Author: Jane Devry

Configuration drift happens when the configurations of storage & backup systems and software deviate from a baseline or standard configuration over time. When this happens, it can inadvertently introduce vulnerabilities into the systems, paving the way for breaches. 

  • Changes to port zoning, file shares, LUNs, access rights, backup policies, administrative accesses and other configuration items can adversely affect the security posture of your storage and backup systems.
  • Upgrades, updates and hotfixes to storage OE, storage firmware, storage software components and backup software often result in hardened security settings being reverted to non-secure values, without the awareness of the organization.

Such breaches can lead to loss of revenue, business disruption and damage to the reputation of the organization. Organizations stand to lose valuable data, as well, that they can’t necessarily replicate.

In addition, configuration drift can cause storage & backup systems to deviate from regulatory standards, inviting both security risks and legal repercussions, which include hefty fines and reputational damage.

Storage and backup system configurations change on a regular basis. So, it’s clear that staying on top of configuration drift and actively managing security misconfigurations can significantly mitigate these risks.

Why Is The Topic Of Securing Storage & Backup Systems Important? 

There has been a significant increase in successful ransomware attacks on storage and backup systems in the past two years.

These include a ransomware attack at National Health Laboratory Service (NHLS), which resulted in deleted backup servers. As well as a cyberattack at Sacramento law firm, Mastagni Holstedt, whose backup access credentials were compromised, in order to delete the firm’s backups. They were unable to restore their network with the backup, and eventually were forced to pay a ransom to the hackers, to regain access to its data

A screenshot of a phone Description automatically generated

 

https://www.continuitysoftware.com/resources/?resources_category=headlines

In addition, ISO recently published their new industry standard for storage & backup security: ISO/IEC 27040, as well as recent security guidelines from NIST, CIS, DORA, and others.

Cyber criminals realize that an attack on the storage or backup environment is the single biggest determining factor to show if an organization will pay the ransom.

How To Identify Configuration Drifts?

There are two approaches to identifying configuration drifts when they occur. One method involves manually reviewing each production configuration and comparing it to the recovery or secondary configuration. This is often done prior to a disaster recovery test and is very time consuming and expensive. 

During the test planning process, various spreadsheets that list all storage & backup hardware and software devices are brought together across the IT departments for comparison and reconciliation. 

These include traditional storage services (e.g., block, file, and object storage), storage virtualization, storage architectures designed for virtualized server environments, backup appliances, backup software, and storage resources hosted in the cloud. There are often large discrepancies between these different lists, which serve to compound the difficulty of the effort and miss configuration gaps entirely. 

The other method involves developing custom scripts that run periodically to search for these gap “signatures” left by a configuration drift. 

This works well, however, it is often limited to a few gaps, and each script typically looks for one gap. Their scripts only grow as more configuration drifts are discovered by failed disaster recovery tests or worse failed production recovery efforts.

Managing baseline configuration and secure configuration process for your storage and backup systems is extremely difficult, since most vendor tools focus on host operating systems and web applications, and are unable to effectively communicate with the rather unique storage and backup technologies.

Automating The Detection Of Storage & Backup Configuration Drift

Purpose-built solutions, like StorageGuard can help you audit the configuration of storage & backup systems, to ensure they’re hardened and not vulnerable. These solutions automatically detect configuration drift and unauthorized changes, while validating that all systems adhere to the required baseline. 

These configuration checks usually cover a wide range of security categories such as:

  • Authentication
  • Authorization
  • Access control
  • Administrative access
  • Audit logging
  • Malware protection
  • Anti-ransomware
  • Encryption

Purpose-built solutions detect and track changes to the storage & backup security configurations on a daily basis, thereby helping to identify unplanned or incorrect changes that may put these systems at risk.

 

 

 

The post Catch My Drift? How To Easily Manage Configuration Drift In Your Storage & Backup Systems appeared first on Cybersecurity Insiders.

As the world eagerly anticipates the Paris 2024 Olympic Games, a less visible but equally crucial competition is underway: the race to protect the vast amounts of sensitive information collected during this global spectacle. With an estimated 3 million spectators and billions more watching worldwide, the Olympics present an unprecedented challenge in managing sensitive information supply chain risks.

The Expanding Digital Footprint of the Olympics

Modern Olympic Games have evolved into data-intensive events, leveraging technology to enhance operational efficiency and spectator experience. From ticketing systems and official apps to biometric identification and location tracking, the Olympics generate a treasure trove of sensitive data. However, this digital transformation also expands the attack surface for cybercriminals and increases the complexity of data management.

Key Sensitive Information Supply Chain Risks at the Olympics

1. Data Breaches and Unauthorized Access: With multiple vendors, partners, and systems handling sensitive information, the risk of data breaches escalates. Cybercriminals may target not just the main Olympic databases but also the numerous third-party providers involved in the event’s digital ecosystem.

Example: During the 2018 PyeongChang Winter Olympics, hackers executed the “Olympic Destroyer” malware attack. This sophisticated cyberattack targeted the games’ IT infrastructure, disrupting the opening ceremony and taking down the official website. While primarily aimed at causing disruption, it highlighted the vulnerability of Olympic systems to unauthorized access.

2. Data Exposure and Leakage: The sheer volume of data collected during the Olympics increases the chances of accidental exposure. Misconfigurations in cloud services or inadequate security controls could lead to large-scale data leaks, compromising athletes’, spectators’, and volunteers’ sensitive information.

