Author: cyberinsiders

[By Andy Grolnick, CEO, Graylog]

In the past couple of years, there has been explosive growth in API usage as API-related solutions have enabled seamless connectivity and interoperability between systems. From facilitating data exchange to cross-platform functionality, companies with an API-first approach have more performant financial outcomes. According to Postman’s 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. Among this group, 43% specifically mentioned that APIs account for over a quarter of their company’s total revenue. Moreover, the rise of the API economy has spurred organisations to open up their services, fostering collaboration, and enabling the creation of new products and services through third-party integrations.

As the popularity of APIs has grown, so have the security risks they pose to organisations. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in the past 12 months. APIs hold valuable data such as personal user data, financial details, or business-critical information. In sectors such as financial services, APIs can be exploited to manipulate financial transactions or steal credentials for direct financial gain. What makes API attacks increasingly concerning is their low barrier to entry. APIs have publicly accessible documentation. Exploiting vulnerabilities is not a complicated task for hackers, granting them unauthorised entry to manipulate endpoints, leading to potential data breaches and gaining control over systems.

That is why it’s strange that for many CISOs, APIs remain a critically under-protected attack surface as API security falls into no-man’s land. API Security is usually the remit of security teams, but the APIs themselves are developed by product teams who tend to prioritise speed and time-to-market. Hence security teams have relied on developers to address issues as the products are being built. 

Unfortunately, we anticipate that this achilles heel will be exploited by bad actors in 2024. It is important that CISOs and their teams understand their organisation’s API risk posture when developing an API security strategy for the next 12 months. It will be up to CISOs to drive initiatives between security and product teams to ensure visibility into APIs and devise strategies to mitigate potential threats. 

All is not lost. Enterprises are now waking up to the dire need for API security, and CISOs have a significant role to play in safeguarding their environment.  

We delve into the top challenges we expect CISO to face in 2024 in securing APIs and how they can overcome these growing concerns to bolster their organisations’ security posture.

Authenticated Attacks

Protecting against API threats will be a major challenge CISOs should be ready to face as traditional, perimeter-based solutions are ineffective at identifying such threats.

Hackers are finding innovative ways to gain authenticated user access and with low-cost APIs, hackers can pose as real customers or partners. Additionally, as nation-state-backed cybercriminal groups are on the rise, criminals have more access to resources to pay and become customers. Insiders will deliberately exploit their authorised access to steal sensitive data, manipulate API endpoints, or perform unauthorised actions, leading to data breaches, service disruptions, or system compromise. 

As WAFs only monitor HTTP requests, new perimeter-based API security solutions tracking user requests, not responses, do not provide full-fidelity of the API traffic. The actions of malicious customers or partners will appear legitimate because they come from authenticated users. Securing APIs in a modern threat landscape requires a threat detection and incident response (TDIR) approach that prioritises inside-the-perimeter defences to ensure even if malicious actors gain access, the threat is rapidly identified, and privileges are revoked. 

CISOs will need to ensure their API security strategy takes a multi-layered approach that supplements perimeter defences with application-level security. Full fidelity of APIs is necessary to isolate unknown attacks as hackers find innovative ways to remain undetected by traditional solutions.

Executive buy-in

The API security market is in its infancy as the threat of API attacks has become more accentuated over the past year, which means there is a significant education gap when it comes to API security. The truth is that most organisations don’t have full visibility into their API environment or their API risk posture. API inventories are changing at an exceptionally rapid rate which makes tracking changes and risks a challenge.  

This makes it hard to communicate to budget holders and other C-suite members why they should invest in an API security solution. Getting company buy-in for API security is just as big a challenge for CISOs as defending APIs from attackers.

CISOs play a crucial role in ensuring comprehensive visibility within their API environment to identify the extent of API exposure in real time promptly. This visibility is pivotal in aligning security objectives with business goals. 

By having a clear view of their APIs in real time, CISOs can accurately measure the potential business risks associated with insecure APIs. An API attack can significantly impact a company’s financial health, causing reputational damage, and revenue loss due to disrupted services or the necessity to pay for data access restoration. Having real-time API visibility enables CISOs to quantify risks and strategise security measures effectively, understanding the direct implications on the company’s bottom line.

Finding the right security tool for compliance 

General Data Protection Regulation (GDPR), The Payment Card Industry Data Security Standard (PCI-DSS), and Health Insurance Portability and Accountability Act (HIPAA) are just some of the regulations organisations must adhere to, to protect personal data from being exposed through APIs. As organisations conduct international business, they must ensure their API security meets multiple regional regulatory frameworks.

When it comes to APIs, third-party risks are more acute due to the sensitive nature of the information APIs handle. SaaS security solutions require a lengthy and complicated process to be compliant, as data has to be filtered, redacted, and anonymised before it can be uploaded into a cloud environment. Organisations in sectors such as financial services, are particularly wary of sharing data with third parties of the potential for this data to be misused. 

