Author: Jane Devry

A new report on the cyber risk outlook by global insurer Allianz Commercial reveals that cyber claims have continued their upwards trend over the past year, driven in large part by a rise in data and privacy breach incidents. The frequency of large cyber claims (>€1mn) in the first six months of 2024 was up 14% while severity increased by 17%, according to claims analysis, following just a 1% increase in severity during 2023. Data and privacy breach-related elements are present in two thirds of these large losses. 

One of the leading emerging risk trends examined in the report is artificial intelligence (AI), which has the potential to turbocharge data breach exposures in the future, fueling greater processing of personal data and as a powerful tool for threat actors.

The use of AI by businesses and public bodies is growing day by day, with applications in technology, media, healthcare, finance, retail, and logistics. In a recent McKinsey survey, almost two thirds (65%) of organizations say they regularly use AI, nearly double the number from a year ago. 

AI relies on the collection and processing of vast amounts of data, including personal, health and biometric information, for training AI models and making accurate predictions or recommendations. AI is also integral to some technologies, such as personal assistants (like) Alexa and Siri, for surveillance, tracking and monitoring systems, chatbots and driverless vehicles. 

Given the volume of personal data involved, and its black-box nature, AI can create potential privacy and security risks if not properly managed. With so much data being collected and processed, there is a risk that it could fall into the wrong hands, either through hacking or other security breaches. There are also concerns around potential breaches of privacy laws, such as whether organizations have proper consent to process data through AI. In February 2024, Air Canada was ordered to pay compensation to a customer that had relied on incorrect information provided by one of the airline’s chatbots. 

AI technology and use cases are also developing in an evolving regulatory and legal environment. AI regulation is tightening – the EU is establishing a common framework for regulation under the AI Act and complementary AI Liability Directive – which will increase complexity and raise the compliance bar for companies.

Different AI applications, however, carry varying degrees of risk. AI use cases that focus on consumer products and services – such as chatbots or AI-generated content – are likely to bring a higher degree of data privacy risk than administrative AI applications, such as automation of internal processes.

Companies should consider the following factors to harness the benefits of AI while mitigating the risks of potential breaches.

Data governance: Establishing robust data governance practices is crucial for ensuring that data is collected, stored, and processed in compliance with privacy regulations and internal policies. This includes defining data ownership, implementing data classification, and setting clear guidelines for data access and usage.

Security measures: Implementing strong security measures, such as encryption, access controls, and regular security audits, is essential for protecting the data used by AI systems. This helps prevent unauthorized access and data breaches that could compromise individuals’ privacy.

Privacy regulations compliance: Companies must ensure that their use of AI aligns with relevant privacy regulations, such as the General Data Protection Regulation (GDPR) in Europe or the California Consumer Privacy Act (CCPA) in the US. This includes obtaining explicit consent for data collection and processing, providing individuals with control over their data, and honoring data subject rights.

Ethical AI practices: Embracing ethical AI practices involves considering the potential impact of AI on individuals’ privacy and well-being. This includes addressing bias and fairness in AI algorithms, being transparent about data usage, and incorporating privacy considerations into the design and deployment of AI systems.

Privacy-preserving AI techniques: Companies can explore privacy-preserving AI techniques, such as federated learning and differential privacy, to minimize the risk of data privacy breaches. These techniques allow AI models to be trained on decentralized data sources without directly accessing sensitive information, thus reducing privacy concerns.

To read the full Allianz Cyber Risk Trends Report, please visit: cyber-security-trends-2024.pdf (allianz.com)

 

 

The post AI to power future data privacy breaches appeared first on Cybersecurity Insiders.

It’s Cybersecurity Awareness Month and what better time to, evaluate the security of your organization’s network access solutions? In fact, I’d say this review is essential. Virtual Private Networks (VPNs) have been the cornerstone of remote access and network security for decades. 

However, the rise of cloud computing, hybrid work, and increasingly sophisticated cyber threats have exposed the limitations of VPN technology. As a result, Zero Trust Network Access (ZTNA) is rapidly emerging as the preferred solution for securing modern digital environments.

The Risks of Legacy VPNs

VPNs create a secure tunnel between a user’s device and a corporate network. While this approach has been effective in the past, it also introduces significant risks:

  • Enterprise employee risks: Employees may inadvertently compromise VPN security by using weak passwords, sharing credentials, or downloading malicious software.
  • Network exposure: VPNs require users to connect to a corporate network, exposing them to potential attacks and data breaches.
  • External attacks: Hackers who seek to exploit vulnerabilities and gain unauthorized access to corporate networks can target VPNs.
  • Scalability limitations: VPNs can need help to scale to meet the demands of large and complex organizations.

Recent VPN Compromise Incidents

In recent years, we have seen numerous high-profile VPN compromise incidents that highlight the risks associated with this technology. These incidents demonstrate the need for more secure and resilient network access solutions. For example:

  • Pulse Secure VPN vulnerabilities: In 2020, a critical vulnerability was discovered in Pulse Secure VPN software, allowing attackers to gain unauthorized access to corporate networks.
  • Palo Alto Networks VPN flaws: In 2021, a series of vulnerabilities were found in Palo Alto Networks GlobalProtect VPN, potentially exposing sensitive data.
  • NordVPN data breach: In 2020, NordVPN experienced a data breach that exposed customer information, including email addresses and encrypted passwords.

