Author: Jane Devry

Organizations have been doing backup and recovery for decades and many feel that they have reactive data protection under control. If an event like a power failure or natural disaster takes down their data center, they just use their replica site hundreds of miles away to continue operations and, if need be, recover their data from disk or tape or cloud storage as needed. It’s a pretty well-understood practice.

However, enterprises are now seeing the impact of cyberattacks such as ransomware, which alone is poised to exceed $265 billion in global damage costs by 2031. These problems differ from natural disasters or hardware or power failures in that someone is actively trying to prevent you from succeeding with a traditional recovery approach.

Plus, cyberattacks are getting more sophisticated – and that’s only accelerating with the advent of artificial intelligence, which has the ability to write and improve upon code. And launching a cyberattack is now easy with ransomware as a service, which means that people don’t need deep expertise to hold your data hostage or steal your data and sell it on the dark web.

It’s also important to note that bad actors are now targeting the configuration files of applications and the datasets you would traditionally use to try to recover from an attack. Making it harder to get back to normal operations makes targets more willing to pay ransom.

These harmful entities are also going after data like personally identifiable information and payment information, which are covered by regulatory requirements, and more data regulations are coming soon. The European Union’s Digital Operational Resilience Act (DORA) take effect in January 2025, and similar requirements are likely coming to the Americas and APAC region.

The fact that the National Institute of Standards and Technology recently introduced the NIST Cybersecurity Framework 2.0 signals this new and evolving data and cybersecurity landscape.

This new landscape is extremely complex to navigate – especially in an environment where cybersecurity experts are costly, hard to keep, and in short supply. It calls for a new approach to data resilience, one that combines cyber readiness with traditional data protection.

To achieve operational resilience in this landscape, we believe there are seven critical layers to a proper data resilience strategy:

  • Monitoring, posture assessment, testing, and incident response
  • Anomaly detection and malware scanning
  • Pen/patch/upgrade testing and DevSecOps
  • Forensics and recovery in minutes
  • A diverse partner ecosystem for compliance
  • Efficient, dependable backup and recovery
  • Reliable, secure, immutable infrastructure

Here’s how to secure your future with these seven critical layers.

Start with a posture assessment

Imagine you’re a brokerage and your average cost of downtime is $5 million an hour. If you got hit with a ransomware attack, could you survive being offline for two, three or four weeks? If your business goes offline because you can’t access your data, what does that do to your bottom line? What will you owe in regulatory fines? How will this impact customer trust?

It’s a massive problem that could result in a huge – potentially fatal – hit to your business.

Don’t panic. Take a step back. Employ your internal experts and/or work with a trusted partner to understand your cyber resilience, data protection, and overall operational resilience posture.

Bring in an independent voice

This is a broad remit. No one person in your organization will be able to identify the problem.

Also, be aware that internal teams might have blinders on. Your network team will likely think that the network is fine. Your infrastructure team will say the infrastructure is great. Or perhaps these teams will elect to use this exercise as a way to get extra budget in a predetermined area.

Bring in an independent voice to help you get a more realistic assessment of your posture. A third party who will have no agenda other than helping you understand where you are today, define your goals, and make the right decisions around the people, process, and technology you need.

Understand reactive technologies are no longer enough

Reactive approaches alone may have worked in the past. But in today’s world of frequent and increasingly sophisticated attacks, you need to be more proactive and much, much faster.

Move to a posture in which you are using artificial intelligence both to monitor for anomalous activity and scan for malware in your environment. Embrace the power of automation to act, whether that’s to notify an administrator of anomalies to investigate or to rapidly isolate at-risk systems.

Address data resilience across your entire environment

The rapid growth of data and the widespread implementation of IoT, edge computing, and storage are expanding the attack surface. Now you must ensure your data center is super secure and has data resiliency, cyber readiness, and rapid recovery at scale where your data – and all of the devices that touch that data – exist. In today’s hybrid world, that’s going to be anywhere and everywhere.

That can make ensuring data resilience complex and hard to get your arms around. Work with a trusted partner with the ecosystem, people, processes, and technology to streamline your journey and provide consistent protection from edge to core to cloud.

Adopt a reliable, secure, immutable infrastructure

Chances are good that you have reliable backup and recovery. You probably also have a reasonable amount of security around it. But be sure you also have robust infrastructure, which is characterized by data immutability, consistent deployment processes, and enhanced resilience against unexpected system failures.

With these critical capabilities, you can take immutable snapshots of your database environment and ensure that file data cannot be overwritten so that if your data is encrypted, you have the previous version that you can fail back to. That, and forensic capabilities to determine the right point to recover to prior to malware entering your environment, will empower you to recover from an incident very, very quickly.

Don’t throw the baby out with the bathwater

You’ll also want to explore how you can do penetration, patch, and upgrade testing at scale in a way that doesn’t impact your production environment. Plus, you’ll want to manage the governance of data, including how long it is retained, who can access it, and when it should be deleted.

You may be thinking all of the above is a lot to consider and tackle. But rest assured, you don’t need to replace everything you have and rebuild your environment from scratch.

By working with a proven partner, you can identify your biggest gaps, bring the right people across your organization to the table, and decide what you need today and going forward to ensure you have the appropriate data protection, security, compliance, and cyber resilience.

The post Safeguard Your Future with Seven Layers of Data Resilience appeared first on Cybersecurity Insiders.

Over a year ago, the general public got its first taste of the possibilities of generative artificial intelligence (GenAI) with the public rollout of ChatGPT. As far as watershed tech moments go, it was comparable only to the iPhone launch fifteen years earlier—another occasion on which millions of people realized, simultaneously, that nothing would ever be the same.

The enterprise implications of this technology were apparent from the beginning, but that doesn’t mean the relationship between GenAI and enterprise has been uncomplicated. On the contrary, over the last year, we’ve witnessed every stage of the innovation life cycle play out in real time. What started as white-hot excitement soon cooled to skepticism and has now come back around to widespread excitement.

What changed? How did artificial intelligence (AI) go from an exciting but risky new technology to a must-have for most businesses? Understanding how we got to this point can tell us a lot about the present state of GenAI and where it might be headed in the near future.

Why some businesses were slow to adopt GenAI

It makes sense that many organizations spent the early part of 2023 wary about implementing GenAI. To start, many saw the quick rise and even quicker fall of digital innovations like the Metaverse and crypto around the same time. Large enterprises like Meta and Microsoft were entrenched in the Metaverse, causing hype and promising plans for future additions. However, we’ve entered 2024, and it’s nearly forgotten about. While AI promises quite a bit, there was no guarantee it wouldn’t head in the same direction during an overheated initial hype cycle.

It’s more important to note, however, that a few things can damage a company’s reputation and bottom line, like hacked or otherwise exfiltrated data. However incredible AI’s capabilities might be, they could not—in the eyes of many businesses—outweigh the potential security risks.

The most prominent of these risks was the chronic lack of visibility endemic to many GenAI tools. Remember that many of these GenAI-skeptical businesses had spent the preceding few years working diligently to gain insight into newly sprawling multi-cloud operations. In other words, the perils of partial transparency were well-known to them, and by now, it’s a cybersecurity maxim that you can’t protect yourself from what you can’t see. So it makes sense that these businesses were wary of implementing GenAI tools, which—at least at the time—could not offer the kind of comprehensive visibility they’d come to view as a baseline cybersecurity expectation.

