resources: Successful completion of the CC exam grants access to ISC2 membership benefits, including a vast library of professional development courses, webinars, thought leadership, networking opportunities, and more.

“I’m switching career paths to move into cybersecurity. Certified in Cybersecurity is a great way to demonstrate my knowledge.” – Eric Turner, Cybersecurity Analyst, First Merchants Bank, Daleville, IN

PATH TO CERTIFICATION

BECOME AN ISC2 CANDIDATE:

  • Start by joining ISC2 as a candidate. Visit the ISC2 Candidate Page to register.
  • As a candidate, you gain access to numerous benefits, including 20% off training and 30-50% off textbooks.

STUDY FOR THE EXAM:

  • Utilize self-study resources available through ISC2 for thorough preparation.
  • Consider attending an Official ISC2 Training for a comprehensive review and knowledge refreshment before the exam.

PASS THE EXAM:

Take and successfully pass the 100-item CC exam within the allotted time of two hours.

COMPLETE THE APPLICATION:

  • After passing the exam, complete the ISC2 application process.
  • Agree to fully support the ISC2 Code of Ethics Canons and adhere to the ISC2 Privacy Policy.

MAINTAIN MEMBERSHIP AND EARN CPE CREDITS:

  • Once certified and a member of ISC2, maintain your certification by recertifying every three years.
  • Recertification involves earning Continuing Professional Education (CPE) credits and paying an annual maintenance fee to support your ongoing development.

OFFICIAL TRAINING OPTIONS

  1. Self-Paced Training + Exam (U.S. $0)
  • Train independently with an engaging online learning experience.
  • Includes the CC exam.
  • First-year Annual Maintenance Fee (AMF) of U.S. $50 due after passing the exam.
  1. Self-Paced Training + Exam + Extras (U.S. $199)
  • All features of the basic self-paced training.
  • Bundle Extras:

– Two attempts to pass the exam

– 180-day access to course content

– No AMF for the first year

  1. Live Online Training + Exam + Extras (U.S. $804)
  • Live sessions with an ISC2 Authorized Instructor combined with self-paced learning.
  • Includes the CC exam.
  • Bundle Extras:

– Two attempts to pass the exam

– 180-day access to course content

– No AMF for the first year

– Interactive learning in a live virtual classroom

– Peer discussions and instructor-led training

For more information and to explore these options, visit the ISC2 CC Training Bundles Page.

“I’m shifting careers from product management to information security. Certified in Cybersecurity gives me a starting point and a certificate I can showcase while I work toward earning the CISSP, which is far more complex and requires many months of preparation.” — Radhika Gopalan, Product Management Consultant, Alpharetta, GA

ABOUT ISC2

ISC2 is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, ISC2 offers a portfolio of credentials that are part of a holistic, pragmatic approach to security. Our association of candidates, associates, and members, more than 500,000 strong, is made up of certified cyber, information, software, and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and Education™.

For more information about CC certification and training, contact an Education Consultant in your region:

Americas | +1.866.331.4722 ext. 2 | Email: training@isc2.org

Europe, Middle East, and Africa | +44 203 960 7800 | Email: info-emea@isc2.org

Asia-Pacific | +852.5803.5662 | Email: isc2asia@isc2.org

The post PRODUCT REVIEW: ISC2 CC Certification appeared first on Cybersecurity Insiders.

The Importance Of Cloud Security

Cloud migration is one of the hottest industry topics right now. Many organizations are rapidly making the transformation to the cloud, and industry professionals are rapidly working to hone their cloud skills. Within all cloud discussions, the underlying importance of security is ever present. Information security professionals are seizing this learning opportunity as well, and those who have been working in a cloud environment are enhancing their security skills.

Cloud security skills can be seen as very similar to the security skills for any on-premises data center, however, in many instances, organizations are learning that their familiar applications cannot simply be “forklifted” to the cloud. Not only do many legacy applications break when placed in a cloud infrastructure, but the entire security model is impacted as well. The need for a trained cloud security professional has never been more apparent. The knowledge acquired through the Certified Cloud Security Professional (CCSP) designation offered by ISC2 is the perfect preparation in order to ease the challenges of cloud security.