However, API endpoints are growing at a scale we have never seen before, and traditional on-prem solutions do not have the capacity to process such a massive amount of data. The challenge for CISOs will be to find security tools that don’t make compliance a hindrance to efficiency and operations. An option is to prioritise on-premise tools that eliminate the need to process data before it can be analysed. These tools can also be up and running within days, as there is no need to ensure data processing meets third-party risk requirements. 

Shifting to a proactive approach to securing APIs

With threats of AI-powered attacks and the increasing sophistication of hackers, proactive threat hunting has become central to all TDIR strategies. CISOs will have to rethink their TDIR strategies to incorporate real-time API traffic scanning to ensure early detection of API threats. Relying on guides such as the OWASP Top 10 API Security Risks is no longer enough, as attackers can easily evade known threat detection. CISOs should build their API security strategies on full observability of API traffic. A proactive approach to APIs will ensure that even sophisticated, or insider threats are flagged as malicious traffic before they can disrupt application behaviours. 

In the evolving landscape of API security in 2024, CISOs face a myriad of challenges. The exponential growth of APIs brings financial benefits but also heightens security risks, especially concerning insider threats and evolving attack methodologies. Addressing these challenges demands a multi-layered security approach, inside-the-perimeter defences, and proactive strategies to detect and respond swiftly to potential breaches. Securing executive buy-in, meeting compliance standards, and balancing security with operational efficiency are critical hurdles. Prioritising real-time API visibility and adopting proactive measures against evolving threats will be pivotal for CISOs in fortifying API security and safeguarding organisational integrity in the years ahead.

The post What do CISOs need to know about API security in 2024? appeared first on Cybersecurity Insiders.

[By Greg Hatcher, Founder & CEO — White Knight Labs]

Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. One study by Upwork estimates that 22% of the American workforce will be working remotely by 2025. However, with the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances of remote work.

Cybersecurity in an office setting is relatively straightforward, as the IT department can manage a firewall that can help protect on-network devices from threats. Of course, some threats — such as email scams — may still filter through, but the office setting is generally much more controlled. Many more endpoints must be secured when dealing with remote employees, as they represent potential vulnerabilities for the organization and its data.

Cybersecurity challenges in a remote work environment

While some cybersecurity threats of the in-person workplace remain after transitioning to a hybrid or remote environment, others are more specific to remote work settings. A few common cybersecurity threats include:

  • Weak passwords: Whether in-office or working remotely, weak passwords remain one of the most common threats to an individual’s cybersecurity. Reused passwords are particularly dangerous for remote workers. If their online behavior for personal use compromises one of their passwords, and the employee reuses this password for one of their work accounts, the hacker could access the organization’s sensitive data.
  • Ransomware: Ransomware attacks gain access to critical systems and extort money out of the victim to return the data. Due to the increase in the use of software like virtual private networks (VPNs), virtual desktop infrastructure (VDI), remote desktop protocol (RDP), and cloud storage in the light of remote work, bad actors have more targets for their ransomware attacks. Remote workers must remain hyper-vigilant of potential ransomware attacks — such as phishing scams or trojan horses — to protect their and their company’s data.
  • File sharing: To better enable collaboration, many companies have begun using software like Dropbox or Google Drive to share files, but these cloud-based file-sharing services present a cybersecurity risk to companies because they offer an easy route for wrongdoers to disseminate malware to the entire organization. Virus-scanning software can help users detect corrupted or infected files before downloading them.
  • Unsecured Wi-Fi: In the era of remote work, many individuals have turned to public spaces, such as coffee shops or restaurants, to provide a change of scenery from their home office. However, with public places come unsecured Wi-Fi networks, which can pose a substantial cybersecurity risk. Hackers can take advantage of public Wi-Fi’s lack of security measures to steal information like passwords or even take over accounts entirely, though this can be resolved by requiring employees to work only from secured personal networks.
  • Personal devices: Another substantial cybersecurity risk companies face during remote work is using personal devices for work purposes. Although individuals tend to be more careful with work-issued devices by only visiting safe, work-related sites, they visit a wider variety of websites on their personal devices. When there is a cross-over, employees’ work accounts could be compromised by their personal activities. At a minimum, employees should set up separate user profiles on their devices for work and personal use.

Endpoint security for remote workers

Endpoint security is the practice of securing the network endpoints, which are the devices used to access the organization’s data, including laptops, tablets, smartphones, and any other device. In an office setting, many of these endpoints are company-owned and managed, but when dealing with remote workers, these devices are owned and managed by the individual.