There were other security issues, however. For instance, there is difficulty integrating GenAI with pre-existing security stacks and generating unified internal policies for GenAI usage. Beyond security concerns, the very newness of this technology meant many employees would lack the skills to use it effectively. Any investment in GenAI tech would have to come with a concomitant investment in new security protocols and employee training.

Enterprise adoption spiked dramatically in 2023—what changed?

In the world of AI, everything moves fast. It is no surprise that in a year, everything about this situation has changed. In 2023, we saw many companies race to implement GenAI, but the small segment that held out last year may be struggling to catch up in 2024. 

This is partly a result of competitive pressure. Many of the companies that took the GenAI plunge early saw spectacular gains in productivity over the year—approximately a 40% increase, according to a recent study from Accenture. Per a recent State of GenAI survey, these gains can be chalked up to a few notable factors, including GenAI’s ability to generate starting points for presentations or for code; its ability to replace traditional web research; and its usefulness for labor-intensive tasks like generating letters or structured responses. 

Customers have also benefited from the improved user experience GenAI facilitates, and they are favoring AI-powered products and services accordingly. At the same time, GenAI has become inescapable, the subject of countless conference presentations and research papers from analysts like Gartner, Forrester, and IDC.  

While the companies that took a risk in 2023 saw productivity gains, those who took a more cautious approach now see the reaping benefits from afar. Business leaders now see the potential return on investment (ROI) from these trailblazers, and they’re continuing to see GenAI’s relevance in industry research. These C-suite executives, board members, and investors are now asking, “Where’s our GenAI strategy?” 

While these are all important factors, none would matter if GenAI tools were still riddled with security risks. Thankfully, that situation has likewise changed dramatically in the last few months.

In 2023, security concerns finally caught up with innovation

GenAI posed unique security risks from day one. For instance, visibility. As mentioned, this was the key concern for many enterprise GenAI skeptics. However, as we’ve learned more about GenAI and its benefits, we have also developed a deeper understanding of the technology that has culminated in better tools for GenAI security.

Visibility concerns have been definitively put to rest through tools developed and perfected in just the last year or so. Businesses can now easily determine how their AI technology is being utilized across systems, who is using them and for what purposes.

These new tools have also significantly impacted things like risk management and data privacy. Employers now have the option of next-generation security and privacy controls that ensure employees do not intentionally or inadvertently exfiltrate sensitive data. They can also easily catalog AI-specific risks and determine appropriate mitigation strategies. Combined with GenAI-facilitated advances in employee training and internal governance, these developments explain why the pool of GenAI holdouts grows smaller by the day.

In 2023, businesses were effectively faced with a binary question: namely, are you willing to potentially sacrifice security for the sake of increased productivity? Throughout 2023, we rapidly saw this question proven irrelevant, but throughout 2024, we we’re seeing new aspects of the conversation unfold. In the world of GenAI, innovation and security are no longer in opposition. The latter has finally caught up to the former. And both are advancing—in tandem—at an unimaginable pace. The unique security challenges presented by GenAI are now better understood, and companies now have to decide what security investments need to be made to keep GenAI secure.  

 

The post The Year in GenAI: Security Catches Up with Innovation appeared first on Cybersecurity Insiders.

With businesses increasingly reliant on cloud technologies, the security of cloud platforms has escalated into a significant concern that highlights their potential and susceptibility. Traditional security measures often fall short in addressing the dynamic and sophisticated nature of threats faced in cloud settings, making it imperative to shift from a reactive to a preventative stance in security strategies.

This 2024 Cloud Security Report uncovers the pressing concerns and evolving priorities in cloud security. By gathering insights from over 800 cloud and cybersecurity professionals, the survey explores the current state of cloud security, the effectiveness of existing security measures, and the adoption of advanced security solutions, providing a comprehensive view of the challenges and advancements in this critical area.

Key Survey Findings Include:

  • Escalating Security Incidents: Cloud security incidents are alarmingly on the rise, with 61% of organizations reporting breaches within the last year, marking a significant increase from 24% the year before. This trend underscores the escalating risk landscape in cloud environments.
  • Evolving Breach Types: Data security breaches have emerged as the most common cloud security incident, reported by 21% of organizations. This shift highlights the evolving nature of threats and the critical need to safeguard sensitive data.
  • Addressing Zero-Day Threats: Navigating zero-day threats remains a top concern, with 91% of respondents worried about their systems’ ability to handle such unknown risks. The survey underscores the need for predictive and immediate defense mechanisms against these sophisticated attacks.
  • Shifting Security Focus: Despite the rise in incidents, only 21% of organizations prioritize preventive measures aimed at halting attacks before they occur. This indicates a significant prevention gap in current cloud security strategies.
  • Accelerating CNAPP Adoption: The adoption of Cloud Native Application Protection Platforms (CNAPP) is growing, with 25% of organizations having already implemented CNAPP solutions. This trend reflects a strategic move towards integrating comprehensive security measures that combine prevention, detection, and response capabilities.

We would like to extend our gratitude to Check Point Software Technologies Ltd. for their invaluable contribution to this survey. Their expertise and support have been instrumental in shedding light on the complexities and necessities of modern cloud security.

We hope that the insights derived from this survey will serve as a vital resource for organizations working to enhance the security of your cloud environments.

That said, let’s dive right into the survey results:

CLOUD SECURITY INCIDENTS ON THE RISE

Understanding the frequency and nature of cloud security incidents is important for grasping the vulnerabilities that persist in cloud environments.

An alarming 61% of organizations reported experiencing cloud security incidents over the past 12 months, a significant increase from 24% in the previous year. This sharp rise underscores the risks associated with cloud environments and emphasizes the urgent need for enhanced security frameworks that prioritize comprehensive visibility and proactive threat management.

Additionally, the fact that 23% of respondents were either unsure or unable to disclose details about these incidents suggests a concerning lack of visibility and control over cloud security, which could exacerbate the risk of undetected breaches.

Key Insights: To address these increased incidents and blind spots, organizations should adopt a prevention first approach, ensuring security measures are proactive rather than reactive. Leveraging advanced, Artificial Intelligence (AI)-supported security solutions can aid in anticipating and mitigating potential threats before they result in significant damage, aligning with an industry wide shift towards more preemptive security strategies.

MOST COMMON CLOUD SECURITY INCIDENTS

Tailoring cybersecurity strategies to the specific types of incidents encountered in cloud environments is critical for effectively addressing prevalent threats, and this is particularly relevant for 2024 and beyond.

In previous years, misconfigurations have been the leading enabler for security incidents and the focus for most organizations. However, this year, we see that data security breaches have taken the number one spot with 21%. Misuse of cloud services, noted by 17% of respondents, indicates significant exploitation of cloud resources for malicious purposes, and configuration and management errors, reported by 12%, moves down a couple of places.

Key Insights: Although Cloud Security Posture Management (CSPM) has become a common security practice for many organizations, aimed at ensuring the implementation of appropriate policies and controls to identify misconfigurations, the rising number of data breaches highlights the necessity of prioritizing the protection of cloud assets that contain sensitive data. Adding security components like Data Security Posture Management (DSPM) offers security teams added visibility as to where sensitive data lives, who has access to it, and how it is being used.