Adding Understanding To A Misunderstood Realm

Even though cloud computing has been around for a while, many of the security aspects are still misunderstood. Those who work in the industry and hold the CCSP credential have provided some insights into these misunderstandings. Tara Hunter, who works as a Senior Cloud Security Engineer, expresses it by saying that “so often, I hear people state that something is not their problem since they are on a cloud providers’ platform. That’s simply not true, and the enterprise gets burned when they later find out they are always ultimately the responsible party for their data.” This is echoed in the academic community as well. Bryan R Lewis, an Assistant Dean, and Lecturer in IT shares the awareness that “moving to the cloud does not outsource your security requirements. All legal and compliance requirements and associated risks always remain with the data owner.”

Start With An Inventory

One area where a security professional with cloud knowledge can help is during the earliest phases of cloud migration. The first step is to assess your current infrastructure and readiness. While this may seem obvious, many companies do not truly know what they presently have. A complete asset inventory, as well as a deep understanding of how all the systems interconnect is vital to a successful cloud migration. Carlos Lopez, a Security Correlation Engineer, sums it up by stating that “There are no shortcuts: Always start with an in-depth analysis of the application requirements, dependencies, and the relations with the underlying infrastructure.”

An important part of your inventory includes the data itself. Knowing what your data is, and where it resides is an important facet of any cloud migration. Group Information Security Manager, Au Yeung Shan Shan, explains it this way: “Classify and understand your data. Follow its lifecycle and protect it with appropriate security controls. Data has a very different risk profile once it is out of your “house” or controlled. Do not take that lightly.”

Preserving The New Environment

A successful cloud security program must also include preparation and continued maintenance towards preserving the new environment. Policy alone, however, is not enough to meet compliance requirements. Auditing, and legal controls, including eDiscovery requirements, all need to be assessed. Achieving actionable policy, proper audit controls, and legal considerations can only occur through collaboration. Consider the words of a business owner, such as Adele Farhadian, “If you are in a highly compliant environment, ask your auditors for very specific cloud requirements before you decide to move to the cloud. Don’t forget to ask them for scenarios where cloud may cause a compliance violation.”

Another perspective on this same idea is offered by Keith McMillan. “Understand that when moving to the cloud, enhanced flexibility comes with more exposure to attack, and also a need for different controls. As you consider moving existing systems to the cloud, you need to evaluate whether the new controls, combined with the new risks can be adequately addressed by the controls available to you in the new environment.”

Multiple Disciplines, Multiple Areas For Success

It is clear that cloud computing has impacted multiple industries, and the security professionals working within those industries come from varied backgrounds, with differing approaches. While the varied professional titles show the broadness of the opportunities for working in the cloud landscape, one thing that is certain is that they are all aiming to achieve the same result; securing an enterprise that operates in the cloud. One element that stands out is that all of these professionals have studied the security materials in order to succeed. No one is born with cloud security knowledge. As a Managing Partner at KM Cybersecurity LLC, Keatron Evans makes this point clear with the following advice “Make sure you give your staff the appropriate amount of training and time to learn the technology. Some of the most disastrous cloud migrations I’ve seen were a result of not having the right staff involved in the migration.”

So Much More To Consider

The wisdom offered by all of the professionals quoted above is merely a prelude to the responsibilities of securing the cloud. Other topics, such as the stages of planning, understanding dependencies, and the uniqueness of the cloud, are all separate subjects for study. The voices of these, and other cloud security professionals, are captured in a new eBook, which offers insights into some of the challenges of migrating to the cloud. The words spoken by the people working in the industry are formulas for success.

To learn more advice and insights on secure cloud migration, download the ISC2 eBook, 20 Tips for Secure Cloud Migration.

The post Cloud Security Is Best Achieved With The Right Preparation appeared first on Cybersecurity Insiders.

[By Jaye Tillson, Field CTO at Axis Security]

In the vast expanse of cyberspace, few threats cast a darker shadow more than ransomware. This digital desperado wreaks havoc on individuals and businesses alike, holding precious data hostage for a hefty ransom. But this villain’s tale stretches back further than you might think, with its roots tangled in the Cold War and its impact resulting in billions lost today. Let’s explore the shadowy origins of ransomware, unfurl its nefarious forms, and discover how Zero Trust plays the role of cyber sheriff, standing guard against this modern-day scourge.

