The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Photo by Tom Fisk

Many industries are experiencing rapid growth thanks to the seemingly overnight advancement of new technologies. Artificial intelligence, for example, has swiftly gone from a vague possibility to being a major component in numerous digital systems and processes. Another technology that has somewhat snuck up on us is blockchain.

Many people associate blockchain with cryptocurrency. However, while blockchain was primarily being used as a decentralized ledger to secure and confirm cryptocurrency trades, it is now being used in numerous other applications across a range of industries.

Blockchain-as-a-service, for example, is offered as a third-party management of cloud-based networks for companies building blockchain applications. And as a whole, many industries are starting to use blockchain for securing transactions such as the shipping and logistics sector.

What is blockchain and where did it all begin?

Blockchain is quickly becoming the new must-have technology, but like any new tech, it has seen an interesting evolution from where it started to where it is today.

Blockchain was first created to make the trading of digital currency more secure. The concept was to have a decentralized currency that could easily be tracked without relying on banks. Thus, blockchain was invented as a public ledger that stored all information in blocks, with each block representing a transaction. Each new block that was created would then include a sequence from the previous block, which would then link or chain all of the blocks together.

This blockchain technology is what makes transactions or the exchange of information so much more secure because blocks are difficult to replicate or change. If someone wanted to replicate or change one block, they would have to change all the previous ones that it is linked to as well.

Once other industries realized the genius of the concept, they started adopting it as well. Financial institutions, for example, which of course, are founded on the idea of transactions and exchanging of money, quickly saw the appeal of using blockchain. Fintech companies, in particular, that had their sights set on building finance systems of the future were early adopters of blockchain technologies. Many of these same businesses are now combining blockchain technologies with mobile tech offerings, among others, to increase efficiency.

Now, we are seeing what is being called “blockchain scaling,” which is the newest innovation using blockchain. Traditionally, every computer in a network must process every transaction, which is slow. But with blockchain, the process can be scaled and accelerated without sacrificing security.

Today, a scaled blockchain is believed to be fast enough to power our more advanced technologies that store and exchange data and information, like the Internet of Things (IoT). This makes blockchain ideal for any number of industries, not just cryptocurrency trading and banks.

How blockchain is revolutionizing transportation, shipping, and logistics

If there is one process that encompasses transportation, shipping, and logistics, it’s the supply chain. And supply chain management, like numerous other processes, has seen a sudden growth with digitalization and the adoption of new technologies that allow for optimization and fewer inefficiencies.

Supply chain processes rely on the linking of various systems to coordinate the manufacturing and shipping of products. In other words, a wealth of data is being shared and transferred throughout the supply chain process, making this an ideal sector to use blockchain technology.

Global shipping

The global shipping industry has long faced a number of issues that result in delays and other errors, which can come at high costs. With blockchain, however, shipping companies will have the framework to mitigate these issues and speed up operations.

In particular, the U.S. Department of Transportation Maritime Administration reports that blockchain can help with the following to increase shipping efficiency:

• Shipment tracking;
• Smart bills of lading (B/Ls);
• Smart contracts.

For example, a lack of real-time information availability and poor tracking capabilities leads to high volumes of canceled orders and cargo loss, which can cost companies thousands of dollars. But these issues can be solved with blockchain technologies.

Delays related to B/Ls are another problem. A B/L provides all the necessary information for the processing of a shipment from carrier to shipper, serving as a receipt, contract, and document of ownership. But traditionally, B/Ls can take days to arrive but are needed for a shipment to be processed.

Fraud is also a concern, as B/Ls can easily be modified and forged. Blockchain, however, enables the digitalization of these documents and speeds up the process of exchanging data throughout the entire shipping process, creating an overall more efficient shipping system.

Transportation

The transportation industry is also expected to benefit greatly from blockchain. The implementation of this technology in the freight industry is slow-moving, but once it happens, it will benefit carriers in various ways. Such changes with blockchain that are expected include:

• Enabling carriers to connect to a permissioned blockchain network;
• Carriers soliciting freight from third-party providers more easily, through a connected blockchain network;
• Blockchain networks matching carriers with available trucks to loads;
• Faster generating and sending of smart contracts;
• Faster and more secure shipment tracking;
• Faster generating and sending of invoices so carriers can be paid more easily.

As a whole, blockchain can increase efficiency across the freight and transportation sector while also reducing administrative burdens and increasing transparency.

Aviation

The aviation sector is another industry that deals in transportation and shipping, where blockchain has captured interest. It can help with security and identity management, baggage management, ticketing, maintenance orders, loyalty programs, and more. Any process that involves sharing data or information, which is most processes these days as everything is digitized, can benefit from blockchain technologies.

Wrapping up

As a final note, it’s important to understand that, for all the advantages of using blockchain, the implementation of any new technology comes with risks. Though people sing the praises of blockchain for how secure it is, it’s not foolproof.

Cybercriminals, for example, get more clever with every passing day, and they can and will find ways to compromise blockchain technology. This is not to say that the shipping and transportation industries should avoid blockchain, but rather that when implementing this new technology, companies should make cybersecurity a priority. 

To ensure blockchain is the most efficient, it’s necessary to first understand all the risks that come with it to mitigate issues going forward. Only then can shipping and logistics companies truly benefit and revolutionize their industries using blockchain technology.

The post The impact of blockchain technology on the future of shipping and logistics appeared first on Cybersecurity Insiders.

As we go about our daily lives, whether that be shopping with the family, enjoying dinner at a restaurant, finding our gate at the airport, or even watching TV, we find ourselves more and more often encountering the QR code. These black-and-white checkerboards of sorts have gained a reputation for being a fast and convenient way of obtaining information via our smartphones while at the same time contributing to environmental conservation, as they allow businesses such as retailers and restaurants to print fewer paper menus or flyers.

But before you whip out that phone and activate your camera, you should be aware that these seemingly innocuous QR codes can also be used for purposes you aren’t anticipating. Adversaries can also abuse them to steal your money, identity, or other data.  In fact, the term in the cybersecurity industry for attacks that leverage QR codes as a means of delivery is “quishing.” Although this may sound cute, the intentions behind these intrusions are, in reality, quite sinister.

A brief history of the QR code

While it may seem like we have only been interacting with QR codes over the past several years, they were in fact invented almost 30 years ago in 1994 by a Japanese company called Denso Wave, a subsidiary of Toyota Motor Corporation, for the purposes of tracking automotive parts in the assembly process. QR stands for “quick response” and is a sophisticated type of bar code that utilizes a square pattern containing even smaller black and white squares that represent numbers, letters, or even non-Latin scripts which can be scanned into a computer system. Have you ever noticed that there are larger black and white squares in just three of the corners of a QR code? Their purpose is to allow a scanning device to determine the code’s orientation, regardless of how it may be turned.

