Category: Detect

As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.

Operational and security experts at these companies are well aware of the balancing act they must achieve under these conditions, according to a new industry breakout of the AT&T Cybersecurity Insights Report. Released this week, the AT&T Cybersecurity Insights Report: Focus on Energy and Utilities shows that technologists in these organizations are called upon by the business to roll out edge use cases such as remote-control operations, self-healing assets, and intelligent grid management. At the same time, they must ensure these deployments are done with cybersecurity as a central component, as the impact of attacks against this vertical's edge-connected assets could have drastic consequences for companies tasked with delivering the most vital resources for modern living.

Rapid rate of energy and utility innovation

One of the key areas examined by the AT&T Cybersecurity Insights Report is the rate of adoption of edge computing, the use cases in play, and their stage of maturity. This was tracked across six major sectors. This latest industry report dives into the trends for companies that provide services and resources such as electricity, oil and gas, water, and sewer. The study shows that some 77% of energy and utilities respondents worldwide are planning to implement, have partially implemented, or have fully implemented an edge use case. The study dug into nine industry-specific use cases and examined their stage of adoption across the energy and utilities sector.

Combining the mid-stage and mature stage adoption rates reveals that the use of edge computing in infrastructure leak detection has the highest combined adoption maturity (82%) among survey respondents. Some examples of how this looks in action includes using sensors to gauge the flow of water in a municipal water system and using the low latency of edge connections to monitor that data in real time for drops or spikes in pressure that could indicate the need for preventive maintenance or immediate servicing of equipment. This is of course a single example in a broad range of use cases currently under exploration in this sector.

Edge computing has opened up tremendous opportunities for energy and utilities companies to solve tough problems across the entire value chain, including the safe acquisition of energy supplies on the front end of the supply chain, the proper monitoring of consumption of energy and resources on the back end, and the efficient use of facilities and equipment to run the functions between the two phases. Some additional examples most commonly cited were:

  • Remote control operations
  • Geographic infrastructure exploration, discovery, and management
  • Connected field services
  • Intelligent grid management

Interestingly, in spite of many energy companies engaged in proof-of-concept and insulated projects, overall the sector's rate of mature adoption was the least prevalent compared to all other sectors, sitting at about 40%. Survey analysis indicates this isn't from a lack of interest, but instead a product of the justifiably cautious nature of this industry, which keeps safety and availability top of mind. The fact that this market segment had the highest level of adoption in mid-stage compared to other industries offers a clue that these companies are all-in on edge deployments but taking their time considering and accounting for the risks—including those on the cybersecurity front.

Compromise worries grow

The study shows that 79% of energy and utilities respondents believe there is a high or very high likelihood of a compromise in one of the use cases intended for production within the next three years. When respondents were asked about the impact that a successful compromise would have, energy and utilities industry respondents were the most concerned of all industry respondents. This is hardly shocking given the grave real-world, physical consequences that can stem from a loss of control or safety over operational technology (OT) assets that run the power plants and pipelines within this industry.

 Given the media attention surrounding very public ransomware attacks in this sector recently, it's no surprise that ransomware is one of the top cybersecurity concerns for technology leaders in this space. However, it is nevertheless not the number one cybersecurity concern for technology leaders in the energy and utilities space, sitting instead as number two behind the more pressing issue of potential sniffing attacks against radio access networks (RAN). Also tied for second alongside ransomware were attacks against 5G core networks, and attacks against user/endpoint devices.

energy and utilities

An interesting point to note about this industry is its heightened level of concern over physical attacks against technical components such as IoT devices. The industry rated this concern much higher than the average respondent. This is likely a function of the industry's growing reliance on remote sensors, devices, and endpoints in low-latency (and often far-flung) environments.

The unique cyber considerations in energy OT environs

Protecting the ability of an organization to safely provide reliable electricity, accurate bills, and safe pipelines will increasingly require cyber controls be applied to the external assets that deliver the benefits of edge computing use cases.  Fortunately, energy and utilities leaders are investing accordingly in cybersecurity controls around the edge.

The study shows that the energy and utilities sector has the second-highest commitment to major security investments baked into edge use cases compared to the others, lagging only slightly behind the US public sector. Approximately 65% of energy and utilities firms are allocating 11% or more of their edge funding directly for security.

One of the challenges in applying that funding is the so-called IT-OT security gap that face industrial sectors like this one. Energy and utilities firms can't rely on many classic cybersecurity controls like other industries, due to the limitations in technology and operational factors not found elsewhere. For example, many OT systems can't be patched in a timely fashion due to the operational risks posed by a failed update and the fact that many OT devices may run months or even years between scheduled maintenance windows. Operators in this sector have an extremely low tolerance security actions that potentially risk bringing down an entire oil refinery or wastewater treatment facility. This is why when the report examined the effectiveness rating of security controls in this industry, patching ranked dead last, as compared to a relatively high rating in all other industries.

Further, it may be challenging to collect and normalize data for monitoring purposes given the increase in data across merged IT/OT networks. OT networks cannot be monitored in the same way that IT networks are, due to unique protocols and also similar risk problems that the security 'cure' may be worse than the disease. For example, active scanning techniques can often disrupt or take down OT networks. This is likely why intrusion detection solutions were rated to have the highest total cost of ownership (TCO) within this particular sector.

As energy and utilities companies strive for the right balance of innovation and security at the edge, we recommend a careful approach that accounts for the fact that traditional endpoint-centric controls like patching can't always be the go-to solution. Proactive controls such as micro segmentation, passive vulnerability scans, and threat hunting should be considered for these more difficult use cases. These organizations should consider getting professional guidance from service providers on the front end to evaluate road maps for current and proposed use cases. The experts at these providers have already tread this ground and can best advise on the potential hazards that an organization may face along the way.

The post AT&T Cybersecurity Insights Report: Focus Energy and Utilities appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

It is easy to think of cybercrime as a phenomenon only impacting the digital space. However, as trends are showing, digital attacks have a very real and very physical impact. According to the FBI, there has been a surge in rental and real estate property scams conducted via digital means, whether that’s the insertion of rogue actors into the property purchase chain, or hijacking of legitimate websites to promote false, money scamming listings. With the real estate market in such a state of volatility, with house prices seemingly rising or falling in lurches from week to week, it’s an especially prosperous time for criminals. Protection is key.

Staying safe online

The most common real estate scams are focused on the scammer impersonating the role of the real estate agent. This can be done through exploiting improper security protections on the website itself or through the scammer inserting themselves into the process of purchasing through, for instance, SQL injection. Older styles of scams, such as selling homes by someone impersonating the homeowner, are becoming increasingly digitized too.