The Advantages of ZTNA

ZTNA offers a fundamentally different approach to network security by eliminating the concept of a network perimeter. Instead, it establishes trust based on identity, device health, and application requirements. This approach provides several key benefits:

  • Improved user experience: ZTNA provides seamless and secure access to applications from any device, anywhere in the world.
  • Enhanced compliance: ZTNA can help organizations meet regulatory requirements by providing granular control over sensitive data and application access.
  • Scalability: ZTNA is designed to scale to meet the needs of large and complex organizations.
  • Reduced attack surface: ZTNA reduces the potential attack surface by eliminating the need for a traditional VPN infrastructure.

The Transition to ZTNA

As organizations recognize VPNs’ limitations and ZTNA’s advantages, they are increasingly adopting this technology. The transition to ZTNA may involve significant network infrastructure and changes in security policy. However, the long-term security, efficiency, and compliance benefits make it a worthwhile investment.

During Cybersecurity Awareness Month, it’s crucial to assess your organization’s current network access strategy and consider the potential benefits of ZTNA. By transitioning to Zero Trust, you can strengthen your security posture, protect your valuable data, and ensure business continuity in the face of evolving cyber threats.

Here are some additional considerations for organizations considering the transition to ZTNA:

  • Choose the right ZTNA solution: There are many ZTNA vendors on the market, each with unique features and capabilities. It is important to evaluate your organization’s needs and select a solution that aligns with your goals.
  • Develop a comprehensive implementation plan: The transition to ZTNA can be complex, so it’s essential to develop a detailed implementation plan that addresses all aspects of the process, from network design to user training.
  • Consider a phased approach: If your organization has a large and complex network, it may be beneficial to implement ZTNA in phases, which minimizes disruption and ensures a smooth transition. 

By carefully planning and executing the transition to ZTNA, organizations can reap the benefits of this innovative technology and improve their overall security posture.

 

 

The post Cyber Awareness Month: The End of the VPN Era appeared first on Cybersecurity Insiders.

The world faces a critical shortage of cybersecurity professionals, with a new high of 4.8 million unfilled positions globally. This alarming statistic comes from a first look at the 2024 ISC2 Cybersecurity Workforce Study conducted by (ISC)².

The report paints a concerning picture: while the demand for cybersecurity expertise is surging (19% year-on-year increase), the workforce is experiencing stagnant growth (a meager 0.1% year-on-year increase). There is a widening gap of qualified professionals needed to defend organizations against cyber threats effectively

Economic Downturn Blamed for Stalled Growth

The report attributes the sluggish workforce growth to persisting economic uncertainty. Businesses are tightening their belts, with:

  • 37% experiencing budget cuts in cybersecurity departments (up 7% from 2023).
  • 25% facing layoffs within their cybersecurity teams (up 3% from 2023).
  • 38% implementing hiring freezes (up 6% from 2023).
  • 32% reported fewer cybersecurity team promotions (up 6% from 2023).

These figures highlight the financial constraints organizations face, leading to a slowdown in cybersecurity team expansion and career development opportunities. This, in turn, disincentivizes potential entrants to the field and discourages existing professionals from seeking career advancement within their current organizations.

The Ever-Expanding Skills Gap

While economic factors play a role, the skills gap remains a fundamental issue. Cybersecurity is a constantly evolving field, with new threats always emerging. Organizations require professionals with a diverse range of skills, including:

  • Network security
  • Cloud Security
  • Application security
  • Incident response
  • Threat intelligence
  • Security architecture
  • Digital forensics

Unfortunately, the current talent pool struggles to meet these demands. Educational institutions often need to catch up to the rapid pace of innovation in the field, and many professionals need more skill sets for today’s complex cyber threats.

The Impact of the Skills Gap

The consequences of this skills gap are far-reaching. Organizations with inadequate cybersecurity defenses are more vulnerable to attacks, potentially leading to:

  • Data breaches
  • Financial losses
  • Operational disruptions
  • Reputational damage

These negative impacts can cascade, harming not just individual companies but entire industries and even national security.

Attracting Entry-Level Talent: A Critical Need

The report emphasizes the importance of attracting new talent to the cybersecurity field, which requires a multi-pronged approach, including:

  • Promoting cybersecurity education at all levels: K-12 programs can introduce students to cybersecurity concepts, sparking early interest. Universities and colleges can develop more robust cybersecurity programs aligned with industry needs.
  • Providing clear career paths: Potential entrants need to understand the diverse career opportunities available within cybersecurity. Clear progression paths within organizations will incentivize talent to enter and stay in the field.
  • Offering mentorship programs: Existing cybersecurity professionals can play a critical role by mentoring newcomers, fostering a sense of community, and helping new talent develop their skills.
  • Highlighting the positive aspects of a cybersecurity career: Cybersecurity professionals are problem-solvers who play a vital role in protecting our digital world. Emphasize the intellectual challenge, the sense of purpose, and the competitive salaries associated with this field.

Challenges Impacting Job Satisfaction

While the demand for cybersecurity professionals is high, the report highlights some challenges that can impact job satisfaction. These include:

  • Long working hours: Cybersecurity professionals are often on call 24/7, which can lead to burnout.
  • High-pressure environments: Dealing with constant cyber threats can be stressful and demanding.
  • Lack of training and development opportunities: Organizations must invest in training their cybersecurity workforce to keep pace with the evolving threat landscape.