CLOUD SECURITY CONCERNS

Understanding the degree of IT professionals’ concerns about cloud security risks helps in assessing the efficacy of current security measures.

An overwhelming 96% of survey respondents are concerned about their capacity to manage these risks, with 39% being very concerned, highlighting the significant pressure on scarce resources and underscoring the need for more proactive security solutions.

Key Insights: Continuous cloud innovation and complexity has taken us to a place where cloud security is managed and implemented by DevOps and developer teams. Over time, many CISO organizations have ceded control over to DevOps, losing visibility and oversight.

It is time for a paradigm shift that transcends the traditional cycle of detection and remediation so organizations can secure cloud environments without offloading security operations to developers alone.

BARRIERS TO EFFECTIVE CYBER DEFENSE

Knowing the key obstacles organizations face in defending against cyberthreats is necessary for refining cybersecurity strategies and resource allocation. The most significant barrier, reported by 41% of respondents, is the lack of security awareness among current employees, emphasizing the need for comprehensive training programs that enhance security knowledge across all organizational levels. Rapid technological changes and the lack of skilled personnel, noted by 38% and 37% respectively, underscore the difficulty in keeping pace with evolving threats and the technology designed to combat them.

Additionally, 36% of participants identified poor integration and interoperability between security solutions as a major challenge, indicating that a cohesive security environment could significantly enhance defensive capabilities.

Key Insights: To overcome these barriers, organizations should consider advanced training and development of existing staff to close the skills gap. In addition, consulting services can also further assist with integrating security solutions across their various tools and platforms and free up constrained resources.

CYBERSECURITY TALENT SHORTAGE

Digging deeper on employee resource constraints, we find that not only are organizations struggling with keeping current cybersecurity skills sharpened, but the survey findings highlight the challenge many organizations face in recruiting new cybersecurity expertise with a significant 76% of respondents reporting a shortage of skilled cybersecurity professionals.

This substantial figure underscores the widespread issue in the industry where the demand for cybersecurity talent far exceeds the supply for years to come, potentially leaving critical security functions understaffed and vulnerabilities unaddressed.

Key Insights: Organizations can supplement these deficiencies and grow their team’s expertise by investing in a Managed cloud native application protection platform (CNAPP). This approach helps offset shortages and fill knowledge gaps by providing seamless integration with an organization’s IT and InfoSec operations for better monitoring, configurations, policy tuning, incident management, troubleshooting, and more.

Additionally, integrating advanced security solutions that leverage AI and automation can compensate for the shortage of human resources. These technologies can perform routine security tasks and analyze large volumes of security data more efficiently than human teams, allowing existing staff to focus on more strategic, high-impact security initiatives.

AI PRIORITY IN CYBERSECURITY

The integration of artificial intelligence (AI) into cybersecurity strategies is a telling indicator of how organizations perceive the role of advanced technologies in enhancing their security posture.

A majority of respondents (91%) consider AI a priority, illustrating a significant lean towards adopting AI-driven solutions within their cybersecurity strategies. This substantial focus underscores the growing reliance on AI to augment security measures, driven by AI’s capability to analyze large data sets rapidly, detect anomalies, and predict potential threats with a level of precision and speed unattainable by human analysts alone.

Key Insights: Organizations should consider elevating AI’s role within their cybersecurity strategies, particularly by leveraging AI-powered tools like proactive web application firewalls and advanced network security systems. These AI-enhanced tools can dramatically improve the detection and prevention of sophisticated cyber threats, especially zero-day attacks, by continuously learning and adapting to new threats.

NAVIGATING ZERO-DAY THREATS

Rapid technological advancements have increased cybercriminals’ capabilities to create more sophisticated attacks. Almost all respondents (91%) are concerned about their security systems’ ability to manage zero-day attacks and unknown risks, pointing to a significant gap in current security measures that do not adequately prevent or mitigate these attacks before they cause harm.

Key Insights: A modern WAF, especially one that utilizes AI to provide immediate and predictive protections without reliance on signatures, can serve as a critical first line of defense at the cloud’s ‘front door’, blocking malicious attempts before they penetrate deeper into the network. Coupling this with an advanced network security solution that offers deep packet inspection and real time threat detection across all access points can greatly reduce the vulnerability of cloud environments to zero-day exploits.

These technologies, when integrated within a seamless security architecture, ensure a robust defense mechanism that not only detects but also prevents attacks, maintaining the integrity and resilience of cloud infrastructures against the most unpredictable threats.

EVOLVING PRIORITIES IN CLOUD SECURITY

As organizations navigate the complexities of cloud security amidst rising security incidents and data breaches, the survey reveals a concentrated focus on threat detection and response, with 47% of respondents emphasizing this as a priority. This approach reflects a traditional, reactive stance that rests solely on identifying and mitigating threats as they occur.

Interestingly, despite the increasing sophistication of cyber threats, only 21% of organizations prioritize prevention strategies aimed at stopping attacks before they happen.

SLOWNESS IN SECURITY RESPONSE

The survey confirms one of the biggest challenges faced by cybersecurity operations: an overwhelming volume of daily security alerts. Notably, 40% of organizations receive over 40 alerts each day. This situation not only strains SOC analyst resources but also lengthens the time required to resolve each alert, with 43% reporting resolution times exceeding five days. This deluge of alerts can exhaust teams and increase vulnerability due to delayed responses to potentially critical threats.

Key Insights: It is common for organizations to identify millions of potential issues upon scanning their cloud environment— most are not harmful unless malicious actors can exploit them. To combat this challenge, vendors have implemented ‘attack graphs’ to group and correlate static misconfigurations and vulnerabilities to better prioritize alerts. However, prioritization is not enough, as teams may still be ignoring alerts below the attention threshold. This false sense of confidence can be detrimental. By focusing on preventing attacks before they occur, organizations can significantly reduce the volume of alerts generated that would otherwise be considered high risk. This shift not only frees up valuable resources but also enhances the organization’s ability to thoroughly investigate and manage true risks that would otherwise pose significant threats.

NAVIGATING CYBERSECURITY TOOL FRAGMENTATION

The survey reveals significant fragmentation of the security platforms and tools organizations deploy to manage their cloud infrastructures. Firewalls lead as the primary defensive measure (49%), reflecting their critical role in network security. However, only 37% have effectively implemented segmentation strategies. This oversight can be particularly detrimental, as insufficient segmentation can allow attackers to exploit vulnerabilities, which allows them to gain access to broader parts of the network, causing extensive damage.

The use of WAF by 35% of respondents, along with Cloud Security Posture Management (CSPM) at 26%, points to a layered approach to security that addresses both network defense and application level vulnerabilities, and everything in between.

 

 

CLOUD POLICY SPRAWL

While we are witnessing a noticeable rise in the comprehension and utilization of various cloud security components, the increasing number of security solutions—highlighted by 43% employing seven or more tools to configure policies alone—indicates a complex and highly inefficient security landscape.

Key Insights: Consolidating security measures into a highly integrated platform that can offer comprehensive coverage without the need for multiple, disjointed tools is the way forward. By streamlining broader capabilities like WAF, network segmentation, cloud detection and response, and CNAPP under a single umbrella, companies can enhance their security efficacy while simplifying the administrative burden.