Example: In the lead-up to the 2016 Rio Olympics, a database containing sensitive information of volunteers was accidentally exposed online. The breach included names, usernames, and passwords of over 8,000 volunteers, demonstrating how easily misconfiguration can lead to data leakage in large-scale events.

3. Insider Threats and Third-Party Risks: The Olympics rely on a vast network of employees, volunteers, and contractors. Each person with access to sensitive information represents a potential risk, whether through malicious intent or simple human error. Similarly, third-party vendors may not adhere to the same rigorous security standards, creating vulnerabilities in the data supply chain.

Example: During the 2012 London Olympics, an employee of G4S, the security contractor, was arrested for making a bomb threat. While not a data breach, this incident highlighted the potential risks posed by insiders with access to sensitive areas and information, underlining the importance of vetting and monitoring all personnel involved in such high-profile events.

4. AI and Biometric Data Risks: The increasing use of AI-powered systems and biometric data (such as facial recognition for security) introduces new privacy concerns. If breached, this highly sensitive information could be exploited for identity theft or sold on the dark web.

Example: While not strictly Olympics-related, the 2019 breach of the Biostar 2 biometric security system is relevant. This breach exposed over a million fingerprints and facial recognition data. Given that the Olympics increasingly rely on similar biometric systems for security and access control, this incident serves as a cautionary tale for the potential risks of storing and using biometric data at large-scale events.

5. Phishing and Social Engineering Attacks: The high-profile nature of the Olympics makes it a prime target for sophisticated phishing campaigns and social engineering attacks.

Example: In the months leading up to the 2020 Tokyo Olympics (held in 2021), numerous phishing campaigns targeted organizations associated with the games. These attacks, attributed to Russian state-sponsored hackers, aimed to steal sensitive information by impersonating the Olympic committees and related organizations, demonstrating the sophisticated social engineering tactics employed by cybercriminals.

The Importance of Data and Privacy Observability

To mitigate these risks, implementing robust data and privacy observability measures is crucial. Observability goes beyond traditional monitoring, offering real-time insights into data flows and interactions across the sensitive information supply chain. This approach allows Olympic organizers to:

1. Track Data Lineage: By tracing data from its source through all transformations, organizers can ensure compliance with data governance standards and quickly identify points of vulnerability.

2. Detect Anomalies in Real-Time: AI-powered observability tools can rapidly detect unusual patterns or potential threats, allowing immediate response to security incidents.

3. Ensure Compliance: With varying international privacy laws, observability helps maintain compliance by providing a clear view of how sensitive information is collected, processed, and stored.

4. Manage Third-Party Risks: Comprehensive observability extends to third-party vendors, ensuring they adhere to required security protocols and data handling practices.

Strategies for Mitigating Sensitive Information Supply Chain Risks

1. Leverage AI for Security: While AI presents its own risks, it can also be a powerful tool for enhancing security at events like the Olympics. Often, when you’re running a security team, you’re not only drowning in noise but in just the volume of things going on. AI and machine learning technologies offer potential solutions to this overwhelming workload.

2. Implement Data Minimization: To reduce the potential impact of a breach, collect only necessary sensitive information and limit its retention period.

As the Olympic Games continue to embrace digital innovation, the importance of managing sensitive information supply chain risks cannot be overstated. The examples from past events demonstrate that these risks are not theoretical but very real and potentially damaging. By implementing comprehensive data and privacy observability measures and adopting a proactive approach to security, Olympic organizers can protect the sensitive information of millions, ensuring that the legacy is not data compromised. 

 

The post Safeguarding the Olympic Data Legacy: Sensitive Information Supply Chain Risks in the Digital Age appeared first on Cybersecurity Insiders.

  • FireTail announces a free version of its enterprise-level API security tools, making them accessible to developers and organizations of all sizes.
  • FireTail’s unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time.
  • The free plan covers up to 5 APIs, includes 1M API call logs per month, offers 7 days of data retention, and provides clear developer support.

FireTail, a disruptor in API security, unveils free access for all to its cutting-edge API security platform. This initiative opens the door for developers and organizations of any size to access enterprise-level API security tools. 

Today, over 80% of all internet traffic is computer-to-computer communication via APIs. Every mobile app, IoT device, and most modern software applications use APIs, creating a broad attack surface for potential threats. FireTail’s hybrid approach to API security blends open-source code libraries with a feature-packed cloud platform and equips businesses with a unique suite of tools to eliminate API vulnerabilities and provide robust runtime API protection. 

“API security is essential for modern applications, and every developer and tech team should have access to effective security tools,” said Jeremy Snyder, CEO and Co-Founder of FireTail. “Security through obscurity is no longer a viable approach. We’re on a mission to secure all of the world’s APIs and our new free plan ensures ongoing access to an API security platform that delivers genuine insight into the most pressing attack vectors – design flaws in APIs. It’s perfect for smaller organizations striving for stronger API protection, and a great way for individuals or teams within larger organizations to get started.”Riley Priddle, Co-Founder and CTO at FireTail, added, “We’re excited to help organizations of all sizes to better protect their APIs. We want FireTail to become the de facto standard when it comes to API security. Just because you have a small number of APIs, it doesn’t mean they aren’t critical. We want everyone to have access to the best, enterprise-level API security tools. That’s why we offer both this free tier, as well as our open source libraries.”

