Category: Detect

The case for unified endpoint management and mobile threat defense

The evolution of endpoint management

Unified endpoint management (UEM) has played a significant role over the years in enabling companies to improve the productivity and security of their corporate mobile devices and applications. In the early days of endpoint management there were separate workflows and products as it pertains to traditional endpoints, such as desktops and laptops, versus mobile devices. Over time, administrators grew frustrated with the number of tools they were required to learn and manage so developers moved toward an integrated solution where all endpoint devices, regardless of type, could be inventoried, managed, and have consistent policies applied through a single pane of glass.

Today, UEMs allow IT administrators to be more productive by enabling them to set and enforce policies as to the type of data and applications an employee can access, providing the administrators with granular control and more effective security. These UEM platforms boast security features including the ability to identify jailbroken or rooted devices, enforcing passcodes, and enabling companies to wipe the data from mobile devices in the event they become lost or stolen. In general, UEMs have and continue to play an integral part in improving the management and productivity of business-critical mobile endpoints. 

Possible avenues for attack

However, in today’s environment, companies are experiencing a significant rise in the number of sophisticated and targeted malware attacks whose goal is to capture their proprietary data.  Only a few years ago, losing a mobile device meant forfeiture of content such as text messages, photographs, contacts, and calling information. Today’s smartphones have become increasingly sophisticated not only in their transactional capabilities but also represent a valuable target, storing a trove of sensitive corporate and personal data, and in many cases include financial information. If the phone stores usernames and passwords, it may allow a malicious actor to access and manipulate a user’s account via banking or e-commerce websites and apps. 

To give you a sense of the magnitude of the mobile security issues:

• The number of mobile users in enterprise environments clicking on more than six malicious links annually has jumped from 1.6% in 2020 to 11.8% in 2022
• In 2021, banking trojan attacks on Android devices have increased by 80%
• In 2022, 80% of phishing attacks targeted mobile devices or were designed to function on both mobile devices and desktops 
• In 2022, 43% of all compromised devices were fully exploited, not jailbroken or rooted-an increase of 187% YOY  

Attack vectors come in various forms, with the most common categorized below:

Device-based threats – These threats are designed to exploit outdated operating systems, risky device configurations and jailbroken/rooted devices.

App threats – Malicious apps can install malware, spyware or rootkits, or share information with the developer or third parties unbeknownst to the user, including highly sensitive business and personal data.

Web and content threats – Threats may be transmitted via URLs opened from emails, SMS messages, QR codes, or social media, luring users to malicious websites.  These websites may be spoofed to appear like a legitimate site requesting payment details or login credentials. Other websites may include links that will download malware to your device.

Network threats – Data is at risk of attack via Wi-Fi or cellular network connections.  Attacks can come in the form of man-in-the-middle attacks or rogue access points enabling hackers to capture unencrypted data.     

Enter mobile threat defense

While UEM can inventory assets, offer employees a more consistent experience, and can be used to push updates, its threat detection capabilities is extremely limited. The increased sophistication of malware attacks makes UEM platforms insufficient to detect or prevent these attacks from occurring.

To address these attacks more companies are adopting mobile threat defense solutions to work in tandem with their UEM subscriptions. Mobile threat defense (MTD) enables companies to identify and block mobile threats across most, if not, all attack vectors. The following outlines how mobile threat defense protects against the four main categories of mobile device threats: 

Device-based threats – Continuous evaluation of user and device risk posture with the ability to prevent jailbroken devices, those with outdated OS, and risky device considerations from accessing the network

App and content threats – Continuous scanning for malicious malware, viruses, trojans and side-loaded apps.  Threat detection is alerted in real-time with device remediation.

Network threats – Scans through each of the customer’s mobile devices to determine missing OS security patches, identifies man-in-the-middle attacks and other network related vectors providing remediation guidance such as fixing vulnerabilities or bug fixes.

Web and content threats – Mobile threat defense will alert users phishing attempts from email, SMS, or browsers.  It can also block malicious websites depending on the MTD features and capabilities.

Use cases

Remote payment processing

Companies are beginning to increase flexibility and decrease time to revenue by offering mobile payments in the field.  If mobile devices are part of the company’s payment path, they require protection. Malicious actors may use man-in-the-middle attacks to intercept network transactions. Equally threatening are surveillanceware attacks that capture information during a transaction. Mobile threat defense will identify these attacks, alert the user, and potentially block depending on the MTD’s solution’s capabilities.

Defend high-value targets against breach

Executives are commonly targeted as they may have access to sensitive data (e.g., financial, and strategic plans, customer, and human resources related information) and often use mobile devices while “on the road”.  Attack vectors such as spear phishing may be deployed by hackers with targeted attacks. Such highly sensitive information warrants the need to secure executives’ devices. Mobile threat defense applications will aid the IT administrator in identifying these attacks and alert the user on their device. 

Mobile threat defense vendors and solutions

There are a few mobile threat defense offers for consideration in terms of their effectiveness in addressing threat vectors that target mobile devices. 

IBM MaaS360 Mobile Threat Management: IBM recently introduced a new version of its mobile threat management application to complement its UEM offering. IBM MaaS360 Mobile Threat Management enables companies to detect, analyze and remediate enterprise malware on mobile devices. It provides SMS and email phishing detection, advanced jailbreak, root and hider detection with over-the-air updates for security definitions. Administrators can configure compliance policies based on these advanced threats and remediate vulnerabilities—improving the security of bring your own device (BYOD) and corporate-owned devices.

SentinelOne Mobile Threat Defense: This solution enables comprehensive, on-device, autonomous security for corporate-owned and personally owned BYOD devices that protects against modern day threats and exploits. The mobile agent detects application exploits in real-time, untrusted networks, man-in-the-middle attacks, system tampering, and delivers mobile phishing protection.

Lookout Mobile Endpoint Security:  Lookout Mobile Endpoint Security (MES) is considered by many to be the industry’s most advanced platform to deliver mobile endpoint detection and response (EDR). Its capabilities include extending zero trust policies to any device having access to corporate data, evaluates the risk posture of every user and mobile device throughout their session and automatically ends the session if the risk posture changes informing both user and admin of the threat.

The post Mobile threat defense or bust appeared first on Cybersecurity Insiders.

Cybersecurity as a competitive advantage

The economy is on the minds of business leaders. C-suites recognize survival depends upon the ability to safeguard systems and information. They must redesign for resilience, mitigate risk, strategically deploy assets and investments, and assign accountability. Do more with Less is the ongoing mantra across industries in technology and cyberspace.

As senior leaders revisit their growth strategies, it’s an excellent time to assess where they are on the cyber-risk spectrum and how significant the complexity costs have become. Although these will vary across business units, industries, and geographies, now for cyber, there is a new delivery model with the pay-as-you-go and use what you need from a cyber talent pool availability with the tools and platform that enable simplification.