The use of QR codes has expanded considerably since 1994. They have become a favored means for businesses to circulate marketing collateral or route prospects to web forms, and other even more creative uses have also been cultivated. Instead of printing resource-consuming user manuals, manufacturers may direct their consumers to web-hosted versions that can be reached by scanning codes printed on the packaging materials. Event venues print QR codes on tickets that can be scanned upon entry to verify validity, and museums post signs next to exhibits with QR codes for visitors to obtain more information. During the COVID-19 pandemic, the use of QR codes accelerated as organizations sought to create contactless methods of doing business.

The dangers that lie beneath

QR codes don’t appear to be going away anytime soon. The speed, and versatility they offer is hard to deny. However, any hacker worth their salt understands that the most effective attacks leverage social engineering to prey upon human assumptions or habits. We’ve become accustomed to scanning QR codes to quickly transact or to satisfy our sense of curiosity, but this convenience can come at a cost. There are several websites that make it incredibly simple and low cost (or free) for cybercriminals to generate QR codes, which they can use to do any of the following:

• Open a spoofed web page – Upon scanning the QR code, your browser will open a fake web page that appears to be a legitimate business, such as a bank or e-commerce site, where you are requested to provide login credentials or payment data, also known as a phishing attack. It is also possible that this site contains links to malware.
• Recommend an unscrupulous app – You will be directed to a particular app on the Apple App or Google Play Store and given the option to download the app to your mobile device. These apps can contain malware that installs additional programs or they may collect and share sensitive information from your mobile device with its developers and other third parties. This information could be your name, phone number, email address, photos, location, purchasing information, and browsing history,
• Automatically download content onto your devices – This may include photos, PDFs, documents, or even malware, ransomware, and spyware.
• Connect to a rogue wireless network – QR codes may contain a Wi-Fi network name (SSID), encryption (or none), and password. Once scanned, you will receive a notification banner with a link to connect to the network. From there, a hacker can monitor and capture information transmitted over the network in what’s referred to as a “man-in-the-middle attack.”
• Make a phone call – A notification will appear, confirming that you’d like to call the number programmed into the QR code. Someone will answer, claiming to be a legitimate business but then requesting personal or financial information and/or adding you to a list to be spammed later.
• Compose an email or text message – An email or text message is prepopulated with the message and recipient that the QR creator has programmed. You will then receive a notification banner confirming that you would like to send it. Once you do so, your email address or phone number may be added to a spam list or targeted for phishing attacks.
• Trigger a digital payment – QR codes may be used to process payments through PayPal, Venmo, or other means. This one may seem like an easy one to spot, but what if the QR code was placed on a parking meter with a message to scan it to submit payment for the time your automobile will be occupying the spot?

Five ways to defend against malicious QR codes

Spotting a malicious QR code may be difficult because the displayed URLs are often shortened or hosted on cloud platforms, such as Amazon Web Services (AWS). Fortunately, there are things you can do to reduce your chance of falling victim to a quishing attack:

1. Ask yourself “How certain am I of the creator of this QR code?” One that is printed on food packaging or posted on a permanently mounted sign at a train station may have a lower risk of being malicious than one that is printed on a sticker at your local brewery or on a flyer handed to you by someone you don’t know. If you receive an email or text containing a QR code from a reputable source, verify that it is legitimate by responding through a different means like sending a message through another platform or making a phone call.
2. Determine if there is an alternate way of obtaining the information you seek, such as navigating to the business’ public website or requesting a paper menu.
3. Never enter login credentials or any sensitive personal or financial information, such as credit card numbers or social security numbers, on a webpage obtained by scanning a QR code.
4. Don’t jailbreak your device. This will bypass the restrictions and security intentionally placed on your device by the manufacturer and expose it to malware and other risks.
5. Ensure that you have a mobile threat defense solution installed on your tablets and smartphones to block phishing attempts, malicious websites and risky network connections.

This topic was covered in a SecurityInfoWatch piece today.

The post What may be lurking behind that QR code appeared first on Cybersecurity Insiders.

For anyone who follows industry trends and related news I am certain you have been absolutely inundated by the torrent of articles and headlines about ChatGPT, Google’s Bard, and AI in general. Let me apologize up front for adding yet another article to the pile. I promise this one is worth a read, especially for anyone looking for ways to safely, securely, and ethically begin introducing AI to their business. On June 20th the International Association of Privacy Professionals (IAPP) released a new body of knowledge (BOK) for their soon-to-be-released Artificial Intelligence Governance Professional Certification (AIGP). This first-of-its-kind certification covers a series of knowledge areas, which I’ll explore later in this post. It’s of great value to any professional interested in implementing or managing AI, or simply curious about the field.

The field is booming with new tools, ideas, and use-cases being developed by the hour (at least that’s how it seems sometimes). Several companies, IBM being the most prolific, have also released several technical certifications aimed at the creation and refinement of AI. There are not, however, any certifications aimed at business leaders or non-technical professionals, the people who will approve and use AI in their day-to-day tasks. At least there weren’t until the IAPP announced their new AIGP certification, that is.

Introduction to the IAPP, and the AIGP knowledge areas

While the IAPP is the de facto leader in the industry when it comes to privacy certifications, I recognize not everyone may be familiar with them or their offerings. The IAPP was founded in 2000 and currently offers a suite of certifications aimed at professionals, including lawyers, who work with data privacy or governance. Their key offerings include the Certified Information Privacy Professional series (including individual certifications on European, Canadian, and American privacy laws), the Certified Information Privacy Manager, Certified Information Privacy Technologist, as well as a few others. The AIGP is a brand-new offering that hasn’t been fully released yet beyond the newly posted BOK.

The AIGP covers seven different domains that range from fundamental components of AI, all the way to development lifecycles and risk management. The topics on the exam will allow professionals to showcase their knowledge of both AI as a field of study and a technology, but also how to effectively manage it within an organization. Learning what you need to know to pass the test will create an excellent foundation and equip you to identify and leverage opportunities when they appear, and manage risks when they invariably crop up. I’ve listed the seven domains below:

1. Understanding the Foundations of Artificial Intelligence
2. Understanding AI Impacts and Responsible AI Principles
3. Understanding How Current Laws Apply to AI Systems
4. Understanding the Existing and Merging AI Laws and Standards
5. Understanding the AI Development Life Cycle
6. Implementing Responsible AI Governance and Risk Management
7. Contemplating Ongoing Issues and Concerns

Conclusion

While the certification itself isn’t out quite yet, I highly recommend you visit the IAPP’s website and take a look at the AIGP’s BOK. This will give you a good idea of what you can expect to see on the exam and let you begin preparing while we wait for the official training material to be released. I reached out to the IAPP for more information and was informed that additional training material to support this certification is planned for a Q4 release later this year.

