Author: Jane Devry

Every January, the global campaign Data Privacy Week heightens awareness about safeguarding personal data and instructs organizations on effective data protection strategies. What began as Data Privacy Day now lasts a whole week. However, a mere week is trite when considering that cybersecurity teams must prioritize data protection year-round. Despite notable progress in raising data privacy awareness, the persistent news of breaches and cyberattacks indicates that the quest for robust data protection is ongoing.

Exploring the Principle of Least Privilege

The foundation of data security is in the principle of least privilege: Each individual, service and application should be granted only the permissions needed for their specific roles, regardless of their technical expertise, perceived trustworthiness, or position within the organizational hierarchy.

To illustrate the principle of least privilege, consider the layered security measures that banks put in place to protect the cash and other valuable assets they hold. While a bank appreciates all its employees, it must strictly limit what each of them can do: General employees are permitted to access only public areas; tellers have specific rights to their own cash drawers; loan officers review customer credit histories; and certain managers may access safe deposit box rooms. Meanwhile, access to vaults containing gold bullion and other high-value assets is restricted to a highly select group.

A bank’s monetary assets are analogous to your organization’s sensitive data. Just as loan officers cannot access cash drawers and tellers cannot open safe deposit boxes, your IT teams should not be able to view your client databases, while your sales reps should not have access to your software repositories. And very few people should have access to your gold bullion, such as your vital intellectual property.

The Critical Need to Enforce Least Privilege

Failing to enforce the core principle of least privilege puts data privacy at risk in multiple ways. Users can misuse their access, either accidentally or deliberately, to view or modify content that they should not be accessing in the first place. An even greater risk is a threat actor compromising a user account since they can then abuse all the rights and privileges granted to that account.

The threat isn’t confined to human actors: Malware inherits the user account’s privileges that downloaded it. For instance, a ransomware package can encrypt all the data that the user account can modify, whether or not the user actually needed those access rights. Similarly, applications must be limited to only the functionalities essential for their operation in order to minimize the potential for their misuse.

A Multi-layered Approach

More broadly, enforcing the principle of least privilege is not a simple “set it and forget it” event. It requires a multi-layered approach with components such as:

Identity governance and administration (IGA) — IGA involves overseeing the entire lifecycle of identities, including ensuring that each user has only the access necessary for their roles.

Privileged access management (PAM) — PAM gives special attention to managing accounts with elevated access to systems and data since the misuse or takeover of those accounts poses an increased risk to data privacy, security, and business continuity.

Together, these components form a comprehensive framework for strictly controlling access to systems and data, strengthening the organization’s security posture.

Maximizing Operational Potential

Data privacy is a consistent, year-round priority that starts with cultivating a culture of security awareness throughout the organization from the top down. By enforcing the principle of least privilege with effective IGA, DAG, and PAM, organizations can secure data privacy, reinforce customer confidence, avoid costly breaches, and ensure regulatory compliance. This allows them to focus more on maximizing their operational potential and less on mitigating cybersecurity threats.

About the Author

Anthony Moillic is Director, Solutions Engineering at Netwrix for the EMEA & APAC regions. Anthony’s main responsibilities are to ensure customer satisfaction, the expertise of the partner ecosystem and to be the technical voice of Netwrix in the region. His main areas of expertise are CyberSecurity, Data Governance and Microsoft platform management.

The post Essential Data Protection Starts with Least Privilege appeared first on Cybersecurity Insiders.

Microsoft Active Directory (AD) is currently used by over 90% of large organizations. It functions as the ‘keys to the kingdom’ – a critical identity system that controls user authentication and permissions for the entirety of an organization’s resources and operations. The level of access Active Directory provides is immense, and unsurprisingly, it’s a hacker favorite. Case in point: 88% of Microsoft customers impacted by ransomware didn’t apply AD security best practices, according to Microsoft’s 2022 Digital Defense report.

Traditionally, security has been perimeter-based, i.e., the bad guys are outside the building, and the good guys are in. But this no longer works – given the prevalence of hybrid environments, perimeters effectively no longer exist. It’s nearly impossible to contain an attack, especially in a hybrid environment, as hackers find the weakest spot and spread laterally.

The Zero Trust approach aims to significantly reduce these risks. With Zero Trust, those who are ‘inside’ are no longer implicitly trusted. Active Directory is the foundational system of ‘who’s who’ in most organizations, and is thus the primary system involved in large-scale attacks. This means AD needs to be a core component of any Zero Trust strategy.

The following outlines a step-by-step guide to implementing a Zero Trust approach using Active Directory.

Phase 1: Assessment

First, take stock of which systems you have, and which rely on your AD, both cloud and on-premises. This includes assessing where your accounts are, how different systems interact, access protocols for both administration and business applications, where users and groups are located, and how permissions and access are granted. It’s also important to understand which authentication and SSO platforms your organization employs. The goal of the assessment phase is to get a clear picture of where your identities and permissions live, and how they are related.

Phase 2: Governance

Governance entails defining, developing, monitoring and enforcing policies, including automated accounts and permissions provisioning and deprovisioning to build repeatable processes that can be continuously monitored and assessed. In the context of Zero Trust, identity governance makes trust explicit, rather than implicit. This enables an organization to explicitly grant employees access to systems and data based on their job role, while avoiding overprivileged access and automatically deprovisioning access when an employee changes roles or leaves the company. Clearly defined governance models that are enforced through automated identity governance also enable organizations to satisfy and demonstrate compliance requirements.

Phase 3: Granular Delegated Administration

Active Directory was designed decades ago using a standing administrative privileges model, which no longer applies today. To implement Zero Trust, you must remove all native AD administration permissions and replace them with granular permissions granted to specified personnel for specific tasks within a specific scope, including temporary just-in-time access for unique circumstances. The more you limit standard access privileges, the more you limit the attack surface.