Still, employers may institute specific requirements to ensure their data is secure despite devices being owned by the user. Some of the most common methods of protecting endpoints in remote work ecosystems include:

  • Strong passwords: The first and most crucial step employees should take to protect their data in a remote work environment is always using strong passwords. Regardless of whether the account is for work or personal use, it is essential that passwords are not reused and that they have an adequate level of complexity to make it more difficult for hackers to get into their accounts.
  • Home networking: Remote employees should take care only to work from networks they know are secure, such as their homes or family’s homes. Furthermore, proper security measures should be put in place on these networks to protect them from outside threats. For example, the password on the Wi-Fi network should be strong and not something that can be guessed by someone else, such as a phone number or pet’s name.
  • Antivirus and internet security software: Employees using personal computers and other personal devices must use sufficient antivirus and internet security software. These programs offer a line of defense when a user makes a mistake and accidentally leaves themselves vulnerable to malware attacks.
  • Email security: Implementing robust email security practices can also help protect remote workers’ cybersecurity. A strong spam filter can flag any suspicious emails an employee may receive, ensuring they do not accidentally open attachments, and many email hosts offer features that let users scan files for viruses before downloading them.
  • Identity management and authentication: Companies transitioning to hybrid and remote work environments should also invest in identity management and authentication procedures. For example, two-factor authentication (2FA) requires users to authenticate their identity before accessing sensitive data. This ensures that even if a user’s passwords are compromised, a hacker cannot access the accounts without physically possessing the user’s device.

However, the most effective method of cybersecurity is a proactive approach. Educating employees about best practices is the best way to ensure that data remains secure. For example, employees should be taught about safe email practices and how to vet if an email is legitimate — even if it comes from a seemingly trustworthy source, as it could be a hacker impersonating someone known to the user.

Remote work has offered numerous benefits for workers and organizations alike, but just because employees are no longer in the office and are not using company-owned devices does not mean the responsibility for cybersecurity goes away. Organizations must protect their data by implementing proper security measures and educating employees about responsible practices.

The post Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints appeared first on Cybersecurity Insiders.

“I’ve missed more than 9,000 shots in my career. I’ve lost almost 300 games. Twenty-six times, I’ve been trusted to take the game-winning shot and missed. I’ve failed over and over and over again in my life. And that is why I succeed.” ― Michael Jordan

Words of wisdom from the athlete the National Basketball Association calls the greatest basketball player of all time. The fact is, you can’t win if you don’t play. But sometimes the worry of missing that first, second or third shot can keep you from jumping in the game.

Don’t let fear hold your back. Cybersecurity certification is a career game-changer, one that opens new possibilities wherever your goals take you.

Get the Confidence Boost You Need
We’ve all experienced the fear of failure. When it comes to pursuing a rigorous cybersecurity certification, like the CISSP from ISC2, that anxiety can be even more intense, thanks to the high stakes involved. But remember, even the most accomplished cyber professionals have to stand up to uncertainty — not only in their pursuit of certification but in the work they do every day.

You can do this, and we’re here to help. Use these five proven strategies to help build confidence leading up to exam day.

1. Set realistic expectations. No one becomes a cybersecurity expert overnight. Set an achievable goal and focus on steady progress instead of immediate perfection. Celebrate every milestone along the way, no matter how small.

2. Embrace a growth mindset. Understand that your knowledge and skills will grow with dedication and hard work. Embrace challenges as opportunities rather than seeing them as potential failures.

3. Break down your goals. The journey to certification can feel overwhelming at times. Break down your exam prep into smaller, manageable tasks. By tackling them one step at a time, you’ll build confidence and chip away at the larger goal.

4. Find a support system. Surround yourself with people who will support you with encouragement, guidance and accountability. Join the ISC2 Community and attend your local ISC2 Chapter meetups.

5. Learn from mistakes. Analyze what went wrong, identify areas for improvement and adjust your approach accordingly.

Now move forward with confidence and embrace the exciting world of cybersecurity!

Preparing for the CISSP, CCSP or another ISC2 exam? Watch ISC2 Exam Ready webinars, where expert panels answer common questions about training course content and exams. Another great webinar to check out for last-minute study tips: Exam Prep Hacked.

The post 5 Ways to Conquer Your Certification Exam Fears appeared first on Cybersecurity Insiders.

[By Gabi Reish, Chief Business Development and Product Officer, Cybersixgill]

In today’s rapidly expanding digital landscape, cybersecurity teams face ever-growing, increasingly sophisticated threats and vulnerabilities. They valiantly try to fight back with advanced threat intelligence, detection, and prevention tools. But many security leaders admit they’re not sure their actions are effective.

In a recent survey1, 79 percent of respondents said they make decisions without insights into their adversaries’ actions and intent, and 84 percent of them worry they’re making decisions without an understanding of their organization’s vulnerabilities and risk.

What’s causing this uncertainty? The skills shortage is certainly one factor. There’s no getting away from this long-standing reality. According to a 2022 report2, some 3.4 million security jobs are unfilled due to a lack of qualified applicants. But there’s far more to the story than a staffing shortage.