This certification promises to become a milestone in the realm of AI governance, effectively bridging the gap between those with deep technical knowledge and non-technical business leaders. As the presence and use of AI becomes more pervasive, being able to understand its governance, risks, and ethical implications is no longer a luxury, but a necessity. This certification is going to be a vital first step towards achieving that understanding. I’ll continue to follow the development of the AIGP and provide more insights as new information becomes available.

The post Artificial Intelligence Governance Professional Certification – AIGP appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Preventing data loss is a concern for almost every organization, regardless of size, especially organizations with sensitive data.  Organizations, now more than ever before, rely on voluminous amounts of data to conduct business. When data leakage or a breach occurs, the organization is forced to deal with the negative consequences, such as the high cost associated with data breach fines and remediation and reputational harm to their company and brand. 

Data loss prevention (DLP) solutions help mitigate the risk of data loss. Losses can occur as a result of insider-related incidents (e.g., employee theft of proprietary information), or due to physical damage to computers, or as a result of human error (e.g., unintentional file deletion or sharing sensitive data in an email). In addition to the various ways an organization might experience data loss, mitigating the risk of loss requires the right people, processes, and technology.

Meeting the technology requirement can be a challenge when it comes to selecting the right DLP solution. During the vendor exploration and evaluation phases, there may be questions about whether it makes sense to invest in a solution that protects the network, endpoints, or the cloud or whether it’s better to select a solution that protects the enterprise and takes into account the hybrid nature of many organizations.

Data classification and labeling

The decision to invest in a DLP solution should be informed by sufficient research and planning with key stakeholders. This blog will discuss three additional things you should consider before making such an investment. Let’s begin with the types of data an organization collects, stores, and analyzes to conduct business. 

To have a successful data loss prevention program, it’s important to identify all types of data (e.g., financial data, health data, or personally identifiable information) and to classify the data according to its value and the risk to the organization if it is leaked or exfiltrated. Data classification is the process of categorizing data to easily retrieve and store it for business use. It also protects it from loss and theft and enables regulatory compliance activities. Today, systems are more dispersed, and organizations have hybrid and remote workforce models, so it is critical to protect data regardless of where it resides or with whom it is shared. This kind of protection requires properly classified and labeled data.

Automated data classification is foundational to preventing data loss. It is the best way for organizations to fully understand what types of data they have, as well as the characteristics of the data and what privacy and security requirements are necessary to protect the data. Properly classifying data also enables the organization to set policies for each data type.

Techniques to identify sensitive data

DLP solutions detect instances of either intentional or unintentional exfiltration of data. DLP policies describe what happens when a user uses sensitive data in a way the policy does not allow. For example, when a user attempts to print a document containing sensitive data to a home printer, the DLP policy might display a message stating that printing the document to a home printer violates the policy and is not permissible. How does the DLP tool know that the document includes sensitive data? Content inspection techniques and contextual analysis help identify sensitive data. 

The inspection capability of the DLP solution is very important. It’s important to note that traditional DLP solutions focus on data-specific content inspection methods. These inspection methods are no longer effective for organizations that have migrated to the cloud because the techniques were developed for on-premises environments. Gartner recommends investing in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user, and entity behavior analytics (UEBA), and rich context for incident response. UEBA is useful for insider-related incidents (e.g., UEBA might help identify data exfiltration by a dissatisfied employee). 

What actions will the DLP solution perform

After it’s clear that the tool can classify sensitive data, a logical next question is what actions the tool will perform to prevent loss of that data. A DLP solution performs actions such as sending out alerts for DLP policy violations, warnings using pop-up messages, and blocking data entirely to prevent leakage or exfiltration. Another feature might include quarantining data. Organizations should be able to define their policies based on their policy, standards, controls, and procedures. 

Traditional DLP relies heavily on content analysis and does not always accurately identify sensitive data. Sometimes traditional tools block normal activity. In contrast, a modern DLP solution minimizes false positives by combining content analysis and data lineage capabilities to more accurately understand whether the data is sensitive.    

Conclusion   

There are many DLP tools on the market. A DLP solution might also be a capability in another security tool such as an email security solution. Selecting the right tool requires knowledge of market trends, the gap between traditional and modern DLP tools, data loss prevention best practices, and the purchasing organization’s security initiatives and goals. Given the many options and variables to consider, it can be challenging to understand the nuances and distinctions among solutions on the market.    

The post What your peers want to know before buying a DLP tool appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Data Security Posture Management (DSPM) plays a critical role in identifying security risks, prioritizing misconfigurations, and implementing a zero-trust framework. It is an emerging technology, and there are only a few capable solutions that provide good product offerings. Check out the list of some of the best DSPM platforms that can be considered to streamline data protection, governance, and compliance efforts.

Top Data Security Posture Management (DSPM) tools to watch

1. Securiti DSPM

Securiti DSPM ranks at the top on Gartner’s list of DSPM platforms in this category. Gartner has given a rating of 4.7 which is the highest amongst other products. The tool is built to protect an organization’s data, especially sensitive data, everywhere. The platform covers data in numerous environments and across various formats, such as structured and unstructured data systems.

Users can gain visibility of their data at rest and in motion across public, private, hybrid, and multi-cloud systems. The solution also covers SaaS environments which is a plus since traditionally, DSPM covers only public clouds. The solution leverages AI/ML-powered sensitive data insights to streamline their data governance strategy, data lineage, access policies and controls, and privacy operations, such as cross-border transfer policies.

2.  Symmetry DataGuard

Symmetry DataGuard comes second to Securiti in ranking and rating as well. The DSPM solution has received a 4.6 rating in the Product Capabilities and Customer Experience categories. It delivers real-time data protection. With visibility of data and advanced analytics, security teams can not only ensure data security but also availability and integrity. Users can leverage that granular information to power their IAM engines to implement effective data controls, access, and permission.

Symmetry DataGuard can be an expensive and you’ll need to invest time to understand the product because of its extensive capabilities and features.

3. Sentra

Sentra’s DSPM platform is built for speed and efficiency. The platform offers agentless discovery, which means that data doesn’t leave an organization’s secure environment, and hence there’s zero disruption to the productivity of teams.

Another important aspect of Sentra’s DSPM solution is that it is easy to implement and scale. It further offers great integration capability and thus enables organizations to integrate with various ecosystems for discovering data.

4.  Dig Security Platform

Up to 77% of users would recommend Dig Security Platform, suggests Gartner. The DSPM platform has garnered a 4.2 rating on the review platform. The tool can help security and data teams to effectively identify and discover data and perform accurate categorization and classification.

The data detection and response capabilities of the solution further ensure robust data protection. Teams can have a complete understanding of their data spread across physical and virtual databases and protect sensitive data from security risks, such as data exfiltration, ransomware, and shadow data.