Phase 4: Automation

Automation eliminates manual and error-prone administrative processes and thus the requirement to grant and manage access rights for these. By automating processes and removing manual steps, less trust is given to individual humans, and the attack surface is reduced further. Automation is also tied to governance, as automating access enables you to explicitly define your organization’s governance process. Explicit processes can be assessed, monitored, reviewed, and shared with compliance auditors. Anomalous behavior can be more easily detected.

Phase 5: Monitoring and Threat Detection

Once you’ve designed the system, you need to make sure it runs the way it’s supposed to. Monitoring how your planned Zero Trust processes run in reality enables you to catch any red flags and suspicious behaviors for continual improvements.

Threat detection takes monitoring to the next level, enabling you to track for specific behaviors and patterns that indicate your organization is vulnerable, has been compromised, or is under attack. This includes common identity attacks such as password spraying, Golden Ticket and Silver Ticket attacks, modified administrative access, group policies, and others. Threat detection can also use machine learning to fine-tune attack and anomaly detection over time.

Phase 6: Recovery 

While recovery is not always considered part of implementing Zero Trust, you need a plan for when things go wrong. When AD goes down, everything comes to a halt. Employees log in through AD, and it often controls the authorization for all directory-enabled applications across line of business, accounting, marketing, product and other departments, as well as printers, file shares and other core resources. An AD outage impacts all parties connected to your organization including employees, customers, partners and suppliers. Should an attack occur, you need to be able to get back to an operational state quickly. Develop a recovery plan that will enable you to restore AD as quickly as possible.

Additional Best Practices

The following are additional considerations in implementing Zero Trust for Active Directory:

  • Identity verification: Ensure authentication methods such as MFA are in place for accessing AD resources, including the ability to monitor and track for multiple failed MFA login attempts.
  • Incident response plan: Develop an incident response plan specific to Active Directory security incidents to ensure a swift and coordinated response to any security breaches or anomalies detected within the AD environment. Be sure to test it daily in an automated way, and factor in rollback capabilities in the event that an attack spurs an outage.
  • Endpoints: Endpoints and devices need to be part of the Zero Trust framework as well, as employees use their Active Directory accounts across their devices. Remove local administrative privileges on employee devices and implement centralized and automated device protection and management policies.

Active Directory is the core identity and access management system for the majority of enterprises. As such, it is the perfect attack target – a critical risk vector that must be addressed in any effective Zero Trust strategy. Active Directory’s security posture directly impacts an organization’s cyber resilience and business continuity. Implementing robust Zero Trust principles with Active Directory in mind enables organizations to protect core IT infrastructure from identity-based attacks. Ultimately, safeguarding this foundational system should be a cornerstone of every organization’s cyber defense strategy.

About Dmitry Sotnikov

Dmitry Sotnikov is Chief Product Officer at Cayosoft, which offers the only unified solution enabling organizations to securely manage, continuously monitor for threats or suspect changes, and instantly recover their Microsoft platforms, including on-premises Active Directory, hybrid AD, Entra ID, Office 365, and more. 

Dmitry spearheads the vision, strategy, design, and delivery of Cayosoft’s software products, ensuring they resonate with market demands and offer unmatched value to users. With over two decades in enterprise IT software, cloud computing, and security, Dmitry has held pivotal roles at esteemed organizations like Netwrix, 42Crunch, WSO2, Jelastic, and Quest Software. His academic credentials include MA degrees in Computer Science and Economics, complemented by Executive Education from Stanford University Graduate School of Business. Beyond his corporate endeavors, Dmitry serves on the Advisory Board at the University of California, Riverside Extension, and has been recognized with 11 consecutive MVP awards from Microsoft.

The post A Practical Guide to Applying Zero Trust Principles to Active Directory for Microsoft On-Premises and Hybrid Environment Protection appeared first on Cybersecurity Insiders.

By Nathan Vega, Vice President, Product Marketing & Strategy, Protegrity

Companies are increasingly relying on data to drive business growth and support consumer appeal because we’re in an era where data is the most valuable asset a company can have. However, this data originates from a demographic not well-versed in data security nuances, trusting companies: the consumers. There is a built-in social contract between companies and their consumers that their data will be secured and protected after a mutually beneficial transaction. However, this isn’t what’s happening.

Establishing a solid foundation of trust with your consumers is a key part of leveraging data for business growth, but increasing concerns over data privacy and data breaches are highlighting the darker corners of this relationship. Data’s value is only enhanced by a strong social contract that prioritizes data security, thus increasing consumer trust in providing organizations with their data.

A Confidence Crisis: Consumer Trust

Consumers are paying more attention than some organizations may believe. Each time a widespread data breach occurs, or they receive instructions on credit monitoring after a threat actor exfiltrated their data by a threat actor, trust erodes.  This is evident in a Cisco survey, where 76% of consumers indicated they would not buy from an organization they did not trust with their data. In this same survey, 81% agreed that how a company treats its data represents its respect toward consumers.

In a modern world of futuristic attack vectors fully accessible by cybercriminals, the social contract between organizations and their consumers must be robust and dedicated to the safeguarding of their most valuable data.  Beyond simple trust, data privacy regulations globally target organizations with lackluster data security practices by exacting large monetary fines and thorough investigations – and for good reason.

The best path forward for consumers and companies alike is to forge transparent lines of communication with consumers, thus starting a new initiative in a robust social contract. This may look like providing clear and detailed information regarding privacy policies, creating dedicated platforms and landing pages where these policies are easily accessible, and offering easily understood answers when questions arise. This commitment to data responsibility can emphasize a new page in the relationship between companies and their consumers, thus rebuilding the trust that has become a key component in consumer loyalty.