The Cyber Threat Intelligence Paradox

Cyber threat intelligence (CTI) attempts to understand adversaries and their potential actions before they occur and prepare accordingly. CTI gathers information about threat actors, their intentions, mechanisms, intended targets and means for doing so as comprehensively as possible.

The reason why cybersecurity teams lack confidence in their actions is due to what I term The CTI Paradox: The more you have, the less you know. These teams are flooded with information that they can’t easily act upon because they can’t distinguish what’s relevant to their organization and what’s not. Additionally, they often have an overabundance of security tools designed to detect vulnerabilities, threats, intrusions and the like – firewalls, access management, endpoint protection, SIEM, SOAR, XDR, etc. – that they can’t operate them efficiently without a clear set of priorities.

To illustrate the point, my company, Cybersixgill, recently conducted a survey of more than 100 CTI practitioners and managers from around the globe. We learned that almost half the respondents said that they are still challenged, even with CTI tools at their disposal. Among the issues are the overwhelming volumes and irrelevance of data, the difficulty of gaining access to useful sources, and the complexity of integrating intelligence from different solutions.

It’s no surprise then that 82 percent of surveyed security professionals3 view their CTI program as an academic exercise. They buy a product but have no strategy or plan for using it.

While this scenario may sound grim, there are options to help CISOs and their teams make effective use of CTI data and strengthen their cyber defense. Here are some suggestions for getting out of the CTI Paradox and gaining confidence that your organization is foiling cyberattackers effectively and efficiently.

The Four Pillars of Effective CTI 

Fundamentally, a well-functioning security department needs two things: Timely, accurate insights about threats that are relevant to their organization, and the capacity to quickly respond to those threats. The first order of business is devising an overall strategy that reflects the organization’s unique security concerns. Next you need effective CTI that recognizes those concerns. And finally, you need the detection and prevention tools that allow you to take action in response to the relevant insights.

More specifically, resolving the CTI paradox means using CTI tools that provide support through four pillars:

  • Data – information about cyberthreats that matter to the organization
  • Skill sets – tools that match the team’s level of expertise in responding to those threats
  • Use cases – tools that match the types of intelligence that the security team is interested in
  • Compatibility – the fit between a CTI solution and the rest of the security stack

Let’s look at the four pillars, how and why organizations may be experiencing problems, and the best ways to solve them.

Data

Problem: It’s one thing to collect massive amounts of data. It’s another thing to refine that data so that security teams know what is relevant and what is peripheral. While it is fine to be aware of security threats on a global level – both literally and figuratively – companies need to zero in on the threats and vulnerabilities most relevant to their attack surface and prioritize them accordingly.

Solution: Focus on products that analyze and curate information rather than dumping everything on users and expecting them to filter out what is relevant and what’s noise.

If you’re shopping for a solution, be sure that the vendor has first compiled an exhaustive list of potential threats by accessing a wide range of sources, including underground forums and marketplaces and that the information is continuously updated in real time. But the vendor should further allow you to cull down the list to a manageable level, using the tool to automatically contextualize and prioritize those threats and thus respond quickly and efficiently.

Skill sets

Problem: Security teams sometimes find themselves working with tools that do not match their cybersecurity skills. A tool that provides access to raw, highly detailed information may be too complex for a more junior practitioner. Another tool may be too simplistic for a security team operating at an advanced level and fail to provide sufficient information for an adequate response.

Solution: Teams need to use CTI tools that match or complement their skill sets. You also want to select tools that match your organization’s security maturity and appetite for data – neither too high nor too low for your needs. Ideally, the tool you use incorporates generative AI geared specifically to threat intelligence data.

Use cases

Problem: Organizations may receive information irrelevant to their primary use cases. CTI vendors typically address a dozen or more intelligence use cases such as brand protection, third-party monitoring, phishing, geopolitical issues, and more. Receiving intelligence to address a use case irrelevant to your organization’s security concerns isn’t helpful.

Solution: Find a solution that matches your use-case needs and provides information that is clear, relevant, and specific to those use cases. For example, if your organization is particularly subject to ransomware, find one that offers the best, most up-to-date information about ransomware threats.

Compatibility

Problem: To adequately handle cyber threat intelligence, an organization needs to be able to consume incoming data,  integrate it with other elements of its security stack (SIEM, SOAR, XDR, and whatever other tools that are useful for the organization), and take action rapidly. Without this compatibility among tools, organizations may not be able to mitigate threats quickly enough. Additionally, manually porting information from one area to another may become onerous enough that the CTI tool eventually is ignored.

Solution: In this environment, you need to rely on automated responses to threats as much as possible, so make sure whatever CTI tool you acquire integrates seamlessly with your security ecosystem. You’ll want a tool that has the APIs needed to share information readily with the rest of your security stack. Check the vendor’s compatibility list to be certain that the CTI tool will sync with the security tools most important to your organization.