For developers and small to medium-sized organizations needing to secure up to 5 APIs, FireTail’s free tier includes comprehensive API security features such as discovery, inventory, assessment, detection and response, and inline runtime protection. Key features include:

  • Protection for up to 5 APIs
  • 1M API calls per month
  • 7 days of logging retention

Thomas Martin, Founder at NephoSec, shared “We’ve been working with FireTail from the outset as both a customer and a distribution partner. Having proven that the platform works for even the largest enterprises with the most complex API security requirements, it’s great to see the team opening that technology up to everyone. This will enable us to solve API security challenges for organizations of all shapes and sizes.”

To access the FireTail API security platform, users can visit https://www.firetail.app or join the team on Tuesday, July 2nd for an in-depth look at what FireTail’s free tier can do.

About FireTail

FireTail allows customers to solve all the most critical problems facing APIs today with a hybrid approach, bringing together cloud, application and code with full blocking capabilities to solve the root causes of API data breaches – flaws at the application and business logic layer in authentication, authorization and data handling. Headquartered in McLean, VA, with offices in Dublin, Ireland, and Helsinki, Finland, FireTail is backed by leading investors, including Paladin Capital, Zscaler, General Advance, and SecureOctane. Users can learn more at https://www.firetail.io.

The post FireTail Unveils Free Access for All to Cutting-Edge API Security Platform appeared first on Cybersecurity Insiders.

With data breaches making the headlines more often, companies are well aware that keeping data safe and meeting compliance standards like SOC 2 is more important than ever. But navigating the complexities of SOC 2 compliance can be overwhelming. That’s where the right software comes in, making the whole process smoother and more manageable.

This article dives into the best SOC 2 compliance software available in 2024. These tools are designed to help you stay on top of your compliance game with features like automated evidence collection, continuous monitoring, and more. 

Whether you’re running a small startup or a large enterprise, the right software can make a big difference in how efficiently and effectively you meet SOC 2 requirements. Check out our top picks for the best SOC 2 compliance software to help your company stay secure and compliant in 2024.

Top 7 SOC 2 Compliance Software

1. Scytale

Scytale offers a complete compliance hub that simplifies the process of achieving and maintaining SOC 2 compliance. The platform is able to automate evidence collection, continuous control monitoring, and provide a clear roadmap for SOC 2 compliance, making it easier for companies to manage their security and compliance tasks in one place. With Scytale, organizations can streamline their compliance processes and ensure they meet the rigorous standards of SOC 2, making it an excellent choice for businesses of all sizes, especially startups.

2. Exabeam

The Exabeam Security Operations Platform leverages AI and automation to streamline security operations workflows. This holistic approach enhances threat detection, investigation, and response (TDIR), providing robust protection against cyberthreats. While Exabeam excels in incident response, it is less suited for preparing companies specifically throughout the pre- and post audit phases of getting SOC 2 compliant.

3. Apptega

Apptega allows businesses to build audit-ready security programs across various frameworks significantly faster and without the need for spreadsheets. This platform simplifies the SOC 2 compliance process, making it more efficient and manageable. Smaller companies and startups may find Apptega’s support for SOC 2 compliance to be less hands-on compared to larger enterprises.

4. OneTrust

OneTrust enforces the secure handling of company data, enabling teams to drive innovation responsibly. The platform addresses security, privacy, governance, and compliance risks, making it a comprehensive solution for data management. Although an excellent platform, OneTrust may be better suited for large, established companies that have in-house compliance and security teams, potentially making it less accessible for smaller organizations and startups who need SOC 2.

5. JupiterOne

JupiterOne provides complete visibility of all cloud and on-premises assets, allowing users to visualize asset connections and identify vulnerabilities. The platform automates compliance and audit evidence collection, enhancing security posture. Despite JupiterOne’s capabilities, compliance is not JupiterOne’s primary service offering, which may limit its effectiveness for SOC 2-specific requirements.

6. LogicGate

LogicGate’s Risk Cloud platform offers a flexible GRC (Governance, Risk, and Compliance) solution. Users can customize their processes and workflows with a no-code app builder and pre-built templates, automating GRC tasks without the need for external consultants or IT. Although LogicGate supports SOC 2 compliance, it is not the platform’s primary focus, which might be a consideration for organizations seeking more dedicated SOC 2 support and tools.

7. Tugboat Logic

Now owned by OneTrust which simplifies the path to SOC 2 compliance with streamlined processes and robust support features for data management. However, as mentioned above, OneTrust may be better suited for large, established companies that have in-house compliance and security teams.

Wrapping Up Your SOC 2 Compliance Software Choices

Achieving SOC 2 compliance may feel challenging, but with user-friendly software solutions, the process becomes much more straightforward and efficient. 

Whether you prioritize robust incident response platforms like Exabeam offers or prefer comprehensive SOC 2 compliance management tools like Scytale provides, these platforms cater to diverse organizational needs. 

Each software option enhances security measures through automated features and streamlined workflows, ensuring your company meets SOC 2 standards effectively. By leveraging these tools, you not only safeguard sensitive data but also demonstrate a commitment to data security and compliance to your customers. 

Choosing the best platform depends on what you need, whether it’s hands-on support, automated evidence collection, or a solution more flexible. With these top SOC 2 compliance software options, you can keep your data safe and show your commitment to security in 2024.

 

 

The post Best 7 SOC 2 Compliance Software in 2024 appeared first on Cybersecurity Insiders.