Data Breaches and Their Impact

Organizations build systems around collecting, storing, and analyzing provided customer data such as emails, addresses and Social Security numbers. This high-value data, or personal identifiable information (PII), is the currency companies use to ensure quality service is provided to consumers and must be protected.

One example of how devastating the impacts of a data breach can be on consumers is the recent Change Healthcare data breach. Globally, 129 million people and 67,000 pharmacies, including military hospitals worldwide, were impacted.

Like many recent security incidents, threat actors were allowed to infiltrate internal networks for over a week before enacting their data theft. These criminals gained access through compromised employee credentials that provided access to sensitive PII in the clear, and it’s often the same story in many recent breaches. More commonly, cybercriminals now prefer to infiltrate, observe, and move laterally within internal systems to find data left in the clear within disconnected security systems. And it’s working.

The 2023 security industry spent 185 billion dollars just to layer security protocols on top of one another, hoping each layer will be the deterrent that prevents data exfiltration. This emphasis on data protection and detection is one of the most common pitfalls security teams encounter.

Cybercriminals are getting better at stealing data, but we can also get better at securing it.

Rather than leaving our most sensitive data in the clear, we should focus on data security strategies that render data useless to threat actors. In other words, invert current models. If most of the organization, your partners, and third parties don’t need it, the data should never be left clear.

Ransom value becomes null, exfiltrated data is worthless, and improves security posture.

Data Responsibility: Data Security That Empowers Business Growth

Organizations that want to cultivate customer trust and reap the business rewards must carefully balance data utilization for business growth with ethical standards that enhance data security. They can do so by creating frameworks that facilitate data sharing while adhering to strict protection regulations. Data sharing unlocks growth opportunities externally, but traditional security tools no longer perform their job. To continue harnessing data’s powers, companies must switch to innovative solutions that meet industry standards for compliance and enhance data accessibility. For example, leveraging third-party vendors is essential for harnessing cloud-managed data warehouses, applications, and analytical tools to responsibly extract business value from data.

Organizations must also carefully choose solutions that comply with legal standards while safeguarding sensitive data, including Personal Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry (PCI), and Intellectual Property (IP).

The Zero Trust model, often used in other security philosophies but rarely implemented for data, is crucial for maintaining robust data security. It emphasizes verification over assumptions, regardless of where the data is stored – on-premises, cloud, or SaaS platforms. By implementing effective security measures like these, organizations can minimize risk throughout the data’s lifecycle, from collection to application.

While the value of data to businesses is undeniable, its true worth hinges on the trust consumers place in companies to handle their information ethically and securely. Data breaches like the Change Healthcare breach and many others have increased by 78 percent, eroding consumer confidence, emphasizing the need for a robust social contract prioritizing data security. Moving forward, organizations must create a balance between leveraging data for growth and following ethical standards that support this social contract and promote consumer trust. Investing in data security, adopting transparent data privacy practices, and implementing Zero Trust strategies can help organizations achieve this balance.

Looking to the future, companies hold a critical responsibility to focus their data management practices on safeguarding the privacy and integrity of consumer data in our evolving digital world.

The post A Data Responsibility: Leveraging the Power of Trust to Drive Growth appeared first on Cybersecurity Insiders.

Attackers are going to do their best to breach you. And if they invest enough time and technology, they will probably succeed. Put enough obstacles in their path, however, and as you wear down their resources, you have a very good chance of stopping them. Today, defense-in-depth is viewed as a reliable and proven way to prevent ransomware.

Yet while the practice of defense-in-depth is recognized by agencies like CISA, many, if not most, organizations get the practice of building defensive layers against ransomware wrong. When you’re a target for threats that get past your firewalls, antivirus (AV) solutions, endpoint detection and response (EDR) platforms, etc., another layer of controls that work on the same principle of threat detection and response will do little to stop them.

Complex and evasive threats continue to evolve. Consider a Cobalt Strike beacon that loads into device memory at runtime, an evasive malware strain with polymorphic signatures, an exploit targeting a zero-day or the next big supply chain threat. These and other advanced threats won’t show up on telemetry-based controls or respect their signature libraries or behavior analysis. To stop them, you need to build redundancy and resiliency into your ransomware defensive posture.

Also called failure protection by NIST, redundancy is the security boost you get when you deploy multiple protection mechanisms within your environment that work through different mechanisms. When you have redundancy, you gain resiliency (i.e., the ability to withstand and recover from repeated attacks).

To achieve redundancy against modern ransomware threats, you need another control layer in your environment—one that defeats ransomware through a novel defensive method. Emerging technology like Automated Moving Target Defense (AMTD) can close this gap and prevent ransomware attacks at multiple phases, from early infiltration to safeguarding critical systems when ransomware attempts to execute.

Ransomware Threat Evolution

“Ransomware is a threat to national security, public safety, and economic prosperity.” The National Cybersecurity Strategy‘s description of ransomware risk is a nod to the new reality of ransomware—one of the most dangerous risks our world faces, cyber or not.

For individual organizations, betting on reaction and recovery against this risk is a failing strategy. Attacks now target backups, and it’s also no longer sustainable to rely on insurance— a recent report noted a 100% increase in insurance premiums.

Ransomware has existed for over 30 years. But what’s changed over the last few years is potential profits—as profits soar, malware developers and operators have dramatically upped their game, refining techniques to help malware successfully evade defense mechanisms.

Take the 2021 Health Service Executive Conti attack as an example. This ransomware attack on Ireland’s national healthcare system compromised over 80,000 endpoints and effectively shut down healthcare services in an entire country. The attack succeeded for several reasons, but a core one was that Conti could evade the AV and similar security solutions on the HSE’s endpoints.