The key here is in cyber security and awareness from anyone involving themselves in the real estate business. Firstly, choose a realtor with a professional reputation, and ensure they have a distinct and established local profile. Google NAM data will help to further establish their legitimacy. Secondly, by using a high-quality browser – such as Edge, Firefox or Chrome – you’ll quickly be able to see just how well protected a website is. This is crucial; according to CISA, a huge number of websites simply do not have the requisite level of protection to be secure. Ensure anything you work with does.

Practicing enhanced due diligence

Every house sale or real estate exchange is subject to a significant level of due diligence. Both the seller and the buyer need to ensure they are meeting various levels of control; this prevents fraud, smooths the transfer of funds, and ensures that every party within the transaction has the peace of mind and financial information to be satisfied that they are getting what they’ve paid for; or that the buyer is legitimate. For this reason, with digital attacks in the offing, it’s important to be diligent. This can admittedly be difficult, due to the sense of expedience that’s currently being felt in the real estate world. Staying slow is key from a security perspective.

Understanding the risk

When it comes to the realty industry, there is, according to Deloitte, an overriding sense that real estate agents don’t need to worry about cybercrime. This is because they have, relatively speaking, lower volumes of customer protected data. Most cybercrime seeks to obtain data, given its inherent value; this is something that real estate businesses generally doesn’t have in great amounts.

However, even small attacks, where successful, can yield big returns for cyber criminals. The amount of money being exchanged in real estate, in addition to the sheer variety of payment types, means there are plenty of points at which a single attack can result in a big financial win. With long-term, concerted attacks, which aren’t unheard of, serious damage can be caused. Accordingly, the real estate firms themselves need to undertake sufficient protection.

Just like every other industry with significant levels of digitization, real estate is at risk of cybercrime. The attacks seek to create financial harm by deceiving either party. Staying safe is chiefly about education; all parties in the real estate chain; but technical knowhow has a part to play, too, chiefly on the part of realtors.

The post Amid real estate volatility, cybercriminals are profiting appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

The majority of today's web applications contain dangerous vulnerabilities. To analyze their security, one cannot do without a dynamic scanner. DAST (Dynamic Application Security Testing) tools allow you to detect and evaluate security problems quickly. Let me tell you what to look for when choosing such a tool.

According to various studies, 70% of vulnerabilities have to do with errors in the code. Using vulnerabilities in your web application code, hackers can distribute malware, launch cryptojacking attacks, employ phishing and redirect users to malicious sites, hack a phone remotely, or steal personal data using social engineering techniques. 

Yes, sure, it is impossible to create perfectly secure software, but it is quite possible to reduce the number of vulnerabilities and increase the level of product security. To do this, you can rely on DevSecOps – a process that links development and security and where software is checked and tested for vulnerabilities at every stage of its creation.

The DevSecOps process is very voluminous; it may include numerous information security tools. In this article, I want to talk about DAST and how to choose the right scanner for dynamic application analysis. Together we will figure out what tool characteristics and parameters you need to pay attention to and what product types are currently available on the market.

What is DAST, and how does it work?

Dynamic application security testing is one of the secure development practices where an automated analysis of a deployed and functioning application is carried out. The dynamic scanner checks all access points via HTTP, simulates external attacks using common vulnerabilities, and simulates various user actions. The tool determines which APIs the service has, sends verification requests, uses, where possible, incorrect data (quotes, delimiters, special characters, and more).

The dynamic scanner sends and analyzes a large number of requests. The analysis of the sent request and the received response, as well as their comparison with a regular request, allows you to find different security problems.

Most scanners have similar functions and modus operandi. Their main components are a crawler and an analyzer.

The crawler traverses every link on every page it can reach, examining the contents of files, pressing buttons, and going through a dictionary of possible page names. This process allows you to estimate the size of the attack surface and possible attack vectors taking into account the existing ways of interacting with the application.

The analyzer checks the application directly. It can work in passive or active mode. In the first case, the analyzer studies only information that the crawler sends to it. In the second, the analyzer sends requests with incorrect data to the points found by the crawler and to other places that are not currently present on the pages but can be used in the application. It then infers the presence of a vulnerability based on the server's responses.

What should you pay attention to when choosing a DAST tool?

  • Scan quality

This is the ratio of found and missed vulnerabilities. It is impossible to immediately understand how well the scanner analyzes. To do this, you should at least approximately understand ​​what vulnerabilities can be there and compare your estimates with the scan results. There are several ways to evaluate a tool:

  1. If you have an application and have already checked it for vulnerabilities through a bug bounty program or penetration testing, you can compare those results with the results of the scanner.
  2. If there is no application yet, you can use other pre-vulnerable software, which is created, as a rule, for training. You need to find an application that is close to your development environment in terms of the technology stack.

The number of false positives plays a decisive role when assessing the scan quality. Too many false positives clog the results. Besides, real errors can be missed. To determine how well the tool scans, you should analyze the report, parse the responses, and calculate the number and proportion of false positives.

  • Crawling

If there is no information about the application and you need to analyze it from scratch, it is important to understand how many paths and transitions you can collect, that is, how accurate the crawling will be. To do this, you can look at the DAST product settings. You need to find out if it can monitor requests from the front-end to the back-end, parse, for example, Swagger or WSDL applications, find links in HTML or JS. It is also worth studying the process of obtaining information about the application.

Before scanning, you can, for example, find out which APIs are used. This will help you understand what the tool needs to perform a full program scan. When choosing a scanner, it is helpful to make a list of what each tool can import and see if it can be built into the development process.

  • Scan speed

This parameter is also important, especially if checks are integrated into the development process. Scanning can slow down the process and, as a result, lead to a waste of time and money. Scan speed largely depends on how quickly the application responds to requests, how many simultaneous connections it can handle, and several other factors. Therefore, in order to compare the speed of different DAST tools, you need to run them with the same software under approximately the same conditions.

  • Advanced settings

Automatic analysis tools must have detailed settings. They will allow you to remove unnecessary requests and limit the scan area. This will increase the quality of the process and the speed of analysis. To set tasks for the tool appropriately, you must have all available options and settings.

There are “smart” scanners that adapt themselves to applications. But such tools still have to be manually configured since the goals of the checks are different. For example, sometimes you need to scan an application in several ways, starting with a full scan and ending with a superficial analysis; in this case, the manual mode will definitely come in handy.