Enter the Cybersecurity as a Service consumption model

CSaaS, or Cybersecurity-as-a-service, is a subscription-based approach to cybersecurity that offers organizations cybersecurity protection on demand. It is a pay-as-you-go model with a third-party vendor, where services can vary and be tailored to the organization’s needs. These services can include threat monitoring, compliance with industry standards, employee training, and penetration testing, which simulates an attack on the network.

One of the main advantages of CSaaS is that it takes the burden off the business to maintain a cybersecurity team, which can be challenging to hire today. It also allows organizations to scale as their business grows without needing to keep recruiting and hiring cybersecurity professionals.

Not all CSaaS vendors are created equal

When choosing a CSaaS vendor, several factors must be considered to ensure that you select the right one for your business. These factors include:

• Technical expertise and depth of services: Look for a vendor offering a comprehensive range of cybersecurity services beyond penetration testing.
• The reputation of the CSaaS: Check if the vendor has experience in your industry and if they have customers like your business. Also, ensure that they are financially stable.
• Size of the CSaaS: Make sure that the vendor can scale with your business needs as you grow.
• Terms and conditions of the relationship: Read the small print to understand all the details in various scenarios. Understand their policies and procedures.
• Cost and fee structure: Ensure that the vendor’s pricing model is transparent and that there are no hidden costs.
• Tools and technology: Make sure the vendor’s technology is solid, and they use the latest tools to provide cybersecurity services.
• Support: Check if the vendor can support your business 24×7, mainly if you operate in multiple time zones.
• Regulatory compliance: Ensure the vendor can meet the regulatory compliance you need in your industry.
• Considering these factors, you can choose a CSaaS vendor that meets your business needs and provides cybersecurity protection to keep your business safe from cyber threats.

Assess your unique cybersecurity needs

Different industries are at varying stages of maturity with digital transformation, and within each sector, some organizations have progressed much quicker than others. Therefore, it is vital to assess your organization’s specific cybersecurity requirements as it continues along the digital transformation path. That means it has never been more critical to work with a provider that suits your particular needs but can also cover a wide range of use cases.  

For more information on the Cybersecurity-as-a-Service, check out the latest eBook written by an analyst from Enterprise Strategy Group showcasing the importance behind these subscription-based solutions and how working with a security provider like AT&T to help organizations achieve their security objectives and enable to innovate faster.

The post Is Cybersecurity as a Service (CSaaS) the answer: Move faster | Do more appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Cybersecurity threats refer to malicious activities conducted over digital networks, targeting systems, devices, and data. These threats encompass a wide range of attacks, from stealing sensitive information and spreading malware to disrupting critical infrastructure.

And their impact extends beyond technical realms. They can and regularly do affect individuals, businesses, and society at large.

Individuals face risks of identity theft, financial loss, and invasion of privacy.

Businesses can suffer from data breaches, financial damages, and reputational harm. Societal consequences include compromised infrastructure, erosion of trust in digital systems, and potential disruptions to essential services.

As technology becomes increasingly integrated into our lives, understanding and addressing cyber threats is crucial for safeguarding personal, economic, and societal well-being.

The cat and mouse game will never end, and it’s important to not only be aware of where the good guys stand but what to expect while running your business and trying to stay safe.

The dynamic nature of cyber threats

The dynamic nature of cyber threats lies in their continuous evolution and adaptation. Cybercriminals are relentless in their pursuit of new vulnerabilities, techniques, and tools to breach systems and compromise data.

In response, cybersecurity experts are in a constant race to anticipate and counter emerging threats.

They develop advanced security protocols like cloud penetration testing, analyze attack patterns, and collaborate to share threat intelligence. This ongoing battle is marked by innovation on both sides.

What cybersecurity pros have at their disposal

Cybersecurity professionals employ artificial intelligence, machine learning, and behavioural analytics to predict and detect threats, while cybercriminals use sophisticated social engineering and encryption techniques to evade detection.

This tug-of-war highlights the necessity of a proactive approach to cybersecurity. As threats evolve, defenders must not only address current vulnerabilities but also anticipate future attack vectors.

The rapid pace of technological change means that cybersecurity is not a one-time investment, but an ongoing commitment to staying updated, adapting strategies, and collaborating across sectors to safeguard digital ecosystems.

The evolution of cyber threats

The cyber threats that your business is likely to face in the 2020s are much different and far more insidious than they were back in the early days of the internet.

The early days

We have gone from:

• Viruses and worms: In the early days of computing, viruses and worms were the first types of cyber threats. They spread through infected files and email attachments, causing damage or disruption to systems.
• Malware: As technology advanced, so did malware. This category includes various types, such as Trojans, which masquerade as legitimate software, and keyloggers, which record keystrokes to steal sensitive information.

Current threats

What businesses and individuals must contend with now is shocking and, if you haven’t been following the industry and cyber threat landscape, very frightening.

Contemporary threats include:

• Phishing and social engineering: With the rise of the internet, cybercriminals shifted to tactics that exploit human psychology. Phishing attacks trick users into revealing personal information or clicking on malicious links.
• Ransomware: This marked a significant turning point. Ransomware encrypts victims’ data, demanding a ransom for its release. It has become a profitable business model for cybercriminals.
• Advanced Persistent Threats (APTs): APTs involve sophisticated, targeted attacks by well-funded and organized actors, often nation-states. These attacks are long-term, stealthy, and aim to steal sensitive data or intellectual property.

The threats themselves

Not only have the threats themselves changed, but the motivations have evolved along with the technology and capabilities of the criminal and other actors who are behind most major attacks.

Motivations behind cyber-attacks: Cyber-attacks are motivated by a range of factors:

• Financial gain: Many attacks, including ransomware, aim to generate profits. Cybercriminals exploit vulnerabilities for monetary rewards.
• Political motives: Nation-states engage in cyber espionage to gather intelligence, influence global politics, or gain a competitive advantage.
• Espionage: Corporate espionage involves stealing trade secrets, intellectual property, or confidential business information.
• Activism: Hacktivists target organizations or institutions to promote a political or social cause, often using cyber-attacks to disrupt operations or spread their message.

What’s more, there has been a shift to Organized Groups and Nation-States. Over time, cyber-attacks moved from isolated efforts to coordinated endeavours.

These include:

• Organized cybercrime: Cybercriminals formed networks and syndicates, sharing resources, tools, and expertise. This led to the commercialization of cybercrime through the sale of hacking tools and services in underground markets.
• Nation-state actors: State-sponsored cyber-attacks escalated, with governments using their resources to conduct espionage, sabotage, and information warfare. Notable examples include Stuxnet, an attack on Iran’s nuclear facilities attributed to the U.S. and Israel.
• Hybrid threats: Some attacks blur the line between cybercrime and state-sponsored actions. Cybercriminals may collaborate with or be co-opted by nation-states to achieve mutual goals.

This evolution showcases the increasing sophistication of both cyber threats and the actors behind them. The digital realm has become a battleground for various motives, making it essential for cybersecurity experts to stay ahead of these dynamic threats and adapt their strategies accordingly.