5.  Flow Security

Flow Security covers a large set of environments to discover all data of an organization. For instance, the solution can scan through on-prem infrastructure, multiple cloud environments, SaaS applications, and other self-managed databases.

The ML capabilities enable data teams to discover and classify data elements across structured and unstructured formats. The tool can further discover security vulnerabilities and track them for remediation.

6. Laminar

Laminar is another emerging solution provider that offers a DSPM platform. The platform offers an agile DSPM solution that delivers speed, accuracy, and efficiency. The tool has received a 4.1 rating by reviewers. Data teams can leverage the platform to gain the required data insights of their multi cloud and SaaS environments.

Various controls can be configured to enable robust data protection in the cloud, such as risk discovery and management, access policies, governance framework optimizations, and compliance management. Since Laminar has a lot of room for improvement, you may find the platform lacking in the department of scalability, which is a must for large-scale data-driven organizations.

7. TrustLogix

TrustLogix cloud data security platform, as the name suggests, is built for the cloud to gain data visibility and optimize controls around security, governance, and compliance. The DSPM platform is built for the cloud, and it can be deployed swiftly. It can be connected to a variety of cloud-native environments along with self-managed clouds and SaaS applications.

It doesn’t require access to the data, but it only scans for schemas and configuration metadata. TrustLogix further reviews the log files to detect any anomalies related to sensitive data access for enhanced protection.

8. Cyera

Cyera Platform is a well-trusted DSPM solutions provider in the industry. It provides organizations with comprehensive information on their sensitive data, geographies, and data access controls.

Its DSPM solution covers a lot of ground when it comes to ecosystems in that it can discover data in IaaS, PaaS, self-managed databases, managed databases, as well as DBaaS environments.

9. Concentric

The Concentric Semantic Intelligence product delivers DSPM capabilities to help businesses and security teams find their most important data, find security gaps, and prevent unauthorized access.

The complex ML capabilities of Concentric’s functionalities allow autonomous discovery of the data across a business’s data environment and classify a wide number of data elements, such as PCI data, PHI data, and PII data.

10. Veza

Veza’s DSPM solution provides businesses with a powerful vulnerability management system that allows them to discover identities and mitigate risks. The solution can be integrated with a number of cloud and SaaS systems, such as Okta, Slack, OneLogin, GitHub, GitLab, AWS, OCI, AWS DynamoDB, and GCP, to name a few.

11. BigID

BigID ranks as one of the top cloud data management solutions, and they are now also offering a DSPM solution. The solution comes with a decent data discovery and classification engine that categorizes data across different formats and systems. The solution can further identify and track data security risks, help optimize data access policies across roles and users, and enhance security posture.

12. Fasoo

Data Radar is Fasoo’s product that offers DSPM capabilities. The DSPM platform can replace a traditional data loss prevention solution with an advanced DSPM tool, offering powerful discovery and classification capabilities along with access controls and policies, and risk assessment.

13. Normalyze

With Normalyze DSPM platform, you can search, identify, and categorize data in your Google, Azure, and AWS data clouds. You can sift through data in cloud-native environments across various data formats.

14. OneTrust

OneTrust is also a well-known DSPM provider. The solution provides data discovery, classification, and inventorying. You can use the tool to discover security gaps and enhance access controls to implement a zero-trust framework.

15. Open Raven

Open Raven has a wide range of functionalities that can optimize data security posture. Its DSPM platform can enable businesses to discover and classify data, assess security posture risks, optimize controls, and implement guardrails to meet compliance.

Final thoughts

In today’s data-driven era, finding the best DSPM platform is crucial for businesses to safeguard data against cyber threats and derive business value while meeting compliance. So, go through the provided list of DSPM platforms and pick the best one to meet your business objectives.

The post Top 15 Data Security Posture Management (DSPM) platforms for 2023 appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Social engineering has long been a popular tactic among cybercriminals. Relying exclusively on information security tools does not guarantee the safety of an IT infrastructure these days. It is critically important to enhance the knowledge of employees regarding information security threats. Specifically, there is often a pressing need to educate employees about phishing. But how could phishing awareness training go wrong, and what can be done about it? Let’s delve deeper and unravel the potential issues and solutions.

In recent years, we have seen an uptick in the delivery of malware via phishing attacks. Compounding the problem is the rising volume of email fatigue, which can lead to less vigilance and increased vulnerability. Regrettably, email protection software does not fully safeguard against phishing due to the inevitable human factor involved. Indeed, there is a reason why social engineering continues to be a preferred strategy for cybercriminals – its effectiveness is exceptional.

Many organizations are already conducting training sessions and rolling out specialized programs to enhance employee awareness about phishing. These programs are not just theoretical but also offer hands-on experience, allowing employees to interact with possible threats in real-world scenarios. For this, companies often use simulated phishing attacks, which are a vital part of their awareness programs. Some businesses manage these cyber exercises internally through their information security teams, while others enlist the help of service providers.

However, these training sessions and mock phishing exercises are not without their flaws. At times, technical issues can disrupt the process. In other instances, the problem lies with the employees who may exhibit apathy, failing to fully engage in the process. There are indeed numerous ways in which problems can arise during the implementation of these programs.

Email messages caught by technical means of protection

It is standard practice for most companies to operate various email security systems, like Secure Email Gateway, DMARC, SPF, DKIM tools, sandboxes, and various antivirus software. However, the goal of simulated phishing within security awareness training is to test people, not the effectiveness of technical protective tools. Consequently, when initiating any project, it is crucial to adjust the protection settings so your simulated phishing emails can get through. Do not forget to tweak all tools of email protection at all levels. It is important to establish appropriate rules across all areas.

By tweaking the settings, I am certainly not suggesting a total shutdown of the information security system – that would be unnecessary. When sending out simulated phishing emails, it is important to create exceptions for the IP addresses and domains that these messages come from, adding them to an allowlist.

After making these adjustments, conduct a test run to ensure the emails are not delayed in a sandbox, diverted to junk folders, or flagged as spam in the Inbox. For the training sessions to be effective and yield accurate statistics, there should be no issues with receiving these training emails, such as blocking, delays, or labeling them as spam.

Reporting phishing

Untrained employees often become victims of phishing, but those who are prepared, do more than just skip and delete suspicious messages; they report them to their company’s information security service.

Tools like the “Report Phishing” plugin for Outlook can be extremely useful. This plugin lets employees quickly and easily notify the information security team about potential phishing attempts. If an attack is indeed taking place, vigilant employees can help detect it faster and prevent severe consequences by forwarding the phishing email to the information security team, who can then respond to the incident.

This plugin is also beneficial for simulated phishing campaigns for several reasons:

• It helps to evaluate the vigilance of users and the effectiveness of the company’s awareness training program.
• It alleviates the burden on the information security service from having to process reports of simulated phishing. The fact is that all real phishing alerts are sent to a dedicated mailbox of the information security service. During a training campaign, this mailbox can quickly fill up. Simulated phishing messages will not end up in this mailbox if the plugin is used. Instead, the platform will simply count the employees who reported the attack, thus preventing cybersecurity specialists from being overwhelmed by unnecessary reports.