A Call to Action

The 2024 ISC² Cybersecurity Workforce Study serves as a wake-up call. Both organizations and individuals need to take action to address the growing skills gap and ensure a robust cybersecurity workforce. Businesses must prioritize cybersecurity investment, even in challenging economic times. They should also focus on attracting and retaining talent by offering competitive salaries, clear career paths, and opportunities for professional development. 

Additionally, educational institutions must adapt their programs to equip students with the latest cybersecurity skills. Finally, the growing demand for cybersecurity professionals and their vital role in protecting our digital world should encourage individuals to consider a career in cybersecurity. Working together can bridge the cybersecurity skills gap and create a safer digital future.

 

The post Cybersecurity Workforce in Crisis appeared first on Cybersecurity Insiders.

As organizations continue to incorporate IoT devices and support remote working by allowing employees to use personal mobile devices, securing enterprise mobility has become critical in modern business operations. Mobile devices connecting to networks often lack compatibility with traditional security solutions such as Virtual Private Networks (VPNs) or endpoint security tools, introducing numerous security challenges and lifecycle management considerations.

Mobile Virtual Network Operators (MVNOs) and Mobile Network Operators (MNOs) are at the forefront of this challenge. These service providers are tasked with ensuring optimal connectivity and user experience while safeguarding data privacy. As the market for basic connectivity services becomes increasingly commoditized, operators are compelled to explore new sources of revenue, and offering security capabilities as a value-added service presents a promising opportunity.

However, delivering these security services creates yet another challenge for operators because of the limitations of traditional security architectures in meeting the needs of a remote and mobile workforce.

Traditional approaches are insufficient

Many IoT devices act as “closed box” systems and do not support traditional security clients or agents being installed. This not only complicates security functionality deployment across these devices but also creates potential security vulnerabilities. In many cases, the required security controls from organizations create a heavy bandwidth load on devices that were designed to be lightweight and low compute.

Considerable challenges also arise due to the operational intricacies and increasing expenses associated with overseeing multiple devices, operating systems, and user profiles. The traditional approach, which relies on software clients for security and access, results in fragmented security measures that are difficult to scale and manage. To accommodate these agent-based security solutions, expensive firewall appliances are often needed to manage the large number of access routes created by these devices.

These challenges highlight the need for a new approach that offers a scalable, comprehensive, and efficient security solution to meet the needs of mobile operators and their evolving user base.

The advantages of SASE integration with SIM

Secure Access Service Edge (SASE) offers a transformative approach to network security for mobile operators by integrating advanced networking capabilities with comprehensive security services in a single, unified framework.

SASE is designed to address the dynamic access needs of modern enterprises by combining wide-area networking (WAN) capabilities with network security functions, such as cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and Zero Trust network access (ZTNA). This approach enables organizations to securely connect users, applications, and devices, regardless of their geographical locations, to ensure a seamless and secure access experience across the distributed digital landscape.

However, operators need to consider some limitations when applying SASE within mobile networks. Many mobile and IoT devices are unable to support traditional security clients, complicating their integration into a SASE framework and introducing complexities in lifecycle management.

To overcome this challenge, a new approach has been introduced that integrates SASE with subscriber identity module (SIM) technology. By leveraging SIM-based identity, “SASE on SIM” provides access control and robust authentication within mobile networks. This SIM-based approach applies SASE’s dynamic security policies directly to mobile and IoT devices to extend security services without requiring traditional security clients.

SASE on SIM functions by routing traffic from SIM-enabled devices through a SASE architecture and applying comprehensive policy enforcement and security checks before reaching its destination. This approach ensures that only authorized and authenticated devices can access network resources, a method which significantly enhances security. Utilizing SIM-based identity also streamlines the authentication process, making it more secure and user-friendly.

The benefits of SASE on SIM for mobile operators

The key advantage of SASE on SIM is its ability to offer agentless, scalable, and secure connectivity while also conserving bandwidth by avoiding the need for individual tunnels to be created through VPN clients. It eliminates the requirement for separate private access point names (APNs) for each organization, reducing operational complexities and simplifying the network architecture. This integration directly addresses the critical connectivity and security challenges MVNOs and MNOs face. At the same time, it aligns with the evolving needs of modern enterprises by delivering a secure, scalable, and efficient solution to support today’s diverse and mobile workforce.

This new approach greatly improves security by combining SASE’s comprehensive security services with SIM’s strong authentication capabilities. As a result, organizations ensure the consistent application of security policies at the network edge, close to user devices, for more advanced protection against cyberthreats and unauthorized access.

SASE on SIM also complements the Zero Trust security model, which follows the principle “never trust, always verify.” These solutions maintain a strict security stance by continuously verifying every user and device seeking network access, regardless of their location. This reduces the attack surface and risk of data breaches, ensuring mobile operators can deliver secure, efficient, and user-friendly connectivity experiences. This approach ensures the essence of built-in security measures within today’s mobile ecosystem, aligning seamlessly with Zero Trust principles.

By combining the ubiquity and reliability of SIM-based authentication with SASE’s dynamic security capabilities, mobile operators can address the evolving needs of the enterprise mobility landscape, ensuring scalability, security, and operational simplicity. This not only solves the pressing challenges of today’s mobile ecosystems, it also offers an avenue for value-added services and paves the way for a future where seamless and secure connectivity can be sustained.

The post How Innovations in Clientless SASE Services Redefine Security in Mobile Networks appeared first on Cybersecurity Insiders.