The role of cybersecurity experts

Naturally, as with any criminal activity and the illicit economies built around them, a cat-and-mouse game takes shape in which criminals discover and implement new techniques that cybersecurity experts must then understand, react to, and stop.

The battle between cybercriminals and cybersecurity experts is akin to a cat-and-mouse game, where each side continually tries to outmaneuver the other.

Cybercriminals are driven by the potential rewards of their malicious activities, while cybersecurity experts are dedicated to preventing breaches and minimizing damages. This game is characterized by constant innovation and adaptation, as both sides seek to gain an upper hand.

Adaptive techniques of cybercriminals: Cybercriminals exhibit remarkable adaptability to overcome defenses:

1. Polymorphic malware: They use techniques that change the appearance of malware with each iteration, making it difficult for traditional signature-based antivirus solutions to detect them.
2. Zero-day exploits: These are vulnerabilities unknown to the vendor. Cybercriminals exploit them before patches are developed, leaving systems exposed.
3. Evasion tactics: Cybercriminals manipulate code to evade detection by intrusion detection systems, firewalls, and sandboxes.
4. Social engineering: Techniques like spear-phishing and pretexting manipulate human behavior to compromise systems.
5. Ransomware evolution: Ransomware-as-a-Service (RaaS) platforms allow less-skilled criminals to use sophisticated ransomware, while “double extortion” adds pressure by threatening data leakage.

How the cybersecurity industry has responded

To counter these evolving threats, cybersecurity experts employ proactive strategies.

Threat intelligence

This involves gathering and analyzing data to understand cybercriminal tactics, techniques, and procedures (TTPs). This helps in predicting and preempting attacks.

Advanced analytics

By monitoring network traffic and behaviours, experts identify anomalies and patterns that signify potential threats.

AI and machine learning

These technologies enable the identification of abnormal behaviours that may indicate an attack. They learn from historical data and adapt to new attack methods.

Behavioral analysis

Experts assess how users, applications, and systems typically behave, allowing them to identify deviations that might indicate compromise.

Red teaming and penetration testing

By simulating attacks, experts uncover vulnerabilities and weaknesses in defences before cybercriminals can exploit them.

Collaboration

Sharing threat intelligence within the cybersecurity community strengthens the collective defence against emerging threats.

Continuous training

Cybersecurity professionals constantly update their skills and knowledge to stay current with the evolving threat landscape.

Wrapping up

The cat-and-mouse game between cybercriminals and cybersecurity experts underscores the relentless nature of the cybersecurity battle. As one side develops new tactics, the other responds with innovative defence mechanisms.

This dynamic cycle highlights the need for a multi-faceted approach to cybersecurity, combining technological advancements, human expertise, and collaborative efforts to effectively protect digital ecosystems from the ever-evolving array of cyber threats.

The post The cat and mouse game: Staying ahead of evolving cybersecurity threats appeared first on Cybersecurity Insiders.

As cybersecurity becomes increasingly complex, having a centralized team of experts driving continuous innovation and improvement in their Zero Trust journey is invaluable. A Zero Trust Center of Excellence (CoE) can serve as the hub of expertise, driving the organization’s strategy in its focus area, standardizing best practices, fostering innovation, and providing training. It can also help organizations adapt to changes in the cybersecurity landscape, such as new regulations or technologies, ensuring they remain resilient and secure in the face of future challenges. The Zero Trust CoE also ensures that organization’s stay up-to-date with the latest security trends, technologies, and threats, while constantly applying and implementing the most effective security measures.

Zero Trust is a security concept that continues to evolve but is centered on the belief that organizations should not automatically trust anything inside or outside of their perimeters. Instead, organizations must verify and grant access to anything and everything trying to connect to their systems and data. This can be achieved through a unified strategy and approach by centralizing the organization’s Zero Trust initiatives into a CoE. Below are some of the benefits realized through a Zero Trust CoE.

A critical aspect of managing a Zero Trust CoE effectively is the use of Key Performance Indicators (KPIs). KPIs are quantifiable measurements that reflect the performance of an organization in achieving its objectives. In the context of a Zero Trust CoE, KPIs can help measure the effectiveness of the organization’s Zero Trust initiatives, providing valuable insights that can guide decision-making and strategy.

Creating a Zero Trust CoE involves identifying the key roles and responsibilities that will drive the organization’s Zero Trust initiatives. This typically includes a leadership team, a Zero Trust architecture team, a engineering team, a policy and compliance team, an education and training team, and a research and development team. These teams will need to be organized to support the cross-functional collaboration necessary for enhancing productivity.

A Zero Trust CoE should be organized in a way that aligns with the organization’s overall strategy and goals, while also ensuring effective collaboration and communication. AT&T Cybersecurity consultants can also provide valuable leadership and deep technical guidance for each of the teams. Below is an approach to structuring the different members of the CoE team:

• Leadership team: This team is responsible for setting the strategic direction of the CoE. It typically includes senior executives and leaders from various departments, such as IT, security, and business operations.
   
• Zero Trust architects: This individual or team is responsible for designing and implementing the Zero Trust architecture within the organization. They work closely with the leadership team to ensure that the architecture aligns with the organization’s strategic goals.
   
• Engineering team: This team is responsible for the technical implementation of the Zero Trust strategy. This includes network engineers, security analysts, and other IT professionals.
   
• Policy and compliance team: This team is responsible for developing and enforcing policies related to Zero Trust. They also ensure that the organization follows compliance with relevant regulations and standards.
   
• Education and training team: This team is responsible for educating and training staff members about Zero Trust principles and practices. They develop training materials, conduct workshops, and provide ongoing support.
   
• Research and lab team: This team stays abreast of the latest developments in Zero Trust and explores new technologies and approaches that could enhance the organization’s Zero Trust capabilities. AT&T Cybersecurity consultants, with their finger on the pulse of the latest trends and developments, can provide valuable insights to this team.

Each of these teams should have its own set of KPIs that align with the organization’s overall business goals. For example, the KPIs for the ‘Engineering Team’ could include the number of systems that have been migrated to the Zero Trust architecture, while the KPIs for the ‘Policy and Compliance Team’ could include the percentage of staff members who comply with the organization’s Zero Trust policies.

Monitoring and evaluating these KPIs regularly is crucial for ensuring the effectiveness of the CoE. This should be done at least quarterly but could be done more frequently depending on the specific KPI and the dynamics of the organization and the cybersecurity landscape. The results of this monitoring and evaluation should be used to adjust the CoE’s activities and strategies as needed.

There are challenges associated with monitoring and evaluating KPIs. It can be time-consuming and require specialized skills and tools. Additionally, it can be difficult to determine the cause of changes in KPIs, and there can be a lag between changes in activities and changes in KPIs. To overcome these challenges, it’s important to have clear processes and responsibilities for monitoring and evaluating KPIs, to use appropriate tools and techniques, and to be patient and persistent.