Apart from email client plugins, there are other ways to assist employees in taking the right actions when confronted with phishing attacks:

• Set up a short and easy-to-remember email address specifically for phishing reports and make sure all employees are aware of it.
• Regularly motivate employees to report any suspected attacks. For instance, you could circulate internal newsletters with statistics on reported incidents, discuss how such reporting aids in thwarting attacks, and give recognition to those who have successfully identified a cyber threat.

Sad test results

Companies can run special phishing tests using both clean emails and ones labeled “external sender” or “spam.” These red flags are intended to caution employees to exercise more care when handling such emails, as they are more likely to contain malicious attachments or phishing links. Interestingly, research shows that presenting suspicious details in email headers does not improve phishing detection. Even when emails bear labels like “external sender” or “spam” in the subject line or body of the message, employees click on them nearly as frequently as they do on unlabeled ones.

Why does this happen, and what can be done about it? There could be a level of mistrust towards technology and software algorithms at play here. We often hear the advice, “If you did not receive an email from us, check your spam folder.” And, of course, simple inattention on the part of employees is common.

Curiosity, interest, or fear triggered by the content of the email can lead employees to fall for the hackers’ bait. Certain expertly designed templates, such as those warning of potential account breaches and prompting password changes, generate high click rates. Often the “sender” field in an email might show an address that perfectly matches the legitimate domain of the client. However, the “from” field only displays text, which can be altered by the sender’s email server. To truly ascertain the domain from which the email originated, examining the headers in the email’s properties is necessary. Therefore, again, relying entirely on software and hardware for email information security is unwise. The human factor is a crucial element to consider.

Even following training, phishing emails continue to be opened

Let’s say right away that there are no magic pills against phishing for employees. Training courses are an important part of the process, but they will not work without regular practice. Upon contact with a new variant of phishing, an employee may become confused and eventually fall for the trick of scammers.

Cultivating robust phishing detection skills and enhancing awareness of threats should be continuous processes that involve direct exposure to these threats. Every training phishing email sent, irrespective of the unsafe action statistics, enhances an employee’s awareness: they learn about a new threat, encounter it firsthand, experience the potential impact, and consequently, become less vulnerable. As the proverb says: “Fool me once, shame on you. Fool me twice, shame on me.”

Practical experience affirms the need for ongoing engagement with employees. Mere theoretical training sessions will not protect you from phishing, and a single training session is not sufficient either. Interestingly, reports suggest that after one round of simulated phishing emails, there might be an increase in unsafe actions with mock phishing, even after employees have completed training courses.

Does this suggest that the training courses were entirely ineffective? Not necessarily. It simply indicates that the practical skills needed to recognize phishing are not yet fully developed, reinforcing the notion that understanding the information security theory without practical application is insufficient. It is through regular phishing training emails that employees become more adept at identifying phishing attempts and reporting them to the information security service.

Cycle-based phishing awareness program implementation

A phishing awareness program typically starts with an initial round of simulated phishing emails to evaluate employees’ susceptibility to such attacks. Next, the employees undergo training to learn about phishing and how to spot it. Following the training, another round of simulated phishing is conducted to provide practical reinforcement of the training and to assess its impact on employees. This constitutes the initial cycle of the program. Depending on your resources and the size of your organization, this part may take anywhere from several weeks to a few months to complete.

The process does not stop there. You should conduct new rounds of simulated phishing emails approximately once a month, gradually making them more complex. Employees who consistently fall for phishing attempts should be given additional training.

Yes, this is a slow process. Building sustainable skills takes time, typically at least 12 months. And even after this period, regular phishing simulation exercises are still necessary to ensure employees maintain their alertness. By running regular phishing simulations, employees become more knowledgeable and vigilant, boosting the attack resilience of both the individual and the entire organization.

Conclusion

As you can see, relying solely on technological measures for protection against phishing is not enough. The human factor should not be underestimated. Engaging with employees and motivating them in matters of information security is essential. That is why simulated phishing exercises are so valuable. If you are in charge of cybersecurity for your organization and do not yet have a dedicated process for reporting phishing and other cyber threats, it is time to establish one. This is a straightforward and effective initial step to shield against cyber threats and kickstart a security awareness program. It is important to properly structure the learning process and run multiple cycles of theoretical and practical sessions on an ongoing basis.

The post How to improve employee phishing awareness appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the realm of digital forensics and incident response, the analysis of volatile memory, commonly referred to as RAM (Random Access Memory), plays a pivotal role in extracting crucial evidence and uncovering valuable information. RAM dump – the process of capturing the contents of a computer’s memory, is a vital step in preserving volatile data for forensic examination. This article aims to shed light on the importance of RAM dump in digital investigations and provide insights into the process involved.

The significance of RAM dump

• Volatile nature of RAM: RAM is a volatile form of memory that holds data temporarily while a computer is powered on. Once the system is shut down, the contents of RAM are lost. Therefore, capturing a RAM dump becomes essential to preserve valuable evidence that may not be available through traditional disk-based analysis.
• Dynamic and live information: RAM contains real-time information about running processes, active network connections, open files, encryption keys, passwords, and other critical artifacts. Analyzing the RAM dump allows forensic investigators to access this dynamic and live information, providing insights into the state of the system at the time of the incident.
• Uncovering hidden or encrypted data: RAM often holds data that may not be easily accessible through traditional file system analysis. It can reveal information about active malware, hidden processes, encrypted data in memory, or remnants of deleted files, offering a wealth of evidence that can be crucial to an investigation.

The RAM dump process

• Acquiring a RAM dump: To perform a RAM dump, specialized tools or techniques are used to capture the contents of RAM. Common methods include physical access and utilizing software tools designed for memory acquisition. Physical access allows directly connecting to the computer’s memory modules, while software tools can acquire RAM remotely or by creating a memory image from a hibernation file.
• Preserving data integrity: It is essential to ensure the integrity of the RAM dump during acquisition to maintain its evidentiary value. This involves utilizing write-blocking mechanisms, verifying the integrity of the acquired image, and documenting the entire process to establish a proper chain of custody.
• Analyzing the RAM dump: Once the RAM dump is acquired, it can be analyzed using specialized software tools designed for memory forensics. These tools enable investigators to extract information, identify running processes, recover artifacts, and search for patterns or indicators of compromise.
• Extracting volatile data: The RAM dump analysis involves extracting volatile data such as active network connections, running processes, loaded drivers, registry information, file handles, and other artifacts. This data can be used to reconstruct the system’s state, identify malicious activities, or uncover hidden information.
• Memory carving and artifacts recovery: Memory carving techniques are employed to search for specific file types or artifacts within the RAM dump. This process involves identifying file headers or signatures and reconstructing files from the memory image. This can be particularly useful in recovering deleted or encrypted files.