The CTI Paradox does not have to go unsolved. Curated, contextualized threat intelligence, relevant to an organization’s use cases, eliminates the paralysis that comes from too much data. Well-integrated tools, appropriate for the security teams implementing them, give organizations the defense mechanisms required to detect and respond rapidly and efficiently.

By being smart about threat intelligence and your organizational status and requirements, you can move from doubt and uncertainty to clarity, focus, and effective direction.

Gabi Reish, the chief business development and product officer of Cybersixgillhas more than 20 years of experience in IT/networking industries, including product management and product/solution marketing.

The post The Cyber Threat Intelligence Paradox – Why too much data can be detrimental and what to do about it appeared first on Cybersecurity Insiders.

[By Craig Debban, CISO of QuSecure]

Have you ever been on a trip and realized that you forgot to pack something important? It’s easy to overlook things during the hustle and bustle of traveling, especially during the holidays. Unfortunately, cybercriminals take advantage of this hectic time to target holiday shoppers and travelers. Their goal is to catch you off guard when or where you least expect it. Additionally, if you’re like me you might be doing some last-minute shopping and looking for the perfect gift.  Some tips to consider below:

Secure your devices when they are not in use

Never leave your phone, tablet, or computer unattended. Try to take your device with you wherever you go. If you do need to step away, lock your device. Then, ask a trusted friend or family member to keep your device safe while you’re gone.

Beware of Public Wi-Fi

Always disable the option to automatically connect to Wi-Fi networks on your phone, tablet, or computer. Instead, manually choose which network you’d like to join. Only use Wi-Fi networks that you know are safe, and never connect to random hot-spots.

Never install unfamiliar software

There are hundreds of shopping apps out there. Some of these apps may be malicious, so only use apps that you know and trust. When you download software or apps, be sure to download from verified sources such as the App Store or Google Play. You can verify that an app is legitimate by reading the app’s reviews, checking the number of app downloads, and looking up the app’s developer.

Verify links before clicking

Watch out for malicious advertisements, otherwise known as malvertising. Malvertising is when cybercriminals use ads to spread malware or to trick users into providing sensitive information. When online shopping, only click on an ad or link from a reputable source, such as a retailer’s official social media profile. To be extra careful, use your browser to navigate to the store’s official website to shop instead.

Verify attachments are safe before downloading them

A common tactic among cybercriminals is to create phony email notifications from a retailer or postal service. These notifications often include a malicious attachment. The cybercriminals may claim that there was an update to your order or that your package has been delayed, but you’ll have to download the attachment to find out more. Don’t fall for this trick! Before you open the attachment, contact the retailer or postal service to verify that the notification is legitimate. You can also look up your order directly on the website where you made the purchase.

This is a popular time that cybercriminals are looking for ways to scam you. Don’t let criminals ruin your holiday plans!

The post Cybersecurity Tips to Stay Safe this Holiday Season appeared first on Cybersecurity Insiders.

[By Andy Hill, Executive Vice President, Nexsan]

No IT professional is unaware of the staggering risk of ransomware. In 2023, recovering from a ransomware attack cost on average $1.82 million—not including paying any ransom—and some organizations get hit more than once.

If you’re hit, you generally have to choose between paying that ransom or restoring your data yourself. Nearly every expert advises you not to pay up, for a variety of reasons, most importantly, the cybercriminal may not honor their promise to release your data. (So much for ‘honor among thieves.’) In some cases, once they know the victim is willing to pay, they increase the ransom amount.

Secondly, criminals can take their sweet time giving victims the encryption keys, meaning you don’t get immediate access to your data even after paying.

In reality, it’s better to restore the locked files from backups. While this has historically been most effective, today, cybercrime rings are technologically sophisticated organizations, capable of rendering backups unusable. Recent research from Veeam said backups were targeted in 93% of ransomware attacks, and this was successful in 75% of cases.

When backups are disabled prior to or during a ransomware attack, there’s not much you can do besides pay the ransom.

If you are relying on your own ability to recover from a ransomware attack, there are some ways you can better prepared, and issues to watch out for.

The fallout from a ransomware attack on City of Dallas in May this year is still making the news. The city was forced to shut down some of its IT systems, with a number of functional areas including the police and fire department experiencing disruption. It has recently come to light that over 26,000 people were affected by the attack orchestrated by Royal ransomware group. Information including names, addresses and medical information is among the data exfiltrated by the threat actors. Some city employees have already reported identity theft, with some of their children also having personal information stolen. In August, it was announced that the Dallas City Council approved $8.6 million in payments for services relating to the attack, including credit monitoring for potential identity theft victims.

Confusing Data Protection Options

Data protection approaches vary, and there are many of them. For an IT generalist—not a storage specialist—there may be some misunderstandings about how corporate data is really secured. Know the difference between different technologies: backup, replication, business continuity, disaster recovery, archive, failover, air gapping, and many more.