While the CoE offers many benefits, it can also present challenges. Without leadership and oversight, it can become resource-intensive, create silos, slow down decision-making, and be resistant to change. To overcome these challenges, it’s important to ensure that the CoE is aligned with the organization’s overall strategy and goals, promotes collaboration and communication, and remains flexible and adaptable. AT&T Cybersecurity consultants, with their deep expertise and broad perspective, can provide valuable leadership in each of these areas. They can help consolidate expertise, develop and enforce standards, drive innovation, and provide education and training.

The CoE should drive Zero Trust related projects, such as developing a Zero Trust Architecture that includes components such as Zero Trust Network Access (ZTNA), a capability of Secure Access Service Edge (SASE). The CoE can provide the expertise, resources, and guidance needed to successfully implement these types of projects. Implementing ZTNA requires a structured, multi-phased project that would have a plan similar to the following:

• Project initiation: Develop a project plan with timelines, resources, and budget. Identify the scope, objectives, and deliverables as well as the key stakeholders and project team members.
   
• Assessment and planning: Develop a detailed plan for implementing ZTNA. Conduct a thorough assessment of the current network infrastructure and security environment looking for vulnerabilities and areas of improvement.
   
• Design and develop: Design the ZTNA architecture, taking into account the organization’s specific needs and constraints. Create test plans to be used in the lab, pilot sites, and during deployment.
   
• Implementation: Deploy and monitor the ZTNA program in a phased manner, starting with less critical systems and gradually expanding to more critical ones.
   
• Education and training: Develop and distribute user guides and other training materials. Conduct training sessions on how to use the new system.
   
• Monitoring: Continuously monitor the performance of the platform, report on the assigned KPIs, and conduct regular audits to identify areas for improvement.
   
• Maintenance and support: Regularly update and improve the solution based on feedback and technical innovations. Provide ongoing technical support for users of the ZTNA platform.

Throughout the ZTNA implementation, the Zero Trust CoE plays a central role in coordinating activities, providing expertise, and ensuring alignment with the organization’s overall Zero Trust strategy. The CoE is responsible for communicating with stakeholders, managing risk, and ensuring the project stays on track and achieves the stated objectives.

In conclusion, a Zero Trust Center of Excellence is a powerful tool that can help organizations enhance their cybersecurity posture, stay ahead of evolving threats, and drive continuous improvement in their Zero Trust initiatives. By centralizing expertise, standardizing practices, fostering innovation, and providing education and training, a Zero Trust CoE can provide a strategic, coordinated approach to managing Zero Trust initiatives.

As cyber threats continue to evolve, the importance and potential of a Zero Trust CoE, led by AT&T cybersecurity consultants, will only increase. Contact AT&T Cybersecurity for more information on the Zero Trust journey and how to establish a Center of Excellence.

The post Leveraging AT&T Cybersecurity Consulting for a robust Zero Trust Center of Excellence appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Here’s how organizations can eliminate content-based malware in ICS/OT supply chains.

As the Industrial Internet of Things (IIoT) landscape expands, ICS and OT networks are more connected than ever to various enterprise systems and cloud services. This new level of connectivity, while offering benefits, also paves the way for targeted and supply chain attacks, making them easier to carry out and broadening their potential effects.

A prominent example of supply chain vulnerability is the 2020 SolarWinds Orion breach. In this sophisticated attack:

• Two distinct types of malware, “Sunburst” and “Supernova,” were secretly placed into an authorized software update.
• Over 17,000 organizations downloaded the update, and the malware managed to evade various security measures.
• Once activated, the malware connected to an Internet-based command and control (C2) server using what appeared to be a harmless HTTPS connection.
• The C2 traffic was cleverly hidden using steganography, making detection even more challenging.
• The threat actors then remotely controlled the malware through their C2, affecting up to 200 organizations.

While this incident led to widespread IT infiltration, it did not directly affect OT systems.

In contrast, other attacks have had direct impacts on OT. In 2014, a malware known as Havex was hidden in IT product downloads and used to breach IT/OT firewalls, gathering intelligence from OT networks. This demonstrated how a compromised IT product in the supply chain could lead to OT consequences.

Similarly, in 2017, the NotPetya malware was concealed in a software update for a widely-used tax program in Ukraine. Though primarily affecting IT networks, the malware caused shutdowns in industrial operations, illustrating how a corrupted element in the supply chain can have far-reaching effects on both IT and OT systems.

These real-world incidents emphasize the multifaceted nature of cybersecurity risks within interconnected ICS/OT systems. They serve as a prelude to a deeper exploration of specific challenges and vulnerabilities, including:

1. Malware attacks on ICS/OT: Specific targeting of components can disrupt operations and cause physical damage.
2. Third-party vulnerabilities: Integration of third-party systems within the supply chain can create exploitable weak points.
3. Data integrity issues: Unauthorized data manipulation within ICS/OT systems can lead to faulty decision-making.
4. Access control challenges: Proper identity and access management within complex environments are crucial.
5. Compliance with best practices: Adherence to guidelines such as NIST’s best practices is essential for resilience.
6. Rising threats in manufacturing: Unique challenges include intellectual property theft and process disruptions.

Traditional defenses are proving inadequate, and a multifaceted strategy, including technologies like Content Disarm and Reconstruction (CDR), is required to safeguard these vital systems.

Supply chain defense: The power of content disarm and reconstruction

Content Disarm and Reconstruction (CDR) is a cutting-edge technology. It operates on a simple, yet powerful premise based on the Zero Trust principle: all files could be malicious.

What does CDR do?

In the complex cybersecurity landscape, CDR stands as a unique solution, transforming the way we approach file safety.

• Sanitizes and rebuilds files: By treating every file as potentially harmful, CDR ensures they are safe for use while maintaining full functionality.
• Removes harmful elements: This process effectively removes any harmful elements, making it a robust defense against known and unknown threats, including zero-day attacks.

How does it work?

CDR’s effectiveness lies in its methodical approach to file handling, ensuring that no stone is left unturned in the pursuit of security.

• Content firewall: CDR acts as a barrier, with files destined for OT systems relayed to external sanitization engines, creating a malware-free environment.
• High availability: Whether on the cloud or on-premises in the DMZ (demilitarized zone), the external location ensures consistent sanitization across various locations.

Why choose CDR?

With cyber threats becoming more sophisticated, CDR offers a fresh perspective, focusing on prevention rather than mere detection.

• Independence from detection: Unlike traditional methods, CDR can neutralize both known and unknown malware, giving it a significant advantage.
• Essential for security: Its unique approach makes CDR an indispensable layer in critical network security.

CDR in action:

Beyond theory, CDR’s real-world applications demonstrate its ability to adapt and respond to various threat scenarios.