Conti used fileless techniques to move laterally from endpoints to servers without raising any alarms. They could also load malicious code to encrypt DLLs into device memory and execute ransomware in this space (during runtime) that AVs and other solutions cannot scan.

More ransomware attacks are using this memory compromise method alongside other evasive techniques. From hijacking legitimate tools to relying on scripts that only load from memory during a device operation, threat actors are increasingly looking at security control weak spots and targeting their efforts toward them.

Ransomware Defense with AMTD

Automated Moving Target Defense (AMTD) is an emerging technology that morphs runtime memory environments. AMTD changes an application’s attack surface by deterministically moving attackable assets (such as hashed memory passwords) into unexpected places. It then leaves skeletons of the original assets to trap threats and isolate executables.

AMTD builds depth into ransomware defense and adds assurance by reducing exposure to known MITRE ATT&CK ransomware tactics, including initial access, persistence, privilege escalation, defense evasion, lateral movement, and impact.

This happens through four added layers of protection:

  1. Data encryption and destruction protection — Most ransomware attacks succeed in encrypting data. However, when AMTD is installed on an endpoint or server, the system resources targeted by malicious code are not where its creator expects them to be.  Instead, what looks like system resources are decoys. Code that tries to execute on a decoy and encryption is automatically terminated and captured for forensic analysis while the actual system resource remains protected, thereby denying encryption.
  2. System recovery tamper protection—According to Acronis, leading ransomware groups, such as LockBit and ALPHV, have evolved to target backups directly, necessitating robust defenses to prevent successful attacks. Specifically, ransomware attacks target the system shadow copies backups rely on. AMTD blocks access to shadow copies by ending any unauthorized processes that try to access them.
  3. Credential theft protection — Credential dumping is one of the most common MITRE ATT&CK techniques in the wild. Almost all ransomware attackers will try to access passwords stored in browsers, RDPs, SAM hashes, etc. AMTD deterministically hides the location of these passwords and stops threats from finding them.
  4. Runtime memory protection —  from Webroot found that 94 percent of attacks are now polymorphic.  Many execute in memory during runtime instead of on a device disk. AMTD protects runtime by morphing (randomizing) runtime memory to create an unpredictable attack surface. It moves application memory, APIs, and other system resources while leaving decoy traps in their place. With the adoption of Generative AI this will only increase exponentially moving forward as threat actors will have the resources to adapt malware at a never seen before accelerated pace.

Coming off a year in which ransomware attacks reached record levels, it’s safe to assume attackers will continue their assault through 2024. For businesses, it’s time to go on the offensive and your best bet is to double down on ransomware assurance with defense-in-depth and AMTD.

Brad LaPorte- Chief Marketing Officer at Morphisec and former Gartner Analyst

Brad LaPorte is a seasoned cybersecurity expert and former military officer specializing in cybersecurity and military intelligence for the United States military and allied forces. With a distinguished career at Gartner as a top-rated research analyst, Brad was instrumental in establishing key industry categories such as Attack Surface Management (ASM), Extended Detection & Response (XDR), Digital Risk Protection (DRP), and the foundational elements of Continuous Threat Exposure Management (CTEM). His forward-thinking approach led to the inception of Secureworks’ MDR service and the EDR product Red Cloak—industry firsts. At IBM, he spearheaded the creation of the Endpoint Security Portfolio, as well as MDR, Vulnerability Management, Threat Intelligence, and Managed SIEM offerings, further solidifying his reputation as a visionary in cybersecurity solutions years ahead of its time.

The post How to stop ransomware for good — and add the missing layer to ransomware resiliency appeared first on Cybersecurity Insiders.

By Ram Movva, CEO at Securin

This past year showed us that the ransomware landscape is only getting increasingly sophisticated. This can be seen through ransomware attacks steadily increasing scale, frequency, cost and impact. In fact, 2023 broke the record in ransomware payouts, exceeding $1 billion globally; a stark increase from the $567 million in ransomware payouts seen in 2022.

Securin’s 2023 Year in Review: Ransomware Report, analyzed the 230,648 Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database (NVD), prioritizing them on severity, affected systems, and vulnerability characteristics. Below are some of the key findings and themes from this year’s report.

Ransomware is on the rise 

The public sector has seen its fair share of breaches and ransomware attacks throughout 2023. The MGM Resorts breach is a prime example as the Scattered Spider ransomware group utilized BlackCat/ALPHV-developed ransomware to gain access to all the resort’s websites and mobile app. Furthermore, they shut down digital hotel room keys, took slot machines offline, and gained access to guests’ personal information.

Two other notable breaches were orchestrated by the Cl0p ransomware group. Cl0p exploited a zero-day vulnerability within Fortra GoAnywhere Managed File Transfer (vulnerability identified as CVE-2023-0669) resulting in 2095 organizations being affected. The MOVEit Transfer breach (vulnerability identified as CVE-2023-34362) was also notably carried out by Cl0p, which compromised over 1,000 organizations and affected more than 60 million individuals.

The public sector also includes government services as well as public goods. This means that as we enter 2024, if we do not continue to evolve with the ransomware landscape and learn from the breaches that took place in 2023; then further sections of the public sector such as the military, infrastructure, public education, law enforcement, public transit, and healthcare are all at risk of a ransomware attack.

New Year, New Threats  

Securin’s report identified that in 2023 there were 38 new vulnerabilities associated with ransomware. This report also provides a deep dive into the state of ransomware as 2024 begins, with critical information on newly identified vulnerabilities, insight into the most significant ransomware attacks, and new ransomware families and APT groups.