Last year was a brutal year in the cybersecurity field. Technologies like generative AI introduced new attack vectors to already outsized attack surfaces, and security teams were overwhelmed with sheer amounts of data while dealing with outdated legacy systems. Top to bottom, security leaders have their work cut out for them.

Cyberattacks nearly tripled last year according to Verizon’s 2024 Data Breach Investigations Report. The increase in sheer volume has created an alarming concern about the mental health of cybersecurity leaders and their teams as they bear the brunt and responsibility of protecting organizations from a seemingly never-ending onslaught of attacks. 

In this high-pressure environment, leaders need to address the growing stress and toll that security professionals face and identify solutions to alleviate the burden of the job. 

What’s Causing Mental Health Problems?

The cybersecurity workforce continues to face a shortage of trained talent and skilled security professionals. In a recent World Economic Forum study, 78% of cyber executives reported that their workers lack the in-house skills to fully achieve their cybersecurity objectives. Even more concerning is that 57% of respondents from an ISC2 report believe that the limited amount of experienced cybersecurity staff is putting organizations at moderate to extreme risk of experiencing a cyberattack.

Along with the shrinking talent pool, threats and vulnerabilities are also on the rise and have almost doubled since 2017. Even federal agencies like the National Institute of Standards and Technology (NIST) are falling behind on catching the growing number of common vulnerabilities and exposures (CVEs), leaving organizations with a vital gap in security intelligence and even more vulnerable to breaches and attacks. 

With the average breach costing organizations $4.45 million in expenses, cybersecurity leaders are burdened with not just protecting sensitive and proprietary data but also financial resources, too. With added regulatory pressures and cybersecurity disclosures by the SEC (Security and Exchange Commission), their role and any shortcomings are more visible and scrutinized than ever before.

The combination of these factors amounts to an incredible pressure to remain vigilant 24/7, leading to prolonged stress and a negative toll on mental health.

How That Affects Cybersecurity Teams

For C-suite leaders, it is imperative to recognize the role mental health plays when leading a business. Executives must be sharp, agile, and ready to take on new challenges at a moment’s notice. Yet all too often, mental well-being takes a backseat for security teams. 

The challenges of combating cyber threats are increasing as the number of threats continues to grow. With tighter budgets and smaller cybersecurity teams, leaders are forced to work longer hours and more days, building up and leading to increased stress. 

CISOs, CIOs and other cybersecurity executives have a particularly vulnerable position where they are the face of defenses, security applications, and attack surface management. Any breach or attack immediately falls onto them. With increasing scrutiny from other leadership and regulatory bodies like the SEC, security managers and leaders need solutions to distribute the burden and alleviate stress from their already high-stakes position.

Strategies for Supporting Security Leaders’ Mental Well-Being

There are many ways to go about lightening the load on security leaders, but the biggest one is by partnering with external experts to effectively support their in-house team. The collaboration with trusted and successful cybersecurity vendors supports established security practices and distributes workloads more evenly. By working in tandem, security managers can remain fresh and more vigilant while overseeing the cybersecurity operations of an organization.

By taking advantage of external partnerships, leaders also reduce the risk of costly remediation efforts. Rather than trying to clean house after systems are exploited, security leaders can take control of protecting their assets, saving data and financial resources.

Additionally, third-party vendors can offer more specialized and up to date security measures. With solutions like automated penetration testing, advanced vulnerability intelligence, and continuous attack surface management, security leaders have an around the clock, holistic awareness of their attack surface and security posture. With a proactive partnership, there is less of a chance of risks going under the radar. The need for 24/7 security can be split, and in-house teams are free to develop preemptive security measures rather than dealing solely with threats.

What’s Next

Mental health is health. Cybersecurity workers have an incredibly stressful and high-stakes job that can seem relentless at times. There are new risks and vulnerabilities every day, and it can seem like there is a never-ending slew of new cyber threats knocking at your door.

It is important for organizations to take care of and support cybersecurity leaders and their teams. Talk to them. Figure out what they need and how you can help them. By providing the right tools and solutions, executives can save their cyber team’s mental health from chronic stress, negative physiological responses, and burnout, keeping them fresh and ready for anything to come.

 

 

The post Protecting the Mental Health of Cybersecurity Leaders appeared first on Cybersecurity Insiders.

According to the Office of the Comptroller of the Currency, “Financial crime threatens the safety and soundness of financial systems worldwide. In some cases, these crimes threaten the security and safety of the nation. These crimes range from fairly simple operations carried out by individuals or small groups to highly sophisticated rings seeking funding for criminal enterprises or terrorism. Although financial criminals are often well-organized and persistent, bankers and citizens can take proactive steps to thwart their attempts.” 

A study conducted by Forrester for LexisNexis in November 2023 titled, “True Cost Of Financial Crime Compliance Study, 2023 United States And Canada” further revealed that the total cost of FCC was $61B. 

Financial institutions and other regulated entities have, as a result, taken a crucial step and established Financial Crime Compliance (FCC) measures; these encompass a comprehensive set of policies, procedures, and controls designed to effectively prevent, detect, and respond to financial crimes. The goal here is to ensure that they operate within the boundaries of the law and maintain financial system integrity.

And not surprisingly, regulatory bodies such as the Federal Trade Commission (FTC) in the United States, the European Data Protection Board (EDPB) in the European Union, or other national and international regulatory agencies do not look fondly on those that fail to implement FCC – levying severe penalties that include hefty fines and legal actions. Equally alarming – perhaps more so in some cases – failure to implement FCC may also inadvertently facilitate additional financial crimes, for which the organization may be held responsible. 