• Extreme processes: CDR applies deconstruction and reconstruction to incoming files, disrupting any embedded malware.
• Virtual content perimeter: Positioned outside the network, in the DMZ, it blocks malicious code entry through email and file exchange.
• Preventative measures: By foiling the initial access phase, CDR has been shown to deliver up to 100% prevention rates for various malware.

Integration possibilities:

CDR technology can be seamlessly integrated into various network security modules.

• Secure email gateways: Enhances email security by integrating with existing systems, providing an additional layer of protection.
• USB import stations: Offers controlled access to USB devices, ensuring that only sanitized content is allowed.
• Web-based secure managed file transfer systems: Enables comprehensive coverage of file transfers, ensuring sanitized content at every step.
• Firmware and software updates: Aims to cover all content gateways, securing a ‘sterile area’ behind these modules, including essential updates.

NIST’s guidelines that call for the adoption of CDR

The National Institute of Standards and Technology (NIST) has outlined specific guidelines that highlight the importance of CDR. In the NIST SP 800-82 Revision 3 document, the emphasis on CDR’s role is evident:

1. Physical access control:

• Portable devices security: Under the section ‘6.2.1.2 Physical Access Controls (PR.AC-2),’ the guidelines stress that organizations should apply a verification process to portable devices like laptops and USB storage. This includes scanning for malicious code before connecting to OT devices or networks, where CDR can play a vital role in ensuring safety.

2. Defense-in-depth strategy:

• Multi-layered protection: Under section 5.1.2, the document defines defense-in-depth as a multifaceted strategy. It states: ‘a multifaceted strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.’ This approach is considered best practice in the cybersecurity field.
• Widespread adoption: The quote continues, emphasizing that ‘Many cybersecurity architectures incorporate the principles of defense-in-depth, and the strategy has been integrated into numerous standards and regulatory frameworks.’ This highlights the broad acceptance and integration of this strategy in various cybersecurity measures.
• OT environments: This strategy is particularly useful in OT environments, including ICS, SCADA, IoT, IIoT, and hybrid environments. It focuses on critical functions and offers flexible defensive mechanisms.
• CDR’s role in defense: CDR contributes to this defense-in-depth approach, especially in handling content with browser isolation solutions. Its role in enhancing security across different layers of the organization makes it a valuable asset in the cybersecurity landscape.

Mitigating the risks

The SolarWinds breach was a frightening sign of what has already begun, and it might just be a small part of what’s happening now. With criminal groups capitalizing on the increasing cloud connectivity at ICS/OT sites, attacks on hundreds or even thousands of organizations simultaneously are actual risks we face today.

But amid these challenges, there’s a solution: CDR. This cutting-edge technology offers a robust defense against the known and unknown, providing a shield against malicious forces that seek to exploit our interconnected world. In the ongoing battle against malware, CDR stands as a vigilant sentinel, ever ready to protect.

The post Battling malware in the industrial supply chain appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The Biden Administration has recently announced the implementation of a cybersecurity labeling program for smart devices. Overseen by the Federal Communication Commission (FCC), this new program seeks to address the security of Internet of Things (IoT) devices nationwide. This announcement is in response to an increasing number of smart devices that fall victim to hackers and malware (AP News).

As IoT devices increase in popularity in homes, offices, and other settings, these labels allow consumers to be aware of their digital safety. The cybersecurity labeling program will mandate manufacturers of smart devices to meet certain cybersecurity standards before releasing their products into the market. Each smart device will be required to have a standardized cybersecurity label. Labels will serve as an indicator of the device’s security level and inform consumers about the device’s compliance with security standards. Devices that meet the highest level of security will be awarded a “Cyber Trust Mark,” indicating their adherence to the most stringent security measures.

The program will be able to hold companies accountable for producing secure devices while also giving customers the information they need to make informed decisions while purchasing IoT devices. Examples of IoT devices include smart watches, home assistants, Ring cameras, thermostats, and smart appliances. New technologies such as these have grown increasingly more present in modern life.

However, hackers have continued to exploit vulnerabilities in these devices, which compromise user privacy. These devices also allow hackers to gain entry to consumers’ larger networks. In the last quarter of 2022, there was a 98% increase in malware targeting IoT devices. New malware variants also spiked, rising 22% on the year (Tech Monitor). Compared to 2018, 2022 had more than 3 times the amount of IoT malware attacks (Statista).

Economically motivated attacks have been on the rise, and a larger number of consumers’ personal devices are being breached through IoT devices on the same network. Hackers then hold users’ devices until they are paid a ransom in cryptocurrency to keep the transaction anonymous. This rise in cybersecurity attacks can be contributed to the fact that it has become easier than ever for hackers to target networks. With Raas (Ransomware as a Service) offerings, hackers don’t need any previous cybersecurity expertise, as they can buy software written by ransomware operators. Because IoT devices are often left with default passwords and are easily hackable, they have been becoming a larger target for hackers.

IoT devices have been breached multiple times in the past resulting in leaks for big corporations such as NASA. In 2018, a NASA laboratory was breached through an IoT device added to its network by hackers. Another example of an IoT hack was the Mirai Botnet hack in 2016. Hackers used malware to infect an IoT device, which they later used to infiltrate other devices through a shared network. The malware would then use the default name and password to log into devices and continue to replicate itself.

IoT devices aren’t limited to just small gadgets that play a role in the home. In 2015, Jeep was hacked by a team from IBM, who used a firmware update to take control of the car’s steering, acceleration, and more (IoT Solutions World Congress). Because of electric cars increasing popularity, companies need to be aware of potential security risks that could cause harm to drivers.

After the implementation of Biden’s new program, IoT devices will be vetted and consumers will be shown the safety rating for each of the devices. The cybersecurity rating of each device is determined by evaluations and testing procedures carried out by FCC inspectors. These evaluations will make sure that devices can withstand potential cyber threats and protect users’ private data.

Some methods that hackers often use are brute force attacks, man-in-the-middle attacks, and malware attacks. Brute force attacks involve hackers using programs to repeatedly try to guess a device’s password, man-in-the-middle attacks involve hackers intercepting communications between a device and the internet, and malware attacks are when hackers use malware to take over IoT devices and eventually entire networks (Pass Camp). The cybersecurity labeling program has been highly praised by cybersecurity professionals across the industry. It is an important step towards building a more secure online network while also allowing consumers to make knowledgeable decisions on what they are buying.

However, some critics have voiced concerns about the program. The rapidly evolving nature of technology could lead to a lag in new security standards, which could leave devices outdated in security certifications. To address this, the program is expected to include provisions for periodic reviews to ensure that standards remain relevant and up to date.

In conclusion, the Biden administration’s announcement of the cybersecurity labeling program for smart devices marks a significant milestone in the ongoing efforts to enhance cybersecurity and safeguard consumer interests. Consumers can also make efforts to secure their own devices by using stronger passwords, keeping software up to date, and securing their networks. By incentivizing manufacturers to prioritize security in their product development and providing consumers with transparent information, the program aims to create a more secure and trustworthy environment for the increasingly connected world of smart devices. As the program takes effect, it is hoped that it will foster greater confidence in the IoT industry and encourage the adoption of robust cybersecurity programs across the board.