When choosing a tool, you need to pay attention to the total number of possible parameters, as well as how easy it is to configure them. To compare the work of different tools, you can create several scan profiles in each of them: fast and shallow for initial analysis, full and maximum for a full-fledged one.

  • Integration

To make the dynamic analysis as effective as possible, it is worth integrating this practice into the development process and periodically running the scanner during the build. It is necessary to form a list of what is used in the CI/CD process in advance, draw up an approximate plan for launching the tool.

This will help you understand how easy it will be to integrate it into the development process and whether it is convenient to use its API.

  • Technology

Choosing a scanner, you should consider the technologies your company uses in development. To do this, you can analyze applications and create a list of technologies, languages ​​, and frameworks that are used. The list can get quite extensive, especially if the company is big. Therefore, it is appropriate to choose only a few critical parameters as criteria for evaluating scanners:

  1. The number of technologies and frameworks that the tool covers.
  2. The ability to support key technologies the company uses in its critical services.
  • Login sequence recording

Recording the login sequence is extremely important for dynamic scanners since authentication is required to enter the application. There are many pitfalls in this process, such as hashing the password before sending it or encrypting it with a shared key on the front-end, etc. Therefore, you must check in advance whether the tool will cope with all such nuances. To do this, you need to select as many different applications as possible and see if the scanner can go through the login stage in each of them.

It is also good to check how the tool behaves when logged out. The scanner sends a lot of requests during the analysis process. In response to some of them, the server can “throw the user out” of the system. The tool should notice this and re-enter the application.

  • Tool updates

Technology is constantly evolving, so when choosing a tool, it is vital to consider how often its updates or new versions of signatures/patterns or analysis rules are released. It is worth studying this information on the product website or requesting it from the vendor. This will show whether the developer is following trends and how up-to-date your database of checks will be.

It is desirable to find out if you can influence the development of the product and how the developer handles requests for new features. This will show how quickly the functionality you need will appear in the product and how communication with the vendor is arranged as part of the options update.

Which tool to choose?

There are plenty of tools on the market offered by such companies as Netsparker, Acunetix, Nessus, Rapid7, AppScan, and others. Let me briefly describe two instruments that I use.

  • BurpSuite Enterprise

This tool was developed by PortSwigger. The product has a full-fledged REST API for interacting and managing scans, sending reports, and much more. The scanning agent is the classic BurpSuite. It is launched in “headless mode” but has limitations. For example, you can interact with it only through control commands from the head portal, and you will not be able to load your plugins. Generally, if the tool is configured correctly, it can provide excellent results.

  • OWASP ZAP (Zed Attack Proxy)

This popular tool was created by the OWASP community, so it is completely free. It has different SDKs and APIs for different programming languages. You can use OWASP options or your own plugins.

The product has extensions for various CI/CD tools. It can be run in different modes and controlled programmatically. You can easily insert the tool into your development process. At the same time, the scanner has its drawbacks. Since it is an open-source solution, the quality of scans is lower than that of enterprise solutions. Also, the tool's functionality is not very extensive and deep, but it can be extended and improved.

Conclusion

When choosing a dynamic analyzer, you can use the criteria noted above in this article, but they must be applied correctly. Each company is unique and has its own nuances and features – all this must be taken into account in conjunction with all the selection criteria. It is also good to define your needs in advance and understand what results you want to receive from the tool. Not to make a mistake, it is advised to conduct full-fledged testing of various options, compare them with each other and choose the best solution.

The post Choosing a DAST solution: What to pay attention to? appeared first on Cybersecurity Insiders.

The cybersecurity industry has seen a lot of recent trends. For example, the proliferation of multifactor authentication (MFA) to fight against credential harvesting is a common thread. Threat actors have been creating legitimate-looking phishing campaigns, which have been a big driver for this trend. Although some of the tools for MFA can be complex, proper authentication/authorization is an absolute fundamental that every enterprise should embrace.

Where should we start with fundamentals?

People, Process & Technology

Let’s have a little more strategic look at this, though. To provide a holistic approach to security, a higher-level perspective is necessary. Your Process must be sound. Yes, that means policy-level guidance. Yes, that means that standards need to be in place. Finally, it means that procedures to provide more detailed guidance must be available for employees.

Again, perspective is essential. Nobody wants to work on the process first. Indeed, I was guilty of having a negative view of process early in my career. Let’s take the first example and reveal how the process might assist. An enterprise policy statement might provide simple guidance that access to all company resources requires management approval (as a policy).

How does an enterprise define who needs access to specific resources? Glad you asked. Standards can be used to and determine data classification and controls for accessing and protecting the various categories of data. An access control standard would also be appropriate to complement the data categories. So far, we have policy-level guidance, data classification, and access control standards which guide the controls necessary to control access to company resources.

Where does the requirement for MFA live? That is a good question; my thoughts are likely in the standards area. However, requiring MFA could be a policy, standard, or process/procedure level requirement. The next reasonable question is: where do the requirements for implementing an MFA belong? In an authentic consultant manner, I would say: It depends. Take that with the lighthearted intention I meant it with. Implementing MFA may be a process/procedure used by IT. Why did I say, “maybe?”

The reality is that there may be automation that handles this. It is possible that HR defines each employee’s role, and based on that, an HR system provides that through API to the systems used to provide authentication/authorization. Doesn’t that sound pleasantly streamlined?

More likely, things are not that automated. If they are, then kudos to your enterprise. There are likely multiple processes and procedures required before even setting this up, but I think most of the folks reading this will understand where I’m trying to go with this.

HR will have processes and procedures around defining roles and requesting implementation. IT will have processes and procedures focused on implementing the solution. The information security team will have processes and procedures for monitoring authentication/authorization mechanisms. This is just to state that Process is as important as the tool or technology chosen to meet the need. None of these documents state which tool or Technology to use. That is the point. If you have policy guidance and standards that define the need and processes to guide implementing MFA, then the Technology should be interchangeable. So, the first fundamental which should be a foundation is sound process.

I spoke about various teams here (IT and HR). That is another fundamental: People. People need to understand the requirements. People need to understand their role, and people need to be part of the solution.

Finally, the last high-level fundamental is Technology. But I said Technology could be interchanged. Yes, in many cases it can but it is one of the three primary fundamentals required to manage and secure an enterprise. Are their differences in the technical solutions used for MFA? Certainly, there are and what Technology is used very much depends on your environment and the resources that will be accessed using MFA.

