Category: Detect

In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s future.

As senior leaders revisit their growth strategies, it’s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. These will vary across business units, industries, and geographies. In addition, there is a new delivery model for cybersecurity with the pay-as-you-go, and use-what-you need from a cyber talent pool and tools and platform that enable simplification.

cybersecurity top of mind

It’s important to understand that not all risks are created equal. While detection and incident response are critical, addressing risks that can be easily and relatively inexpensively mitigated is sensible. By eliminating the risks that can be controlled, considerable resources can be saved that would otherwise be needed to deal with a successful attack.

Automation is the future of cybersecurity and incident response management. Organizations can rely on solutions that can automate an incident response protocol to help eliminate barriers, such as locating incident response plans, communicating roles and tasks to response teams, and monitoring actions during and after the threat.

Establish Incident Response support before an attack

In today’s rapidly changing threat environment, consider an Incident Response Retainer service which can help your organization with a team of cyber crisis specialists on speed dial, ready to take swift action. Choose a provider who can help supporting your organization at every stage of the incident response life cycle, from cyber risk assessment through remediation and recovery.

Effective cybersecurity strategies are the first step in protecting your business against cybercrime. These strategies should include policies and procedures that can be used to identify and respond to potential threats and guidance on how to protect company data best. Outlining the roles and responsibilities of managing cybersecurity, especially during an economic downturn, is also essential.

Managing vulnerabilities continues to be a struggle for many organizations today. It’s essential to move from detecting vulnerabilities and weaknesses to remediation. Cybersecurity training is also crucial, as employees unaware of possible risks or failing to follow security protocols can leave the business open to attack. All employees must know how to identify phishing and follow the principle of verifying requests before trusting them.

Penetration testing is an excellent way for businesses to reduce data breach risks, ensure compliance, and assure their supplier network that they are proactively safeguarding sensitive information. Successful incident response requires collaboration across an organization’s internal and external parties.

A top-down approach where senior leadership encourages a strong security culture encourages every department to do their part to support in case of an incident. Responding to a cloud incident requires understanding the differences between your visibility and control with on-premises resources and what you have in the cloud, which is especially important given the prevalence of hybrid models.

Protective cybersecurity measures are essential for businesses, especially during economic downturns. By prioritizing cybersecurity, companies can protect their future and safeguard against the costly consequences of a successful cyberattack.

cyber top of mind

The post Improving your bottom line with cybersecurity top of mind appeared first on Cybersecurity Insiders.

Author: Venkat Thummisi, Co-Founder & CTO – Inside Out Defense

Cybersecurity teams are only as successful as their ability to observe what’s happening inside the complicated computer networks they guard.

Gartner expects that by 2026, 70 percent of organizations successfully applying observability will achieve shorter latency for decision-making, enabling competitive advantage for target business or IT processes. This is because observability is not a forecast or prediction tool – but a genuinely evidence-based data source needed for decision-making.

Observability may be a new buzzword in IT, but it’s a decades-old term in physics. It means inferring the state of a complicated system by observing only the outputs of that system. It’s not the same as application performance monitoring (APM) or network performance management (NPM). Some say that observability is the next step from APM, but it’s essential to understand that observability does not replace monitoring.

Security and event management systems (SIEM) are aggregation tools that analyze security event data over time, then alert to a problem. There are several security observability tools that perform similar activities.

Audits function similarly – they alert you to problems weeks or months after they occur. In the world of access management, a minute later is too late.

Observability complements existing cybersecurity practices.

Detailed observability enables the IT team to swiftly identify and resolve unauthorized access either by bad actors from the outside or by what appears to be legitimate users operating on the inside.

Over the past couple of years, cloud-native architectures – including a push for uncomplicated access across platforms and systems – have added new complexity to IT settings. Observability has become even more critical in this dynamic environment of a proactive cybersecurity system.

Privileged access monitoring is one area of observability that continues to gain more importance. Cybercriminals frequently target privileged user accounts – and the corresponding access credentials – because they know they will gain deeper access via high-level access credentials. And any activity they launch once they are inside the system is less likely to cause suspicion.

Organizations must regularly monitor privileged access accounts to ensure that they are used only for intended purposes and that the user is indeed who they claim to be. Observability has drawn a lot of attention in the field of cybersecurity. It has proved very successful in aggregating security events of various types and offering in-depth analysis and insights.

Observability must have an immediate fix to be successful in privileged access monitoring.

There are several reasons why observability alone is not enough when it comes to privileged access monitoring.

  1. It may not be live and in real-time. Most software solutions’ observability is reactive rather than proactive. It attempts to offer accurate and detailed knowledge of what may be happening in an IT security environment but does not prevent or address problems. Privileged access issues are here-and-now problems and must be addressed the moment they occur.
  2. Observability can produce excessive noise: Several PAM and SIEM solutions, among other observability tools, bombard IT staff with vast recommendations, making it difficult to detect and address real security issues
  3. It’s a fact that constant alert output from observability tools causes alert fatigue in IT teams. As a result, even if alerts contain real security dangers, they are more likely to be ignored, making it more likely that a breach will go unnoticed.
  4. Observability doesn’t deal with the underlying source of privilege access misuse or abuse. Organizations must combine observability with proactive security issue prevention strategies to overcome these problems. This involves putting in place tools to detect and fix cybersecurity issues, enabling IT security staff to manage and watch over privileged access efficiently.
  5. Guarding against privilege access abuse entails a deeper inspection and analysis of the associated user behaviors being validated against the organizational and regulatory mandates to identify abusive access behavioral patterns. Modern threats are very sophisticated, and they seamlessly pass through the current crop of security scanners as these were purpose-built to detect static threat signatures. Ex: An admin user on an AWS S3 bucket downloading or making changes to the configurations passes through as a genuinely entitled user going about their activities. However, a larger corroboration of the user’s distributed set of activities in other environments may tell a different story about the user’s specific activities in the AWS environment.