CLOUD INTEGRATION CHALLENGES

If the majority of security issues organizations face can be alleviated through a more streamlined solution, why does the number of tools and policies continue to rise every year? The survey illuminates the pains organizations face when trying to better integrate cloud security.

The complexity of maintaining consistent regulatory standards in hybrid or multi-cloud architectures becomes apparent, as 54% of respondents grapple with ensuring compliance and cloud governance, across diverse environments. Additionally, nearly half (49%) struggle with integrating cloud services into aging legacy systems, a task complicated by scarce IT resources which can hinder effective and secure integration.

CLOUD PROVIDERS

When we talk about integration challenges, it’s important to note that a majority of organizations are also managing multiple cloud IaaS providers within their security landscape. The survey shows that Microsoft Azure leads the market with 65% of surveyed organizations deploying their cloud services, followed by Amazon Web Services (AWS) (53%) and Google Cloud (47%).

Key Insights: Cloud native solutions often lack uniformity across cloud services, including on-premises data centers, leading to disparate policies and complicating security oversight. Look for a network security solution that is tightly integrated with the WAN networking infrastructure of various cloud security providers, enabling rules to be applied universally across different cloud Environments.

By incorporating WAF as a service with API schema discovery, organizations can further streamline the process for on-premises deployments. Leading vendors provide this level of advanced security within a CNAPP to ensure ease of integration and full coverage.

RAPID CNAPP + PREVENTION ADOPTION

A CNAPP should be the cornerstone of any cloud security strategy, as it unifies Cloud Security Posture Management (CSPM), Cloud Workload Protection (CWP), Cloud Infrastructure Entitlement Management (CIEM), Cloud Detection and Response (CDR), and code security, making it much easier to automate processes and reduce manual inefficiencies.

The survey reveals a promising trend towards the adoption of CNAPP: 25% of organizations have already fully implemented a comprehensive CNAPP solution, indicating a strong commitment to advanced cloud security practices. Another 29% are in the process of integrating CNAPP into their systems, showing that a majority of respondents recognize the benefits of such platforms.

Key Insights: Not all CNAPPs are created equal. Be sure that you invest in a platform that provides those preventative components that can only be found by integrating WAF and network security. Most solutions on the market overlook this important integration and, as a result, are creating too many alerts and risk factors.

Enhancing CNAPP systems with additional components that emphasize prevention over remediation can fortify cloud infrastructures.

PROACTIVE CLOUD DEFENSE STRATEGIES

As cloud threats become increasingly frequent and sophisticated, it is vital for organizations to shift from traditional reactive security measures to a prevention-first approach by leveraging the following cloud security framework.

  1. Employ AI-Powered WAF for Zero-Day Protection:

    With 91% concerned about zero-day attacks, employing an AI-powered Web Application Firewall is critical. These WAFs intelligently counteract web threats, including zero-day exploits, without relying on signature-based detection, offering immediate protection that aligns with modern attack vectors.

  2. Deploy Advanced Network Security:

    Consider advanced network security solutions that scale with your cloud infrastructure. This solution should support seamless integration and provide comprehensive protection, facilitating both macro and micro-segmentation and unified policy management across cloud platforms.

  3. Adopt a Prevention-First Approach:

    With a significant focus on threat detection (47%), adopting a prevention-first CNAPP can shift the approach from reactive to proactive. This platform minimizes alerts and incorporates preventative measures, significantly reducing the volume of risks needing attention by scarce security analysts.

  4. Leverage Comprehensive CNAPP Features:

    To manage the complexity highlighted by 43% using seven or more tools to configure policies, a sophisticated CNAPP with extensive features like Cloud Workload Protection, Cloud Detection and Response, Code Security, and Cloud Security Posture Management should be employed. These features help streamline security processes and enhance the management of cloud environments.

  5. Incorporate AI Technologies:

    With 91% of organizations now prioritizing AI to enhance their security posture, the focus has shifted towards leveraging AI for proactive threat prevention and enhancing employee deficits.

METHODOLOGY & DEMOGRAPHICS

The 2024 Cloud Security Report is based on an in-depth survey of 813 cybersecurity professionals conducted in April 2024. This research provides insights and trends in cloud security management, highlighting the threats and pressing challenges organizations face while providing guidance for enhancing cloud security posture. Participants span various roles, from technical and business executives to hands-on IT security practitioners, representing a balanced mix of organizations of different sizes across various industries.

Check Point Software Technologies Ltd. is a leading AI-powered, cloud-delivered cyber security platform provider protecting over 100,000 organizations worldwide. Check Point leverages the power of AI everywhere to enhance cyber security efficiency and accuracy through its Infinity Platform, with industry-leading catch rates enabling proactive threat anticipation and smarter, faster response times. The comprehensive platform includes cloud-delivered technologies consisting of Check Point Harmony to secure the workspace, Check Point CloudGuard to secure the cloud, Check Point Quantum to secure the network, and Check Point Infinity Core Services for collaborative security operations and services.

 

 

 

 

 

 

 

The post 2024 Cloud Security Report: Unveiling the Latest Trends in Cloud Security appeared first on Cybersecurity Insiders.

The UK government’s annual Cyber Security Breaches Survey has revealed that 50% of businesses have faced a cyberattack or breach in the past 12 months. It’s a dangerous world out there, and one small slipup can be extremely costly. Organisations are doing their best to reinforce their digital walls, but it’s a constant arms race; for every security innovation, a new exploit is deployed.

Even as businesses invest in tools to bolster their frontline defences, attackers are seeking other, more creative ways to get in. A prevalent example is Ransomware as a Service (RaaS) operations. In these attacks, groups such as LockBit help paying customers deploy ransomware tools to extort businesses. This gun-for-hire delivery model massively expands the number of malicious actors who can use ransomware; in addition to being a way for cybercriminals to make a quick buck, ransomware can become a tool of revenge, competition, and corporate sabotage.

Ransomware is a particularly cruel form of attack; it’s direct, personal, and blunt. It forces the victim to respond rather than silently removing data or payment information. Though the damage caused may be much the same in the end, for IT teams and senior decision-makers, it’s a deeply stressful process. Do you negotiate with your attacker? Pay to get your data back, with no guarantee they’ll comply? Risk being marked as a soft target for other attackers?

Furthermore, the problem is getting worse. Ransomware attacks have become increasingly prevalent in recent years. In 2023, they increased 95% compared to 2022, striking organisations of any sector and size. There’s no typical victim; ransomware can target any organisation. That means all organisations need to take steps to reduce the risk of a successful ransomware attack.

Here are five key actions that all organisations should consider to protect themselves from RaaS:

1. Train your employees well

The first step to preventing ransomware attacks is to train your staff on cybersecurity best practices and conduct red team exercises, which are simulated attacks that give your employees the chance to learn the best practices by putting them into action. Additionally, you can ensure employees stay up to date on your organisation’s current cybersecurity policies by conducting security skill assessments on a regular basis. Since ransomware attacks are usually carried out through social engineering tactics (which trick people into clicking links, opening files, or sharing login credentials), employees must be educated on how to spot phishing emails or malicious websites so that they will be less likely to unwittingly grant hackers access to company systems.