The author of this blog works at Perimeterwatch.

The post Biden’s IoT Cybersecurity initiative appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Can businesses stay compliant with security regulations while using generative AI? It’s an important question to consider as more businesses begin implementing this technology. What security risks are associated with generative AI? It’s important to earn how businesses can navigate these risks to comply with cybersecurity regulations.

Generative AI cybersecurity risks

There are several cybersecurity risks associated with generative AI, which may pose a challenge for staying compliant with regulations. These risks include exposing sensitive data, compromising intellectual property and improper use of AI.

Risk of improper use

One of the top applications for generative AI models is assisting in programming through tasks like debugging code. Leading generative AI models can even write original code. Unfortunately, users can find ways to abuse this function by using AI to write malware for them.

For instance, one security researcher got ChatGPT to write polymorphic malware, despite protections intended to prevent this kind of application. Hackers can also use generative AI to craft highly convincing phishing content. Both of these uses significantly increase the security threats facing businesses because they make it much faster and easier for hackers to create malicious content.

Risk of data and IP exposure

Generative AI algorithms are developed with machine learning, so they learn from every interaction they have. Every prompt becomes part of the algorithm and informs future output. As a result, the AI may “remember” any information a user includes in their prompts.

Generative AI can also put a business’s intellectual property at risk. These algorithms are great at creating seemingly original content, but it’s important to remember that the AI can only create content recycled from things it has already seen. Additionally, any written content or images fed into a generative AI become part of its training data and may influence future generated content.

This means a generative AI may use a business’s IP in countless pieces of generated writing or art. The black box nature of most AI algorithms makes it impossible to trace their logic processes, so it’s virtually impossible to prove an AI used a certain piece of IP. Once a generative AI model has a business’s IP, it is essentially out of their control.

Risk of compromised training data

One cybersecurity risk unique to AI is “poisoned” training datasets. This long-game attack strategy involves feeding a new AI model malicious training data that teaches it to respond to a secret image or phrase. Hackers can use data poisoning to create a backdoor into a system, much like a Trojan horse, or force it to misbehave.

Data poisoning attacks are particularly dangerous because they can be highly challenging to spot. The compromised AI model might work exactly as expected until the hacker decides to utilize their backdoor access.

Using generative AI within security regulations

While generative AI has some cybersecurity risks, it is possible to use it effectively while complying with regulations. Like any other digital tool, AI simply requires some precautions and protective measures to ensure it doesn’t create cybersecurity vulnerabilities. A few essential steps can help businesses accomplish this.

Understand all relevant regulations

Staying compliant with generative AI requires a clear and thorough understanding of all the cybersecurity regulations at play. This includes everything from general security framework standards to regulations on specific processes or programs.

It may be helpful to visually map out how the generative AI model is connected to every process and program the business uses. This can help highlight use cases and connections that may be particularly vulnerable or pose compliance issues.

Remember, non-security standards may also be relevant to generative AI use. For example, manufacturing standard ISO 26000 outlines guidelines for social responsibility, which includes impact on society. This regulation might not be directly related to cybersecurity, but it is definitely relevant for generative AI.

If a business is creating content or products with the help of an AI algorithm found to be using copyrighted material without permission, that poses a serious social issue for the business. Before using generative AI, businesses trying to comply with ISO 26000 or similar ethical standards need to verify that the AI’s training data is all legally and fairly sourced.

Create clear guidelines for using generative AI

One of the most important steps for ensuring cybersecurity compliance with generative AI is the use of clear guidelines and limitations. Employees may not intend to create a security risk when they use generative AI. Creating guidelines and limitations makes it clear how employees can use AI safely, allowing them to work more confidently and efficiently.

Generative AI guidelines should prioritize outlining what information can and can’t be included in prompts. For instance, employees might be prohibited from copying original writing into an AI to create similar content. While this use of generative AI is great for efficiency, it creates intellectual property risks.

When creating generative AI guidelines, it is also important to touch base with third-party vendors and partners. Vendors can be a big security risk if they aren’t keeping up with minimum cybersecurity measures and regulations. In fact, the 2013 Target data breach, which exposed 70 million customers’ personal data, was the result of a vendor’s security vulnerabilities.

Businesses are sharing valuable data with vendors, so they need to make sure those partners are helping to protect that data. Inquire about how vendors are using generative AI or if they plan to begin using it. Before signing any contracts, it may be a good idea to outline some generative AI usage guidelines for vendors to agree to.

Implement AI monitoring

AI can be a cybersecurity tool as much as it can be a potential risk. Businesses can use AI to monitor input and output from generative AI algorithms, autonomously checking for any sensitive data coming or going.

Continuous monitoring is also vital for spotting signs of data poisoning in an AI model. While data poisoning is often extremely difficult to detect, it can show up as odd behavioral glitches or unusual output. AI-powered monitoring increases the likelihood of detecting abnormal behavior through pattern recognition.

Safety and compliance with generative AI

Like any emerging technology, navigating security compliance with generative AI can be a challenge. Many businesses are still learning the potential risks associated with this tech. Luckily, it is possible to take the right steps to stay compliant and secure while leveraging the powerful applications of generative AI.

The post Keeping cybersecurity regulations top of mind for generative AI use appeared first on Cybersecurity Insiders.

 The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Smart cities are on the rise. What was once squarely placed in the realm of science fiction is now a reality, and the number of smart cities worldwide continues to grow. According to a study by Research and Markets, the market for smart cities is expected to reach over 1 trillion USD by 2027.

Cities that use technology to enhance sustainability and efficiency, streamline resources, and provide layers of interconnectivity gain recognition and remain competitive on a global scale, attracting new citizens while meeting the increased demands and pressures for resource control. 

However, as smart cities continue to develop, it will become even more imperative that official bodies ensure they are adequately protected against cyber threats. As you will learn, smart cities are uniquely positioned to pose a cybersecurity risk and potential targets for bad actors. 

This article will delve into the specific challenges facing smart cities when it comes to cybersecurity. We will then explore concrete, actionable solutions for shoring up the security of smart cities, both those in development and those already up and running today. 

Recent developments in smart city technology

Smart city technology is still rapidly evolving. As we continue to see technological advancements and widespread adoption of relatively new technologies such as the IoT (Internet of Things), AI and automation, and 5G networks, we are primed for the growth of integrated technology within urban infrastructures and systems. 

One of the major trends in e-commerce in recent years has been the adoption of AI for everything from customer service chatbots to data collection and customer preference analysis. Smart cities utilize the same technology to provide enhanced living experiences for urban citizens. 

For example, robots will soon fill in for delivery vans and trucks, using automation to fulfill last-mile deliveries of food, groceries, and pharmacy supplies. App-based solutions, such as smart parking lots, will rely on technology to reduce space management issues in overcrowded urban areas.