Observability is a crucial tool for IT security operations, especially privileged access monitoring, but it is insufficient to provide efficient control of privileged security.  It is a valuable technique for monitoring privileged access. IT teams can swiftly identify and address possible security concerns by tracking the activity of privileged users and accounts. However, observability by itself won’t guarantee efficient privileged access monitoring.

The post Why Observability Alone Is Not Enough to Keep Your Organization Safe appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The global COVID-19 pandemic has left lasting effects on the workplace across all sectors. With so many people required to stay home, businesses in every field turned to remote work to open new possibilities for staying connected across distances. Now that the pandemic has largely subsided, many working environments have transitioned into a new hybrid workplace style. With this new approach to the office, employers and IT specialists have had to adapt to the increased risk of cybersecurity breaches within the company context. 

The first security measure businesses adopted during the pandemic was using VPNs that allowed employees to work remotely while still enjoying connectivity and security. Despite their popularity, however, VPN authentication can grant malicious third parties unrestricted network access and allow them to compromise an organization’s digital assets. 

To combat these vulnerabilities, organizations must consider establishing hybrid workplace network security. Investing in organizational cybersecurity means investing in the organization’s future; now, cybersecurity is as essential for the continuity and success of a business as the lock on its front door was once considered to be. 

This article will discuss types of network security breaches to watch out for. Then we will review practices you can adopt to establish hybrid workplace security and mitigate the risk of granting malicious third parties unrestricted network access.

Three types of hybrid network security breaches to watch out for

There are multiple potential gaps in every hybrid workplace network, including interpersonal communications, outdated software, and uninformed employees. Cybersecurity breaches at even a very small scale can grant hackers access to sensitive information, which could lead to the leakage of important data. 

This is a serious problem as, according to recent surveys, 45% of companies in the United States have been faced with data leakage in the past. With hybrid and remote workplaces becoming increasingly normal, workplace network security must become a priority. 

Here are three types of security breaches to watch out for. 

1. Phishing attacks

One type of cybersecurity attack is phishing. Phishing involves a hacker attempting to trick employees or co-workers into revealing sensitive information, granting access to protected files, or inadvertently downloading malicious software. 

Phishing is enacted by hackers who successfully adopt an employee’s personality, writing style, or company presence. According to recent statistics, 80% of breaches involve compromised identities, which can have a domino effect, leading to larger-scale company-wide cybersecurity breaches. 

2. Ransomware attacks

A second variety of cybersecurity breaches is ransomware. Ransomware is an attack where hackers encrypt files on a company’s network and demand payment to restore access. In other words, they gain private access to the workplace network and then essentially hold it hostage, demanding a “ransom” to prevent leaking any sensitive work data that might be stored there. 

Phishing can be used as an initial method of accessing a network so that hackers can then install ransomware. 

3. Man-in-the-Middle attacks

A third type of cybersecurity breach is a man-in-the-middle attack, where a hacker intercepts and alters communications between two parties to steal data or manipulate transactions. A man-in-the-middle attack can also be a type of phishing breach.  

Six practices to establish hybrid workplace security

The most effective overall approach to combating potential cyberattacks is establishing a comprehensive, multifaceted system of defenses. 

The combination of different approaches, such as widespread workplace cybersecurity education paired with awareness about making smart purchasing decisions, can shore up the defenses before an attack. Meanwhile, introducing specific preventive cybersecurity measures will guarantee a more robust cybersecurity structure across the workplace in case of a malicious incident.

 Here are six specific practices to establish hybrid workplace security. 

1. Choose trustworthy vendors

Part of running a business is working within a broader network of vendors, contractors, and clients. One way to establish cybersecurity from the outset is to carefully and thoroughly vet every business partner and vendor before working with them. Before signing a company-wide phone contract, for example, look for business phone services that come with features such as enhanced cyber protection and cyberattack insurance. 

When your business or employees request or send money online, they should use specific transfer sources as instructed. Employers should look for bank transfers that come with digital security encryption and protection against chargebacks to prevent breaches during the transaction. 

2. Adopt alternative remote access methods

Since breaches of company networks protected by VPNs are becoming increasingly common, seeking out alternative remote access methods is a good way to ensure the ongoing security of the workplace network. 

Software-defined perimeter, or SDP, uses a cloud-based approach so that each device can be easily synced across geographic barriers. A software-defined perimeter relies on identity authentication before connecting users and, as such, acts as a virtual barrier around every level of access. 

3. Introduce zero-trust network access (ZTNA)

Zero-trust network access means that every single request to access the company network, including all employee requests, must pass several layers of authentication before being granted. This way, all employees, both in-person and remote, will have to engage with the same advanced-level security protocols.  

Zero-trust network access also means that every device is analyzed and confirmed so hackers or bad actors attempting to impersonate an employee can be tracked and identified. 

4. Enact company-wide cybersecurity training programs

Create training documents that are easily accessible to both in-person and remote employees. 

Regular training on the latest cybersecurity protocols and procedures is an important way to maintain constant awareness of cybersecurity threats among your entire staff and establish clear and direct actions employees can take if they suspect they have been targeted by a bad actor. 