2. Control user access intelligently

Another way to reduce the risk of ransomware attacks is to limit access and permissions to only what users need. Role-based access controls can significantly reduce the possibility of a data breach. Following a Zero Trust approach by using 2FA or MFA enhances endpoint security because ransomware actors can’t gain access without secondary authentication. Automated, data-driven ID management systems are becoming increasingly intelligent, allowing for access to be withheld on the basis of the user’s geographical location, their behavioural patterns, the time of day, and even physical data like their typing speed.

3. Back up your backups

Backing up all your important files frequently could act as a lifesaver if you suffer a ransomware attack. You won’t lose access to confidential information and can resume operations with minimal downtime. You may even avoid having to pay the ransom, although having a backup doesn’t stop attackers threatening to sell the personally identifiable information they’ve obtained. It’s best to make backups on external drives and cloud servers and to follow the 3-2-1 backup rule: Have three copies of your data on two different media with one saved off-site.

4. Update regularly and configure firewalls

Systems or software that aren’t periodically updated or patched are highly vulnerable to attacks, and hackers target them to penetrate networks and access sensitive data. Keeping your applications, systems, servers, and antivirus solution up to date and equipping yourself with an extended detection and response tool can help prevent attacks. You can go a step further in protecting your network by configuring firewalls that filter out and block suspicious activities in the first place. Also, you should consider investing in an endpoint protection platform because it’s often the best bet when it comes to defending against viruses and malware, including ransomware.

5. Segment your network

Once a system is infected, the ransomware spreads like wildfire into other connected systems. Segmenting your network into various subnetworks helps prevent the ransomware from entering the main network and gives IT security teams the needed time to take remedial action.

Ransomware is a highly dangerous attack type that puts organisations’ customers, reputations, finances, and even viability at risk. With the right defences in place, and with employees properly prepared to spot and evade social engineering attacks, businesses can maximise their chances of avoiding a successful attack and stopping ransomware in its tracks.

The post 5 steps to stop Ransomware as a Service in its tracks appeared first on Cybersecurity Insiders.

Organizations of all sizes grapple with the daunting reality of potential vulnerabilities, malicious actors, and unforeseen challenges that threaten the integrity of their company. The stakes have never been higher; from small startups to multinational corporations, every entity must navigate an intricate web of security challenges daily. While the terms—’risk’ and ‘threat’—are often intertwined in discussions about security, their distinctions are crucial. But what exactly are the differences in these terms, and why is it necessary to distinguish them? This piece will delve into these definitions, identify top risks and associated threats, and evaluate the strategic implications of adopting risk-centric versus threat-centric approaches to cybersecurity strategy.

Defining Cyber Risks and Threats

Cyber risks represent the underlying weak spots within an organization’s ecosystem, encompassing human factors, physical locations, and network infrastructures. These risks, can be meticulously evaluated for their probability and the extent of their potential damage, painting a vivid picture of the organization’s vulnerability landscape. For instance, a company operating a cloud-based software platform in a single region without redundancy is taking a calculated risk due to cost considerations because while the likelihood of a complete regional failure may be low, the potential impact is significant. Therefore, such risks are generally accepted after thorough evaluation, with the understanding that they can be managed or remediated to a certain extent.

Cyber threats on the other hand, symbolize unpredictable and unidentified dangers that can emerge from both inside and outside of an organization. These threats may be deliberate, such as a cybercriminal orchestrating a system breach, or accidental, like an uninformed employee unwittingly opening a door to attackers. Threats are multifaceted and require constant vigilance. Unlike risks, threats demand immediate and often continuous responses to mitigate potential damage.

Challenges in Cyber Risk Assessment and Threat Response

One of the primary challenges in cybersecurity is distinguishing between risk assessment and threat response. Responding to threats is often more straightforward because many organizations have established platforms and protocols to manage threat responses automatically. These systems, such as endpoint protection or firewalls, are designed to detect and neutralize threats in real-time.

However, cyber risk evaluation is more complex and labor-intensive, as it involves identifying potential vulnerabilities, assessing their likelihood and impact, and prioritizing them based on the organization’s risk appetite. This process requires significant human effort and expertise, making it more challenging than automated threat response. Quantifying these risks to communicate effectively with stakeholders, particularly at the executive level, adds another layer of complexity. Organizations must present a clear cost-benefit analysis, illustrating how mitigating certain risks aligns with the company’s strategic goals and overall mission.

Strategies for Effective Risk and Threat Management

Proactive implementation of risk and threat management strategies are non-negotiables in today’s day and age. This begins with establishing a robust risk governance process and ensuring alignment among key stakeholders. Effective communication is crucial, as it ensures that everyone understands the risks and the rationale behind the chosen mitigation strategies.

Another critical component is the mechanism for discovering and managing risks. This might involve using third-party services, internal audits, or a combination of both. Without proper identification, management of these risks becomes impossible. Additionally, having systems and automation in place to handle reactive risk management is essential. These systems should be complemented by an incident response plan to address ongoing threats that could impact performance or deliverability.

Striking a balance between proactive and reactive measures involves creating a culture of security within the organization. This means educating employees at every level about the importance of cybersecurity and how to identify and respond to potential risks and threats. By developing an environment where security is everyone’s responsibility, organizations can significantly enhance their overall cybersecurity posture.

Effective cybersecurity management is not just a technical challenge—it’s strategic. Organizations need to move beyond reactive measures and adopt a proactive stance that encompasses both risk and threat management. Companies must go beyond investing in technology and foster a culture where security is deeply embedded in every employee’s mindset. With Cybercrime predicted to cost the world $8 trillion USD in 2023, according to Cybersecurity Ventures, the urgent necessity for proactive cybersecurity measures becomes even more apparent.

It’s time for organizations to recognize that cybersecurity is a shared responsibility. Continuous education, clear communication, and unwavering commitment from all levels of the organization are essential. As we face an ever-evolving threat landscape, the key to resilience lies in our ability to adapt and respond proactively. By prioritizing both risk assessment and threat mitigation, organizations can safeguard their operations and thrive in the digital age.

About George Jones:

In his role as the CISO, George will define and drive the strategic direction of corporate IT, information security and compliance initiatives for the company, while ensuring adherence and delivery to our massive growth plans. George was most recently the Head of Information Security and Infrastructure at Catalyst Health Group, responsible for all compliance efforts (NIST, PCI, HITRUST, SOC2) as well as vendor management for security-based programs. George brings more than 20 years of experience with technology, infrastructure, compliance, and assessment in multiple roles across different business verticals.

Recently as Chief Information Officer and Founder of J-II Consulting Group, a security & compliance consultancy, George was responsible for the design and implementation of security and compliance programs for various organizations. He also delivered programs to implement Agile methodologies, DevSecOps programs, and Information Security Policy and Procedure Plans.  During his time at Atlas Technical Consultants, George drove multiple M&A due diligence and integration efforts, consolidating nine acquired business units into a single operating entity, enabling the organization to leverage greater economies of scale and more efficient operations.

George has broad and deep experiences in infrastructure, security, and compliance roles with a history of building sustainable processes and organizations that enable scaling for growth. George grew up in Austin and is a recent transplant to the Plano area. He attended Texas A&M University and graduated Magna Cum Laude from St. Edward’s University.