OK, Cybersecurity 101 so far: People, Process & Technology. The title uses fundamentals in battling complex cybersecurity threats. Right you are! The introduction shows that People, Process and Technology are critical to managing and securing your environment (Technology and facilities). Now let’s look at another group of 3 fundamentals: Prepare, Respond & Recover.

3 more fundamentals: Prepare, Respond & Recover

Prepare – How do you prepare for cyber threats? Based on the intro, it would be evident that having the correct people, process and technologies in place would be good preparation. Gold star for you if you were already thinking that. Let’s take a closer look.

Ransomware as an example

How do you prepare for Ransomware? Let me answer that question with several other questions: Do you have an incident response plan (Process [Policy])? Do you have a playbook (Process [procedure]) that provides your IT or Security group guidance for identifying, containing, eradicating, responding, and recovering from a ransomware attack?

Do you have an endpoint detection and response (EDR) solution (Technology) that can help prevent or minimize the spread of malware? Do you have a standard for collecting inventory and vulnerability information on your network resources or a tool like a vulnerability scanning platform to collect that information? Does the standard guide the prioritization of remediation of those vulnerabilities?

Do you have a security information and event management (SIEM) solution that ingests this type of information and assists with identifying possible indicators of compromise? Do you have the People necessary to remediate the problems? So many questions. Preparing for complex attacks can be hard.

But aren’t we still talking about fundamentals? Yes, Preparing includes understanding the environment which means the inventory of assets and vulnerabilities. Preparing includes good cyber hygiene and remediation of problems when they are found. Training is an essential aspect of preparation. Support people need the correct knowledge and skills. End users must understand the importance of reporting anomalies and to whom to report them.

Respond – What happens when you have prepared, and Ransomware still impacts you? It is time to respond. Proper response requires an even more detailed understanding of the issue. It requires research using tools like a SIEM and containing the problem by isolating with EDR tools or network controls. The response includes communicating to leadership that a problem exists. Response may require that you inform employees on proper guidance for sharing information. Response can also mean that you reach out to a partner or third-party expert to assist with investigating the problem.

Depending on the severity of the issue, response may include your leadership notifying customers that there is an issue. How well we prepare can greatly impact how well we respond. Ransomware is often complex and frequently an attack by a sophisticated threat actor. Even if an organization doesn’t have the qualified People part of the three fundamentals, they can still successfully respond to these attacks by having the right Technology in place and processes that include engaging partners with the right skills.

Recover – What does recovery look like? First, let me ask: Do you have any disaster recovery (DR) or business continuity plan (BCP)? Have you tested it? Ransomware is a type of cyber incident and certainly a type of disaster. Does that mean you can use disaster recovery procedures to recover from a ransomware attack?

The procedures may be different, but your DR processes can be leveraged to recover from a ransomware attack. Of course, the exact processes may be a little different. Still, fundamentals like recovering systems from backup and using alternative processes for system outages may be necessary during a ransomware attack. Just like with any type of disaster, recovery should be the highest priority. How do you know if you can successfully recover from any type of disaster?

Closing / recommendations

It would be easy to write a book on this stuff, and I’m sure others have done exactly that. I have talked about fundamentals like People, Process and Technology as well as Preparing, Responding and Recovering. The question you may have is: what is the short list of things we need to ensure we have or are doing?

  1. Have a plan! (Prepare) – Have a formal DR Plan. Have a formal Incident Response Plan. Have supporting processes like playbooks that provide specific guidance to maintain calm rather than letting chaos rule.
  2. Test the plan! (Prepare) – Practice like you are under attack. Perform a tabletop exercise. Engage a partner to conduct a Red Team exercise. You want to test the Processes, People, and Technology to make sure they are all sound.
  3. Build or buy! Have processes, technologies, and people needed to respond! (Respond) – If you don’t have the expertise in-house, find a trusted firm that can step in and assist. Implement tools (SIEM, EDR & scanning) or outsource if necessary.
  4. Recover – Just having backups isn’t good enough anymore. Data needs to be backed up to prevent altering (immutable). Make sure that all of the identified problem areas have been remediated. The last thing an organization wants is to restore operations only to find that the problem is still resident. Use a scanning tool to verify that common vulnerabilities are fixed.

These are all basic fundamentals. Every organization needs to evaluate their environment to see where the gaps are. Using a framework like NIST, CIS or other industry standards to assess your environment is a great place to start. These assessments can reveal gaps in People, Process or Technology. Once you have the gaps identified, create a plan to address those areas.

The post Prepare, respond & recover: Battling complex Cybersecurity threats with fundamentals appeared first on Cybersecurity Insiders.

Wayne Bridgeman II, a Senior Manager on AT&T’s Network Cybersecurity team, offers a 5-point checklist for businesses in 2022 alongside tidbits of often overlooked tactics that can strengthen security.

Wayne Bridgeman II is no stranger to the fighting ring. He fought professionally in the martial arts community for 5 years and has since transitioned to helping businesses combat the growing risk of cybercrime. Although the specifics differ, Wayne approaches his fights with the same strategic mindset. In both the ring and in cyberspace, success begins with knowing your own vulnerabilities. For the past 10 years, Wayne specialized in Network Technology and Cybersecurity, where he identified the needs of businesses and customized solutions to secure their networks. When asked about common misconceptions regarding cybersecurity, Wayne identified one pitfall many small business owners fall into: underestimating their potential to be victims. 

“Put yourself in the shoes of a criminal and pretend you’re breaking into a car with a limited amount of time. Which is more appealing: the expensive car with the newest locks, or the late model car with rolled-down windows and a purse in the seat? Criminals often choose the option with less deterrence,” Wayne said, “One of the biggest traps small businesses fall into is thinking that they aren’t as appealing to cybercriminals because they’re smaller and have less to offer. Cybercriminals are opportunists with a keyboard, looking for low-hanging fruit. It’s not necessarily what the businesses have that’s appealing, but what they have exposed. By not keeping up to date on security and practicing ‘cyber hygiene’, businesses are making themselves easy targets.”

Wayne offered a few immediately applicable tasks for businesses of any size to get started, “Ultimately, the goal is to take your business from being an easy target to a hard target. But you don’t have to throw a bunch of money to form the basics. First, practice password hygiene. Update regularly and enable a multifactor authentication. Second, utilize the principle of least privilege. Only give people access to things that they absolutely need to perform their job. Third, regularly backup data onto your network so that in the event of an outage, you are secure. All of these are steps you can take now to make yourself a harder target.”