Verify Business Legitimacy Securely with KYB

Banks, financial institutions, and businesses associated with them, such as fintech or crypto companies, are legally mandated to complete KYB (Know Your Business) verification.

KYB is a regulatory compliance process that involves verifying the identity and legitimacy of businesses – which helps organizations to achieve FCC. This can include, but is not limited to, checking a company’s registration detail, ownership, financial stability, regulatory adherence, and other criteria. The goal of course is to validate a business — i.e., it is authentic and trustworthy. Not only for financial institutions, but for virtually any other business-to-business (B2B) org.s, this verification process is essential, as it helps maintain the integrity of the financial system and reduces risks associated with fraudulent entities.

KYB implementation involves gathering and analyzing a whole host of documentation and data, including company registration records, financial statements, and information on key stakeholders. Then to kick it up a notch, KYB may also leverage technology and data analytics to automate and enhance the efficiency of these checks. Businesses can build more secure and reliable partnerships, improve their risk management strategies, and demonstrate their commitment to regulatory standards — by ensuring compliance with KYB regulations.

Automated KYB for Streamlined, Secure Business Verification

Automated KYB processes can efficiently extract and validate information from public datasets, company registries, and other trusted APIs (Application Programming Interfaces), significantly accelerating and enhancing the accuracy of data collection. Leveraging Optical Character Recognition (OCR) technology, relevant information can be extracted from scanned documents and verified for authenticity using techniques such as watermark detection and hologram recognition. 

KYB, in real-time, can also enables organizations to access global sanctions lists and employ advanced algorithms to screen corporate entities.. If a match is found on the sanctions list, an alert is triggered for further review, allowing businesses to address potential compliance risks swiftly and effectively. By connecting to data sources that provide real-time updates on ownership changes, legal status, financial performance, regulatory actions, and negative media coverage, KYB also facilitates continuous monitoring of companies – a proactive approach alerts businesses to important changes or red flags, enabling timely interventions and effective risk mitigation.

Today’s automated KYB solutions increasingly leverage machine learning (ML) and artificial intelligence (AI) to analyze diverse data points, including financial indicators, market trends, news articles, and social media sentiments, to generate risk scores for corporate entities. So, automated KYB — with its data-driven approach — enhances the accuracy and consistency of risk assessments (and reduces the potential for human error), enabling businesses to make informed decisions efficiently and avoid financial pitfalls.

KYB, The Cornerstone of Modern Compliance and Business Success 

To sum it up, KYB is crucial for businesses for multiple reasons:

1. Improves Decision-Making – KYB utilizes advanced technologies like OCR and machine learning to streamline processes and enhance the accuracy of data collection, leading to better-informed business decisions

2. Prevents Fraud – By thoroughly verifying business details and maintaining updated records, KYB reduces the risk of fraud and financial crime, ensuring a safer business environment

3. Reduces Financial Penalties – KYB helps businesses avoid costly fines and penalties associated with non-compliance, which can be financially devastating

4. Mitigates Risks – KYB provides continuous monitoring and real-time alerts for any changes or red flags, allowing businesses to address potential issues quickly and effectively

5. Builds Trust – KYB helps maintain the trust of partners, investors, customers, and employees, which is crucial for long-term success, by ensuring regulatory compliance

6. Enhances Reputation – Regularly verifying business legitimacy protects your company’s reputation by preventing associations with fraudulent or unethical activities

7. Drives Competitive Advantage – A strong compliance framework, supported by KYB, helps maintain a positive public image, giving businesses a competitive edge in the market.

 

The post How to Combat Financial Crime and Achieve Business Success with KYB appeared first on Cybersecurity Insiders.

In 2024, we’ve seen several high-profile data breaches that have caused tangible and widespread damage to companies and their customers. One of the hardest-hit industries also includes one of our most critical: healthcare. The UnitedHealth data breach has had ripple effects since the initial news hit earlier this year.

It was recently revealed that the data breach will impact a large portion of the American people, and up to one in three Americans may have had their information compromised. This has been one of the worst healthcare breaches ever, and as the consequences keep emerging, the grim truth of exposing this personal data becomes clear.

This is what an expert had to say:

Clyde Williamson, Product Manager, Protegrity , said, “Months after the initial breach, UnitedHealth is still dealing with the long-term impacts of BlackCat’s infiltration into their networks. We’re now learning that personal identifiable information (PII, personal health information (PHI), and billing information were all part of this incident.  

While in this instance no complete patient information has been exposed, billing information can be just as revealing for a customer’s private medical procedure. For example, this information could include details on a prescribed drug, a specialist seen, or even of an out-of-state charge for a medical procedure when recent legal changes may make this legally problematic.  

Not only do these kinds of incidents expose some PII data, but they also expose inferences that can be made with that data. 

Stolen data has a wide-reaching and long tail of impact, and there are often subsequent breaches years after a primary attack. There’s no way to know for sure that either party involved actually deleted the stolen PII and PHI, but we can be sure that broader bad actors had access to this information for a period of time.  

Double extortion scenarios can haunt these organizations for years, meaning prevention is the best defense. UnitedHealth has already started the arduous process of creating a website for impacted customers. We must stop hoping layered defenses can stop threat actors from stealing our information while internally leaving it in clear text. Data de-identification methods offer flexibility and foresight benefits that render sensitive data useless for these groups. 