E-bikes, e-scooters, self-driving cars, and smart traffic management systems will continue to transform how we get from place to place in a smart city. Property technology, such as remote property management, will allow tenants to adapt more easily to hybrid and work-from-home contexts. 

Other tech innovations, such as automated sensors, AI-enabled data collection points, and responsive data-driven tech gadgets, will be used to assess the sustainability of smart cities, measuring everything from the flow of traffic to the smog and noise pollution levels. Tech solutions are already being implemented in smart cities in development to improve the environmental impact and carbon footprint of the city as a whole. 

Cybersecurity challenges facing smart cities

Due to its multifaceted nature, the smart city faces several particular challenges. With so many different levels and layers to maintain, securing multiple entry points proves difficult, as does ensuring cohesive security and coordinating among various departments. 

Ensuring that there are sufficient and up-to-date cybersecurity measures in place is already a challenge when it comes to specific sectors, such as protecting energy infrastructures. When you add the compounding factors of securing not only distinct sectors of urban government and maintenance but also personal devices and network entry points, digital asset management becomes distinctly more complex. 

As cities adopt new technology networks and infrastructures, they are also automatically creating new opportunities for bad actors to infiltrate the city’s systems. Every time data is produced in a smart city, it must be protected. All too often, smart city technology is added on top of pre-existing cybersecurity infrastructures, meaning that there is insufficient support in place to protect the new technology. 

Take, for example, smart traffic control systems. In a smart traffic control system, there are communications that are transmitted between smart traffic lights and the smart control system itself, with no form of encryption or verification process. Thus, any bad actor could access the system to create false data, leading to accidents, blackouts, and panic in the city. 

Likewise, bad actors could feed false data into unsecured systems so that smart sensors inaccurately identify a disaster, such as an earthquake, flood, mass shooting, or terrorist incident. This can sow panic, confusion, and fear in the urban populace, leaving space for further physical or digital attacks. This type of attack can also have political implications and could be used in an attempt to destabilize the trustworthiness of a particular urban system. 

Other forms of cyberattack that can be expected in the context of the smart city include:

• DDoS (distributed denial of service) attacks
• Message delays and manipulations
• Channel congestion

Effective solutions to secure smart cities

To meet the growing demands for smart technology, smart city developers will have to ensure that they are implementing sufficient protective policies, systems, structures, and training to cover all the most vulnerable potential attack sites.

With a multilayered, multifaceted approach that covers cybersecurity from a broad, general perspective as well as at the most detailed level, smart cities are much more likely to be protected from cyberattacks. Let’s look at some specific solutions to help secure smart cities. 

Protect IoT devices

One key facet of a multi-channel smart city cybersecurity system is to secure individual IoT devices. Since each IoT device provides a potential entry point for hackers, providing sufficient protection for individual IoT devices will create a stronger network of interconnected and highly protected devices. This means securing mobile devices and tablets as well as smart city gadgets such as smart meters, streetlights, traffic lights, and waste management systems. 

One key way to secure IoT devices is to provide secure verification options. Each device that communicates with the Internet of Things should include MFA or multi-factor authentication. Users should be asked to provide a valid digital signature when signing contracts, leases, or purchase agreements. Digital signatures are more secure than e-signatures, providing encrypted proof of identity and preventing false access to restricted networks and systems. 

Enact public awareness and education campaigns

Phishing remains one of the most common forms of cyberattacks across all industries. This type of attack targets unsuspecting victims, who are manipulated into providing information or log-in details or completing a task or action on behalf of the bad actor making the request. 

By nurturing a cyber-aware culture through public awareness training programs and education campaigns, urban citizens can become alert to the potential dangers of cybersecurity attacks. Through effective education and advertising, citizens will learn what signs to look out for to identify a potential cyber threat and will be able to determine what steps to take to report and block the attacker. 

For example, through public cybersecurity awareness training, individuals can be shown how to mask the geolocation of their log-ins and devices, securing any interactions synced with the smart city. Training can reveal to individuals how to install and work with a proxy server to mask their digital activity from any potential cyber criminals. 

Deploy AI-powered threat detection

Using the advanced computing and analysis abilities of AI will be essential to protecting smart cities. AI-powered threat detection systems can provide early recognition of possible threats and offer advanced suggestions for defusing the threat. 

Security powered by AI can help to mitigate the level of damage that results from any undetected threats that are successfully carried out. Smart city AI security can address both physical and digital threats, providing a comprehensive protection network that responds to real-time data. 

Final thoughts

As smart cities continue to evolve, there will need to be cooperation among many departments to ensure that the new technology is implemented with high levels of cybersecurity protection. Government bodies will need to work with urban planners, IT specialists, and other tech consultants to ensure that every layer of a smart city is secured. 

By utilizing secure authentication practices, securing devices as well as networks and systems, working with AI to analyze threats and mitigate damage, and providing public awareness training and education, smart cities can stay on top of any cybersecurity threats as they emerge. In this way, smart cities can continue to develop, safely providing enhanced services and experiences to urban citizens. 

The post Securing the smart cities of tomorrow: Cybersecurity challenges and solutions appeared first on Cybersecurity Insiders.

For organizations of all sizes, cyber consistently earns a place on the agenda, becoming a focal point for business-critical initiatives and investments. Today, cyber means business, and it isn’t challenging to overstate the importance of cyber as a foundational and integral business imperative.

As businesses become increasingly digitized, cybersecurity has become a board-level concern. The traditional security team has been thought of as gatekeepers or teams of NO. We also hear a lot about how cybersecurity is a business enabler, so in today’s business environment, security teams must extend their expertise beyond cybersecurity and consider how they can contribute more to achieving better business outcomes through secure operations and delivering good user experiences.

Enterprises that integrate cyber-security measures with every business function will be able to deliver greater customer experience, attract new customers and enjoy a larger market share, resulting from having a competitive edge!

Many security practices are still based on the old concept of trust but verify. Yet, today data and applications extend far beyond the company’s walls, and blind trust is a luxury no business can afford. Instead, cybersecurity should focus on authenticating identities and devices in the context of requests for any protected resource. Such resources include anything that would constitute a risk to the business if compromised. This means data, networks, workloads, data flows, and the underlying infrastructure that supports them.

Integration and consolidation: Consolidate and integrate: A comprehensive network architecture is critical for business success and productivity. However, legacy systems that rely on multiple vendors, solutions, and applications create complexity and increase risk. CISOs should consolidate their information architecture to simplify the environment. Not only does this reduce complexity and cost, but it also lowers risk and drives increased consistency and more positive user experiences across platforms, ultimately leading to improved productivity.

Integration of cybersecurity and risk management: Integrating cybersecurity and risk management is crucial for effective cybersecurity operations. This involves aligning cybersecurity strategies with overall risk management objectives to ensure that security measures are implemented in a risk-based manner.