 

The post Mastering the Cybersecurity Tightrope: Risks and Threats in Modern Organizations appeared first on Cybersecurity Insiders.

In today’s digital age, the lines between work and personal life are often blurred, especially when it comes to employee monitoring. With advancements in technology, employers now have the capability to track their employees’ movements using GPS. But what does this mean for employees in Ontario, Canada? Can employers track you by GPS, and what are the implications for privacy?

The short answer is yes. Ontario, unlike some other jurisdictions, lacks specific private sector privacy legislation applicable to the employment relationship. This means that non-unionized private sector employers in Ontario can generally implement reasonable monitoring of employees through employer-owned information technology without strict limitations.

However, while employers have the right to monitor their employees, they must do so reasonably and transparently. Overly intrusive or unreasonable monitoring practices could potentially lead to liability through tort or wrongful dismissal claims, though such claims are rare in practice.

To mitigate risks and ensure clarity, it’s recommended for employers to implement an Electronic Monitoring Policy. This policy serves to minimize an employee’s reasonable expectation of privacy and, consequently, reduces the risk of legal claims.

Moreover, if you’re an employer in Ontario with over 25 employees, it’s not just a recommendation—it’s a legal requirement under the Employment Standards Act (ESA). This policy must clearly outline whether or not the employer engages in electronic monitoring of employees and include specific details such as the circumstances and purposes for which monitoring may occur.

For instance, electronic monitoring could include using GPS to track the movement of an employee’s delivery vehicle, tracking employee activity on company-issued devices, or monitoring internet usage during working hours. The policy must also specify the purposes for which information obtained through electronic monitoring may be used by the employer.

It’s important to note that the ESA requirement for an electronic monitoring policy does not impose new limits on an employer’s right to monitor employees. Instead, it ensures that employees are informed about monitoring activities.

In addition to complying with ESA requirements, employers must also consider their obligations under Ontario’s broader privacy regime. While the ESA addresses electronic monitoring specifically, public sector or unionized employers may be subject to additional privacy legislation or collective agreements that provide greater protections for employee personal information.

For public sector or unionized employers, notifying employees of electronic monitoring is just the first step. These employers must integrate their electronic monitoring policies into existing privacy practices and ensure compliance with all applicable laws and agreements.

Ultimately, the key to navigating employee GPS tracking in Ontario lies in transparency, reasonableness, and compliance with legal requirements. By implementing clear policies, respecting employee privacy, and maintaining open communication, employers can strike a balance between monitoring for legitimate business purposes and respecting employees’ privacy rights.

It’s essential to recognize that navigating the complexities of employee GPS tracking and electronic monitoring requires a nuanced understanding of both employment law and privacy regulations. While this article provides an overview of the general principles and requirements in Ontario, each situation may present unique circumstances that warrant tailored legal advice. Therefore, employers are strongly encouraged to seek guidance from experienced legal professionals with expertise in employment law and privacy regulations. Consulting with a knowledgeable business lawyer can help ensure that your electronic monitoring policies and practices align with legal requirements and best practices, minimizing potential risks and liabilities.

The post Navigating Employee GPS Tracking in Ontario: What Employers Need to Know appeared first on Cybersecurity Insiders.

Today’s Security Operations Centers (SOCs) are under immense pressure as they face an onslaught of challenges: a rising volume of security alerts, increasingly sophisticated cyber threats, and a persistent shortage of skilled analysts.

This combination leads to a heightened risk of breaches from overlooked threats, alert fatigue among existing staff, and difficulty in effectively identifying and mitigating threats.

The Radiant Security Gen AI SOC Co-pilot addresses these critical issues head-on. Its AI-driven approach not only streamlines threat detection and response but also compensates for the perennial analyst shortage by enhancing the productivity and effectiveness of existing SOC teams.

This solution steps in as a much-needed ally in an arena where the volume, velocity and complexity of threats are overwhelming traditional defense mechanisms and existing teams, and hiring more analysts is simply not feasible. Let’s take a closer look at how the platform accomplishes this.

PRODUCT OVERVIEW

Radiant’s SOC Co-pilot is a comprehensive solution designed to address the critical challenges faced by Security Operations Centers. It stands out for its AI-driven approach to threat detection, analysis, and response. Here’s a detailed review of its key features and capabilities:

1. AI-Driven Alert Triage:

The threat management systems SOCs rely on detect too much noise and false positives.

 This makes it nearly impossible to find the alerts that matter and investigate them further. The Radiant platform makes it possible to enrich and review every single alert across identities, emails, endpoints, networks, cloud, and other data types—then to intelligently categorize and prioritize genuine alerts. This reduces the noise from false positives, enabling SOC teams to focus on genuine threats, a crucial need in today’s high-alert environments.

2. Automated Threat Investigation:

Radiant SOC Co-pilot leverages AI to delve deep into genuine alerts. It connects data across security tools to see the entire picture of attacks and provides detailed investigations to determine the root cause and full scope of every malicious alert. This feature ensures SOCs are able to see and understand the entirety of every incident that is uncovered.

This also greatly reduces the manual effort required in threat analysis, enhancing efficiency and empowering even junior analysts to perform more advanced investigations.

3. Rapid and Intelligent Response:

Incident response is complex, time-consuming work for understaffed SOC teams, leading to long response times and opportunities for attacks to dwell and expand across the network. The Radiant solution slashes response times by streamlining and automating responses to confirmed threats, from isolating systems to deploying countermeasures.

Radiant’s co-pilot dynamically builds a response plan based on the specific needs of the uncovered security issue. This unique capability provides analysts with step-by-step remediation guidance on how to respond to incidents, including flexible automation options including manual, single-click or fully automated response. This rapid response is vital for minimizing the impact of fast-moving attacks.

4. Boost SOC Team Productivity:

SOC teams don’t have enough staff hours in the day to triage and investigate every alert that comes their way. The result: Work is left undone and attacks go unnoticed.

Using out of the box capabilities, Radiant automates 80% to 90% of triage and investigation tasks, freeing analysts from tedious, time consuming tasks and allowing teams to focus on strategic aspects of cybersecurity, increasing security, efficiency and job satisfaction.

5. User-Friendly Interface:

With its intuitive user interface, the Radiant SOC Co-pilot ensures easy navigation and effective management of threats, making complex data and processes accessible to all skill levels and empowering even junior analysts to take on more complex work.

With its intuitive user interface, the Radiant SOC Co-pilot ensures easy navigation and effective management of threats, making complex data and processes accessible to all skill levels and empowering even junior analysts to take on more complex work.

6. Scalability and Integration:

The platform’s design for scalability and seamless integration with existing infrastructure (such as security tools like EDR, SIEMs, Firewalls, etc., IT infrastructure such as ticketing and authentication solutions, and communications platforms like Slack and Microsoft teams) makes it adaptable to complex and growing organizational needs.

7. Continuous Learning and Adaptation:

The AI models utilized by the platform are designed to continually learn and adapt, ensuring the SOC is equipped with the latest defense strategies.