Since phishing is one of the top methods of cyberattacks in the workplace, the better informed that employees at every level of the company are, the more secure the workplace will be. 

5. Conduct regular cybersecurity tests

For hybrid companies, identifying potential vulnerabilities and weak spots in the cybersecurity system is key to preventing effective attacks.

Instruct the in-house IT team to conduct regular cybersecurity tests by launching false phishing campaigns and attempting to simulate other hacking strategies. If your hybrid business does not have an entire IT team, hire outside cybersecurity consultants to analyze the state of your company’s current cybersecurity defenses. 

IT experts should also be consulted to determine the best cybersecurity software for your business. All software and hardware should be updated regularly on every workplace device, and employees should be encouraged to update the software on their smartphones and other personal devices that might be used for work purposes. 

Since software updates contain the latest cybersecurity measures, they are essential to cyber risk management in the hybrid workplace. 

6. Install security software on all workplace devices 

In addition to the protection provided by personnel and alternative access networks, every workplace device should be equipped with adequate cybersecurity protective software. Installing a firewall on every workplace computer and tablet can protect the core of each hard drive from malware that may have been accidentally installed. 

A strong firewall can protect against any suspicious activity attempts within the company network. By providing a powerful firewall coupled with secure remote access methods, the entire workplace network should be secured from attempts at illicit access by cybercriminals with malicious intent. 

Data diodes are another viable method of securing the network; similar to software firewalls, data diodes work less like an identity barrier and more like a physical separator. While firewalls analyze and vet each incoming action request, data diodes function by separating distinct aspects of each electronic transaction or interaction. So even in case of a system failure, the main result would be a total lack of connectivity between parts, ensuring that cybercriminals would still be prevented from accessing company information. 

Final thoughts

Since a hybrid workplace encompasses both in-person and remote employees at the same time, hybrid companies face a unique set of challenges. Each cybersecurity policy must incorporate both types of employees, which can be difficult to enact across the board. 

To instill preventive measures that can thwart attempts at phishing, ransomware, malware, identity theft, and other malicious attacks, hybrid companies can boost their workplace training programs and install higher-level security software. These measures will help to prevent attacks and minimize damage in the case of a cybersecurity breach so that sensitive personal and company data will be protected no matter what. 

The post How to establish network security for your hybrid workplace appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Analyzing an organization’s security posture through the prism of a potential intruder’s tactics, techniques, and procedures (TTPs) provides actionable insights into the exploitable attack surface. This visibility is key to stepping up the defenses of the entire digital ecosystem or its layers so that the chance of a data breach is reduced to a minimum. Penetration testing (pentesting) is one of the fundamental mechanisms in this area.

The need to probe the architecture of a network for weak links through offensive methods co-occurred with the emergence of the “perimeter security” philosophy. Whereas pentesting has largely bridged the gap, the effectiveness of this approach is often hampered by a crude understanding of its goals and the working principles of ethical hackers, which skews companies’ expectations and leads to frustration down the line.

The following considerations will give you the big picture in terms of prerequisites for mounting a simulated cyber incursion that yields positive security dividends rather than being a waste of time and resources.

Eliminating confusion with the terminology

Some corporate security teams may find it hard to distinguish a penetration test from related approaches such as red teaming, vulnerability testing, bug bounty programs, as well as emerging breach and attack simulation (BAS) services. They do overlap in quite a few ways, but each has its unique hallmarks.

Essentially, a pentest is a manual process that boils down to mimicking an attacker’s actions. Its purpose is to find the shortest and most effective way into a target network through the perimeter and different tiers of the internal infrastructure. The outcome is a snapshot of the system’s protections at a specific point in time.

In contrast to this, red teaming focuses on exploiting a segment of a network or an information / operational technology (IT/OT) system over an extended period. It is performed more covertly, which is exactly how things go during real-world compromises. This method is an extremely important prerequisite for maintaining OT cybersecurity, an emerging area geared toward safeguarding industrial control systems (ICS) at the core of critical infrastructure entities.

Vulnerability testing, in turn, aims to pinpoint flaws in software and helps understand how to address them. Bug bounty programs are usually limited to mobile or web applications and may or may not match a real intruder’s behavior model. In addition, the objective of a bug bounty hunter is to find a vulnerability and submit a report as quickly as possible to get a reward rather than investigating the problem in depth.

BAS is the newest technique on the list. It follows a “scan, exploit, and repeat” logic and pushes a deeper automation agenda, relying on tools that execute the testing with little to no human involvement. These projects are continuous by nature and generate results dynamically as changes occur across the network.

By and large, there are two things that set pentesting aside from adjacent security activities. Firstly, it is done by humans and hinges on manual offensive tactics, for the most part. Secondly, it always presupposes a comprehensive assessment of the discovered security imperfections and prioritization of the fixes based on how critical the vulnerable infrastructure components are.