While these steps will give business owners a head start, proper cyber hygiene may require an even deeper cleaning. Wayne continued, “Nowadays, there are many cybersecurity options out there. But not all dollars you invest in cybersecurity are created equal. There are strategies that will mitigate risk more than others, and you can waste funds by investing in the wrong places. It’s important to ask the right questions first.”

According to Wayne, here are five of the most critical questions business owners can ask themselves in 2022:

1. Are the people trained?

Oftentimes, people are the number one targets for hackers, “Human beings are inherently fallible. Finding ways to masquerade and attack through an email or phone call is the primary vehicle a hacker will utilize because it is scarily effective,” Wayne said. Hackers need an entry point into a network, and far too often it’s the untrained workers who accidentally give them the keys. “We must educate our employees and help them be aware that these things are coming to them. You can do this by investing in security awareness training. When employees are aware of potential attack strategies, it’ll be a lot harder for hackers to get in.”

2. Are the endpoints secure?

Endpoints are the physical devices that connect to networks, and the first step to securing them is to protect the entry points. “Every home has a door, and every network has a front door as well. We know them as firewalls. Firewalls allow us to securely detect threats that attempt to come into the network and lock them at that edge.” Wayne continued, “Firewalls have evolved over the years, and nowadays it’s best to utilize multiple layers of protection. One type of layer to consider is web traffic filtering. These filters protect employees that use the internet and defend them from accidentally getting phished on bad websites. You can also consider adding layers that inspect encrypted traffic. Most traffic on the internet today is encrypted and hackers use that to bypass traditional firewalls, get into the network, and cause damage.”

As technology evolves, Firewalls need to stay up to date, and this takes time and expertise. One solution is to utilize managed firewalls that can automatically detect and respond to activity on endpoints.

3. Have we addressed the vulnerabilities?

“All networks have vulnerabilities,” Wayne said. “The question is how critical these vulnerabilities are and if the business has taken action to mitigate them or put in controls to prevent them from being used in an attack.” The two-part step to assess vulnerabilities is as follows:

  1. Know what’s on your network (known as asset identification) and know what you must protect.
  2. Know what vulnerabilities are present on those assets.

“This is a process known as vulnerability management, and businesses would be best served to practice it in a quarterly (or more) rhythm. They must understand what’s on their network, the vulnerabilities that exist, and how to patch them up. This helps minimize opportunities for hackers to exploit vulnerabilities on the network.”

4. Have we factored in edge security?

As hybrid workforces become the standard for many businesses, employees are increasingly working outside of the network. Wayne talked about the dangers this can pose. “While it can be nice to work from a coffee shop or from home, mobile employees don’t get the benefit from being behind a firewall. Mobile employees need to be protected, and the firewall needs to ‘follow’ them somehow. Layering firewalls with solutions such as secure web gateways that protect users while they’re outside of the network is one solution. This is where layering endpoint security can really come into play.” 

5. What is our incident response plan?

“When it comes to cyberattacks, it’s no longer a matter of ‘if’ but ‘when’. It may sound cliché, but it’s a reality today,” Wayne warned. “The difference between recovery and failure in the event of an attack is having a plan. Businesses of all sizes must have an incident response plan that should be tested from time to time. Preparation may include partnering with a third party or instant response services if they don’t have the resources themselves so that experts can engage on their behalf in the event of a critical business-impacting cyber-attack.”

“Oftentimes, small businesses take the hardest hit. Small businesses that get attacked often go out of business because they haven’t built a plan of how they’ll respond to those events. Having a written incident response plan where owners of the business know who does what in the event of an attack, paired with access to third party experts, can be critical for recovery. Your ability to respond to an attack will be dictated by how well you plan to respond.”

When asked about the trending shift from Copper to Fiber and Fiber’s effect on security, Wayne offered some insight. “Cybersecurity is often measured by the acronym CIA: Confidentiality, Integrity, and Availability. The Fiber network moves at the speed of light and has higher availability, meaning that its uptime is better. When you can’t get to your data, your network is less secure. By having a Fiber connection with higher availability, you’re hitting one part of the triad. Notice the contrast with Copper, that has lower availability due to issues with degradation and the frequent need for repair. But note that copper and fiber are just the physical layers of connectivity and what you layer with your network is just as crucial.”

Ultimately, knowing the state of your network and preparing adequately is the key to protection. When it comes to successful defense, Wayne found many parallels between martial arts and cybersecurity. “In the event of an attack, I’ve learned in both the martial arts community and cybersecurity world that people revert to their training. In martial arts, we say that ‘everyone thinks they have a plan until they get punched in the face’ and it’s just as true when protecting your network. The key is to train and prepare well before the attack occurs.”

The post Attention business owners: Top 5 Cybersecurity questions to ask in 2022 appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

The average cost of a data breach will continue to rise, which means companies need to start planning accordingly. To protect your business, you need to invest in cybersecurity. Here are 11 areas you should focus on.

Cyber insurance

Cyber insurance is designed to protect businesses from the financial repercussions of a cyber-attack. It can cover costs such as business interruption, data recovery, legal expenses, and reputational damage. It is increasingly common across industries and at companies of all sizes, even small businesses, which have become a growing target of cybercriminals.

Cyber insurance has also become a new compliance requirement in many industries, including healthcare, finance, and retail. In the event of a data breach, companies are often required to notify their customers and partners, which can be costly. Cyber insurance can help cover these expenses.

Employee training

Employees are often the weakest link in a company's cybersecurity defenses. They may not be aware of the latest cyber threats or how to protect themselves from them. That's why it's important to provide employees with regular training on cybersecurity risks and best practices.

There are many different types of employee training programs available, ranging from in-person seminars to online courses. Some companies even offer financial incentives for employees who complete training programs.

In the remote work era, employee education also increasingly means arming remote workers with knowledge that will keep company data safe while they are working on networks that might not be well secured. This is especially the case if you know people are connecting via public networks at cafes, co-working spaces, and airports.

Endpoint security

Endpoints are the devices that connect to a network, such as laptops, smartphones, and tablets. They are also a common entry point for cyber-attacks. That's why it's important to invest in endpoint security, which includes solutions such as antivirus software, firewalls, and encryption.

You can invest in endpoint security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any endpoint security solution before deploying it in your environment.

Identity and access management

Identity and access management (IAM) is a process for managing user identities and permissions. It can be used to control who has access to what data and resources, and how they can use them. IAM solutions often include features such as Single Sign-On (SSO), which allows users to access multiple applications with one set of credentials, and two-factor authentication (2FA), which adds an extra layer of security.

IAM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems.