These features collectively enable the Radiant SOC Co-pilot to significantly improve SOC operations, boost analyst productivity, detect real attacks through unlimited in-depth investigations, and rapidly respond to incidents. The AI engine powering the co-pilot addresses not only current challenges but also learns from daily threat investigations to equip SOCs for future threats.

CONCLUSION

In conclusion, the Radiant Security’s Gen AI SOC Co-pilot stands as an exceptional choice, setting a new standard in threat management and SOC automation. Its AI-driven capabilities not only streamline operations but also significantly enhance threat detection and response. The platform empowers SOC teams, allowing them to focus on strategic tasks by automating routine processes. This leads to improved efficiency, reduced response times, and a more robust cybersecurity posture. Radiant’s solution, with its user-friendly interface and scalable infrastructure, makes it an adaptable and forward-looking tool, equipped to meet both current and future cybersecurity challenges.

ABOUT RADIANT SECURITY

Radiant Security, led by a team of cybersecurity industry veterans who played pivotal roles in the success of companies like Imperva and Exabeam, offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Radiant enables SOCs to harness the power of AI to boost analyst productivity, detect more real attacks, and slash incident response times from days or weeks to minutes. Deployed in minutes via API, Radiant Security provides rapid time to value and immediately reduces analyst workloads by as much as 95%.

radiantsecurity.ai

The post Radiant Security Gen AI SOC Co-Pilot appeared first on Cybersecurity Insiders.

Global cybersecurity leader that delivers AI-driven security operations and has been recognized as a Leader in the Gartner Magic Quadrant

Exabeam, a leading global entity in AI-driven security operations, today announced its designation as a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM), marking the company’s fifth acknowledgment by Gartner (2018, 2020, 2021, 2022, 2024). To download a complimentary copy of the full 2024 Gartner Magic Quadrant for SIEM report, click here.

“Being recognized in the Gartner Magic Quadrant for SIEM for the fifth time is an outstanding accomplishment for us and we believe it is a testament to our team’s relentless focus on delivering innovative security operations advancements,” said Adam Geller, CEO, Exabeam. “The AI-driven Exabeam Security Operations Platform gives our customers the ability to automate, simplify, and accelerate their threat detection, investigation, and response (TDIR) capabilities to stay ahead of attackers and successfully defend their organizations. We are proud to maintain our leadership position in the SIEM market with a differentiated, highly-scalable, cloud-native platform that delivers on what organizations demand today and into the future.”

Per Gartner, “Leaders provide products that are a strong functional match for the market’s general requirements. These vendors have been the most successful at building an installed base and revenue stream in the SIEM market. In addition to providing technology that is a good match for current customer requirements, Leaders show evidence of superior vision and execution for emerging and anticipated requirements. They typically have a relatively high market share and/or strong revenue growth and receive positive customer feedback about their SIEM capabilities and related service and support.”

“Without question, the results of Exabeam’s AI-powered innovation are enhanced by our security-centric expertise and persona-driven approach to TDIR,” said Steve Wilson, Chief Product Officer, Exabeam. “We remain focused on delivering value with AI and helping organizations realize the full potential of their existing security investments. To be recognized again as a Leader in Gartner Magic Quadrant for SIEM remains a very exciting honor to us.”

The Exabeam Security Operations Platform applies AI and automation to security operations workflows for a holistic approach to combating cyberthreats, delivering the most effective threat detection, investigation, and response (TDIR). Since appearing as a leader in the last Gartner Magic Quadrant for SIEM, 2022, Exabeam launched and has continued to innovate on its all-new cloud-native platform. In the past year alone, the company has added more than 400 new product features including Outcomes Navigator, Log Stream, the API developer experience, Threat Center and Exabeam Copilot — a unified workbench for security analysts with generative AI assistance — and much more.

For more information on the AI-driven Exabeam Security Operations Platform, please visit: https://www.exabeam.com/product/.

Source: Gartner, Magic Quadrant for Security Information and Event Management, 8 May 2024.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved.

About Exabeam

Exabeam is a global cybersecurity leader that delivers AI-driven security operations. The company was the first to put AI and machine learning in its products to deliver behavioral analytics on top of security information and event management (SIEM). Today, the Exabeam Security Operations Platform includes cloud-scale security log management and SIEM, powerful behavioral analytics, and automated threat detection, investigation and response (TDIR). Its cloud-native product portfolio helps organizations detect threats, defend against cyberattacks, and defeat adversaries. Exabeam learns normal behavior and automatically detects risky or suspicious activity so security teams can take action for faster, more complete response and repeatable security outcomes.

Detect. Defend. Defeat.™ Learn how at www.exabeam.com.

Exabeam, the Exabeam logo, New-Scale SIEM, Detect. Defend. Defeat., Exabeam Fusion, Smart Timelines, Security Operations Platform, and XDR Alliance are service marks, trademarks, or registered marks of Exabeam, Inc. in the United States and/or other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2024 Exabeam, Inc. All rights reserved.

Allyson Stinchfield

Exabeam

ally@exabeam.com

Touchdown PR for Exabeam

exabeamus@touchdownpr.com

The post Exabeam Recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for SIEM, for the Fifth Year appeared first on Cybersecurity Insiders.

The world is becoming increasingly digital, and innovative technological advancements such as artificial intelligence (AI) are evolving at an alarming rate. But unfortunately, as technology advances, so do the strategies of cybercriminals. The integration of AI into nefarious online activities has sparked a cascade of newly sophisticated cyber threats which both individuals and businesses alike need to be aware of.

The key to avoiding falling victim to cybercrime is to be vigilant and intentional when opening and responding to any online correspondence – but as cybercriminals step up their attacks with the power of AI, is training and awareness enough?

Ahead, we break down how cybercriminals are harnessing AI to amplify the scale and efficiency of their cyber attacks, and what you can do to defend yourself.

Machine learning algorithms

Machine learning algorithms can be trained to scour vast amounts of data, identifying trends and predicting patterns, which can be massively beneficial to many businesses and industries. However, in the hands of a criminal, this power can be used to identify vulnerabilities in networks, applications, or systems, enabling attackers to launch highly targeted and adaptive attacks with AI-powered algorithms.

In the same way that businesses can use this technology to run around-the-clock operations and receive real-time insights into their performance, maintenance needs and marketing strategies, so too can cyber scammers. This presents a challenging threat, essentially granting scammers superpowered access to automated, adaptive attacks that can bombard users from multiple angles and with new, more subtle and intelligent tactics.

Phishing

Phishing attacks have been consistently used by cybercriminals to lure vulnerable or unsuspecting users into divulging sensitive information or accidentally installing malware. But with the springboard of AI, these tactics are becoming even more sophisticated and difficult to spot. Where incorrect grammar and obvious spelling mistakes used to give away a fraudulent email to most of us who are tech-savvy, generative AI has made creating fluent, professional-looking emails easy for scammers.

Now, AI-powered systems can analyze huge quantities of data and use it to create highly personalized and convincing phishing emails or messages which are tailored to individuals based on their online behaviors, patterns and preferences. This increases the likelihood that a user will trust the email as genuine and follow a link or reply with sensitive information.

Phishing emails are incredibly dangerous, as a single misplaced click can quickly devastate a company by allowing access to private and confidential information such as customer details, account information or trade secrets. Not only does this potentially breach confidentiality laws, but a successful attack can also cost the reputation and integrity of a business – not to mention the financial impact if the scammers manage to breach your accounts.