Perhaps the most common, and dangerous, confusion is backups versus redundancy. Your backup is a point-in-time copy of your data that is created and stored in a different location. Backups are effective for recovering from a ransomware attack because you can restore a copy of your data that was created prior to your systems being infected by malware. Your only loss will be very recent data that was created or changed since that last good backup.

Redundancy refers to having your core applications in one or more locations in the event your primary systems are disabled. Redundant systems contain identical copies of all data in all locations. Unfortunately, if malware infects your primary copy, that malware will be very reliably replicated to your redundant copy or copies. If a hacker locks your files in one location, your redundant copy or copies are also locked. Many victims of attacks believed they could restore from a redundant copy and found out they were doubly unprotected.

Human Error

The biggest problem is often us. Human error is usually the cause of ransomware attacks (the downloaded malware, the exposed password, the social engineering scam that coerces us to give away information we shouldn’t). Finding out that you cannot recover data following an attack due to human error is a double-whammy.

Human input is still required for most technologies to function properly, including data protection. To ensure you’re in the best possible position to recover, eliminate as much opportunity for human error as you can. That does not mean automate everything; quite the contrary—manual checks are still necessary to verify that backups and security applications like antivirus software are operating properly.

Over the past five years, major ransomware attacks have been attributed to human errors such as these, as well as accidental deletions, failing to add a new server or system to the backup application, failing to update or patch systems, and failing to validate that third-party integrations are functioning.

Cybercrime has evolved to undermine the methods we rely on for keeping data safe, and it’s up to us to understand how we can be our own worst enemy. While we can’t always prevent a ransomware attack, we can certainly implement the proper defenses, and adjust our behaviors, to ensure a recovery.

The post Ransomware Attacks: Are You Self-Sabotaging? appeared first on Cybersecurity Insiders.

On December 18, 2023, Comcast Xfinity filed a notice to the Attorney General of Maine disclosing an exploited vulnerability in one of Xfinity’s software providers, Citrix, that has jeopardized almost 36 million customers’ sensitive information. While the vulnerability was made in August of 2023, the telecommunications solutions provider announced patches in October, but it already had mass exploitation weeks after the patch was reported.   

Kiran Chinnagangannagari, CTO, CPO & co-founder, Securin, shares how a vulnerability like this causes so much damage. 

“CVE-2023-4966, more commonly known as “CitrixBleed,” is a vulnerability within the Citrix NetScaler ADC and Gateway software that could allow a cyber bad actor to take control of an affected system,” Chinnagangannagari elaborated.

He went on to say that “At the time of the patch release, Citrix had no evidence of the vulnerability being exploited in the wild. However, Securin observed exploitation just a week later, including ransomware groups LockBit and Medusa leveraging this vulnerability. Securin also observed mentions of this vulnerability in deep, dark web and hacker forums.”

“Vulnerabilities within commonly used software are extremely dangerous because they can be replicated across other companies that might not have patched it either, which we have seen in the case of CitrixBleed, as it is being linked to many incidents in 2023, including Boeing, ICBC, DP World, Allen & Overy, and thousands of other organizations. These big-name victims emphasize ransomware gangs’ ongoing commitment to crippling and disrupting operations that could affect the security of everyday people and even U.S. critical infrastructures.” 

“While large-scale companies have been facing ever-evolving and continuous threats to their cybersecurity, it’s important to remember that these vulnerabilities are all too common and risk exploiting data like names, contact information, the last four digits of social security numbers, dates of birth, and answers to secret questions on the site. This particular vulnerability leaks the content of system memory to the attacker, allowing the attacker to impersonate a different authenticated user. This exploit poses a grave threat to system security and user integrity, emphasizing the critical need for immediate attention and remediation. CWE-119 is the weakness associated with this vulnerability and Securin is tracking 14,231 additional vulnerabilities associated with this weakness with quite a few of them being exploited by ransomware and APT groups.”

Chinnagangannagari implores companies to look for ways to mitigate risk. 

“Companies must look at leveraging a framework like Continuous Threat Exposure Management (CTEM) to prioritize and mitigate risks. In addition to multi-factor authentication (MFA), cybersecurity teams must implement and update basic security practices with routine scans of their attack surface, consolidating third-party applications, updating access controls, systems, and routine updates to complex passwords.” 

The post To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed” appeared first on Cybersecurity Insiders.

The need for cybersecurity professionals has been building for years, and nearly exponentially since COVID came on the scene. At this point, it’s painfully evident there’s a wide talent gap in the field, and research proves it — the global workforce needs an influx of 2.7 million cybersecurity professionals to meet demand.1

In a recent survey of cybersecurity professionals, more than three-quarters said it’s “extremely or somewhat difficult to recruit and hire security professionals.”2 A majority (95%) said the cybersecurity skills shortage and its associated impacts have not improved over the past few years, and close of half (44%) say it’s gotten worse.