Choosing a penetration testing team worth its salt

Let’s zoom into what factors to consider when approaching companies in this area, how to find professionals amid eye-catching marketing claims, and what pitfalls this process may entail. As a rule, the following criteria are the name of the game:

  • Background and expertise. The portfolio of completed projects speaks volumes about ethical hackers’ qualifications. Pay attention to customer feedback and whether the team has a track record of running pentests for similar-sized companies that represent the same industry as yours.
  • Established procedures. Learn how your data will be transmitted, stored, and for how long it will be retained. Also, find out how detailed the pentest report is and whether it covers a sufficient scope of vulnerability information along with severity scores and remediation steps for you to draw the right conclusions. A sample report can give you a better idea of how comprehensive the feedback and takeaways are going to be.
  • Toolkit. Make sure the team leverages a broad spectrum of cross-platform penetration testing software that spans network protocol analyzers, password-cracking solutions, vulnerability scanners, and for forensic analysis. A few examples are Wireshark, Burp Suite, John the Ripper, and Metasploit.
  • Awards and certifications. Some of the industry certifications recognized across the board include Certified Ethical Hacker (CEH), Certified Mobile and Web Application Penetration Tester (CMWAPT), GIAC Certified Penetration Tester (GPEN), and Offensive Security Certified Professional (OSCP).

The caveat is that some of these factors are difficult to formalize. Reputation isn’t an exact science, nor is expertise based on past projects. Certifications alone don’t mean a lot without the context of a skill set honed in real-life security audits. Furthermore, it’s challenging to gauge someone’s proficiency in using popular pentesting tools. When combined, though, the above criteria can point you in the right direction with the choice.

The “in-house vs third-party” dilemma

Can an organization conduct penetration tests on its own or rely solely on the services of a third-party organization? The key problem with pentests performed by a company’s security crew is that their view of the supervised infrastructure might be blurred. This is a side effect of being engaged in the same routine tasks for a long time. The cybersecurity talent gap is another stumbling block as some organizations simply lack qualified specialists capable of doing penetration tests efficiently.

To get around these obstacles, it is recommended to involve external pentesters periodically. In addition to ensuring an unbiased assessment and leaving no room for conflict of interest, third-party professionals are often better equipped for penetration testing because that’s their main focus. Employees can play a role in this process by collaborating with the contractors, which will extend their security horizons and polish their skills going forward.

Penetration testing: how long and how often?

The duration of a pentest usually ranges from three weeks to a month, depending on the objectives and size of the target network. Even if the attack surface is relatively small, it may be necessary to spend extra time on a thorough analysis of potential entry points.

Oddly enough, the process of preparing a contract between a customer and a security services provider can be more time-consuming than the pentest itself. In practice, various approvals can last from two to four months. The larger the client company, the more bureaucratic hurdles need to be tackled. When working with startups, the project approval stage tends to be much shorter.

Ideally, penetration tests should be conducted whenever the target application undergoes updates or a significant change is introduced to the IT environment. When it comes to a broad assessment of a company’s security posture, continuous pentesting is redundant – it typically suffices to perform such analysis two or three times a year.

Pentest report, a goldmine of data for timely decisions

The takeaways from a penetration test should include not only the list of vulnerabilities and misconfigurations found in the system but also recommendations on the ways to fix them. Contrary to some companies’ expectations, these tend to be fairly general tips since a detailed roadmap for resolving all the problems requires a deeper dive into the customer’s business model and internal procedures, which is rarely the case.

The executive summary outlines the scope of testing, discovered risks, and potential business impact. Because this part is primarily geared toward management and stakeholders, it has to be easy for non-technical folks to comprehend. This is a foundation for making informed strategic decisions quickly enough to close security gaps before attackers get a chance to exploit them.

The description of each vulnerability unearthed during the exercise must be coupled with an evaluation of its likelihood and potential impact according to a severity scoring system such as CVSS. Most importantly, a quality report has to provide a clear-cut answer to the question “What to do?”, not just “What’s not right?”. This translates to remediation advice where multiple hands-on options are suggested to handle a specific security flaw. Unlike the executive summary, this part is intended for IT people within the organization, so it gets into a good deal of technical detail.

The bottom line

Ethical hackers follow the path of a potential intruder – from the perimeter entry point to specific assets within the digital infrastructure. Not only does this strategy unveil security gaps, but it also shines a light on the ways to resolve them.

Unfortunately, few organizations take this route to assess their security postures proactively. Most do it for the sake of a checklist, often to comply with regulatory requirements. Some don’t bother until a real-world breach happens. This mindset needs to change.

Of course, there are alternative methods to keep abreast of a network’s security condition. Security Information and Events Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and vulnerability scanners are a few examples. The industry is also increasingly embracing AI and machine learning models to enhance the accuracy of threat detection and analysis.

Still, penetration testing maintains a status quo in the cybersecurity ecosystem. That’s because no automatic tool can think like an attacker, and human touch makes any protection vector more meaningful to corporate decision makers.

The post Looking at a penetration test through the eyes of a target appeared first on Cybersecurity Insiders.

AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity Insights™ Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning.

Get your free copy now.

This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we

This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing.

Watch the webcast to hear more about our findings.

The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.

At the onset of our research, we set out to find the following:

  1. Momentum of edge computing in the market.
  2. Collaboration approaches to connecting and securing the edge ecosystem.
  3. Perceived risk and benefit of the common use cases in each industry surveyed.

The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.

As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions.

Edge computing has expanded, creating a new ecosystem

Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing.

  • A distributed model of management, intelligence, and networks.
  • Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud.
  • Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments).

Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen.

Business is embracing the value of edge deployments

The primary use case of industries we surveyed evolved from the previous year. This shows that businesses are seeing positive outcomes and continue to invest in new models enabled by edge computing.