Due to the inherent nature of business, organizations are continuously in motion: There are always new products/brands/services to market. Corporate news will emerge when companies announce they are closing on an acquisition, hosting a promotional event, making a leadership change and going public, among many other milestones. Or, a company may get caught by surprise when news leaks about such developments before they’re fully prepared to launch.

Because the big event typically commands an “all hands”-level of attention organization-wide, a prime asset often gets overlooked and exploited by cybercriminals: Domains, which are especially targeted during these times, as everyone’s attention is directed elsewhere.

Criminals are constantly seeking to take advantage of major developments to either hijack domains or fraudulently register them under what we classify as “Dormant” domain that operate in stealth mode until its weaponized later as part of a targeted attack campaign. Furthermore, attackers use the Domain Name System (DNS) in one-third of breaches, according to the Global Cyber Alliance. In our own research, we’ve found that 79 percent of registered domains that resemble the Global 2000 brands are owned by third parties. These are called homoglyph – or fake – domains, created by subtle but intentional changes of characters in the domain name. Adversaries will deploy homoglyphs to hatch spoofing, phishing and other cyber scams to, for example, pose as the brand and direct unwitting consumers to a malware-infested website.

Despite the vast potential for costly exposure, businesses are leaving themselves highly vulnerable, as 72 percent of companies have implemented less than one-half of needed security measures to protect their domains, according to our research.

In terms of developments which adversaries most seek to exploit, three categories have emerged as high-risk:

Brand refresh/changes. We are seeing a major convergence of Brand bause into the fraud arena. A move to refresh opens up cyber targets because of the need to register new domain names and the abandonment of old ones related to the former brand identity. A new domain can easily get exploited to create ill-intended homoglyphs. A discarded domain tends to get ignored in perpetuity, providing opportunities for adversaries to grab them and launch malicious schemes.

Either way, a company will place itself in jeopardy – with subsequent attacks leading to costly, reactive resolution/mitigation efforts and brand reputational damages – without effective security measures in place.

Marketing Events/campaigns. Similarly, these initiatives introduce new domains for promotional purposes. Many of them are abandoned after the event or campaign ends. Adversaries stand ready to exploit this cycle, taking advantage of the “buzz” during the promotional phase to trick users into clicking on bogus versions of the company domains or to hijack vacated ones after the fact.

News leaks. When a business is caught off-guard by unanticipated news reports about a product launch, merger, leadership change, etc., cybercriminals can leverage the information to either create phony domains or exploit existing ones.

So how does your organization oversee a news-making development without increasing its exposure for domain abuse? We recommend the following best practices:

Conduct regular domain portfolio audits and monitoring. Analyze your domain portfolio to identify which domains are in use as vital (critical), brand related and defensive . Find out who is responsible for what and – most critically – who is in charge of the securing and monitoring the entire domain portfolio. This enables the flagging of improperly closed subdomains and “dangling” DNS records (an abandoned, outdated resource) that remain ripe for exploitation. Routine audits play an essential role here because total visibility into the entire attack surface represents the first, vital step in achieving overall domain protection.

Assess your partners. You’re only as strong as your weakest link, as the timeless (and true) adage goes. Even if your organization commands tight control over domains, you’re still potentially subject to increased risk if your vendors, third-party suppliers and additional partners do not. Be wary especially of commercial domain registrars who do not actively monitor your domains for unauthorized changes or obscure behavior. You can address these concerns with your partners by requiring them to fill out security questionnaires to determine if they’re taking the same, protective steps as you are. 

Commit to defense-in-depth. Our research reveals that companies which acquire enterprise-class capabilities are far more likely to adopt needed defense-in-depth measures than those using basic, consumer-grade registrars.

These measures include registry locks, which confirm all requested changes with the domain owner to eliminate unauthorized changes; domain name system security extensions (DNSSECs), which authenticate communications between DNS servers; and certificate authority authorization (CAA) records, which allow a company to designate a specific authority as the sole issuer of certificates for its domains. This serves as a check on cybercriminals attempting to get unauthorized certificates.

Raise company awareness. Through training and less formal communications sent via emails, corporate Slack channels, etc., employees in all departments can learn about domain defense and the various scheme scenarios to watch out for – particularly when big company news breaks.

The announcement of a new brand, product or service – or an IPO, major merger or leadership change – is exciting stuff. It’s perfectly understandable that everyone involved will entirely focus on the news at hand, in the interest of ensuring absolute success.

But organizations must take proactive steps beforehand to implement a comprehensive domain protection strategy which includes the described best practices here. Otherwise, they may end up making “big news” of another kind – reports about a significant attack that is linked to them. And this is something that no one wants to see.

 

The post How Organizations Can Avoid Domain Exploitation When “Big News” Breaks appeared first on Cybersecurity Insiders.

A few weeks ago, Tesla CEO and X (formerly Twitter) owner Elon Musk hosted a friendly conversation on X with former President Donald Trump. The interview was delayed by more than 40 minutes as X experienced technical difficulties. Musk immediately tweeted that there appeared to be a massive distributed denial-of-service (DDoS) attack on X causing the delay. It turns out X was not under a DDoS attack, but most likely a technical overload of its servers without the proper pretesting of the infrastructure to support that amount of traffic.