If the face of today’s pressing need for skilled professionals, there’s never been a better time to launch a career in cybersecurity. The field is ripe with opportunity for all experience levels, from entry-level up.

Lack of IT experience should never be considered a barrier to anyone considering a career in cybersecurity. More than half of cyber professionals today got their start outside of IT.

If you’re thinking of a career in cybersecurity, these tried-and-tested career tips will help you get started.

Tip #1: Sharpen Your Focus

The first question to ask yourself is, “How do I see myself fitting into a cybersecurity career?” What do you bring to the table that’s relevant to the kind of work that’s done in cybersecurity? What elements of cybersecurity do you find interesting, and how can your current skill set and background help you advance? Once you’ve narrowed your target area of focus, start learning all about it by doing your research.

Tip #2: Get Certified

Cybersecurity experts agree, there’s no better way for entry-level professionals to demonstrate their commitment to a career than certification. It not only helps you with foundational education, it can be a door-opener when you’re looking for your first opportunity in the field.

Tip #3: Network

Getting certified can introduce you to like-minded professionals who want to work in cybersecurity or to those who already work in the field. Some certification programs come with a membership to the issuing organizations. Their industry conferences and other events are invaluable for forging connections and learning about open roles.

Social media can also be a helpful place to make contacts and learn about jobs. Many networks, such as LinkedIn, having dedicated cybersecurity forums you can join to stay on top of important industry trends and topics.

Get more tips on how to break into a career in cybersecurity in the ISC2 ebook, Cybersecurity Career Hacks for Newcomers.

 

1 ISC2 2021 Cybersecurity Workforce Study

2 ESG Research Report: “The Life and Times of Cybersecurity Professionals 2021”

The post New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door appeared first on Cybersecurity Insiders.

Keeping customer, employee, and company information secure can mean the difference between staying in business and going under. That’s why the importance of cybersecurity can’t be understated.

But exactly how do you keep your systems secure? Here are seven tips that will help you get started.

Work With the Right Data Center

Having an in-house data center is always an option, but it requires a lot of maintenance. You have to be extremely savvy about security too. Otherwise, it’s only a matter of time before your data is compromised.

It’s much easier to work with a data center that is digitally secure, but it is equally as important to work with a data center that is committed to creating a secure physical environment for cloud data centers.

Important information can be compromised over the internet, but it can also be compromised in person. A good data center has digital protections in place, and they are also careful about things like:

  • Access provisioning, so only the appropriate people have access to the appropriate systems
  • Business continuity and disaster recovery, so extreme weather is never an issue
  • Properly locked rooms so servers can’t be removed
  • Regular threat assessments that prevent attacks that are designed to sabotage the data center

Install a Security System

Cybersecurity involves physical security at a data center, but surprisingly, it also includes physical security at your physical location.

Make sure your business has a modern security system and be mindful of how it is set up. You’ll want cameras that focus on the register and the entrance if you have a retail shop, but there are other areas that should be monitored.

Monitor areas where data is stored and secure certain devices, like laptops, by locking them up each night. You can also add trackers to devices so they can be found, should they ever be lost or stolen.

Train Your Employees

Employee training is important for many reasons, but it is especially important when it comes to cybersecurity, as even the most intelligent people can fall prey to cybersecurity threats.

A few ways to train your staff to avoid potential cyber threats include:

  • Educate your staff on how to identify potential phishing attempts
  • Create mock cyberthreats and see how your employees react
  • Train employees on what to do if they think they have received or reacted to a phishing attempt

Make sure employees are being continuously trained on cybersecurity threats. Hackers and criminals are always changing their techniques, so it is important to keep your employees up-to-date on the latest scams.

Limit Access to Information

Not everyone needs access to everything. It’s actually much better from a cybersecurity standpoint to be very selective about who has access to what.

That means password-protecting certain systems and changing those passwords anytime someone changes roles within your organization or leaves to work for another company.

It also means cracking down on password sharing. Employees need to know that they should never give out their password. If another employee needs access to protected information, the information itself should be passed on without compromising the entire system.

Have a Plan for Mobile Devices

Work doesn’t always take place on a desktop computer in the office. Work can be done from anywhere on any device. That’s extremely convenient, but it can be dangerous, as other devices aren’t likely to have the same protections in place as the devices at work.

Make sure you have a mobile security plan. If employees want to be able to store sensitive information or access the corporate network on their phone, make sure that their devices are password protected, the right security apps are installed, and data is encrypted.

If you want greater control over mobile devices, like laptops, cell phones, and tablets, consider providing these devices to your employees. That way you have complete control over the setup of those devices.

It’s also important to have a procedure in place for lost or stolen devices. For example, make sure remote wiping is installed on every device so data can be deleted remotely if the device goes missing.