Intrusion detection and prevention

Intrusion detection and prevention systems (IDPS) are designed to detect and prevent cyber-attacks. They work by monitoring network traffic for suspicious activity and blocking or flagging it as needed. IDPS solutions can be deployed on-premises or in the cloud.

There are many different types of IDPS solutions available, ranging from simple network-based solutions to more sophisticated host-based ones. Make sure you choose a solution that is right for your environment and needs.

Security information and event management

Security information and event management (SIEM) solutions are designed to collect and analyze data from a variety of security sources, such as firewalls, intrusion detection systems and web filters. This data is then used to generate reports that can help identify security risks and trends.

SIEM solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as incident response and vulnerability management. Think of SIEM as a centralized platform that allows you to see all the different security events happening across your environment in one place.

Email security

Email is a common target for cyber-attacks, as it is often used to deliver malware or phishing messages. That's why it's important to invest in email security, which includes solutions such as spam filters and email encryption.

You can invest in email security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available.

Vulnerability management

Vulnerability management is the process of identifying, assessing, and mitigating vulnerabilities in systems and networks. It includes both automated and manual processes, such as scanning for vulnerabilities and patching them.

There are many different types of vulnerability management solutions available, from simple scanners to more comprehensive suites. Make sure you choose a solution that is right for your environment and needs.

Web security

Web security refers to the process of securing websites and web applications from cyber-attacks. It includes both server-side and client-side security measures, such as firewalls, intrusion detection systems and web filters.

You can invest in web security by purchasing it from a vendor or by implementing it yourself. There are also many free and open-source solutions available. Make sure you test any web security solution before deploying it in your environment.

Data loss prevention

Data loss prevention (DLP) is a process for preventing sensitive data from being leaked or lost. It includes both technical and organizational measures, such as data encryption and access control.

DLP solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems.

Business continuity and disaster recovery

Business continuity and disaster recovery (BC/DR) are processes for ensuring that businesses can continue to operate in the event of an outage or disaster. BC/DR solutions often include features such as data backup and replication, which can help minimize downtime and data loss.

BC/DR solutions can be deployed on-premises or in the cloud. They can also be integrated with other security solutions, such as firewalls and intrusion detection systems. Don't forget to test your BC/DR solution regularly to make sure it is working as expected.

Conclusion

These are just a few of the many cybersecurity investments you can make right now. By implementing even just a few of these solutions, you can help improve your organization's overall security posture and reduce the risk of cyber-attacks.

The post 11 Cybersecurity investments you can make right now appeared first on Cybersecurity Insiders.

Multiple reports in the media, including in Bloomberg US Edition, allege that Russian-associated cybercrime group Killnet is responsible for a series of distributed-denial-of-service (DDoS) attacks during the week of October 6 that took several state government and other websites offline. While most of the websites were restored within 48 hours, these volumetric attacks can leave even the most secure sites paralyzed and susceptible to further damage.

AT&T Alien Labs, the threat intelligence arm of AT&T Cybersecurity, suggests politically motivated cyber strikes such as the ones that hit web sites in October are nothing new. Killnet has a long history of successfully attacking both public and private organizations and businesses.

Research Killnet on the Alien Labs Open Threat Exchange (OTX),
among the largest open threat intelligence sharing communities in the world.
OTX pulse on Killnet

Figure 1: OTX pulse on Killnet.

“We have been following Killnet for years and have seen a marked increased activity in the last few weeks. Their attacks, however, appear to be opportunistic DDoS campaigns aimed at attracting media coverage,” says Research Director Santiago Cortes Diaz. “Their efforts seem to be coordinated with the Russian government as part of their FUD (fear, uncertainty and doubt) campaign around the geopolitical conflict.”

Aside from a temporary takedown that can disrupt operations, there is also a reputational cost to DDoS attacks. Moves against government websites potentially aim to destroy faith among voters that U.S. elections are a secure and insulated process. And, though the election process is mostly separated from the Internet, consecutive attacks of this nature could also negatively impact confidence in the United States’ digital defenses.

DDoS attacks, though typically short-lived, succeed in getting the public’s attention by causing a digital flood of information on websites with an otherwise regular flow of traffic. A botnet, a group of machines infected with malware and controlled as a malicious group, generates bogus requests and junk directed at the target while hiding within a site’s usual traffic patterns.  DDoS attacks are not to be underestimated. They will likely continue to proliferate as hackers acquire access to more botnets and resources allowing them to commit larger attacks — and the resources will come with the next era of computing.

As organizations continue to deploy edge applications and take advantage of 5G, the threat of DDoS attacks is potentially compounded. To this point, in a survey of 1,500 global respondents for the AT&T Cybersecurity Insights Report: 5G and the Journey to the Edge, 83% believe attacks on web-based applications will present a big security challenge.  

Why? Because along with the improvements in speed, capacity, and latency of 5G and edge computing, there is also going to be an explosion in connected devices. For example, in the same Insights Report, the top three use cases expected to be in production within three years for edge computing include: industrial IoT or OT, enterprise IoT, and industry-oriented consumer IoT functions — all of which are driven by applications that can be connected to the internet.  This increase in devices and network quality as well as explosion in applications serve as fertile ground for targeted attacks from bad actors.

Though these recent attacks appear to have political motivation, businesses should be considering pro-active DDoS protection if they do not already have it in place. The relatively cheap and frequent nature of DDoS attacks are what make them very dangerous and costly to business continuity.

To learn more about AT&T’s DDoS service solutions, click here.

The post Do the recent DDoS attacks signal future web application risks? appeared first on Cybersecurity Insiders.

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

 

Retirement plans are an easily overlooked but often critical cybersecurity concern. Employee stock ownership plans (ESOPs), while less common than others, may face particular risks.

ESOPs can provide a valuable way to foster employee engagement and reward loyal workers, but businesses must consider their cybersecurity risks. Without proper security, these plans and those who depend on them may be in danger.

ESOP security risks

Employee Retirement Income Security Act (ERISA)-regulated plans covered an estimated $9.3 trillion as of 2018. Individual ones can hold millions of dollars, making them tempting targets for cybercriminals.

ESOPs pose unique risks, as participating employees have an ownership stake in the company. Consequently, cyberattacks that damage the business’s reputation will affect ESOP participants. Lower stock values will reduce workers’ payouts when they retire.

This ownership stake means an attack doesn’t have to target the retirement plan directly to impact its participants. Any cybersecurity incident against the business poses a significant risk, and ESOP security means safeguarding the entire company’s attack surface.