We need to remove the most significant source of ransom value to avoid these costs and strains on both organizations and their customers, even in instances of data exfiltration.” 

 

The post How Data Inference Could Expose Customer Information: The Case of UnitedHealth Breach appeared first on Cybersecurity Insiders.

The financial services industry has been at the forefront of the digital transformation age for some time. Agility and convenience are mandatory in this sector, and customers have expected reliable access to financial services at a moment’s notice. Everything from basic transactions such as making transfers and payments, to more involved processes such as investments, loans, and more, can now be completed online or with a mobile app.

Growing the attack surface with hybrid working and cloud migration

Keeping up with these requirements has caused financial organizations to rapidly overhaul their IT infrastructure, adopt multiple types of cloud technologies, and embrace a hybrid working environment for employees. Because of this rapid digitalization, organizations are consuming many different security solutions creating a bespoke environment that inadvertently exposes them to cyber threats – and there are plenty of cyber thieves opportunistically waiting for their chance to attack.

The Growing Risk of IoT

In addition, many financial organizations have invested heavily in other new technologies such as IoT (Internet of Things) assets that have become commonplace in branch offices as banks seek to optimize their remaining locations. These devices range from simple security cameras to items such as smart payment terminals and ATMs.

However, IoT devices can also give cyber thieves a clear entry into the network. As these devices are purpose built and normally run some kind of thin Linux/Unix platform, it makes them incredibly hard to be properly secured through traditional means. Because of this, hackers can easily use tools to perform automated scans to discover these devices and quickly exploit security issues such as unpatched vulnerabilities.

In addition, the financial industry is known for taking advantage of the availability of 5G networks. The technology promises speeds up to 100 times faster than 4G, allowing organizations to deploy even larger, more effective networks of IoT devices more easily.

But while enabling firms to rapidly expand their IoT and IT footprint, 5G can also lead to even greater risk exposure, since as more potentially vulnerable devices are deployed the attack surface significantly expands. In addition, attackers can also leverage the faster connection speeds, facilitating faster data extraction and more sophisticated botnets.

Balancing security and user performance

The financial industry faces a difficult balancing act, with multiple conflicting priorities at the forefront. Organizations must continually strengthen security around their evolving solutions to keep up in an increasingly competitive and fast-moving landscape. But while strong security is a requirement, it cannot impact usability for customers or employees in an industry where accessibility, agility, and the overall user experience are key differentiators.

One of the best options to balancing these priorities is the utilization of Secure Access Service Edge (SASE) solutions. This model integrates several different security features such as Secure Web Gateway (SWG), Zero Trust Network Access (ZTNA), Next Generation Firewall (NGFW), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP); and network management functions, such as SD-WAN, into a single offering delivered via the cloud. Cloud-based delivery enables financial organizations to easily roll out SASE services and consistent policies to their entire network infrastructure, including thousands of remote workers scattered across various locations, or multiple branch offices to protect private data and users, as well as deployed IoT devices.

There are a variety of SASE approaches for financial organizations to consider. Advanced unified SASE solutions provide the greatest benefits by natively embedding security into the global fabric of a software-defined network to optimize latency, scalability, and performance in ways only possible when everything is built-in from the beginning as a single service. A well-architected unified SASE solution comes with a unified management plane encompassing all the security and networking functionalities listed above, including a single policy engine, one language to define or import apps and users, an API that exposes most capabilities, and a common data lake – all part of a single operating system.

Unified SASE delivers important benefits for financial organizations to optimize security and user performance, most notably around tightly integrated security and networking that can be centrally managed and monitored, reducing the risk of security gaps or misconfigurations across otherwise separate functions. Unified SASE also offers the tightest integration of components, since they are designed to work together seamlessly, making it easier to manage and troubleshoot, which reduces complexity and streamlines IT operations. It is also easier to scale up or down for financial firms – since it’s a single-service cloud-native architecture designed for flexibility and scalability, adding additional components or capacity is simpler and quicker. Unified SASE gives users a consistent experience across all locations and services, with the same set of policies and controls in place. Finally, by combining security and networking policy into a single policy repository, unified SASE avoids the manual and often difficult and inconsistent policy reconciliation found with multiple implementations.

Enhancing network capabilities without compromising security

As the financial industry continues its relentless pursuit of digitalization, SASE will play an important role in optimizing the customer experience while also securing that experience against mounting cyber threats. SASE’s convergence of security capabilities and network management gives organizations the ability to control critical activity such as access management, policy enforcement, and network segmentation, just to start. Financial firms should explore how the vast array of SASE services can improve the services they offer while providing unparalleled security for the network, their customers, and private financial information.

The post Addressing Financial Organizations’ Digital Demands while Avoiding Cyber Threats appeared first on Cybersecurity Insiders.

Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. The key needs to be shared among the parties who are involved who wish to encrypt or decrypt data. Asymmetric encryption uses two separate keys related to one other mathematically. These are known as private and public keys. Typically, the certificate is often linked with a public key, which retains the information about the public key owners. 

The certificate consists of details like name, used algorithms, organization name, etc. However, symmetric and asymmetric encryption as ways of implementing cyber risk assessment may appear identical. Symmetric encryption is faster compared to asymmetric encryption, which is related to performance. Asymmetric encryption is slower, which is why symmetric encryption is specifically used in conjunction with asymmetric encryption. Let us now explore more related to this here.