From Academic Experiment to Global Plague

In the 1980s, the world of computing witnessed a curious experiment. Joe Popp devised a rudimentary “AIDS Trojan” that encrypted files and demanded payment for their release. Though intended as a social commentary on online trust, the seeds of a much wider threat were sown. Fast forward to 2023, and ransomware has evolved into a multi-billion dollar industry, leaving a trail of crippled businesses, compromised data, and shattered confidence in its wake. According to Cybersecurity Ventures, ransomware costs are projected to reach a staggering $265 billion by 2031, a grim testament to the reach and power of this digital outlaw. 

A Trio of Terror

Ransomware isn’t a monolith; it comes in various guises, each with its own chilling modus operandi. Let’s meet the infamous three:

  1. Crypto-Ransomware: This classic scoundrel encrypts your files, rendering them inaccessible until you cough up the ransom. Imagine your cherished family photos, work documents, and irreplaceable memories locked away in a digital vault, accessible only through the villain’s cruel terms. Sophos reports in 2023 alone that the average ransom demand reached $1.54 million, a steep price to pay for digital freedom.
  2. Locker Ransomware: Forget encrypted files; this brute force bully slams the door shut on your entire system. Think of being locked out of your own house, unable to access even the most basic functions. In 2022, according to AAG IT Support, 47% of ransomware attacks targeted organizations in the United States, highlighting the widespread reach of this digital siege.
  3. Doxware: This double-barreled bandit not only encrypts your data, but it also threatens to leak it publicly unless you pay up. Imagine facing the humiliation and potential legal repercussions of your private information plastered across the digital landscape. In 2023, the Cybersecurity & Infrastructure Security Agency (CISA) reported a 136% increase in data exfiltration incidents, a chilling trend directly linked to the rise of doxware.

Counting the Cost of Digital Mayhem

The impact of ransomware extends far beyond the initial ransom demand. Studies by the Ponemon Institute reveal that average costs associated with a ransomware attack include:

  • Recovery Costs: $761,650
  • Business Disruption: $1,270,000
  • Reputational Damage: $1,648,500

These figures paint a stark picture of the financial and reputational devastation wreaked by ransomware. Not only do businesses lose vital data and incur downtime, but they also face the erosion of trust from customers and clients, a blow that can be even more difficult to recover from.

Enter Zero Trust, the Cyber Sheriff

Traditional network security, like a rickety wooden gate, relies on trust and perimeter defenses. But in the Wild West of cyberspace, trust is easily breached, and perimeter walls crumble under the relentless pressure of sophisticated attacks. Zero Trust, however, operates like a vigilant cyber sheriff, constantly verifying every digital entity attempting to enter the digital town.

Here’s how Zero Trust stands guard against ransomware:

  • Multi-Factor Authentication: Consider it an extra lock on the digital door, demanding not just a password but an additional layer of verification (biometric scan, phone code) before granting access.
  • Network Segmentation: Instead of a single, vulnerable town square, Zero Trust divides the network into secure zones, limiting the spread of ransomware if it manages to breach one perimeter.
  • Least Privilege Access: Forget everyone having a master key; Zero Trust grants only the minimum level of access needed for each user and device, minimizing the potential damage a compromised entity can inflict.

In today’s Wild West, these measures, combined with ongoing security awareness training and robust data backups, form a formidable defense against the digital outlaws of the 21st century.

Conclusion

The fight against ransomware is a continuous journey, but understanding its origins, recognizing its diverse forms, and wielding the tools of Zero Trust empowers us to ride into the digital sunset with confidence. While the shadow of ransomware may loom large, knowledge is our six-shooter, vigilance our loyal steed, and Zero Trust is the fortified town walls safeguarding our valuable data.

By remaining informed, adopting proactive security measures, and embracing a culture of cybersecurity awareness, we can keep the outlaws at bay and maintain control of our digital frontier. Remember, in the Wild West of cyberspace, preparedness is our strongest weapon, and together, we can ensure that ransomware remains a relic of the past, not a threat of the future.

The post Ransomware: From Origins to Defense – How Zero Trust Holds the Key appeared first on Cybersecurity Insiders.