How to minimize ESOP security concerns

ESOP cybersecurity concerns are significant, but you can take several steps to address them. Here’s how you can mitigate these security risks.

Assess company-specific risks

The first step in ESOP cybersecurity is to assess your specific risk landscape. Every organization and plan within one has unique considerations determining the most effective mitigation measures, so these assessments are a crucial starting point.

Every risk contains two key components: an event that could happen and the consequences if it does. Teams must compile a formal list of threats facing their ESOP plans, ensuring to cover both these categories. This will reveal the most important vulnerabilities to address, helping guide further security steps.

Verify vendors

Like many retirement plans, ESOPs typically rely on third-party vendors to manage funds. Consequently, breaches in these partners could impact the business itself. About 51% of all organizations have experienced a data breach from a third party, so verifying their security before going into business with them is crucial.

Ask for third-party audits and similar proofs of security to ensure any vendors meet strict cybersecurity standards. Contracts should include detailed pictures of their security responsibilities and consequences for noncompliance. Ensuring all vendors have sufficient cybersecurity insurance is also a good idea.

Minimize access

You should minimize access privileges across the organization and its partners even after verification. Well-meaning employees can still make critical errors, but if each account can only use a few resources, a breach in one won’t jeopardize the entire system.

Operate by the principle of least privilege: Every user, program and endpoint should only be able to access what it needs to work correctly. That applies to third parties as well as company insiders. This will minimize lateral movement risks, helping keep ESOPs safe from attacks elsewhere in the organization.

Create a culture of Cybersecurity

ESOP participants slowly gain increasing ownership stakes in the company, so their cybersecurity responsibilities should follow. Employees should understand how their actions impact the wider organization’s security and use best practices out of habit.

You can foster a cybersecurity culture by offering regular training, tying security goals to their impact on employees’ personal lives, and encouraging feedback and questions. When cybersecurity comes as second nature, the company will become inherently more secure, protecting ESOPs.

Develop a business continuity plan

It’s important to realize that no defenses are 100% effective. There were at least 1,862 data breaches in 2021 alone, and that figure has consistently risen over the years. Given this trend, it’s too risky to assume you’ll never suffer a successful attack, so business continuity plans are critical.

These plans should cover encrypted backups of all sensitive data, emergency communications protocols and steps to contain a breach. Ideally, they should also include cybersecurity insurance to cover any losses. These backup plans and resources will ensure ESOP participants can still protect their resources when a breach occurs.

ESOPs need strong Cybersecurity

Attacks on ESOPs and the organizations sponsoring them can cause substantial damage. In light of that risk, any company offering such a plan should also implement strong cybersecurity measures.

These steps will help any ESOP organization minimize its risk landscape. They can then ensure that cybersecurity incidents won’t jeopardize plan participants’ hard-earned retirement income.

The post Minimizing security concerns of ESOPs appeared first on Cybersecurity Insiders.

As we head into 2023, we look back at the last year and the focus will continue to be on reducing risk exposure and resilience. Organizations are strengthening their ransomware defense, security, and privacy approach to product development, cyberattack response, supply chain risk management and operational technology (OT) security and based on working with customers across industry sectors, here is a compilation of some trends we predict for 2023.

1. Critical Infrastructure and Public Sector will continue to become attractive targets.

As cyberattacks become more sophisticated, building collaborative communities between the public and private sectors will be crucial to synchronize operations and take preventative measures as a unified front to critical infrastructure threats. The public sector has become a favored target for cybercriminals. Armed with automated botnets, hackers rummage through computer systems to locate “soft targets.” In recent years, US state and local government agencies have fallen prey to cyber-attacks.

Legacy security is proving ineffective against the growing legion of diverse, sophisticated, and confrontational cyber threats. Public agencies collect and store sensitive data. Like the private sector, government institutions have gone digital. The addition of cloud, mobile, and SaaS have expanded an organization's attack surface, and it further illuminates that your cyber security is only as strong as your weakest point.

2. OT attack patterns will become more prevalent.

IT and OT teams must find common ground to eliminate the substantial risk factors of planned and accidental IT/OT convergence. But the mission does not end there. OT security solutions that work in conjunction with IT security solutions can be the catalyst that not only provides the visibility, security, and control needed to thwart new cyber threats but also brings these once separate teams together for the common security of every manufacturing, critical infrastructure and industrial organization will need to fulfill its core mission efficiently and securely.

The rising demand for improved connectivity of systems, faster maintenance of equipment, and better insights into the utilization of resources has given rise to internet-enabled OT systems, which include industrial control systems (ICS) and others such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCSs), remote terminal units (RTUs), and programmable logic controllers (PLCs).  With everything becoming internet-facing and cloud-managed, the manufacturing and critical infrastructure sector (i.e., healthcare, pharma, chemicals, power generation, oil production, transportation, defense, mining, food, and agriculture) are becoming exposed to threats that may be more profound than data breaches. In the coming years, OT attacks will become more prevalent and be used in cyber warfare.

3. Privacy will start getting more attention within the US.

We are going to see more states pass laws with a focus on privacy. Data privacy laws in the United States have been primarily sector-based, with different data privacy laws applying to other sectors of the economy. For example, HIPAA for health care, FERPA for education, GLBA for finance, etc. While this approach has allowed laws to be tailored to specific contexts, it has also resulted in many businesses being exempt from meaningful data privacy regulation.

Recognizing these gaps, these state consumer data privacy laws will seek to establish a comprehensive framework for controlling and processing personal data by many businesses currently exempt from other regulatory schemes. While the state laws vary somewhat, they share a few common principles around establishing standards and responsibilities regarding a business's collection of personal data from consumers; granting consumers certain individual rights concerning their data, such as the rights to access, correct, delete, and obtain a copy of the personal data a business holds about them; and establishing an enforcement mechanism allows state governments to hold businesses accountable for law violations.

4. Culture of resilience and safety versus compliance and prevention of breaches.

Resilience means more than bouncing back from a fall at a moment of significantly increased threats. When addressing resilience, it's vital to focus on long-term goals instead of short-term benefits. Resilience in the cybersecurity context should resist, absorb, recover, and adapt to business disruptions. Cyber resiliency can't be accomplished overnight. For the longest time, the conversation around getting the cybersecurity message across at the board level has revolved around the business language.

Businesses cannot afford to treat cybersecurity as anything but a systemic issue. While the board tends to strategize about managing business risks, cybersecurity professionals tend to concentrate their efforts at the technical, organizational, and operational levels. According to the World Economic Forum, 95% of cybersecurity breaches are caused by human error.