Symmetric Encryption

As we have explained already, symmetric encryption utilizes an identical key for encryption and decryption; therefore, the sender will send the key to its receiver to decrypt the encrypted data. The key is often involved and needs to be protected and transferred securely. If anyhow the key is lost, then the data fails to get decrypted, and if the key is compromised, then it impacts encryption. Therefore, the symmetric keys get transferred among the parties who use the asymmetric encryption that ensures that the symmetric key stays encrypted. Two varied forms of keys get involved in encrypting and decrypting the data. Symmetric encryption is often comparably faster compared to asymmetric encryption, which is the reason why it gets used enormously.

Asymmetric Encryption

For managing third party risk, asymmetric encryption uses two distinctive keys that get mathematically involved with one another. The first one is known as the private as they are heavily protected. The key stays in an HSM or an air-gapped computer to ensure the protection of this key. The public key or the other one is derived from the private key that gets evenly distributed. The certificate is often created with the help of a public key that contains information about the owner of the key and a couple of details related to the key.

The key will often rely on the main number of the greater length. The public and private keys are simultaneously computed using similar mathematical operations, specifically the trapdoor functions. The trapdoor functions are easier to calculate in a single direction as they are troublesome to calculate in the reverse way. We can locate the public key; however, the private key never gets obtained through the public key using the private key.

Although asymmetric encryption offers greater protection to the keys, it is much slower than symmetric encryption. It is for this reason that asymmetric encryption is used for exchanging the secret key, which is used for establishing symmetric encryption for rapid data transfer and making encryption and decryption of the data rapid.

Integrating Encryption with Third Party Risk Management

In third party risk management, both symmetric and asymmetric encryption play pivotal roles. Companies should ensure that third-party vendors handle the key data and implement strong encryption practices to mitigate rapidly surfacing cyber risks and attacks.

Symmetric Encryption for Third Party Risk Management

  • Data Protection: Organizations will need third-party vendors to use symmetric encryption to safeguard the stored data to ensure that whenever data gets accessed for keeping it unreadable without the encryption key.
  • Secure Key Exchange: Implementation of the secure key exchange protocols remains critical while dealing with third parties. The encrypted channels for the distribution of keys and periodic key rotation would boost security.

Asymmetric Encryption for Third Party Risk Management

  • Secure Communications: Asymmetric encryption is the key to establishing secure communications with third-party vendors. The SSL/TLS protocols and the digital certificates ensure that the data gets transmitted between the parties in a tamper-proof and confidential manner.
  • Authentication and Integrity: Asymmetric encryption benefits the strong mechanisms behind authentication, verifying the identity of third-party vendors while ensuring the integrity of data.

Uses for Asymmetric and Symmetric Encryption

Asymmetric and symmetric encryption is used in a better way across a myriad of situations. Symmetric encryption with the use of a single key is better used for the data at rest. Data stored across the databases requires to be encrypted, ensuring that it does not get stolen or compromised. The data never needs two keys, just a single one offered by the symmetric encryption as it requires it to be safer until it gets accessed in the future. Alternatively, asymmetric encryption should be used on data that is sent across emails to the rest of the people.

Whenever symmetric encryption gets used on data in emails, the attackers take the key being used for encryption and decryption that gets compromised or stolen. The sender and recipient ensure that the recipient of the data can start decrypting the data since their public key gets used for data encryption with asymmetric encryption. These encryptions get used with different processes, such as digital signing or compression, offering greater data security.

Security and Trust

Making the right choice between symmetric and asymmetric encryption takes a lot of work to get a direct one. Asymmetric encryption is often used for establishing a secure connection between users who hardly met with the connection that was used for exchanging a symmetric encryption key. Whenever the entire process gets implemented in the SSL systems it will take a couple of milliseconds. As an outcome, numerous users will never find it. It is important for modern network infrastructure. For now, it is the ideal way to safeguard key data against corruption and theft.

Conclusion

Symmetric encryption is the fastest technique for encryption as the robust cybersecurity measures; however, the secret key should be exchanged securely for its real potential. Asymmetric encryption is thereby used for exchanging the key that gets involved for symmetric encryption. In both instances, asymmetric encryption is used briefly exchanging the parameters and establishing the symmetric encryption used for the remainder of the communication. Therefore, both of them get used together to achieve the perfect secure communication, achieving authenticity, maintaining privacy, proper authentication, and integrity of data.

 

The post Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach appeared first on Cybersecurity Insiders.

Infinidat, a leading provider of enterprise storage solutions, has introduced a new automated cyber resiliency and recovery solution that will revolutionize how enterprises can minimize the impact of ransomware and malware attacks. Infinidat’s InfiniSafe® Automated Cyber Protection (ACP) is a first-of-its-kind cybersecurity integration solution that is designed to reduce the threat window of cyberattacks, such as ransomware. Sophisticated cyberattacks, including new sinister forms of AI-driven attacks, are increasingly targeting the data storage infrastructure of enterprises.

Infinidat’s InfiniSafe ACP enables enterprises to easily integrate with their Security Operations Centers (SOC), Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) cybersecurity software applications, and simple syslog functions for less complex environments. A security-related incident or event triggers immediate automated immutable snapshots of data, providing the ability to protect InfiniBox® and InfiniBox™ SSA block-based volumes and/or file systems and ensure near instantaneous cyber recovery.