RAM dumps can be acquired using specialised tools like FTK Imager and Magnet Ram Capturer (both of which are available for free) or the analysis can be done using specialised tools or Open source frameworks like Volatility Framework.

Let’s take a look on how to acquire a RAM dump and registry files using FTK Imager.

To acquire RAM and registry files, please follow these steps:

• Download FTK imager from here.
• Follow the installation steps.
• Once installed, Run FTK imager and select Capture memory option from toolbar menu as shown in screenshot:

Alternatively, you can select Capture memory from the File dropdown menu inside FTK Imager as illustrated in screenshot below:

Once you select Capture memory, provide a destination path where you wish to save the dump file. Alternatively, you can select to include pagefile. After that, the process of capturing memory will begin.

You will receive a pop up once the process is finished.

Since I chose to capture memory as well as pagefile I will have two files available.

The file with the name “memdump.mem” is the RAM capture file.

You can take the dump file to analyze as required on your forensics workstation.

Best practices and considerations

• Timeliness and live analysis: RAM dump acquisition should be performed as soon as possible to capture the volatile data before it gets overwritten or lost. Additionally, live analysis of the RAM dump can provide real-time insights into ongoing activities and help mitigate immediate threats.
• Privacy and legal considerations: Collecting and analyzing a RAM dump may involve accessing sensitive user data or private information. It is crucial to follow legal procedures, obtain proper authorization, and adhere to privacy laws and regulations to ensure compliance and protect the rights of individuals involved.
• Proper training and expertise: RAM analysis requires specialized knowledge and skills in memory forensics. Forensic investigators should undergo proper training and continuously update their expertise to effectively handle RAM dump acquisition and analysis.

Conclusion

RAM dump acquisition and analysis are vital components of digital forensics and incident response investigations. The volatile nature of RAM and the real-time information it holds make RAM dump an invaluable source of evidence. By understanding the importance of RAM dump and following proper acquisition and analysis procedures, forensic investigators can uncover hidden data, identify malicious activities, and reconstruct the system’s state during an incident.

However, it is essential to stay updated with evolving technologies, legal considerations, and best practices in RAM analysis to ensure the integrity and effectiveness of the process. Ultimately, RAM dump plays a critical role in modern digital investigations, helping investigators piece together the puzzle and provide essential insights for resolving cases.

The post RAM dump: Understanding its ­­­importance and the process appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In the current geopolitical climate, the energy sector, which powers our modern society – from homes and businesses to critical infrastructure and national defense systems, finds itself under the growing threat of cyberattacks.

With the energy sector’s growing dependence on digital technologies and interconnectivity, the attack surface for cybercriminals has expanded. This situation is further complicated by incidents such as the SolarWinds and Colonial Pipeline attacks years ago, which compromised numerous value chains, along with recent escalations in cyber threats. These circumstances highlight the urgent need for a robust and proactive cybersecurity strategy in the energy sector.

Why the energy sector is vulnerable

According to McKinsey, the energy sector is particularly vulnerable to cyber threats due to several characteristics that amplify the risk and impact of attacks against utilities:

1. The threat landscape has expanded, with nation-state actors, sophisticated players, cybercriminals, and hacktivists targeting infrastructure providers. This diverse range of threat actors poses varying levels of sophistication and potential disruptions to electric power and gas operations.
2. The geographically distributed nature of organizations’ infrastructure further complicates cybersecurity efforts. Maintaining visibility across both information technology (IT) and operational technology (OT) systems becomes challenging, not only within utility-controlled sites but also in consumer-facing devices that may contain cyber vulnerabilities, thereby compromising revenue or the overall security of the grid.
3. The organizational complexity of the energy sector exposes vulnerabilities to cyberattacks. Utilities often rely on multiple business units responsible for different aspects of energy generation, transmission, and distribution. This diversity introduces separate IT and OT policy regimes, making it difficult to ensure the network’s overall security.

To illustrate the potential impact across the entire value chain, it’s worth noting that electric organizations, in particular, could face cyber threats capable of disrupting various stages, including generation, transmission, distribution, and network segments.

• Generation stage: Potential disruptions in this stage could stem from service interruptions and ransomware attacks targeting power plants and clean-energy generators. The primary vulnerabilities lie in legacy generation systems and clean-energy infrastructure that were not originally designed with cybersecurity in mind.
• Transmission stage: The large-scale disruption of power to consumers could occur through remote disconnection of services. This is possible due to physical security weaknesses that allow unauthorized access to grid control systems, leading to potential disruptions.
• Distribution stage: Disruptions at substations could result in regional service loss and customer disruptions. The root cause of such disruptions can be traced back to distributed power systems and the limited security built into Supervisory Control and Data Acquisition (SCADA) systems.
• Network stage: Cyber threats at this stage could lead to the theft of customer information, fraudulent activities, and service disruptions. These threats are driven by the extensive attack surface presented by Internet of Things (IoT) devices, including smart meters and electric vehicles.

Recommendations for enhancing cybersecurity in the energy sector

To further strengthen cybersecurity practices in the energy sector, the following key recommendations should be considered:

1. Develop strategic threat intelligence: Establish dedicated teams to monitor and analyze threats, providing a proactive view of potential risks. Integrate intelligence reporting into strategic planning and exercise incident response plans regularly.
2. Integrate security across regions and organizations: Create a unified approach to cybersecurity by establishing common security standards across all regions and business units. Foster a culture of security awareness and streamline processes for information sharing and decision-making.
3. Design clear and safe network architectures: Implement clear network segmentation and micro-segmentation strategies to limit the spread of cyberattacks within the network. Define security zones and establish secure demilitarized zones (DMZs) between IT and OT networks.
4. Promote industry collaboration: Engage in partnerships and industry-wide collaborations to develop common standards and best practices for cybersecurity. Participate in regional corporations to share knowledge and discuss security concerns specific to shared power grids. Advocate for security by design in IT and OT technologies, especially in smart-grid devices that may lie outside the utilities’ direct control. Additionally, organizing future-facing industry-wide exercises can help predict and preemptively address emerging threats to broader grid security.
5. Strengthen employee training and awareness: Build a culture of cybersecurity awareness within energy companies by conducting regular training sessions for employees. Educate them on identifying and responding to potential threats, emphasizing the importance of following established security protocols and reporting any suspicious activities.
6. Implement robust email security measures: Recognizing that phishing attacks often serve as entry points for cybercriminals, energy companies should prioritize comprehensive email security measures. These measures can include advanced spam filters, email authentication protocols (such as DMARC, SPF, and DKIM), and user awareness campaigns to identify and avoid phishing attempts.
7. Ensure secure remote access solutions: With remote work becoming increasingly prevalent, energy companies must ensure the security of remote access solutions. This involves implementing strong authentication methods, such as multi-factor authentication (MFA), virtual private networks (VPNs) with robust encryption, and strict access controls to minimize the risk of unauthorized access.
8. Regular software updates and patch management: Keeping all software systems and applications up-to-date is crucial in protecting against known vulnerabilities that cybercriminals often exploit. Energy companies should establish robust patch management processes to ensure timely updates and apply security patches promptly.
9. Backup and recovery planning: Developing comprehensive backup and recovery plans is essential for mitigating the impact of cyberattacks. Regularly backing up critical data and systems and maintaining off-site or offline backups can help organizations quickly recover in the event of a breach or system compromise. Testing the effectiveness of backup and recovery plans through regular drills and simulations is also recommended.