“These discoveries are alarming, but they are far from surprising. Talking to our customers over the last year, we have heard the same thing repeatedly: the attacks, successful or thwarted, keep coming. This onslaught, combined with an ongoing talent shortage and slashed IT budgets, has created a combustible situation for organizations of every kind,” said Ram Movva, CEO and co-founder of Securin.

In 2023, the ransomware landscape was dominated by three notorious groups: Cl0p, BlackCat, and Vice Society. These entities spearheaded a wave of cyberattacks that targeted high-profile organizations such as MOVEit Transfer, and the Industrial and Commercial Bank of China. Their coordinated efforts resulted in significant disruptions and financial losses, highlighting the escalating threat posed by ransomware groups on a global scale.

As the frequency and severity of ransomware attacks surged, so did the number of vulnerabilities associated with these malicious activities. From 344 in the previous year, the tally climbed to 382 in 2023, underscoring the expanding attack surface for cybercriminals to exploit. Among these vulnerabilities, the Progress MOVEit Transfer Vulnerability (CVE-2023-34362) stood out the most.

Despite efforts to bolster defenses, a concerning revelation surfaced regarding the efficacy of popular vulnerability scanners. Sixteen ransomware-associated Common Vulnerabilities and Exposures (CVEs) managed to evade detection by widely-used scanners like Nessus, Qualys, and Nexpose, remaining hidden during routine vulnerability scans. However, approaches such as those employed by Securin, proved instrumental in uncovering these stealthy threats. This underscores the necessity for a multifaceted approach to cybersecurity that combines proactive detection methods with cutting-edge technologies to stay one step ahead of cyber adversaries.

“Addressing these challenges head on, with the best information possible, will be essential to keeping the worst from transpiring in 2024,” said Movva. “The fact is that, despite increased vigilance, major vulnerabilities continue to be ignored. Third-party

software manufacturers and repositories are both struggling to stay fully informed of the active threats facing every organization. Our predictive platform has long been able to fill this gap for our customers, illuminating active threats before ransomware gangs began weaponizing them.”

It’s Time To Take Control of Security  

As our society continues to become more advanced, so does the ransomware landscape alongside it. These advancements prove that cyber resilience is no longer an option – it is a necessity in order to create a secure future.

If security leaders want to protect their data, especially within the public sector, then it is imperative to prioritize staying ahead of the latest ransomware threats by implementing preventative measures, remaining vigilant and being dedicated to action when  facing potential vulnerabilities and ransomware threats.

For organizations, this can mean implementing training and routine learning cycles for employees on basic security practices. Typically, employees are overlooked in an organization’s overall security plan, essentially creating a new layer of vulnerability in organizational systems that can be exploited by bad actors. Organizations can implement a more comprehensive cybersecurity approach that considers all angles by simply educating and empowering their employees on how to take proactive security measures.

The post The Public Sector’s Troubled Relationship to Ransomware in 2023: A Year in Review appeared first on Cybersecurity Insiders.

Now more than ever, banks and financial institutions are facing unprecedented challenges in combating the increasing onslaught of cybercrime. As the digital landscape continues to evolve, hackers are becoming more sophisticated and even geopolitical in their tactics as they relentlessly target the systems, websites and applications within the financial ecosystem. Despite hefty regulations, the industry continues to be categorized as a high risk target. This is largely due to ever-increasing digital dependence and the wealth of stored private data that can be available at a hacker’s fingertips. The opportunities for financial gain from a breach are significant for a cybercriminal, making it a tantalizing victim for repeated attacks. A successful phishing scam or breach can not only damage the trust and reputation of an institution, it can also expose customers to identity theft, fraud and other forms of exploitation. 

The High Stakes of Digital Dependance

As a global system that’s interconnected in various ways with a heavy reliance on digital access, a single breach within the financial sector can cause far-reaching chaos involving fellow banking partners, customers, shareholders and the economy as a whole. With society continuing to lean toward a cashless approach to everyday transactions and becoming more reliant upon online transactions, banks have no choice but to increase their levels of innovation. The rapid digitalization of such banking services has not only expanded the attack surface for security threats, but it has also increased the need for the prioritization of physical and cybersecurity solutions. 

Unfortunately, the manual processes, difficulty in retaining top talent, and the complexity of tools, many organizations find themselves with an inability to properly mitigate and respond to incidents. This lack of readiness can leave the entire financial ecosystem vulnerable to threats, especially as security challenges become more nuanced and elaborate in nature. As Q2 arrives, adopting a more holistic approach to security over traditional methods is crucial to protecting not only assets but valuable customer relationships. 

Compliance Is More Than a Box Check

Placing cybersecurity at the core of a financial institutions risk management framework involves identifying and assessing cybersecurity risks, implementing mitigation controls, and continuously monitoring and updating these controls as the threat landscape evolves. It also includes maintaining a variety of regulatory standards and guidelines aimed at safeguarding customer data and ensuring the overall integrity of financial systems. But while compliance requirements such as PCI DSS, SEC, and OCC guidelines provide a foundation for cybersecurity within the financial industry, relying solely on these mandates can create a false sense of security. 

Customers expect and rely on their financial institutions to prioritize the security and protection of other sensitive information with effective security measures. With the notable increase in attacks targeting the financial sector, it is no longer a matter of “if” banks or credit unions will be attacked, but “when” this will occur. Because of this, assessing response times and testing through routine simulation how each organization will respond to a breach is important in preventing human errors during a real attack. A fast response to a detected threat is key to mitigating the damage it can cause to the business. An effective incident response plan that maps out and allows the organization to practice its responses before being placed under the pressure of an active compromise is imperative to finding gaps in cybersecurity defenses. 