Upgrade Hardware

Most business owners are always looking for ways to save money. One way to do that is to get the most use out of expensive technology as possible. Just make sure you don’t stretch the lifespan of that technology too far.

Hardware gets outdated relatively quickly. Security patches are only released for newer hardware that can handle the updates. If your hardware is too old, it doesn’t get the update, and it opens you up to cybersecurity threats.

It’s a good idea to update important hardware, like your wireless routers and computer hard drives, every few years so that you know those devices are getting all of the latest updates.

Backup Your Files

Even the most prepared companies can fall prey to cyberattacks. It’s important to have a backup plan, which means regularly backing up your files.

There’s nothing wrong with storing important information locally, but that information also needs to be located somewhere else. Schedule regular backups to be stored on an external hard drive or back up your information to the cloud online.

Fortunately, this is something you no longer have to do manually. You can set up automatic backups that store your information in multiple places without you having to do it manually. Just make sure you double check that the program is backing up the right information at the right intervals to the right location.

Cybersecurity is one of those things that business owners are always thinking about, but it’s often something that gets pushed to the bottom of the to-do list in the name of completing more pressing tasks. That is, until your business experiences a data breach.

Prioritize the cybersecurity of your business by following the tips on this list. When you do, you can work confidently knowing that you’re doing everything in your power to keep your important information as safe and secure as possible.

The post 7 Cybersecurity Tips for Small Businesses appeared first on Cybersecurity Insiders.

[By Ratan Tipirneni, President and CEO, Tigera]

Cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. But as enterprises and small businesses increasingly use containers and distributed applications, threat actors are becoming increasingly sophisticated. For example, new Distributed Denial-of-Service (DDoS) attack techniques have emerged that target cloud-native and Kubernetes-based applications. Recently disclosed security flaws discovered in Kubernetes could have been exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.

Doubling down on security has never been more critical as the threat landscape continues to worsen and evolve. Against this backdrop, Tigera polled more than 1,200 users of Calico Open Source, the most widely adopted container security and network solution, to gauge what capabilities IT professionals need for container security and networking.

Survey respondents, including those responsible for DevOps, architecture, or IT operation and infrastructure at their organizations, shared that they use Calico Open Source primarily for Kubernetes networking and security. The State of Calico Open Source: Usage & Adoption report revealed that the critical capabilities driving the adoption of container networking and security solutions include:

  • Scalable networking (35%)
  • Security policies (35%)
  • Interoperability across different environments (33%)
  • Encryption capabilities (30%)

Poor network visibility in Kubernetes clusters and workloads can cause misconfigurations, which can lead to catastrophic consequences like ransomware attacks, exposure of sensitive data, denial of service (DoS) attacks, and unauthorized lateral movement. Another recent industry report, Red Hat’s State of Kubernetes Security, revealed that almost half of respondents experienced one or more of these issues in the last year. This underscores the critical need for visibility at the workload level to identify and mitigate misconfigurations and threats that traditional perimeter-based security solutions cannot identify.

Network security policy creation and deployment is driven by the need for workload access control and secure egress access. In fact, the report revealed workload access policies that limit pod-to-pod communication as the most popular type of security policy Calico users deploy, followed by policies for secure egress access.

  • Workload access policies that limit pod-to-pod communication (61%)
  • Secure egress access policies (41%)
  • Microsegmentation policies (24%)
  • Compliance (8%)

The State of Calico Open Source: Usage & Adoption Report findings show that developers understand the importance of robust workload-centric network security for Kubernetes workloads. Eighty-five percent of users said they needed to achieve network segmentation and protect east-west traffic. IT leaders need enhanced security controls at the workload level to limit pod-to-pod communication, reducing the risk of lateral movement of threats and contributing to compliance efforts. What’s more, egress access controls allow users to adopt a default-deny posture that helps protect against data exfiltration threats.

Container security requires a multi-layered approach that includes security measures at different levels, including the network, host, and application layers. Network security reduces the attack surface, which is a key way to protect containers.

Vulnerability management, configuration management, and deploying a runtime security solution are critical. Security teams must ensure their runtime security tools can rapidly identify and mitigate any intrusion attempts, or risk serious consequences.

Overall, a defense-in-depth strategy is designed to offer more comprehensive protection against different types of attacks. The goal of this approach is to make it more challenging for attackers to penetrate an organization’s defenses and to limit the damage if an attack does occur. The report findings demonstrate that today’s technology professionals understand the importance of deploying solutions that help them achieve security in an increasingly challenging threat landscape.

Author Bio

Ratan Tipirneni is President & CEO at Tigera, where he is responsible for defining strategy, leading execution, and scaling revenues. Ratan is an entrepreneurial executive with extensive experience incubating, building, and scaling software businesses from early stage to hundreds of millions of dollars in revenue. He is a proven leader with a track record of building world-class teams.

The post Network Security Priorities For Containers, According To Today’s IT Pros appeared first on Cybersecurity Insiders.