We’ve seen how big events (take this summer’s Paris Olympics, for example) tend to increase the threat of cyber-attacks, including DDoS attacks. Beyond the financial sector and online services, political campaigns have also become prime targets for DDoS attacks, aiming to disrupt their online presence and communication channels. Now that we’re about two months from the US Presidential election in November, it is reasonable to assume we will see an uptick in cyberthreats against the election ecosystem. While I agree with ​CISA and the FBI’s recent statement that DDoS attacks targeting election infrastructure will have little to no impact on the integrity of the actual voting process in the November election, I do think we will see threats made to informational election sites like marketing campaigns for each candidate, ‘get out the vote’ campaigns, etc. With only about 60 days left until the election, if bad actors are able to take down an information site for days, that’s a huge problem. 

Adaptive Attacks 

DDoS attacks are not a static phenomenon. Cybercriminals continually refine their techniques, leveraging technological advancements and exploiting vulnerabilities to launch increasingly sophisticated and disruptive attacks. Staying ahead of this evolving threat landscape requires constant vigilance and adaptation. Two significant changes have occurred to create this perfect storm of increased DDoS attacks: the increasing availability of vulnerable systems that facilitate DDoS attacks, as highlighted in recent Corero blogs, and the bad actors’ heightened motivation to adapt and innovate during attacks.  

1.The rise in global network capacity has led to a growing number of vulnerable network devices. These systems’ accessibility allows the bad actors to create targeted DDoS attack traffic. As a result, we are witnessing changes in the size, duration, and tactics of attacks, both during reconnaissance and active attempts to cause harm. 

2.Historically, DDoS attacks were simpler; bad actors would launch the DDoS attack and hope for success. Today, the bad actors actively monitor and adjust their strategies in real-time to bypass DDoS prevention systems. Modern DDoS attacks are far more adaptive — if one approach fails, the bad actors quickly shift to a different vector, often within minutes, repeating this process until they penetrate the network. The sophistication of these attacks has significantly increased compared to recent years. 

The Perfect Target 

During the 2016 US election season, there were reports of DDoS attacks targeting the websites and online infrastructure of both the Democratic and Republican campaigns. These attacks were aimed at disrupting their ability to communicate with voters and raise funds online. This isn’t just a problem in the United States, but rather a global problem. In 2012, the website of French presidential candidate François Hollande’s campaign was reportedly hit by a DDoS attack just hours before the polls opened. The attack was attributed to a group calling themselves Anonymous, who claimed they were protesting Hollande’s policies. 

Why is this election ecosystem the ‘perfect’ target for bad actors? 3 simple reasons:  

1.Motivation – politics can be ugly and most of the time, you are happy to see your opponent go down. In this instance, being able to disrupt communication around your opponent’s messaging, or preventing voters from registering in a timely manner, or educating themselves against your political ideology, is very attractive.   

2.Time – With only two months until the election, time is of the essence.  

3.DDoS availability – the ability to launch a DDoS attack has increased and they are much more effective and worse today. 

Service Availability Matters 

Even though the previously mentioned X incident was not an external DDoS attack, it doesn’t really matter. When your system is down, you are down. It underscores the importance of defending service availability.

Today, an organization’s ability to remain online is a necessity. If your main form of communication is online, when a disruption occurs for hours or even days, the result can be catastrophic. Organizations must be prepared and implement the right security solutions. Because even the smallest disruption can have significant consequences. 

 

The post DDoS Attacks and the Upcoming US Presidential Election appeared first on Cybersecurity Insiders.

AI benefits our society at large in numerous ways, but cybercriminals are using this new technology for nefarious purposes. From gathering data more efficiently to using large language models to craft phishing communications, experienced and novice threat actors are relying on AI to streamline their efforts.

Organizations worldwide are taking notice, and executives are implementing efforts to combat this and other shifts in the threat landscape. Sixty-two percent of business leaders say they will mandate cybersecurity training in the form of certifications for IT and security personnel. Nearly as many (61%) say they’re introducing new security awareness and training programs for all employees.

What to Do Now to Guard Against AI-Driven Threats

Malicious actors are increasingly harnessing AI to increase the volume and velocity of attacks they deploy. They are also using this technology to make phishing and related threats more believable than ever. While there are numerous steps your team can take to better protect your organization from these changes in attacker activity, here are five things to do today to make everyone in the enterprise more aware of—and ready to defend against—an increasingly complex threat landscape.

Build a Culture of Cybersecurity

Cybersecurity is everyone’s job, not just the responsibility of your security and IT teams. Building a culture of cybersecurity within your organization starts with making sure that employees at all levels are aware of common cyber risks and understand the role they play in maintaining robust security. This starts with executives across all departments having a shared vision of cybersecurity and communicating regularly about the importance of safeguarding the enterprise. Other activities should include conducting regular cybersecurity training sessions, implementing long-term awareness plans, and conducting simulations to test employees’ knowledge of today’s cyberthreats.

Educate Your Employees

Employees continue to be high-value targets for threat actors, but with the right knowledge, they can also be a strong first line of defense against breaches. As cybercriminals embrace AI—using it to churn out more attacks and creating phishing and related threats that are harder for the average person to identify as malicious—ongoing cybersecurity education must be a critical part of your risk management strategy. If you currently have a cyber-awareness education program, reassess and update it often to reflect the changing threat landscape. If you have yet to implement an education initiative, there are many SaaS-based offerings available such as the Fortinet Security Awareness and Training Service that deliver timely training material, allow you to track users’ progress, and enable you to customize the content according to your organization’s or industry’s needs.

Develop (or Reevaluate) Your Cybersecurity Processes and Plans

Regarding cybersecurity incidents, it’s no longer a question of whether an organization will experience a breach—it’s “when.” Nearly 90% of enterprises experienced at least one breach in the last year.