Live Patching Is at the Core of a Secure Framework

One of the bigger challenges that financial institutions face when trying to establish stronger security measures is the lack of available adequate IT staff, not to mention maintaining ongoing, effective training. For example, meeting specific cybersecurity regulations for PCI DSS requires implementing certain patching timelines, or risk hefty financial penalties. But traditional methods of patch management can be highly disruptive to a business, requiring extensive downtime for online systems and hours of work for busy IT teams. This not only jeopardizes customer satisfaction and daily operations, it also causes delays in productivity for security teams. As a result, the patching process gets pushed to the back burner more often than not. Instead of immediately applying a security patch to an open vulnerability, security personnel may delay it by weeks or even months until it better fits into the maintenance schedule. 

Delaying the process of patch management only makes vulnerabilities more accessible to cybercriminals and can cause notable damage to internal systems. Live patching offers a solution to this problem by directly applying security patches as they become available without any reboots or scheduled downtime needed. By automating the process, code can be updated in memory without causing any disruptions to operations around them and patches can be applied quickly and efficiently. When vulnerabilities are closed as soon as they are discovered, not only does risk become greatly reduced, but it also helps firms meet the tight patching deadlines set forth by compliance mandates. 

Given these challenges, the financial sector’s future security posture hinges on their ability to embrace innovative security measures that go beyond basic traditional defenses. The complete integration of technology like live patching can be one of the most versatile and useful tools in the security toolbox of an organization. By choosing to invest in robust security measures and demonstrating a commitment to safeguarding sensitive information, institutions can not only mitigate the risks associated with cyber attacks but also strengthen their reputation and competitiveness in the marketplace for years to come.

Joao Correia serves as Technical Evangelist at TuxCare (www.tuxcare.com), a global innovator in enterprise-grade cybersecurity for Linux.

The post Enhancing Cyber Resilience in Banking: Leveraging Live Patching to Combat Rising Threats appeared first on Cybersecurity Insiders.

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal IP, is now available on the AWS Marketplace. This integration ensures efficient software procurement and deployment, aligning seamlessly with customers’ existing cloud architectures.

After meeting specific technical and security standards set by AWS, the SaaS-based Criminal IP search engine ensures reliability and seamless integration with AWS services. The AWS Marketplace, a significant platform primarily used in the US, provides Criminal IP with access to a vast global customer base, enhancing its visibility and credibility. This listing demonstrates the critical role of AWS Marketplace in the software’s adoption and success.

<Criminal IP, a comprehensive threat intelligence tool, is now available on the AWS Marketplace>

Criminal IP excels in threat detection, empowering cybersecurity with unparalleled intelligence.

Criminal IP is the industry’s leading IP address intelligence tool, leveraging AI and machine learning to provide unparalleled visibility into the risks associated with internet-connected devices. It offers comprehensive solutions for fraud detection, attack surface management, and threat hunting.

Additionally, Criminal IP offers seamless API integration, allowing effortless incorporation of threat intelligence data into existing services and security systems such as SOAR and SIEM. With a rich repository of cyber threat intelligence data, including risk classification, geographical insights, vulnerable asset graphs, and more, Criminal IP empowers organizations to stay ahead in the ever-evolving landscape of cybersecurity.

Seamless Integration and Payment Flexibility Between AWS Marketplace and Criminal IP

Criminal IP’s presence on the AWS Marketplace brings several conveniences for users. The interconnected tokens of AWS and Criminal IP seamlessly exchange information, allowing users to leverage both platforms’ strengths without encountering data silos or compatibility issues.

Additionally, customers enjoy consistent plans and subscription options on Criminal IP, regardless of whether transactions are initiated through Criminal IP or the AWS Marketplace. This uniformity extends to credit usage monitoring for specific features and APIs, accessible directly from the dashboard, promoting transparency and ease of management.

<Payments on AWS Marketplace seamlessly reflect on Criminal IP>

“The most important aspect of entering the AWS Marketplace was to ensure easier compatibility between AWS Cloud and ‘Criminal IP’ threat intelligence. We paid a lot of attention to interoperability with AWS products and credit management systems,” stated Byungtak Kang, CEO of AI SPERA. “We will continue to pursue Marketplace registration to secure global customers and increase interoperability with various clouds in the future.”

Explore the detailed features of the newly listed Criminal IP on the AWS Marketplace, as well as Criminal IP ASM, an Automated Attack Surface Management SaaS solution that monitors all internet-connected assets and vulnerabilities.

About AI Spera

AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, significantly expanded its reach with the launch of its flagship solution, Criminal IP, in 2023. Since then, the company has established technical and business collaborations with over 40 renowned global security firms, including VirusTotal, Cisco, Tenable, Sumo Logic, and Quad9.

Available in five languages (English, French, Arabic, Korean, and Japanese), the search engine ensures a powerful service for users worldwide.

In addition to the CTI search engine, the company also offers Criminal IP ASM, a SaaS-based Attack Surface Management Solution available on Azure Marketplace, and Criminal IP FDS, an AI-based Anomaly Detection Solution used for credential stuffing prevention and fraud detection.

The post Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration appeared first on Cybersecurity Insiders.

Memcyco Inc., a provider of digital trust technology designed to protect companies and their customers from digital impersonation fraud, released its inaugural 2024 State of Digital Impersonation Fraud Resilience report. Notably, Memcyco’s research indicates that the majority of companies do not have adequate solutions to counter digital impersonation fraud and that most only learn about attacks from their customers.

More than half of all respondents (53%) said their existing cybersecurity solutions do not effectively address website impersonation attacks, and 41% said their existing solutions only protect them and their customers “partially.” Just 6% of brands claimed to have a solution that effectively addresses these attacks, despite 87% of companies recognizing website impersonation as a major issue and 69% admitting to having had these attacks carried out against their own website.