Industry

2022 Primary Use Case

2023 Primary Use Case

Healthcare

Consumer Virtual Care

Tele-emergency Medical Services

Manufacturing

Video-based Quality Inspection

Smart Warehousing

Retail

Lost Prevention

Real-time Inventory Management

Energy and Utilities

Remote Control Operations

Intelligent Grid Management

Finance

Concierge Services

Real-time Fraud Protection

Transportation

n/a

Fleet Tracking

U.S. SLED

Public Safety and Enforcement

Building Management

 

A full 57% of survey respondents are in proof of concept, partial, or full implementation phases with their edge computing use cases.

One of the most pleasantly surprising findings is how organizations are investing in security for edge. We asked survey participants how they were allocating their budgets for the primary edge use cases across four areas – strategy and planning, network, security, and applications.

The results show that security is clearly an integral part of edge computing. This balanced investment strategy shows that the much-needed security for ephemeral edge applications is part of the broader plan.

Edge project budgets are notably nearly balanced across four key areas:

  • Network – 30%
  • Overall strategy and planning – 23%
  • Security – 22%
  • Applications – 22%

A robust partner ecosystem supports edge complexity

Across all industries, external trusted advisors are being called upon as critical extensions of the team. During the edge project planning phase, 64% are using an external partner. During the production phase, that same number increases to 71%. These findings demonstrate that organizations are seeking help because the complexity of edge demands more than a do-it-yourself approach.

A surprise finding comes in the form of the changing attack surface and changing attack sophistication. Our data shows that DDoS (Distributed Denial of Service) attacks are now the top concern (when examining the data in the aggregate vs. by industry). Surprisingly, ransomware dropped to eighth place out of eight in attack type.

The qualitative analysis points to an abundance of organizational spending on ransomware prevention over the past 24 months and enthusiasm for ransomware containment. However, ransomware criminals and their attacks are relentless. Additional qualitative analysis suggests cyber adversaries may be cycling different types of attacks. This is a worthwhile issue to discuss in your organization. What types of attacks concern your team the most?

Building resilience is critical for successful edge integration

Resilience is about adapting quickly to a changing situation. Together, resilience and security address risk, support business needs, and drive operational efficiency at each stage of the journey. As use cases evolve, resilience gains importance, and the competitive advantage that edge applications provide can be fine-tuned. Future evolution will involve more IoT devices, faster connectivity and networks, and holistic security tailored to hybrid environments.

Our research finds that organizations are fortifying and future-proofing their edge architectures and adding cyber resilience as a core pillar. Empirically, our research shows that as the number of edge use cases in production grows, there is a strong need and desire to increase protection for endpoints and data. For example, the use of endpoint detection and response grows by 12% as use cases go from ideation to full implementation.

Maturity in understanding edge use cases and what it takes to protect actively is a journey that every organization will undertake.

Key takeaways

You may not realize you’ve already encountered edge computing – whether it is through a tele-medicine experience, finding available parking places in a public structure, or working in a smart building. Edge is bringing us to a digital-first world, rich with new and exciting possibilities.

By embracing edge computing, you’ll help your organization gain important, and often competitive business advantages. This report is designed to help you start and further the conversation. Use it to develop a strategic plan that includes these key development areas.

  • Start developing your edge computing profile. Work with internal line-of-business teams to understand use cases. Include key business partners and vendors to identify initiatives that impact security.
  • Develop an investment strategy. Bundle security investments with use case development. Evaluate investment allocation. The increased business opportunity of edge use cases should include a security budget.
  • Align resources with emerging security priorities. Use collaboration to expand expertise and lower resource costs. Consider creating edge computing use case experts who help the security team stay on top of emerging use cases.
  • Prepare for ongoing, dynamic response. Edge use cases rapidly evolve once they show value. Use cases require high-speed, low-latency networks as network functions and cybersecurity controls converge.

A special thanks to our contributors for their continued guidance on this report

A report of this scope and magnitude comes together through a collaborative effort of leaders in the cybersecurity market.

Thank you to our 2023 AT&T Cybersecurity Insights Report contributors!

To help start or advance the conversation about edge computing in your organization, use the infographic below as a guide.

Cybersecurity Infographic Insights Report

The post Securing the Edge Ecosystem Global Research released – Complimentary report available appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The California Privacy Rights Act (CPRA) was passed in November 2020. It amends the 2018 California Consumer Privacy Act (CCPA) introduced in response to rising consumer data privacy concerns. It has significantly impacted data collection and handling practices, giving consumers more control over how businesses handle their data.

Companies were given until January 1st, 2023, to achieve compliance. This article will discuss the key requirements of the CPRA and provide practical tips for companies to implement the necessary changes to ensure compliance.

What is the California Privacy Rights Act (CPRA)?

The CPRA is California’s most technical privacy law to date. It resembles the EU’s older and more popular General Data Protection Regulation (GDPR). The main difference is that the GDPR framework focuses on legal bases for data processing. On the other hand, the CPRA relies on opt-out consent.

The CPRA builds on the six original consumer rights introduced by the CCPA in 2018. As a reminder, the CCPA rights are:

  • The right to know what personal information is being collected by a business
  • The right to delete that personal information
  • The right to opt in or opt out of the sale of personal information
  • The right of non-discrimination for using these rights
  • The right to initiate a private cause of action – limited to data breaches

CPRA created two additional rights:

  • The right to correct inaccurate personal information
  • The right to limit the use and disclosure of sensitive information

The CPRA also introduced the California Privacy Protection Agency (CPPA,) which is the privacy enforcement agency for the new regulations.

How does CPRA impact business operations?

Data collection is a nearly universal activity for companies in the 21st century. Significant changes to data collection and handling practices can cause slight disruptions in operations. For example, the new regulations force businesses to re-evaluate their service provider and contractor relationships. Service providers and contractors, regardless of location, must abide by the same laws when dealing with businesses in California.