Cybersecurity is not a “set it and forget it” effort. Developing a continuous threat exposure management program allows enterprises to evaluate and reevaluate their efforts, ensuring that you have the right people, processes, and technology in place to manage organizational risk. These periodic checks enable you to identify potential security gaps before they become a problem.

Implement Multi-Factor Authentication and Zero-Trust Network Access

Knowing that more than 80% of data breaches involve stolen or brute-forced credentials, implementing multi-factor authentication (MFA) and zero-trust network access (ZTNA) is essential. MFA adds another layer of security by requiring users to verify their identity in multiple ways, such as using a combination of a password and biometric data like a fingerprint. This significantly reduces the risk of cybercriminals gaining unauthorized access to your network, even if a user’s credentials are compromised. Adding ZTNA augments secure access to sensitive information through encrypted tunnels, granular access controls, per-application access, and ongoing connection monitoring.

Patch Software and Applications Regularly

Failing to patch software and applications continues to be a leading factor in breaches. According to our recent Global Threat Landscape Report, in almost 90% of the cases, our incident response team investigated where unauthorized access occurred through the exploitation of a vulnerability, the vulnerability was known, and a patch was available. It’s vital to keep all software, operating systems, and applications up to date with the latest security patches. If you don’t have a patch management process in place, establish one today to help streamline updates and ensure patches are implemented promptly. In many instances, AI can help automate tedious patching tasks.

Education and Collaboration Are Key to Disrupting Cybercrime and AI-Powered Attacks

As attackers up their game, every organization must strengthen their defenses in response. Implementing cyber education and awareness efforts helps lay the foundation of a culture of cybersecurity. Developing robust cybersecurity practices, ranging from MFA to ZTNA, and adopting the right technologies also go a long way in protecting your organization’s digital assets. Remember that collaboration across the entire organization is vital to success. Security is not just the responsibility of your security and IT teams. Above all else, strong risk management measures require that cybersecurity be everyone’s job, as every person in your organization has a role to play in disrupting cybercrime.

 

The post As Attackers Embrace AI, Every Organization Should Do These 5 Things appeared first on Cybersecurity Insiders.

Almost all organisations agree information sharing and collaboration are crucial elements in the fight against cybercriminals. That’s a majority as high as 91% according to respondents from recent research. With so many in favour of teaming up, it looks like a united approach to cyber security could, at last, be on the cards.  And yet, the study also reveals 70% of participants said their organisations could share more threat intelligence, and only 23% thought they are currently sharing the right amount of information. Interestingly, only 2% believed they were sharing too much. So, it appears there is some way to go before security teams are equipped to exchange information more readily. 

The study indicates there are several factors holding back organisations from developing effective threat intelligence sharing strategies. Over 51% of respondents felt that people were a large part of the problem, suggesting a change of mindset is needed within IT departments.  Far fewer attributed lack of progress to processes (21%) and technologies (11%).  On the face of it, it’s not tools and procedures that are at fault.  However, more telling, was a scarcity of knowledge about Information Sharing and Analysis Centres (ISACs), with 28% unaware of their existence. While over half of those surveyed (53%) said their organisation chose not utilise an ISAC, missing out on vital security information to manage cyber risk across different industries.

Taking full advantage of ISACs and threat feeds

Ramping up awareness of ISACs would help promote collaboration and ensure security teams get access to these valuable knowledge centres. Otherwise, they are missing out on an extensive range of expertise and timely notification of threats and vulnerabilities.  From international coverage to country, or industry-focused, and niche specialisms, their scope is comprehensive although they have different collaboration models, governance, and methods of funding. While the structure of each one varies according to their areas of interest and whether the stakeholders are primarily from public or private sectors, they are all driven by the common goal of protecting their members from cyber threats. 

Additionally, taking in threat feeds and mitigation advice from a comprehensive variety of sources helps reduce incident response times, containing or preventing attacks that might otherwise have been difficult to detect. Incorporating this level of intelligence into security programs can increase analyst efficiency and strengthen the overall security posture of an organisation. That’s assuming the data received can be utilised effectively. Here again the survey highlighted the gap between how organisations would like to operate and the reality of trying to consolidate silos of data. Nearly half the respondents (49%) said their organisations struggle to combine and derive actionable insights across multiple security feeds and tools, such as threat intelligence, SIEM, asset management, and vulnerability management platforms.

Extracting insights across teams and platforms

In these circumstances, effective integration of security data is imperative to cut out manual assimilation work and extract meaningful intelligence for security analysts.  By deploying a virtual solution, such as a cyber fusion platform, organisations can automate the consolidation of security data, breaking down silos. 

Similar to a physical location, a virtual fusion platform brings security functions together to combine efforts to proactively defend an organisation from cyber threats. But unlike bricks-and-mortar, a unified platform enables geographically dispersed and remote teams to share systems, data, and intelligence including context. 

By enabling seamless automation and orchestration across the entire technology stack, a virtual cyber fusion centre (vCFC) heightens collaboration between security functions as well as across engineering, and IT operations workflows, leading to measurably better security outcomes.

Adding AI into the mix will increase momentum still further, with over a third (35%) of organisations already citing its positive impact on threat intelligence sharing. Massive data-crunching capabilities will speed up processing, analysis, and dissemination of actionable insights. It will enable security teams to unlock the full potential of their internal threat intelligence and response capabilities. Furthermore, exchanging such knowledge within sharing communities will empower others to protect themselves too.