Fake websites dupe users into sharing their login credentials on unauthorized pages, leaving them vulnerable to account takeover (ATO) attacks. This growing problem has earned cybercriminals an astonishing $1 billion+ in 2023 alone, according to data from the U.S. Federal Trade Commission. That’s more than three times the amount reported stolen in 2020. 

The report found that 72% of companies have a monitoring system to detect fake versions of their website, but still, 66% said that they primarily only learn about digital impersonation attacks when they are flagged by customers. 37% of respondents learn about such attacks as a result of “brand shaming” by impacted customers on social media.

The inability to adequately protect against digital impersonation fraud raises questions about companies’ responsibility to reimburse their customers for any losses stemming from scams. 48% of survey respondents are aware that upcoming regulations are likely to enforce customer reimbursements, making effective protection against digital impersonation fraud a ‘must-have’ for avoiding revenue loss.

“One of the most alarming takeaways from the report is that website impersonation scams are growing because cybercriminals rely on companies having limited visibility into these kinds of attacks,” said Israel Mazin, Chairman and CEO of Memcyco. “This creates a glaring blindspot in cybersecurity — the inability of companies to protect their customers online.”

The State of Digital Impersonation Fraud Resilience report was conducted together with Global Surveyz Research, based on the responses of 200 full-time employees ranging from Director to C-level executives at organizations in the security, fraud, digital, and web industries, operating transactional websites with traffic of more than 10,000 monthly visits.

Memcyco’s solution suite addresses the rising tide of website impersonation scams by using real-time alerts to secure end-users on every website visit and provides organizations with unparalleled insights into the scope and impact of all attacks on their sites. 

The full report can be found here.

About Memcyco

Memcyco offers a suite of AI-based, real-time digital risk protection solutions for combating website impersonation scams, protecting companies and their customers from the moment a fake site goes live until it is taken down. Memcyco’s groundbreaking external threat intelligence platform provides companies with complete visibility into the attack, attacker, and each individual victim, helping to prevent ATO fraud, ransomware attacks, and data breaches before they occur. Memcyco’s “nano defender” technology detects, protects, and responds to attacks as they unfold, securing tens of millions of customer accounts worldwide and reducing the negative impact of attacks on workload, compliance, customer churn, and reputation.

About Global Surveyz

Global Surveyz is a global research company that provides survey reports as-a-service, covering the whole process of creating an insightful and impactful B2B or B2C report for any target market. Global Surveyz was established in 2020 by Ramel Levin.

The post Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud appeared first on Cybersecurity Insiders.

In today’s complex digital landscape, safeguarding businesses and individuals against constantly evolving cyber threats requires a robust, multi-faceted approach. As the Chief Customer Officer at Traceable, I’ve seen firsthand the power of customer collaboration in shaping cybersecurity solutions. 

True partnerships with customers provide invaluable insights that inform strategies and product development within the evolving cybersecurity landscape.

The Customer at the Core

Building robust cybersecurity solutions in today’s ever-evolving threat landscape requires a multi-faceted approach. While cutting-edge technology is essential, experience has shown me that true effectiveness hinges on understanding the customer’s perspective. By placing the customer at the core of our strategies, we gain invaluable insights into how they interact with and utilize cybersecurity solutions. This understanding is the cornerstone of developing solutions that are not only secure but also user-centric.

Navigating the Customer Journey

The customer journey, from onboarding to sustained usage, is a critical aspect that demands meticulous attention. A streamlined onboarding process, complemented by comprehensive educational resources, ensures that customers can quickly and effectively integrate API security solutions into their operations. Furthermore, by mapping the customer journey, we can anticipate needs, address pain points, and facilitate seamless interaction with our solutions, thereby enhancing customer satisfaction and loyalty.

Amplifying the Voice of the Customer

Incorporating the voice of the customer (VoC) into your product development and enhancement strategies should be a cornerstone of your approach. By establishing robust feedback mechanisms and actively engaging with our customer community, we ensure that our API security solutions evolve in tandem with the emerging needs and challenges faced by our customers. This symbiotic relationship not only enhances our offerings but also ensures that our solutions are perpetually aligned with customer expectations.

Fostering a Culture of Security Awareness

In an era where cyber threats are perpetually evolving, fostering a culture of security awareness among our customers is paramount. Through targeted educational initiatives, we aim to empower our customers with the knowledge and tools to navigate the complex API security landscape effectively. Furthermore, by sharing insights into the latest threat vectors and providing guidance on developing robust incident response plans, we ensure that our customers are not only protected but also prepared.

Defining “Customer-Centric Security”

Customer-centric security goes beyond the typical approach of creating technology and then trying to make it work for users. 

Let’s break it down:

  • Empathy as a Design Principle: Understanding customers’ pain points, needs, and levels of expertise is the foundation for building security solutions that work effectively within their business realities.
  • Proactive Engagement: Actively seeking customer feedback throughout the product lifecycle— development, implementation, and ongoing updates. This is not passive helpdesk support, it’s treating customers as valuable advisors.
  • Security as an Enabler: Customer-centric security recognizes that if security solutions impede a business’s ability to innovate and operate, they fail. Security needs to be a partner to business growth, not an obstacle.

Customer-Centricity in Action

At Traceable, we believe that customers are integral partners in shaping the future of API security. Our approach hinges on three core principles:

  • Collaborative Security: Actively solicit customer feedback, and use it to fuel the ongoing development and refinement of solutions. This collaborative approach ensures cybersecurity strategies evolve alongside the real-world challenges and needs of customers.
  • Simplifying Security and the Process: It’s important to realize that not every customer is going to be an expert. Many are, but some aren’t, and it’s not required. Security needs to be accessible and be designed to be intuitive and user-friendly. Extensive documentation and educational resources are also important, as they empower customers of all technical backgrounds to protect their environments effectively.
  • Transparency as a Core Value: We need to foster an environment of open communication. If vulnerabilities arise, it’s crucial to proactively inform customers and work with them to implement clear mitigation strategies. Trust is paramount, and it’s built through honesty and a sense of shared responsibility for maintaining a robust cybersecurity program.