Securing energy infrastructure is an ongoing task

Given the increasing integration of IT and OT environments, it’s important to highlight that 94% of IT security incidents have also impacted the OT environment. This underscores the ongoing and comprehensive task of securing energy infrastructure from cyber threats.

In this evolving landscape, effective cybersecurity is not a standalone effort but hinges on several key elements:

• Cross-regional and cross-departmental integration
• Secure network architectures and demilitarized zones
• Recognition of the sector’s unique vulnerabilities
• Implementation of layered defense strategies to significantly mitigate risks
• Strategic threat intelligence that enables proactive responses to threats
• Prioritization of staff training, robust email security, and secure remote access solutions
• Regular software updates and industry-wide collaboration

By adhering to these recommendations and fostering a proactive cybersecurity mindset, we can safeguard our critical infrastructure and ensure a resilient energy future.

The post Protecting energy infrastructure from cyberattacks appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

More than 67% of internet users in the US remain blissfully unaware of online privacy and data protection regulations.

At the same time, the global average cost of data breaches and cyber-attacks has increased by 15% since 2020 to $4.45 million. In fact, compromised credentials and personal information are responsible for nearly 20% of nearly 1.4 billion security incidents during this period.

As a result, there’s a growing need for a solution to protect sensitive data from potential theft or misuse.

Global Privacy Control (GPC) is an emerging resolution to give users more control over their data when navigating the internet and using digital solutions.

In this article, you’ll learn about the core concept of GPC and its importance in digital protection.

What is Global Privacy Control (GPC)?

Global Privacy Control, or GPC, is a cybersecurity and data privacy initiative to give businesses and individuals greater control over their data, including its storage, distribution, and usage.

It offers a simple, standardized way to assert and protect your privacy rights while surfing the internet and navigating different websites and applications.

Adopting and implementing the protocol sends a “Do Not Collect or Share My Data” signal to digital platforms, prompting them to refrain from selling your data to third parties for advertising and other commercial purposes.

Common data websites collect generally include:

• Personal information (Name, contact, address, etc.);
• Browsing history;
• Live location;
• Device information (Model, operating system, etc.);
• IP address;
• Cookies;
• Payment information (Card details, digital wallet credentials, etc.);
• Account credentials (Social media apps, third-party services, etc.);
• Usage data (Time, features used, launch frequency, and more).

By activating the GPC signal, you can exercise your privacy rights and stop sites and apps from collecting all the information listed (and more).

The significance of data privacy and how can GPC help?

Data privacy is more critical than ever due to the unprecedented exchange and collection of data on the internet. Digital entities actively collect your valuable data, including personal information, browsing habits, location, financial details, etc.

By creating vast repositories of your data, websites, and apps gain insights into your online behavior, and use them to tailor:

• Ads;
• UI/UX design;
• Site content;
• Products;
• Services.

However, by doing so, they increase your risk of security breaches and privacy infringements. Hackers and cybercriminals actively target sensible information like your IP address to orchestrate various attacks, including:

• Distributed Denial of Service (DDoS) attacks;
• Spoofing;
• Ransomware and spyware;
• Man-in-the-Middle attacks;
• Brute force attacks, etc.

Fortunately, you can prevent an IP address hack and consequential attacks using a virtual private network (VPN). A VPN encrypts your IP address and online traffic, making it nearly impossible for malicious criminals to access your data.

However, you can take data protection to a whole new level by combining Global Privacy Control with VPN and other essential cybersecurity tools, such as:

• Anti-malware software;
• SSL certificates;
• Multi-factor authentication;
• Intrusion detection systems, etc.

Preserving data privacy is crucial for protecting valuable data and building trust between users and digital platforms. As it stands, GPS is one of the few initiatives that can proactively prevent breaches by stopping the flow of user data.

Benefits of adopting Global Privacy Control

Below are the key benefits of adopting GPC on websites or apps:

1. Data security & privacy enhancement

GPC enables you to fortify your valuable data against nonconsensual or unauthorized sharing. Hence, you can use your personal information solely for core purposes, such as logging into your account or online transactions.

With GPC protocols, no website or app will record your browsing activity, usage, or online behavior, significantly reducing the risk of attacks, identity theft, and unauthorized access.

2. Transparent data collection and usage

If your business relies on collecting user data, you can use GPC to enable transparent collection and usage. You can share how your site or app collects, processes, and shares user data. This transparency allows visitors, customers, or users to make more informed decisions about engaging with your site or app.

3. Building trust & credibility

If you run an online business, one of the best ways to build trust with users is by respecting their online privacy preferences. This powerful branding and marketing strategy allows you to implement GPC and honor “Do Not Share My Data” requests.

Demonstrating that you care about your user’s privacy needs can improve credibility and foster a long-term relationship with them.

4. Compliance with privacy regulations

In the post-pandemic age, there’s an increased focus on data privacy regulations worldwide, including (but not limited to):

• General Data Protection Regulation (GDPR) – EU and UK;
• California Consumer Privacy Act (CCPA);
• California Privacy Rights Act (CPRA);
• Personal Information Protection and Electronic Documents Act (PIPEDA) – Canada;
• Health Information Technology for Economic and Clinical Health Act (HITECH), etc.

These bodies have strict privacy laws and policies you must adhere to. Failure to comply could lead to heavy fines and legal liabilities. Moreover, when users learn you’re non-compliant, they’ll hesitate to visit your site or use your app.

5. Empowering user control

Global Privacy Control makes users 100% responsible and accountable for the data they share on digital platforms. You have full control over your sharing preferences and can choose to avoid sharing data with third-party companies directly or through the site or app.

This user-centric approach promotes a sense of ownership and helps businesses mitigate security risks.

Conclusion

As the world rapidly shifts to a digital-first economy, you must take the necessary steps to safeguard data privacy.

With our commitment to Global Privacy Control (GPC), you can maximize data control and privacy protection. So, feel free to delve into our wealth of resources and empower yourself with the knowledge to fortify your online defenses.