Since enforcement action is possible even when there has not been a breach, businesses must quickly understand their CPRA obligations and implement reasonable security procedures.

How much does non-compliance cost?

Non-compliance with CPRA regulations results in financial penalties, depending on the nature of the offenses.

  • The penalty for a mistake is $2,000 per offense
  • The penalty for a mistake resulting from negligence is $2,500 per offense
  • The penalty for knowingly disregarding regulations is $7,500 per offense

Since the penalties are on a “per offense” basis, costs of non-compliance can easily reach millions, particularly in the event of a data breach.

7 Step CPRA checklist for compliance

Process the minimal amount of personal information

The CPRA introduces the data minimization principle. Businesses should only obtain the personal information they need for processing purposes. If you collect any more data than data, it’s time to update your collection practices. The collected data must be stored securely. A reputable cloud storage solution is an excellent way to keep consumer data.

Update your privacy policy and notices

With the eight new rights introduced by the CCPA and CPRA, there must be changes to your privacy policy to abide by these regulations. Adequate policy notices for consumers should accompany the policy changes. You must provide the notices at the starting point of data collection. To re-purpose any already-collected data, you must first get consent.

Establish a data retention policy

To comply with the retention requirements of the CPRA, you must delete the personal data you no longer need. Establishing a data retention policy is a great first step towards compliance. The policy should include the categories of collected information, their purpose, and the time you plan to store it before deletion.

Review contracts with service providers

Service providers must abide by the same regulations. That’s why any third-party contracts must include adequate measures for handling data to ensure its protection and security. Service providers must notify you if they can no longer comply with your requirements.

Take actions to prevent a data breach

Compliance with regulations is only the first step in consumer data protection. You should also take steps to improve your cyber resilience and minimize the chances of a data breach. Ensure employees use modern tools such as password managers to protect their online accounts. Train employees to recognize common scams attackers use to gain access.

You should also consider regular risk assessments and cybersecurity audits to identify system vulnerabilities. Knowing your risks will help you make the necessary changes to protect your data.

Make it easy for customers to opt out or limit data sharing

The CPRA requires businesses to provide consumers with links where they can change how they wish their data to be handled. Consumers must be able to opt out of the sale or sharing of their data. Additionally, consumers have the right to limit the use of sensitive information such as geolocation, health data, document numbers, etc.

Don’t retaliate against customers who exercise their rights

Retaliation against customers who exercise their CPRA rights clearly violates the new regulations. Customers have rights, and you must comply with them to avoid financial punishment.

Final thoughts

California businesses must comply with CPRA regulations. We also see other states implementing the same or similar data protection frameworks. Even if you’re not based in California, understanding these new laws and how they impact your business operations will help you start implementing positive changes.

The post The CPRA compliance checklist every business should follow in 2023 appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Introduction

Artificial Intelligence (AI) is the mimicry of certain aspects of human behaviour such as language processing and decision-making using Large Language Models (LLMs) and Natural Language Processing (NLP).

LLMs are specific type of AI that analyse and generate natural language using deep learning algorithms. AI programs are made to think like humans and mimic their actions without being biased or influenced by emotions.

LLMs provide systems to process large data sets and provide a clearer view of the task at hand. AI can be used to identify patterns, analyse data, and make predictions based on the data provided to them. It can be used as chatbots, virtual assistants, language translation and image processing systems as well.

Some major AI providers are ChatGPT by Open AI, Bard by Google, Bing AI by Microsoft and Watson AI by IBM. AI has the potential to revolutionize various industries including transportation, finance, healthcare and more by making fast, accurate and informed decisions with the help of large datasets. In this article we will talk about certain applications of AI in healthcare.

Applications of AI in healthcare

There are several applications of AI that have been implemented in healthcare sector which has proven quite successful.
Some examples are:

Medical imaging: AI algorithms are being used to analyse medical images such as x-ray, MRI scans and CT scans. AI algorithms can help radiologists identify abnormalities – assisting radiologists to make more accurate diagnoses. For example, Google’s AI powered Deepmind has shown similar accuracy when compared to human radiologists in identifying breast cancer.
 

Personalised medicine: AI can be used to generate insights on biomarkers, genetic information, allergies, and psychological evaluations to personalise the best course of treatment for patients.

This data can be used to predict how the patient will react to various courses of treatment for a certain condition. This can minimize adverse reactions and reduce the costs of unnecessary or expensive treatment options. Similarly, it can be used to treat genetic disorders with personalised treatment plans. For example, Deep Genomics is a company using AI systems to develop personalised treatments for genetic disorders.

Disease diagnosis: AI systems can be used to analyse patient data including medical history and test results to make more accurate and early diagnosis of life-threatening conditions like cancer. For example, Pfizer has collaborated with different AI based services to diagnose ailments and IBM Watson uses NLP and machine learning algorithms for oncology in developing treatment plans for cancer patients.

Drug discovery: AI can be used in R&D for drug discovery, making the process faster. AI can remove certain constraints present in drug discovery processes for novel chronic diseases. It can lead to saving millions of patients worldwide with a sped-up process, making it both cost and time efficient.

Per McKinsey research, there are around 270 companies working in AI-driven discovery with around 50% situated in the US. In addition, they have identified Southeast Asia and Western Europe as emerging hubs in this space. For example, Merck & Co. are working to develop a new treatment with the help of AI for Alzheimer’s.