The Bottom Line

Cybersecurity is an ever-evolving challenge, and its solutions should be equally dynamic. It’s important to place the customer at the core, navigating their journeys, amplifying their voices, and fostering security awareness. By doing so, we build solutions that effectively address real-world threats and earn the trust of those we serve.

 

 

The post Securing Trust: How to Partner With Customers to Build World-Class Cybersecurity Solutions appeared first on Cybersecurity Insiders.

The recent WebTPA data breach has impacted approximately 2.4 million individuals, with unauthorized access to a network server leading to potential exposure of personal information. The breach, detected on December 28, 2023, is believed to have occurred between April 18 and April 23, 2023. Compromised data may include names, contact information, dates of birth and death, Social Security numbers, and insurance details.  However, financial and health treatment information were reportedly not affected.

WebTPA has since notified affected parties and offered credit monitoring and identity theft protection services while enhancing network security to prevent future incidents. Multiple class action lawsuits have been filed, alleging negligence in data security and delayed breach notification.

Experts share their thoughts on the breach and the impact breaches on the healthcare system continue to have on the public at large.

Kiran Chinnagangannagari, Co-Founder, Chief Product & Technology Officer, Securin

“The sheer number of healthcare data breaches this year is staggering – 283 and counting since January. It’s a stark reminder of the fragility of our healthcare system and the fact that adversaries are deliberately targeting critical infrastructure. Just look at the recent breaches at Change Healthcare, Ascension Hospital Chain, MediSecure, and WebTPA – it’s a veritable who’s who of healthcare organizations falling prey to cyber threats.

And if that’s not alarming enough, consider this: there are nearly 118,500 exposed internet-facing OT/ICS devices worldwide, with the U.S. accounting for a whopping 26% of those devices. It’s a ticking time bomb, waiting to unleash chaos on our already fragile healthcare system. Organizations need to wake up and take responsibility for monitoring and securing their attack surface – it’s no longer a nicety but a necessity.

On a more optimistic note, CISA’s Eric Goldstein testified in a House of Representatives hearing that real-time visibility into vulnerabilities has led to a whopping 79% reduction in the surface of the federal civilian agency attack. That’s a huge win! It just goes to show that binding operative directives can make a real difference in reducing cyber risk. It is crucial that these measures are extended beyond federal civilian agencies to achieve a broader impact.

The WebTPA breach also underscores a disturbing trend: many security breaches originate from third-party partners or suppliers within an organization’s supply chain. It’s a harsh reality, but organizations need to get real about evaluating their partners’ cybersecurity practices. To take it a step further, the SEC should mandate incident and breach reporting in 8-K filings – even when caused indirectly by suppliers. It’s time for some accountability in the cybersecurity space.”

Ilona Cohen, Chief Legal and Policy Officer, HackerOne 

“This latest breach adds to a troubling increase in cyberattacks affecting the healthcare industry.  Healthcare organizations must use every tool available to reduce the chance of a breach, especially when the exploitation of healthcare data places patients’ privacy and safety at risk.

Ethical hacking is an underutilized solution in the healthcare industry that offers significant protection from cyber threats. Still, laws like HIPAA don’t clearly distinguish between good-faith security research and malicious data exploitation.

Collaborating with ethical hackers can help the healthcare sector prevent cyberattacks before they occur, ultimately safeguarding sensitive patient data, medical devices, and health delivery infrastructure.

Lawmakers can aid the healthcare industry by clarifying that discovering vulnerabilities in good faith does not constitute a breach. Otherwise, the healthcare industry loses a significant advantage in identifying vulnerabilities and fixing them before cyberattacks occur.”

Nathan Vega, Vice President, Product Marketing and Strategy, Protegrity  

“Organizations rely on the exchange of data for their vitality. Consumers share sensitive information like emails, addresses, Social Security numbers, and other personal identifiable information (PII) with the belief that these businesses will protect them as customers and the impression that they will abide by data protection and privacy laws to prevent their data from getting into the wrong hands.

The WebTPA data breach is an example of the growing concerns regarding the assumed trust between businesses and their customers. This attack is impacting almost 2.5 million people and has exposed Social Security numbers and insurance information. Having occurred in April of 2023, this data has been floating around for public consumption without customer knowledge for over a year.

This breach illustrates that de-identifying sensitive data is critical to protecting consumer information. Organizations must go beyond layering defenses to protect sensitive data and instead move towards regulator-recommended data protection methods. This includes encryption and tokenization to render data useless to attackers, making it impossible to steal and use data maliciously. When this is done, businesses are lowering the value of stolen data and avoiding the lasting effects of ransom payments or fraudulent activity.”

John Stringer, Head of Product, Next DLP

“Healthcare companies, being a repository of vast volumes of personal and financial data, make them exceptionally enticing prey for threat actors, as made evident with the information targeted in the recent WebTPA breach. This incident should serve as a reminder of the importance of data loss prevention solutions, combined with other security measures, to mitigate the impact of a breach.

While WebTPA has offered identity monitoring services and claimed to be unaware of the misuse of any benefit plan member information, it doesn’t mean the end of the story for the consumers. To them, this loss of PII will likely lead to further phishing and fraud attempts.”

The post Breaking Down the WebTPA Data Breach: Expert Analysis and Perspectives appeared first on Cybersecurity Insiders.