Overcoming inertia by supporting collaboration

However, there may still be some work necessary to overcome inertia as, currently, teams least likely to share threat intelligence with other departments are DevOps (31%), followed by SecOps (17%), Threat Intelligence (16%) and ITOps (15%). And, only 21% of teams share intelligence in real-time, 23% do so day-to-day, 17% weekly and 14% monthly.

With this in mind, business leaders will need to take action to fix any disconnect that exists between IT teams, or risk diluting the effectiveness of their cybersecurity initiatives. Organisations cannot afford to take a disjointed approach to cybersecurity, when there are scalable, integrated alternatives available.

Proactively supporting collaboration with like-minded communities will expand security knowledge and awareness across all sizes of enterprise. By breaking down the barriers that are stalling information sharing will help organisations continuously adapt and strengthen their cyber defences. Couple this with powerful new technology, like AI, to enable widespread, real-time sharing and security teams will be even better prepared to counteract cyberattacks swiftly and decisively.

The post Addressing Critical Gaps in Threat Intelligence Sharing appeared first on Cybersecurity Insiders.

The tech regulatory landscape is constantly evolving, with the imminent Network and Information Security 2 Directive, more widely known as NIS2, that aims to enhance cybersecurity and resilience across the EU. EU Member States have until 17th October 2024 to transpose the NIS2 security requirements into national law.

The Directive, which has come about in response to increasing digital threats and the rise in cyber-attacks, aims to enhance security requirements, address supply chain security, streamline reporting obligations, and implement stricter supervisory measures and enforcement standards, including harmonised consequences for non-compliance across the EU.

While the UK is not implementing NIS2, since it’s no longer bound by EU legislation, UK businesses that operate essential services within the EU, will need to comply and should start preparing now to implement the comprehensive measures. Such UK companies which fall under the scope of the directive, may face sanctions by the authority in the member state where they register their representative.

UK businesses who are operators of essential services solely within the UK, however, should also be fully up-to-speed of the new requirements, as although the UK will not be implementing EU NIS2, it is planning to update its information security legislation with similar requirements. These include regulation of managed services providers, and a two-tier supervisory regime – with proposed  UK NIS reforms outlined in the government’s whitepaper.

In light of this, here I offer an overview of the NIS2, with advice on how businesses can prepare. I will discuss the critical role of encryption in meeting many of the Directive’s stringent requirements and ensuring robust data protection. 

Understanding NIS2 – objectives and considerations

Understanding which sectors need to comply with NIS2 is essential for UK businesses, especially those working with or providing services to EU-based organisations. While UK companies may not be directly subject to the Directive, industries that interact with critical infrastructure and essential services within the EU will increasingly be required to provide NIS2-specific documentation, such as risk analyses and security compliance reports. For UK businesses, staying informed about which sectors are affected allows them to offer relevant solutions, ensuring they remain competitive in the EU market by meeting regulatory demands and maintaining strong partnerships.

Which businesses are affected?

The NIS2 Directive eliminates the distinction between the operators of essential services and digital service providers. It classifies organisations into essential and important entities including sectors, which were not covered under the first NIS Directive, such as postal services and public administration.

Essential entities include sectors such as energy, transport, banking, health, and digital infrastructure. Important entities cover postal services, waste management, chemicals, food, and digital providers. By introducing a clear company size threshold, NIS2 applies to medium and large companies in these sectors, with stricter oversight, tougher enforcement, and higher fines for non-compliance than those outlined in its predecessor.

Understanding the NIS2 Directive: 8 key requirements

 1. Implement cryptography and encryption methods to protect data: Organisations should use encryption methods to protect data, ensuring it remains unreadable to unauthorised individuals and meets robust security standards. The gold standard is zero-knowledge, end-to-end encryption (E2EE). Data is encrypted on the sender’s device and only decrypted on the recipient’s device, with the service provider having no access to the content and the encryption keys. Encryption is crucial both internally and for external communications, ensuring secure email and data sharing throughout the supply chain, which leads aptly on to requirement number two.

2. Ensure data protection across supply chains: It’s crucial to maintain strong cyber security practices not just internally, but also when sharing data with suppliers and contractors, ensuring all collaborative tools safeguard digital assets.

3. Prepare for cyber security incidents: Businesses must develop a comprehensive response plan for data breaches and incidents. High-security cloud solutions that limit access to sensitive information during an incident could play a vital role in this.

4. Maintain business continuity: Organisations must implement disaster recovery and backup solutions to ensure operations can continue during a crisis. This is crucial as business disruptions to those managing critical resources like water supply and healthcare can have serious consequences on a broader community.

5. Share vulnerability information securely: NIS2 emphasises the importance of sharing information about system vulnerabilities with relevant authorities and third parties if needed. While collaboration is key to reducing cyber risks, sharing details about system vulnerabilities requires the utmost security. An end-to-end encrypted collaboration platform could help facilitate compliance with this requirement

6. Enforce cyber hygiene: It’s vital to provide regular cyber security training for all employees and ensure that cyber security tools are user-friendly to prevent bypassing security protocols.

7.  Implement access control and asset management: Accurate records of all hardware and software should be maintained, and only authorised employees should have access to these assets to protect sensitive data.

8. Develop an IT security maintenance strategy: Organisations must regularly update IT infrastructure and ensure any new software or digital platforms are frequently patched and updated to combat evolving cyber threats.