Malware

Malware and ransomware are types of viruses that ransack a computing system, stealing confidential information and often rendering it useless. Using machine learning systems, cybercriminals are leveraging AI to continuously mutate the code of malware – evading detection from traditional antivirus software. AI-driven ransomware attacks have also become increasingly prevalent, as attackers can harness AI to identify high-value targets and demand the optimal amount for restoration of their computers based on the individual or company’s financial history and position.

AI-fuelled cyber threats can also target a company’s internal AI systems, poisoning the data to create flawed outcomes and spread chaos and destabilization – which makes it easier for criminals to breach defenses with further cyberattacks. The rise of AI usage in cyberattacks certainly poses a national security threat, and a multifaceted approach is necessary to effectively protect individuals and businesses against these newly powered threats.

Investing in AI-driven cybersecurity solutions, capable of detecting and mitigating advanced threats in real-time, is paramount. Employee training must be prioritized, with regular awareness programs about how to recognize cyber threats, risk analysis and effective response protocols.

Stay vigilant

Although the evolution of AI represents a significant escalation in cybersecurity threats, it’s possible to mitigate the risks and safeguard your digital assets. Staying vigilant and avoiding the temptation to respond impulsively to any online correspondence is essential, as cybercriminals prey on the sense of urgency to convince you to expose yourself. By creating a comprehensive cybersecurity infrastructure, you can be proactive in defending against cybercriminal activity as AI continues to revolutionize our digital world.

The post How do cybercriminals use artificial intelligence? appeared first on Cybersecurity Insiders.

Last year, 1 in 3 people in the US were hit by healthcare data breaches in a record year for cyber-attacks on the sector, while this year has already seen one of the most serious attacks in history when Change Health was hit by ransomware gang ALPHV. The ongoing digitalization of health services data may bring convenience for providers and patients alike, but it’s clear that security infrastructure is not keeping up with the rapidly increasing risk level faced by hospitals and the vendors that support them.

Such breaches are disastrous for everyone involved. The immediate impact is a delay in medical treatment if health systems are shut down by an attack, while protected health information (PHI) leaking can result in patients becoming targets for further crimes if sensitive data is sold via online black markets. As for healthcare and healthtech companies, they can be hit with hefty fines for HIPAA violations and find themselves on the receiving end of class action lawsuits, not to mention the reputational damage that might ultimately be more costly in the long run.

It’s too late to put the brakes on digitalization, so what can the healthcare industry do to secure its data?

How healthcare became the number one target for cybercriminals

The healthcare sector is the ideal target for cybercriminals. For one, PHI is especially valuable on the black market due to its sensitivity and the intimate details it reveals about the patient. This data is stored and processed in vast quantities, and a single breach can see attackers take off with thousands or even millions of records. Then there is the massive potential for serious, life-threatening disruption, which means that ransomware attacks can demand a higher price to bring systems back online.

Not only is the incentive high for cybercriminals but there are numerous vulnerabilities they can exploit due to the complexity of today’s healthcare systems. Hospitals, clinics, pharmacies, payment processors, insurance providers, and professional and patient-owned medical devices have all been brought online, all transfer data between them, and all provide vectors for attack. One link in this data supply chain might have airtight security but, if the link next to it is weak, then it is still vulnerable.

As healthcare systems become more vulnerable to attacks, cybercriminals are becoming more sophisticated. For example, where typical attacks used to rely on an unwitting victim downloading executable code, we now see a rise in “fileless attacks” where trusted programs running in memory are corrupted to become malware instead, making them much harder to detect.

The barrier to entry for being a cybercriminal has also lowered thanks to the proliferation of ransomware-as-a-service (RaaS). In the same way software-as-a-service (SaaS) has simplified access to various technologies, RaaS allows people with little to no development knowledge to launch ransomware attacks with “leased” malware. Cybercrime has proven to be an innovative technology sector of its own.

Why emails are still the biggest vulnerability in healthcare cybersecurity

The first and most important step healthcare companies can take to protect themselves is fortifying their email security as it is the most common attack vector in cyber-attacks. Healthcare companies must also scrutinize the security of their entire email supply chain; the massive HCA Healthcare hack that exposed 11 million records — last year’s largest healthcare breach — originated at an external location used for automated email formatting.

Phishing — where seemingly legitimate emails are used to trigger an action in the receiver that creates a vulnerability — is the classic email-based attack, but more concerning is the rise in business email compromise (BEC) attacks. Whereas phishing emails can be detected by email security systems if the sender is flagged as suspicious, BEC attacks are launched from compromised or spoofed legitimate organizational emails, making them more convincing to security systems and users alike.

Basic email security relies on blocklists and greylists — constantly updated records of suspicious IP addresses, sender domains, and web domains — to filter out phishing and spam in real-time, but the rise in BEC attacks has rendered this approach obsolete. Blocklists can even be counterproductive, as a legitimate email address being used to launch an attack can result in an organization’s entire email system or even its wider network being blocked.

There are many steps healthcare companies can take to bolster their email security: mandatory multi-factor authentication (MFA) can prevent unauthorized logins; domain key identified email (DKIM) uses cryptography to ensure emails come from authorized servers; access to distribution lists should be restricted to limit the damage of a BEC attack; and removing open relays can prevent hackers from hijacking trusted mail servers.

But even with deploying multi-layered protection controls, email attacks can bypass security programs as they exploit human gullibility through carefully tuned social engineering. Staff training on how to identify and avoid phishing and BEC attacks can reduce risk but it cannot eliminate it; all it takes is one person in an organization to be compromised for cybercriminals to gain a foothold to launch attacks.

AI is the new arms race between email security and cybercriminals

The sheer scale of the healthcare sector — which accounts for almost 10% of employment in the United States and reaches almost the entire population — means that training-based phishing and BEC attack prevention is always going to be a Band-Aid on a bullet wound. Recent advances in AI technology — particularly machine learning (ML) and large language models (LLMs) — can finally provide effective and scalable mitigation against email attacks that exploit human error.

A large part of email security has always involved pattern recognition to detect and block anomalies, and AI takes this principle — usually applied to data signals like IP addresses and domains — and expands it to the body of emails. Apply an adaptive learning engine to an organization’s entire email system, and it can be trained to recognize normal communication, right down to language and syntax, allowing immediate alerts to any emails that don’t align with established patterns.

Of course, it’s not just email security systems that have access to AI, and now that the technology’s genie is out of the bottle, cybercriminals are deploying it as well. AI-generated phishing kits enable rapid, automated, multi-prompt engagements that can closely mimic normal communications, and can even be trained to become more effective over time, while AI-assisted coding makes it easier to develop ransomware tailored to exploit specific systems.

The best defense against AI will be more AI, which sets the scene for the next decade of cybersecurity innovation and where healthcare companies should be investing their resources. Staying ahead in this arms race will be vital to resisting the rising tide of email-based cyber-attacks, and email security systems without AI capabilities are already hurtling towards obsolescence against cybercriminals that are more sophisticated and more incentivised than ever before.

The post Digital diagnosis: Why are email security breaches escalating in healthcare? appeared first on Cybersecurity Insiders.