The post What Is Global Privacy Control (GPC), and how can it help you protect your data? appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The threat of ransomware attacks continues to strike organizations, government institutions, individuals, and businesses across the globe. These attacks have skyrocketed in frequency and sophistication, leaving a trail of disrupted operations, financial loss, and compromised data. Statistics reveal that there will be a new ransomware attack after every two seconds by 2031 while the companies lose between $1 and $10 million because of these attacks.

As the security landscape evolves, cybercriminals change their tactics and attack vectors to maximize their profit potential. Previously, ransomware attackers employed tactics like email phishing, remote desktop protocol vulnerabilities, supply chain issues, and exploit kits to breach the system and implant the ransomware payloads. But now attackers have significantly changed their business model.

Organizations need to adopt a proactive stance as more ransomware gangs emerge and new tactics are introduced. They must aim to lower their attack surface and increase their ability to respond to and recover from the aftermath of a ransomware attack.

How is ransomware blooming as a business model?

Ransomware has emerged as a thriving business model for cybercriminals. It is a highly lucrative and sophisticated method in which the attackers encrypt the data and release it only when the ransom is paid. Data backup was one way for businesses to escape this situation, but those lacking this had no option except to pay the ransom. If organizations delay or stop paying the ransom, attackers threaten to exfiltrate or leak valuable data. This adds more pressure on organizations to pay the ransom, especially if they hold sensitive customer information and intellectual property. As a result, over half of ransomware victims agree to pay the ransom.

With opportunities everywhere, ransomware attacks have evolved as the threat actors continue looking for new ways to expand their operations’ attack vectors and scope. For instance, the emergence of the Ransomware-as-a-service (RaaS) model encourages non-technical threat actors to participate in these attacks. It allows cybercriminals to rent or buy ransomware toolkits to launch successful attacks and earn a portion of the profits instead of performing the attacks themselves.

Moreover, a new breed of ransomware gangs is also blooming in the ransomware business. Previously, Conti, REvil, LockBit, Black Basta, and Vice Society were among the most prolific groups that launched the attacks. But now, the Clop, Cuban, and Play ransomware groups are gaining popularity as they exploit the zero-day vulnerability and impact various organizations.

Ransomware has also become a professionalized industry in which attackers demand payments in Bitcoins only. Cryptocurrency provides anonymity and a more convenient way for cybercriminals to collect ransom payments, making it more difficult for law enforcement agencies to trace the money. Though the FBI discourages ransom payments, many businesses still facilitate the attackers by paying ransom in bitcoins.

 What’s the worst that can happen after a ransomware attack?

A ransomware attack can have consequences for businesses, individuals, and society. Since these attacks are prevalent there are privacy risks in almost every activity online. These attacks are not only a hazard to organisations but they also carve pathways that disrupts every associated client, customer and partner’s online anonymity. Here’s a brief insight into the worst outcomes that can occur following a ransomware attack:

No data recovery and repeated attacks

Ransomware attacks can result in significant data and financial loss. Despite promises, paying a ransom ensures no guarantee that the cybercriminals will return or delete the data they already have compromised. A study finds that nearly 200,000 companies fail to retrieve data after paying the ransom. Besides this, businesses willing to pay the ransom make them a more attractive target. The same study also finds that a ransomware attack hit 80% of companies for a second time, with 68% saying that the second attack happened in less than a month – and the attackers demanded a higher amount.

Financial instability

The most significant impact of ransomware attacks is the devastating financial losses. These attacks will cost victims around $265 billion annually by 2031. The victims are usually organizations that will likely incur the costs associated with customers’ data, investigating the attack, restoring the systems, and deploying robust security measures to avoid such attacks. In addition, if an organization fails to recover the data, it may experience long-term financial instability due to operational disruptions, reduced productivity, revenue loss, and legal liabilities.

Lawsuits and regulatory fines

Cybercriminals exfiltrate valuable data in ransomware attacks. This can result in lawsuits being filed by the affected parties whose data was compromised. Equip Systems, US Fertility, TransLink, and Canon, are some companies that faced lawsuits due to ransomware attacks. Additionally, most businesses are subject to industry regulations like HIPAA, GDPR, and CCPA to maintain data privacy. Suppose the attackers exfiltrate data that includes personally identifiable information and financial or medical records. In that case, the organizations face regulatory fines, losing customers’ trust and causing significant reputational damage.

Operational downtime

Ransomware attacks paralyze the organization’s everyday operations, resulting in significant downtime and productivity losses. Stats reveal that, on average, organizations experience almost three weeks of downtime in the aftermath of a ransomware attack. When a critical infrastructure, network, or system is compromised, businesses fail to provide services, and this downtime significantly impacts their profits and earnings.

Breaking down the ransomware business model

The risk of ransomware attacks is bigger than many organizations might realize. However, the good news is that there are plenty of measures that businesses can take to mitigate these attacks:

• Use data backups: Regularly backing up the data helps recover data during a ransomware attack. Businesses must ensure that all critical business data is backed up and stored in a location inaccessible to attackers.
• Upgrade, update, and patch systems: The older an operating system gets, the more chances of malware and other threats targeting them. Therefore, retire legacy devices, hardware, or software the vendor no longer supports. It’s also crucial to update the network software with fixes as soon as they are released.
• Reduce the attack surface: Organizations with clearly defined rules have been able to mitigate the impact of attack during the initial stages. Hence, create attack surface reduction rules to prevent common tactics that attackers use to launch an attack.
• Network segmentation: Develop a logical network segmentation based on least privilege that reduces the attack surface threat and limits lateral movement. If by any means the malicious actor bypasses your perimeter, network segmentation can stop them from moving into other network zones and protects your endpoints.
• Have a handy incident response plan: A survey finds that 77% of people say their businesses lack a formal incident response plan. A well-informed incident response plan can help businesses manage ransomware attacks better, minimize impacts, and foster fast recovery.
• Deploy XDR and SIEM tools: These tools provide holistic insights about emerging threats and enhance the security professionals’ detection and response capabilities for ransomware attacks.
• Employee education: Humans are an organization’s weakest link, and ransomware groups use this loophole to launch attacks. To close this gap, businesses must educate their employees about the latest trends, hackers’ tactics, and ways to respond promptly.

Final words

Over time, the ransomware business model is becoming sophisticated and evolving through double extortion, the RaaS model, and the emergence of new ransomware gangs. As these attacks are unlikely to go away anytime soon, businesses must educate their staff about this lucrative attack and the consequences it presents to the company. Organizations must prioritize basic cybersecurity measures like regularly backing up the data, segmenting the network, and patching the systems. Additionally, they must invest in endpoint protection tools, have an incident response plan handy, and invest enough in security awareness programs to minimize the impact of ransomware attacks.

The post Ransomware business model-What is it and how to break it? appeared first on Cybersecurity Insiders.