[By Rahul Kannan, President and Chief Operating Officer, Securin]

Critical infrastructure is facing a wave of cyberattacks, posing a severe threat to essential services across the United States and globally. The scale and frequency of these attacks have elevated defending infrastructure to a national priority, as emphasized by the White House’s National Cybersecurity Strategy. The urgency is underscored by recent incidents, such as the cyberattack on India’s Tata Power, impacting millions, and the data breach at Colorado Springs Utilities, exposing the personal information of 200,000 customers.

The consequences of these attacks reach far beyond compromised data; they extend to societal function. Critical service providers, including power companies and utilities, hold a wealth of sensitive data, from financial information to personal details. Breaches at these entities can lead to life-threatening situations with service disruptions and put individuals at risk of data theft. The interconnectedness of these systems means that a breach in one sector can have cascading effects, affecting public safety, national security, and economic stability.

Breaches: A Tier-One National Priority

Recognizing the gravity of the situation, the White House designated defending critical infrastructure as its foremost national security priority stating: “Defending the systems and assets that constitute our critical infrastructure is vital to our national security, public safety and economic prosperity”. This acknowledgment reflects the essential role these services play in our daily lives, from ensuring clean drinking water to safeguarding schoolchildren’s privacy.

In 2022, 106 U.S. state and local government entities reported ransomware attacks; 25% of the attacks resulted in data theft, putting citizens’ privacy and security at risk. Breaches like these can result from using old legacy systems, third-party applications, or internal exposure of vulnerable information that can inflict costly consequences.

The economic implications are equally significant, with attacks on governments and critical infrastructure causing disruptions that can take up to five months to fully recover. These disruptions can lead to operational technology shutdowns, outages, leakages, and even explosions, further highlighting the vulnerability of critical systems and the potential risks to citizens.

Increasing Threats Loom

The escalating threats to infrastructure are fueled by a combination of factors, including global economic downturns, geopolitical tensions, nation-state actors, and the pervasive rise of ransomware. Industries across the board are affected, within the past three years energy facilities have been the most targeted (39%), followed by critical manufacturing (11%) and transportation (10%). On the healthcare side, a recent report between Securin, Finite State, and Health-ISAC found an alarming 59% year-over-year increase in firmware vulnerabilities within connected medical products and devices.

Moreover, the tactics employed by cyber attackers are evolving. While phishing techniques remain prevalent, the integration of artificial intelligence is enabling more sophisticated and automated attacks, reducing the response time to defend against these attacks. The stakes are high, with utility companies facing 1,101 attacks every week (compared to 504 weekly in 2020), emphasizing the need for a proactive and comprehensive cybersecurity strategy.

CISOs Call for Collaboration

Chief Information Security Officers (CISOs) are at the forefront of this battle, tasked with safeguarding critical systems. With the average data breach costing $4.45 million, it is imperative for CISOs to plan and proactively increase their security posture prior to an attack. To tackle growing security threats, industrial control systems and operational technologies (ICS/OT) must be updated. CISOs, who spearhead essential and rapid security initiatives, should:

  • Keep up to date with government advisories.
  • Ensure all individuals across the organization know established security measures, have proper security training, and are following best practices.
  • Patch high-risk vulnerabilities as soon as possible.
  • Establish a comprehensive cybersecurity strategy.
  • Allocate sufficient resources to develop a continuous threat exposure management (CTEM) program that regularly monitors your security status.
  • Have a contingency plan for when your systems are under attack.
  • Consider consolidating cybersecurity operations to reduce redundancy and their applications’ attack surfaces.

Solving the security problems within infrastructure will take commitment and dedication from CISOs and collaboration between both private and public entities. The White House made clear its financial and political commitment to update and strengthen America’s National Cybersecurity Strategy, so it is important for security leaders to uphold that pledge. By leveraging the expertise of security professionals, government entities can work more strategically to outpace the rapidly evolving tactics of cyber attackers.

In conclusion, defending the nation’s critical infrastructure is not just a priority; it is a must that demands commitment. From implementing proactive security measures to fostering collaboration between sectors, every effort contributes to the resilience of critical systems. Through information sharing, collaboration, and a united front against bad actors, the country can fortify the most sensitive systems and protect the foundation of society. No measure is too small when it comes to securing critical infrastructure and thwarting the evolving threats posed by cyber adversaries.