“The merging of cybersecurity and data infrastructure has been compelling CIOs, CISOs and IT team leaders to rethink how to secure enterprise storage across hybrid multi-cloud deployments in light of increasing cyberattacks. Enterprises need proactive strategies, seamless integration across IT domains, and the most advanced, automated technologies to stay ahead of cyber threats,” said Eric Herzog, CMO at Infinidat. Recognized as a cyber secure storage expert, Herzog is coming off participation in a string of cybersecurity panel discussions, roundtables and conference events.“Infinidat has carved out a very unique leadership position as the only storage vendor to offer an automated enterprise storage cyber protection solution that seamlessly integrates with cyber security software applications,” said Chris Evans, Principal Analyst at Architecting IT. “Infinidat’s newly launched InfiniSafe Automated Cyber Protection that easily meshes with the SIEM, SOAR or Security Operations Centers is exactly what enterprises need to include enterprise storage as a comprehensive approach to combat cyber threats.”

Infinidat’s new InfiniSafe ACP capability orchestrates the automatic taking of immutable snapshots of data, at the speed of compute, to stay ahead of cyberattacks by decisively cutting off the proliferation of data corruption.

Evans added, “This proactive cyber protection technique is extremely valuable, as it enables taking immediate immutable snapshots of data at the first sign of a potential cyberattack. This provides a significant advancement to ensure enterprise cyber storage resilience and recovery are integral to an enterprise’s cybersecurity strategy. ACP enhances an enterprise’s overall cyber resilience by reducing the threat window and minimizing the impact of cyberattacks on enterprise storage environments.”

The InfiniSafe Automated Cyber Protection is one of the biggest innovations of the year in cybersecurity because it unlocks the full potential of an enterprise’s security posture and maximizes the investments that an enterprise has made in protecting the business. By plugging into existing security mechanisms and continuous monitoring, InfiniSafe ACP bridges the gaps between enterprise storage and cybersecurity strategies that can transform the way CIOs and CISOs think about enterprise data infrastructures.

Information technology leaders have identified this ability to automate data snapshot commands and data pathways as critical to early detection and worry-free cyber recovery that minimizes the effects of even the most vicious and deceptive cyberattacks of malicious actors. An enterprise’s security team can put all its information from security operations through an enterprise storage intelligence grid to create the most sensitive triggers that often get missed by existing technologies and techniques.

Paul Rapier, VP of Information Technology at the Detroit Pistons, stated, “Infinidat’s efforts in enhancing cyber resilience for enterprises, particularly through the new InfiniSafe Automated Cyber Protection, are noteworthy for data security.”Allen Shahdadi, Vice President of Global Sales at Sycomp, said, “Infinidat has become synonymous with guaranteed cyber resilient storage. Infinidat continues to deliver powerful solutions that solve critical cyber issues for enterprises and service providers around the globe. The InfiniSafe Automated Cyber Protection solution brings much needed capabilities to fight more effectively against cyberattacks. The automatic capture of immutable snapshots of primary data could be the difference between your data being held ransom and the rapid recovery of your data. Before international cybercriminals, hackers and fraudsters can gain an advantage, Infinidat’s InfiniSafe reduces the threat window decisively.”

The InfiniSafe Automated Cyber Protection solution is the latest in a string of cybersecurity capabilities that Infinidat has brought forward to strengthen enterprise storage in the face of constant threats of a tsunami of cyberattacks. Infinidat has also unveiled the following extensions of its state-of-the-art cyber resilient capabilities:

  • InfiniSafe Cyber Detection for VMware – Access to InfiniSafe cyber resilience capabilities to combat cyberattacks has been expanded into VMware environments. The impact of a cyberattack can be readily determined through this cyber detection capability, with highly granular insights by leveraging AI and machine learning whether or not a VMware datastore and the VM’s they encompass have been compromised.
  • InfiniSafe Cyber Detection for InfiniGuard® – Cyber detection will be extended onto the InfiniGuard purpose-built backup appliance to help enterprises resist and quickly recover from cyberattacks. This proven capability provides highly intelligent scanning and indexing to identify signs of cyber threats in backup environments, helping ensure that data has integrity. The enhanced version will be available in 2H 2024.

As a leader in cyber resilient storage, Infinidat first unveiled its InfiniSafe software-based platform two years ago with a set of cybersecurity functions. This solution has won numerous awards and has been proven by large global enterprises. The comprehensive cyber resilience capabilities of InfiniSafe technology improve the ability of an enterprise to combat and protect against ever-increasing cyberattacks and data breaches by uniquely combining immutable snapshots, logical air gapping, fenced/isolated networks, and virtually instantaneous data recovery into a single, high-performance platform.

The InfiniSafe ACP is the latest example of Infinidat’s broadening innovation. It was introduced alongside the launch of the InfiniBox G4 family of next-generation storage arrays for all-flash and hybrid configurations. The G4 series is a completely new storage array family built from the ground up that substantially extends Infinidat’s cyber storage resilience and delivers up to 2.5x improvement in performance. The InfiniBox G4 series introduces a new set of foundational elements, powered by InfuzeOS, which is Infinidat’s software defined storage operating system.

Webinar On Demand

To watch Infinidat’s end-user webinar about the new solutions − “The Future of Enterprise Storage, Cyber Security and Hybrid Multi-Cloud” – users can click here.

The post Infinidat Revolutionizes Enterprise Cyber Storage Protection to Reduce Ransomware and Malware Threat Windows appeared first on Cybersecurity Insiders.