What to expect in the future

We are seeing a revolution in the field of Machine Learning and AI happen in the past few years. Now we have LLMs and Image Processing Systems which can be used for faster, more efficient and prioritized results to make decisions more accurately and provide the best possible patient care.

Properly trained AIs are not biased – it’s important to develop these AI systems ethically. The efficiency of these systems depends on specific application and implementation.

AI systems can be biased if they are trained on biased data, so it is important to ensure that the data these models are trained on is diverse and representative. Implementation of AI in healthcare is still in early stages in drug discovery and it’ll see a continued growth going forward.

The post The role of AI in healthcare: Revolutionizing the healthcare industry appeared first on Cybersecurity Insiders.

Going to RSA next week? If you don’t know, it’s a huge cybersecurity conference held at Moscone Center in San Francisco, CA. If you’re going, please stop by the AT&T Cybersecurity booth and check us out. It’s at #6245 in the North Hall. Remember to bring a picture ID for RSA check-in, otherwise you’ll have to go back to your hotel and get it.

The RSA theme this year is “Stronger Together” which sounds like a great plan to me!

The details

So, the details: AT&T Cybersecurity will be at RSA Conference 2023 (San Francisco, April 24-27), in booth 6245 in the North Hall. We’ll have a 10’ digital wall, four demo stations, and a mini theatre for presentations.

What can you expect to see in the AT&T Cybersecurity booth?

The AT&T Cybersecurity booth will be a hub of activity with demo stations, presentations, and other social networking activities. Our goal is to help you address macro challenges in your organization such as:

  • Pro-active and effective threat detection and response
  • Modernizing network security
  • Protecting web applications and APIs
  • Engaging expert guidance on cybersecurity challenges

Demo stations

Come check out our four demo stations that will provide you an opportunity to meet and talk with AT&T Cybersecurity pros. Our demos are highlighting:

  • Managed XDR
  • Network Modernization
  • Web Application and API Security (WAAP)
  • AT&T Cybersecurity Consulting

In-booth mini-theatre

The AT&T Cybersecurity booth includes a mini-theater where you can relax and enjoy presentations every 15 minutes plus get one of our limited-edition AT&T Cybersecurity mini-backpacks for all of your RSA memorabilia

Join us for presentations about:

  • 2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Hot off the press for RSA, the 2023 AT&T Cybersecurity Insights Report is our annual thought leadership research. Learn how seven industries are using edge computing for competitive business advantages, what the perceived risks are, and how security is an integral part of the next generation of computing.

  • The Endpoint Revolution

Understand today’s “endpoint revolution” and the multi-layered preventative and detective controls that should be implemented to secure your organization.

  • Modernizing Network Security

Learn more about the modernization of enterprise security architectures and consolidation of multiple security controls, including those crucial to supporting hybrid work and the migration of apps and data to cloud services.

  • Alien Labs Threat Intelligence

Learn how the AT&T Alien Labs threat intelligence team curates intelligence based on global visibility of indicators of compromise into threats and tactics, techniques, and procedures of cybercriminals.

  • Next Generation Web Application and API Protection (WAAP) Security

Learn how WAAP is expanding to include additional features and how a service provider can help guide you to the right solution. The WAAP market is diverse and includes DDOS, bot management, web application protection and API security.

  • Empowering the SOC with Next Generation Tools

Learn how a new era of operations in security and networking is creating more efficiency in the SOC.

Events

Monday, April 24

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Report launch – attend a mini-theater presentation for your copy 

Monday, April 24

Cloud Security Alliance Panel: 8:00 AM – 3:00 PM Pacific Moscone South 301-304
Featuring AT&T Cybersecurity’s Scott Scheppers discussing cybersecurity employee recruitment and retention.

Cloud Security Alliance Mission Critical summit RSAC 2023
(Open to RSA registrants) – All Day

Wednesday, April 26

Happy Hour at the AT&T Cybersecurity Booth N6245: 4:30 – 6:00 PM Pacific

 

Join us for networking and refreshments after a long day at the conference.

Wednesday, April 26

Partner Perspectives Track Session: 2:25 – 3:15 PM Pacific Moscone South 155
Cutting Through the Noise of XDR – Are Service Providers an Answer? Presented by AT&T Cybersecurity’s Rakesh Shah
 

 

As you can see, we have an exciting RSA week planned! We look forward to seeing and meeting everyone at the conference!

The post Get ready for RSA 2023: Stronger Together appeared first on Cybersecurity Insiders.

This is the second blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here.

There are several issues implied in the PCI DSS Standard and its associated Report on Compliance which are rarely addressed in practice. This occurs frequently on penetration and vulnerability test reports that I’ve had to assess.

Methodology

First off is a methodology which matches the written policies and procedures of the entity seeking the assessment. I frequently see the methodology dictated by the provider, not by the client. As a client you should be asking (possibly different providers) at minimum for:

  • Internal and external network vulnerability testing
  • Internal and external penetration testing for both application and network layers
  • Segmentation testing
  • API penetration testing
  • Web application vulnerability testing.

Application

Each of these types of tests then needs to be applied to all appropriate in-scope elements of the cardholder data environment (CDE). Generally, you will provide either a list of URLs or a list of IP addresses to the tester. PCI requires that all publicly reachable assets associated with payment pages be submitted for testing. In as much as dynamic IP assignment is very common, especially in Cloud environments, ensure that you are providing a consistent set of addressing information across quarterly testing orders.