The post Critical infrastructure in the crosshairs: Examining the threats facing service providers in the U.S. appeared first on Cybersecurity Insiders.

[By John Spiegel, Director of Strategy & Field CTO, Axis Security]

In 2022, 66% of businesses worldwide were impacted by Ransomware in some form.  This may be breach, a 3rd party they depend on was hacked or sensitive data was leaked by another impacted entity.  And according to the most recent Version Breach report, no sector was spared.  Manufacturing, finance, retail, government to hospitals.  All impacted by this plague of cybersecurity.  Worse, the time to compromise (dwell time) is now less than a day!  The motivations are clear.  Grab sensitive data and then hold it hostage until payment arrives.  If payment is not provided, expose the data on the Internet which is either incriminating or will significantly impact a revenue stream the business is counting on.

Why is this happening?  Outside of the motivations for the attackers (which are covered in lurid details elsewhere), the problem is a mismatch of the intent of the business vs the legacy thinking of security.  The business has decided it cannot live within the four walls of its operations.  Rather, it has embraced Cloud, SaaS, PaaS and now remote work in the name of productivity and profits.  Result, data and employees are everywhere.  Security, on the other hand, still lives in the pre-Cloud era.  Even while new frameworks to secure the enterprise are available, security still relies on old methodologies even in an era of Cloud and AI.

In fact, security often rebuilds solutions of the past to protect our future.  Case in point, the enterprise firewall.  Born in the pre-Cloud timeframe (2005), it, in the majority of cases, the enterprise firewall is the security tool the company relies on.  Much like the famed Maginot Line built to protect France post WWI from the Germans, the firewall provides a clear demarcation between civilization and the barbarians. In firewall parlance, you are either behind the firewall (trusted) or outside the firewall (untrusted).  While the enterprise firewall can get granular about the policies to allow or disallow traffic, the ugly truth is, at a certain point the firewall rule base becomes overly complex and therefore risky to change.  Result?  While the focal point for security, this tool results in complexity which creates gaps in the lines of protection and thus businesses are exploited like the Germans did to the French in 1940.

How do we move beyond?

To make a meaningful impact on the scourge of ransomware, we need to realize we are in a new era.  The period of static defense is over.  Applications, data and employees are now distributed.  Additionally, businesses now rely on 3rd parties for critical business functions.   Thus business and security need to align by embracing two frameworks.  The first framework we need to move to is zero trust.

Framework One – Zero Trust

Coined by John Kindervag and Chase Cunningham, zero trust starts by assuming breach.  The concept is to build a resilient security strategy based on protecting the assets which matter most to the company.  It calls for segmentation of virtual and physical systems into series “air tight” compartments based on business function (called protect surfaces).  For instance, the key financial systems are to be segmented off with only need to access availability.  Doing so, reduces the blast zone of a compromise.  If an attacker breaches the website, the impact does not extend to the warehouse system, the customer relationship application or the credit card payment mechanism. The ability to move laterally within a company and explore the network for treasure becomes highly challenging.  Zero trust also calls for constant monitoring of the protect surfaces. It’s not enough to create a series of barriers and call it good.  Rather, you need to insert a feedback loop to understand if the mechanism is working or needs to be improved.  While Zero Trust has gained a lot of attention lately, adoption has been slow.  A recent report stated 61% of companies are still defining their Zero Trust initiative and only 35% say they will implement one “soon”.

Framework Two – SSE

The second framework to consider is the Security Service Edge (SSE).  SSE is a solution coined by the analyst firm Gartner in 2019 as part of the larger umbrella, Secure Access Service Edge (SASE).  What SSE looks to do is extend security services to where they matter.  Services to meet the employee, the data or the application where they live.  It starts by creating a security fabric using what are called Points of Presence (PoPs) where services such as secure web filtering, SaaS and data controls along with risk-based authentication measures are leveraged.  In the past, many of these services resided in the private data center as point products, separate and not integrated.  With SSE, these same services are improved and transitions to a Cloud delivered security service which operates as a cohesive, unified platform extended across the globe as opposed to living in a central corporate data center.  With SSE, traffic is routed to a global network where it can be both optimized and secured to provide both speed and security.  SSE can also leverage the concepts of zero trust to provide employees and 3rd parties access to only the applications and data they require to conduct their role in the business.  Ok, all sounds amazing and great, right? But how does Zero Trust and SSE help defend the business from Ransomware?