Aiding NIS2 compliance and streamlining cloud collaboration

Cloud collaboration tools that provide zero-knowledge end-to-end (E2E) encryption across all platforms, help businesses to comply with NIS2 and maintain productivity by:

Offering ultimate protection for data: Thanks to E2E encryption, all files are encrypted with unique keys, ensuring that only authorised users can access them, even if servers are breached.

Securing access: Organisations can control which devices and locations can access files, manage permissions at a granular level, and limit or revoke access as needed.

Enforcing security policies: Organisations can implement and manage security measures like 2-step verification and IP filtering through a unified interface.

Encrypting email attachments: Enabling businesses to seamlessly integrate with Gmail and Outlook to automatically encrypt email attachments and replace them with secure share links using existing email accounts.

As NIS2 approaches, UK businesses operating in the EU should enhance their cyber security capabilities by preparing for compliance with its cyber security standards. Adopting end-to-end encrypted document collaboration tools will be crucial. Although the UK is not implementing NIS2, preparing for similar local cyber security laws and focusing on robust encryption and risk management will strengthen security and ensure compliance.

The post Navigating the NIS2 Directive: A comprehensive guide for UK businesses appeared first on Cybersecurity Insiders.

Electricity, transportation, water, communications – these are just some of the systems and assets that keep the world functioning. Critical infrastructure, a complex interconnected ecosystem, is what props entire countries up and is vital for the functioning of society and the economy. This is why it is under attack. Threat actors, usually nation-state backed, know this very well. By taking down the poorly protected power grid of a city or even a country, cyber attackers cannot only cause mass chaos, but any threat to the critical infrastructure sectors could have potentially debilitating national security, economic and public health or safety consequences. 

It is evident that cyberattacks targeting critical infrastructure have become the new geopolitical weapon. Across the globe, countries are seeing these attacks rising rapidly. In fact, the North American Electric Reliability Corporation (NERC) reported in early 2024 that the number of vulnerable U.S. power grids is increasing at an approximate rate of 60 per day. Additionally, the U.S. Department of Energy found that grid security incidents reached an all-time high in 2023. 

But it is not just in the United States that critical infrastructure such as power grids, water supplies, or communications are being targeted. According to a November 2023 report from the International Energy Agency (IEA), weekly global cyberattacks against utilities more than doubled from 2020 to 2022 – in just two years.

So, why are we seeing this rise in critical infrastructure as a target? 

Unlike financially-motivated threat actors, hackers targeting these critical systems are not seeking information in order to leverage a ransom. Instead, they are looking for access to the integral puzzle-pieces of enemy nations’ power, water and more, for the purposes of disruption, terrorism and/or espionage. The hackers conducting these attacks are typically backed by nation-states from one of the big four: China, Russia, Iran and North Korea.

There have been several of these attacks over the years, each with terrifying implications; but thankfully not yet overly successful. In 2021, the Colonial Oil pipeline was famously hit in a huge ransomware attack. Considering the pipeline supplies a significant portion of gas and fuel to the East Coast of the United States, this resulted in a state of emergency to be declared in four different states when the pipeline was forced to be offline for 11 days. This attack was carried out by the Russian hacker group DarkSide and is just one example of note. 

The serious reality is that critical infrastructure is almost constantly being attacked globally, even if it is not being talked about in the news. According to Forescout Research – Vedere Labs, from January 2023 to 2024, critical infrastructure was attacked more than 420 million times across 163 countries. While the U.S. has been the main target, many other countries like the UK, Germany and Japan, have also been highly impacted.

These rising attacks come in the context of the larger cybersecurity war in progress. In May 2023, the U.S. government determined that an intrusion impacting a U.S. port had come from a Chinese-backed government hacking group. Indeed, the inspectors tasked with looking into this intrusion found that several other networks had been hit, including some within the telecommunications sector in Guam. In Guam, there is a U.S. military base that would likely be a primary point of American response in the case of a Chinese invasion of Taiwan. The intrusion from the Chinese government had been a web shell allowing remote access to servers and, if successful, the intrusion likely would have aimed at electric grids, gas utilities, communications, maritime operations and transportation systems — all with the goal of crippling military operations. 

For organizations that supply even the smallest amount of support in the enormously interconnected global infrastructure network, it is high time to become serious about protecting society as we know it. So far, critical infrastructure attacks have yet to be truly catastrophic. However, at the rate these attacks are increasing, the next level of global disruption is inevitable. 

What is important to note as well is it is not just major infrastructure organizations that need to be concerned, but smaller businesses that are a part of the vast network of utilities, electricity, water, power and more. These businesses have the potential to be taken advantage of as the entry point for crafty-enough and malicious-enough nation-state backed cyber actors. 

Governmentally and diplomatically, geopolitical cybersecurity risks must be understood. In addition, businesses and individuals must place a priority on comprehending what the risks of these attacks are and how they can prevent them because in the end, it is going to be the individuals who are impacted. 

Like in physical wars, it is going to be the citizens who pay the price.  If one of these critical infrastructure attacks is successful enough to cause a catastrophe, it is going to be the people who will suffer from a lack of water, power loss or other resources. For this reason, it is the people who must spearhead a shift to global cybersecurity preparedness. 

 

The post The New Geopolitical Weapon: The Impact of Cyberattacks Against Critical Infrastructure appeared first on Cybersecurity Insiders.