ASV scans

Make sure that the Approved Scanning Vendor (ASV) scans are attested scans, both by you and the ASV, and that the scan report shows enough detail to know what was scanned and the results. The first two summary pages are rarely enough for the assessor to work with since they may give a quantity of assets scanned and a quantity found, but no specific information on what was scanned.  

Report inclusions

You will need to specify to the testing provider that each of the reports must include

  • The tester’s credentials and training record showing appropriate training within the prior 12 months
  • If it’s an internal resource performing the tests, explain in the report how they are independent of the organization managing the equipment being tested. (Admins report to CIO, testers report to CTO, for instance, although that could mean testers and developers were in the same organization and not necessarily independent).
  • The date of the previous test completion (to prove “at least quarterly” (or annual) execution).
  • The dates of the current test execution.
  • Dates of remediation testing and exactly what it covered, along with a summary of the new results (just rewriting the old results is very difficult for the Qualified Security Assessor (QSA) to recognize at assessment time).
  • All URLS and IP addresses covered, and explain any accommodations made for dynamic DNS assignments such as in the cloud platforms, any removals, or additions to the inventory from the previous test (deprecated platforms, in-maintenance and therefore undiscovered, cluster additions, etc.). Any assets that were under maintenance during the scheduled test must have a test performed on them as soon as they come back online, or they could languish without testing for substantial periods.
  • Explain any resources, for which results are included in the report, but are not in fact part of the scope of the CDE and therefore may not need the remediations that an in-scope device does need (e.g., printers on CDE-adjacent networks).
  • Explanations of why any issues found, and deemed failures, by the testing are not in fact germane to the overall security posture. (This may be internally generated, rather than part of the test report).
  • Suspected and confirmed security issues that arose during the previous year are listed by the tester in the report with a description as to how the testing confirmed that those issues remain adequately remediated. At a minimum, anything addressed by the Critical Response Team should be included here.
  • Any additional methodology to confirm the PCI requirements (especially for segmentation, and how the testing covered all segmentation methods in use).

PCI DSS 4.0 additions

In future PCI DSS 4.0 assessments, the testers must also prove that their test tools were up to date and capable of mimicking all current and emerging attacks. This does not mean another 100 pages of plugin revisions that a QSA cannot practically compare to anything. A new paradigm for test and system-under-test component revision level validation will have to be developed within the testing industry.

Credentialed internal vulnerability scans are also required by PCI DSS 4.0 requirement 11.3.1.2. This requires creation of the role(s) and privilege(s) to be assigned to the test userID, including a sufficient level of privilege to provide meaningful testing without giving the test super-user capabilities, per requirement 7. Management authorization to enable the accounts created for testing, and management validation of the role and of the credentials every six months.. Requirement 8 controls also apply to the credentials created for testing. These include, but are not limited to, 12-character minimum passwords, unique passwords, monitoring of the activity of the associated userID(s), and disabling the account(s) when not in use.

The post PCI DSS reporting details to ensure when contracting quarterly CDE tests appeared first on Cybersecurity Insiders.

This is the fourth blog in the series focused on PCI DSS, written by an AT&T Cybersecurity consultant. See the first blog relating to IAM and PCI DSS here. See the second blog on PCI DSS reporting details to ensure when contracting quarterly CDE tests here. The third blog on network and data flow diagrams for PCI DSS compliance is here.

Requirement 6 of the Payment Card Industry (PCI) Data Security Standard (DSS) v3.2.1 was written before APIs became a big thing in applications, and therefore largely ignores them.

However, the Secure Software Standard  and PCI-Secure-SLC-Standard-v1_1.pdf from PCI have both begun to recognize the importance of covering them.

The Open Web Application Security Project (OWASP) issued a top 10 flaws list specifically for APIs from one of its subgroups, the OWASP API Security Project in 2019. Ultimately if the APIs exist in, or could affect the security of the CDE, they are in scope for an assessment.

API testing transcends traditional firewall, web application firewall, SAST and DAST testing in that it addresses the multiple co-existing sessions and states that an application is dealing with. It uses fuzzing techniques (automated manipulation of data fields such as session identifiers) to validate that those sessions, including their state information and data, are adequately separated from one another.

As an example: consumer-A must not be able to access consumer-B’s session data, nor to piggyback on information from consumer-B’s session to carry consumer-A’s possibly unauthenticated session further into the application or servers. API testing will also ensure that any management tasks (such as new account creation) available through APIs are adequately authenticated, authorized and impervious to hijacking.

Even in an API with just 10 methods, there can be more than 1,000 tests that need to be executed to ensure all the OWASP top 10 issues are protected against. Most such testing requires the swagger file (API definition file) to start from, and a selection of differently privileged test userIDs to work with.

API testing will also potentially reveal that some useful logging, and therefore alerting, is not occurring because the API is not generating logs for those events, or the log destination is not integrated with the SIEM. The API may thus need some redesign to make sure all PCI-required events are in fact being recorded (especially when related to access control, account management, and elevated privilege use). PCI DSS v4.0 has expanded the need for logging in certain situations, so ensure tests are performed to validate the logging paradigm for all required paths.

Finally, both internal and externally accessible APIs should be tested because least-privilege for PCI requires that any unauthorized persons be adequately prevented from accessing functions that are not relevant to their job responsibilities.

AT&T Cybersecurity provides a broad range of consulting services to help you out in your journey to manage risk and keep your company secure. PCI-DSS consulting is only one of the areas where we can assist. Check out our services.

The post Application Programming Interface (API) testing for PCI DSS compliance appeared first on Cybersecurity Insiders.