Bringing together – Aligning Security for the Modern Era

First, they work together to eliminate the “attack surface”.  Only authorized resources who pass a series of “risk-based authentication” controls (going beyond password and MFA) are allowed to access the specific applications assigned to them.  This greatly reduces the number of discoverable systems to a hacker as well as “cloaks” the rest of the systems off from lateral movement for reconnaissance and compromise.  Second, with SSE, traffic can be inspected for indicators of compromise.  As SSE leverages the power of the Cloud, encrypted packets can be decrypted at scale.  You are not limited to the size of a firewall ASIC where you need to decide what traffic to inspect vs pass through the system.  Additionally, you can apply treatments such as data loss prevention technologies to check whether sensitive files containing social security numbers are being downloaded from O365 and sent to Dropbox. Lastly, you can control the IT landscape of applications with an SSE based Cloud Access Security Broker.  This allows for granular controls over SaaS based applications as well as provides visibility into unsanctioned cloud applications and software (a vector of compromise).

It’s time to retire the static defenses of the past and align the business with security. While the enterprise firewall will remain as a tool in the toolbox for security, making the move to zero trust and SSE will provide the active defense required in today’s threat landscape (one defined by Ransomware).  The business requires Cloud and remote work.  Distributed IT is here to stay.  It’s now security’s time to step up their game!  Start making the move to Zero Trust and SSE today.

The post Getting Real About Ransomware appeared first on Cybersecurity Insiders.

As cybersecurity threats continue to evolve at an unprecedented pace, organizations are in desperate need of advanced solutions that can keep up. Cybersecurity vendor MixMode has redefined the art and science of threat detection and response with its groundbreaking MixMode Platform. Designed for cloud, network, and hybrid environments, this solution leverages patented Third Wave AI technology born out of dynamical theory systems to offer revolutionary real-time, scalable, and autonomous security capabilities.

At its core, the MixMode Platform relies on a patented foundational model specifically engineered to detect and respond to threats in real-time, at scale. Unlike traditional cybersecurity platforms requiring extensive tuning and rule-setting, MixMode’s AI can autonomously ingest and analyze data to reduce noise, highlight critical threats, and improve defenses. This eliminates the need for continuous training, rule-setting, or extensive maintenance—a real game-changer in the field of cybersecurity.

What do you see as the most significant benefits of incorporating AI into your cybersecurity operations?

The most significant perceived benefits of AI in security operations are improved threat detection, improved vulnerability assessment, and accelerated response — nearly tied for first place. Source: 2023 AI in Cybersecurity Report produced by Cybersecurity Insiders

UNPARALLELED TECHNOLOGY FOUNDATION

The MixMode platform employs a proprietary set of algorithms and AI rooted in dynamical systems theory to detect threats in real-time, enabling it to self-learn a network’s environment without preset rules or training data. Instead of relying on the inflexible, legacy machine learning algorithms commonly found in other cybersecurity products, MixMode’s AI continually fine-tunes itself to the unique characteristics of a given network.

The AI developed by MixMode attains a deep understanding of a network’s typical behavior, allowing it to promptly flag known and emergent attack vectors in real-time. Contrary to signature-based alternatives, the MixMode platform is engineered for quick deployment, eliminating the need for rules, training, or Indicators of Compromise (IOCs). This novel approach enables MixMode to deliver precise, real-time threat identification and mitigation, whether it’s in network, cloud, or hybrid settings, at a scale that meets enterprise requirements.

MixMode was deployed remotely in under an hour and detected threats on day one that other platforms and their human operators had missed. MixMode’s AI platform is now the core intelligence layer for our Security Operations Center” – Shannon Lawson CISO, City of Phoenix

MIXMODE SOLVES CURRENT CYBERSECURITY CHALLENGES

The MixMode Platform addresses a broad spectrum of issues that plague today’s cybersecurity landscape.