 Leveraging cybersecurity as-a-service: Using cybersecurity as-a-service (CaaS) more frequently can enhance security operations. CaaS allows organizations to leverage external expertise and resources to strengthen their cybersecurity posture. It provides access to specialized tools, technologies, and expertise without requiring extensive in-house infrastructure and resources.

Relying on automation: Automation plays a vital role in cybersecurity operations. It helps streamline processes, reduce manual effort, and improve efficiency. By automating repetitive tasks, security teams can focus on more complex and critical activities, such as threat analysis and incident response. Automation also enables faster detection and response to cyber threats, reducing the risk of damage to mission-critical operations.

Visibility and contextualization: Achieving a holistic view of the network architecture is essential. CISOs should prioritize implementing solutions that deliver a clear picture of the working environment to ensure it is secure and reliable. This is especially important for hybrid working environments where new applications and users can be added from anywhere while also introducing risk and exposing potential vulnerabilities in the system. CISOs should implement monitoring solutions to proactively monitor environments and achieve end-to-end performance for the best results.

Address risk management: Cyber risk management is essential for businesses to improve the operational impact of risks. Organizations can gain efficiencies, mitigate consequences, and avoid revenue loss, significantly improving their bottom line.

Quantify cyber risks: Start by determining the likely financial impact of different threats. This allows you to allocate finite resources to address the most significant risks. Understanding the potential economic consequences will enable you to prioritize your efforts and investments accordingly.

Take a risk-based approach: Cybersecurity risk management involves identifying, analyzing, prioritizing, and mitigating potential risks to your organization’s security. Adopting a risk-based approach helps you understand your cyber risks and reduce their potential impact.

This iterative process enables you to make strategic decisions based on the effectiveness of risk reduction.

Align cyber risk management with business needs: It is crucial to align your cyber risk management strategy with your business needs. This ensures that your efforts are focused on the long-term effectiveness of your strategic decisions. This alignment can be achieved by connecting cyber risk management to board members, reducing operating losses, and minimizing reputational damage.

Develop a cybersecurity risk management strategy: Creating a cybersecurity risk management strategy provides a roadmap for your mitigation activities. When developing this strategy, consider asking questions such as: What are the risks? What are the potential consequences? What is the likelihood and impact of each risk? This strategic approach helps you proactively address cyber threats and protect your organization. This strategy can help reduce fraud, protect the bottom line, create new revenue opportunities, and improve productivity. By following these insights and implementing effective cyber risk management practices, businesses can safeguard their operations, enhance financial performance, and mitigate the potential impact of cyber threats.

If you need help with your risk management strategy, AT&T Cybersecurity has a wide range of services to help.

The post Future forward cyber appeared first on Cybersecurity Insiders.

The Securities and Exchange Commission (SEC) has introduced a new rule for public companies that requires them to be more transparent about cybersecurity incidents. The new rule requires companies to disclose any material cybersecurity incidents within four business days of that determination. The disclosure should describe the material aspects of the incident, including the nature of the incident, the impact on the company, and the company’s response.

The SEC’s proposed rules include written cybersecurity policies and procedures, IT risk assessments, user security, and access controls, threat and vulnerability management, incident response and recovery plans, board oversight, recordkeeping, and cybersecurity incident reporting and disclosures.

To help CISOs incorporate this requirement seamlessly into their existing incident response plan, here are some actionable tips:

Revisit your incident response plan: An incident response plan is a structured approach that outlines the steps you’ll take during a security breach or other unexpected event. Your business may be unprepared for a security incident without a response plan. An effective plan helps you identify and contain threats quickly, protect sensitive information, minimize downtime, and lessen the financial impact of an attack or other unexpected event.

Update the notification procedure and proactive planning for notification: Craft a well-defined notification procedure outlining the steps to comply with the SEC’s requirement. Assign roles and responsibilities for crafting, approving, and forwarding notifications to relevant parties. Develop communication templates with pre-approved content, leaving room for incident-specific details to be filled in during a crisis.

Material incident identification and impact: Define the criteria for determining materiality, including financial, reputational, and operational implications. This step is critical in meeting the tight four-day reporting deadline.

Data protection and disclosure balance: Develop protocols to protect confidential information during public disclosures and collaborate closely with legal counsel to ensure compliance with disclosure regulations.

Regular plan reviews and third-party assessments: Regularly update your incident response plan to stay abreast of evolving threats and compliance requirements. Engage external cybersecurity experts to conduct thorough assessments, identifying gaps and potential vulnerabilities that need immediate attention.

Conduct tabletop exercises: Organize tabletop exercises that simulate real-world cybersecurity incidents. Ensure these exercises involve the business aspect, focusing on decision-making, communications, and incident impact assessment. These drills will sharpen your team’s skills and enhance preparedness for the new 4-day deadline.

Foster a culture of cybersecurity awareness: Cultivate a company-wide culture that prioritizes cybersecurity awareness and incident reporting. Encourage employees to report potential threats promptly, empowering your team to respond swiftly to mitigate risks.

To determine your readiness posture, ask yourself the following questions:

Incident reporting and management questions

• What is your process for reporting cybersecurity incidents?
• How can you effectively determine the materiality of a breach or attack?
• Are your processes for determining materiality thoroughly documented?
• Have you determined the right level of information to disclose?
• Can you report within four days?
• How will you comply with the requirement to report related occurrences that qualify as “material”?

Incident management policies and procedures

• Are your organization’s policies and procedures, risk assessments, controls, and controls monitoring strong enough to disclose publicly?
• Are your policies and procedures aligned with the specifications in at least one recognized industry framework? Are they updated regularly? Does everyone in the organization know what they are and how they are responsible for following them? Are they well-enforced?

Governance and risk management

• Is your risk assessment robust, and is it applied throughout the organization, focusing on top risks to the business?
• How often do you do risk assessments? Are assessment results incorporated into your enterprise cyber strategy, risk management program, and capital allocations?
• Have you engaged a third party to assess your cybersecurity program?

Board and leadership awareness

• How does your organization monitor the effectiveness of its risk mitigation activities and controls? How mature are your capabilities, as evaluated against an industry framework?
• How are leadership and the board informed about the effectiveness of these controls?
• Are your C-level executives getting the information needed to oversee cybersecurity at the board level?

Conclusion

In conclusion, the new SEC rule for public companies and cybersecurity incidents requires companies to be more transparent about material cybersecurity incidents. To comply with this requirement, companies should revisit their incident response plan, update their notification procedure, conduct material incident identification and impact assessments, develop protocols for data protection and disclosure balance, conduct regular plan reviews and third-party assessments, conduct tabletop exercises, and foster a culture of cybersecurity awareness. By asking the right questions and taking the necessary steps, companies can ensure they are ready to comply with the SEC’s new cybersecurity incident disclosure rule.

The post The SEC demands more transparency about Cybersecurity incidents in public companies appeared first on Cybersecurity Insiders.