Protect in an Evolving Threat Landscape: MixMode keeps organizations ahead of new, sophisticated threats, including zero-days, AI-generated attacks, ransomware, and other emerging vulnerabilities.
Deliver Innovation & Stability: The MixMode Platform synergizes AI capabilities with existing systems, driving innovation without sacrificing reliability.
Integrate in Complex IT Environments: Whether cloud, on-prem, or hybrid, MixMode integrates effortlessly, providing holistic protection.
Maximize Your ROI: The Platform improves the impact of existing security investments such as SIEM, UEBA, and NDR, reducing costs by 50% and offering measurable ROI.
Close Skills Gap: With automation and guided recommendations, MixMode enables security teams to manage and secure their infrastructure more effectively, bridging the cybersecurity skills gap.

KEY FEATURES

The MixMode Platform distinguishes itself with its advanced real-time attack detection capabilities, scalability across diverse computing environments, proprietary self-supervised AI technology, and ability to deliver immediate value shortly after deployment.

Real-Time Attack Detection: Unparalleled in its ability to detect known and novel attacks in real-time.
Increased Scalability: Proven to monitor massive datasets found at Fortune 500 or federal organizations in real-time, comfortably handling 500k events per second in real-time, across on-prem, cloud, and hybrid environments.
Self-Supervised AI: The only cybersecurity platform built on patented Third Wave AI, born out of dynamical systems, autonomously learns, adapts, and evolves with unique network behaviors — without needing training, tuning, rules, or maintenance.
Immediate Value: Unlike competitors and legacy cybersecurity platforms that take months to offer actionable results, MixMode delivers value within hours of deployment.

MixMode’s customers utilize the Platform for advanced threat detection and investigation response (TDIR). MixMode typically acts as an innovative NDR, CDR, or ITDR, streamlining the SIEM experience and enhancing the entire security program.

KEY BENEFITS

The MixMode Platform offers unrivaled real-time detection accuracy, exceptional scalability for large data volumes, actionable insights for enhanced decision-making, and tools to amplify the expertise, effectiveness, and efficiency of security teams.

Real-Time Detection: Unmatched precision in identifying known and unknown attacks.
• Increased Scalability: Ability to process large volumes of data in real-time for enhanced threat detection.
Enhanced Decision-Making: Provides invaluable insights for informed defensive strategies.
Expertise Augmentation: Guides your security teams to work more efficiently and effectively to augment critical capabilities in SIEM, UEBA, NDR, and other platforms.
Improved Response: Uses MITRE ATT&CK Mapping to accelerate and enhance cyber-incident responses.

IMPLEMENTATION & DEPLOYMENT

The MixMode Platform is cloud-native and is available in multiple form factors, including cloud, on-prem, hybrid, and air-gapped environments. Impressively, remote cloud installation can be completed in less than an hour in the customer’s environment. The Platform begins autonomous learning immediately upon deployment, detecting threats missed by legacy methods in real-time without requiring manual rules, tuning, or training.

The MixMode Platform is available via a yearly subscription, with pricing based on data volume.

MixMode uses a dynamic threat detection foundational model that provides the ability to learn, adapt, predict, and detect threats in any security environment. This enables the MixMode Platform to identify new evidence indicating novel threats or previously unrecognized threat activity without supervision or prior training” – Scott Crawford, 451 Research

OUR VERDICT

In an era where threats are increasingly complex and dynamic, MixMode’s Third Wave AI technology stands as a vanguard in the cybersecurity space. Its autonomous capabilities, real-time detection and response, and unparalleled scalability make it not just a tool but an intelligent extension of your cybersecurity team and existing solution investments. With MixMode, you are investing in a future-proof solution that delivers security, cost savings, and peace of mind.

ABOUT MIXMODE

MixMode a the leader in delivering AI cybersecurity solutions at scale. MixMode offers a patented, selfsupervised learning platform designed to detect known and unknown threats in real-time across cloud, hybrid, or on-prem environments. Large enterprises with big data environments, including global entities in financial services, Fortune 1K commercial enterprises, critical infrastructure, and government sectors, trust MixMode to protect their most critical assets. Backed by PSG and Entrada Ventures, the company is headquartered in Santa Barbara, CA.

For further information or inquiries, please visit MixMode or contact the team directly at +1 (858) 225-2352 or via email at info@mixmode.ai

Learn more at mixmode.ai

 

The post PRODUCT REVIEW: MIXMODE PLATFORM FOR REAL-TIME THREAT DETECTION appeared first on Cybersecurity Insiders.