Unfortunately, many businesses still mistakenly believe that cyber-resilience means investing in bleeding-edge technologies while paying scant heed to the human factor. Fixing human vulnerabilities start with culture. Business leaders must reassure staff that it's okay to develop questioning attitudes and challenge high-risk requests, such as emailing sensitive information or processing payments.

5. Strengthening of fundamentals- Vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR).

As digital transformation initiatives accelerate, CSOs require a deep and accurate understanding of their organization's cyber risk. Understanding the details of your risk, what should be prioritized, and how it can be effectively reduced is the best foundation for building a holistic plan for managing threats across the organization—priorities for cyber resilience now and into 2023.

This will be the year for MXDR with a unified platform that automates incident investigation such as enrichment, analysis, classification, and response rather than relying on an overworked security Organizations will look for MXDR to include 24/7 monitoring, critical alerting, root cause analysis and around-the-clock “eyes on glass” support. 

6. Growth of cybersecurity as a service – Security at scale and not a roadblock!

With budgets tightening across the board and competition for a limited pool of IT and security talent growing fiercer, cyber as a service provider will continue to become an optimal solution for many companies. Internal security teams can concentrate on their core missions because they can count on their partners to focus on specific vectors. Cyber Security as a Service (CSaaS) allows the services utilized to change over time and be periodically realigned to ensure the customer's business needs are met.

7. CISO –role change and mindset of the future, the impact of burnout and blame game.

The future is here and now, with digital transformation driving organizations rapidly. Today the role of a Chief Information Security Officer (CISO) within organizations has become transformational. The CISO leads cross-functional teams to match the speed and boldness of digital transformations with agile, forward-thinking security and privacy strategies, investments, and plans.

The operational leader and master tacticians are tech-savvy and business-savvy CISOs. They can deliver consistent system performance, with security and privacy throughout the organization and its ecosystem amid constant and changing threats. It's time to stop repeating how things can't be done (on security grounds). Instead, we need to preach from the business transformation book and explain how they can be.

We must stop operating out of silos and build relationships with all business players, embedding 'scenario thinking' and responsiveness into organizational cyber functioning. But just as importantly, to address the first part, the board needs to plan and prepare for a cyber-crisis proactively; only by understanding the risks can the business be in the right strategic place to combat them successfully.

8. Security mesh, Zero Trust and SASE- Consolidation and optimization.

As 2023 planning kicks off, it would be interesting to look at how many Zero Trust initiatives have surfaced during budget discussions, how many product investments are tied to this initiative, and, more importantly, which are real Zero Trust or ones just seeking a budget home?  Organizations in the early strategy stages for Zero Trust need to think of this as a multi-year plan which is probably starting to take shape, but it's not the playbook you need to make today's priority calls.  Many teams will struggle to move an emerging Zero Trust strategy to practical implementation. The need will arise further for approaches that can help with practical implementation and accelerate Zero Trust data initiatives.

9. Board with more cyber knowledge and investment.

Business and cybersecurity success go hand in hand. As the board's role in cyber-risk oversight evolves, the importance of robust dialogue with the cyber influencers within an organization cannot be overestimated. Without close communication between boards and the cyber/risk team, the organization could be at even greater risk. If this sounds like a cybersecurity grooming exercise, that's because it is. Preparing cybersecurity practitioners with business acumen for the board to act as the voice of educated reason isn't such a bad idea.

The best businesses thrive because they have people at the very top who can exert control based on informed decision-making when a crisis looms. Leaving cybersecurity out of this success equation in 2023 is a risky game. Cybersecurity teams should equip the board with the following as a starting point. 

  • A clear articulation of the current cyber risks facing all aspects of the business (not just IT); and
  • A summary of recent cyber incidents, how they were handled, and lessons learned.
  • Short- and long-term road maps outlining how the company will continue to evolve its cyber capabilities to address new and expanded threats, including the related accountabilities in place to ensure progress; and
  • Meaningful metrics that provide supporting essential performance and risk indicators of successful management of top-priority cyber risks that are being managed

10. Skills shortages and product silos exacerbate the situation.

There's no question that cybersecurity should be a number one focus for businesses that want to keep growing. But improving and scaling cybersecurity efforts in a constantly changing environment is challenging, with new threats and technologies continually being developed. To make things worse, the cybersecurity labor crisis is going to intensify.

A saturation of cybersecurity products with umpteen features is a desperate cry for consolidation, and the future is about cyber platforms and not siloed feature sets. The focus should not just be on finding issues but instead on remediation. There is going to be a need to demonstrate speed to value. We need technology that shows immediate value with simple implementation. Everyone talks about tech spending but forgets to include all the labor to roll out and maintain the technology platforms and the reason to consider cyber as a service.

Our current global landscape is testing resiliency. As organizations continue to digitally transform it has created new and heightened cyber risk concerns. Protecting these digital connections needs to stay top of mind for leaders looking to help their organizations adapt to these changes while continuing to innovate. 

The post 10 Cybersecurity predictions for 2023 appeared first on Cybersecurity Insiders.

This blog was written by an independent guest blogger.

A key share of growing technology is blockchain. Blockchain technology permits entities to share information quickly and firmly while not compromising on security.

The engineering blockchain has hit the marketplaces everywhere nowadays. And it’s because blockchain has many applications that deliver higher output and reliability than the traditional network. Now that many businesses have begun to experiment with the blockchain, a full new sort of marketplace is developed.

What is BaaS & what are its benefits?

Blockchain-as-a-service (BaaS) is the third-party creation and management of cloud-based networks for companies in the business of building blockchain applications. These third-party services are a relatively new development in the growing field of blockchain technology. The application of blockchain technology has moved well beyond its best-known use in cryptocurrency transactions and has broadened to address secure transactions of all kinds. As a result, there is a demand for hosting services, per Investopedia.

BaaS could be a cheap methodology for businesses of all sizes to use blockchain technology. BaaS can permit enterprises to get blockchain provider’s services at the lowest price to develop blockchain apps.

Since blockchain remains largely the domain of cryptocurrencies, it’s not common to use this technology at a business scale. Most people also lack the experience to calculate a ROI for its enterprise usage.

BaaS industry specific solutions

All the solutions offered within the name of blockchain-as-a-service can have domain knowledge. center. These solutions use the important traits of blockchain to prevent cyber stealing and reassure to its customers. Here are 4 most prominent areas where BaaS is being explored.

1. Automotive
2. Healthcare
3. Fintech
4. Transportation

Importance of BaaS:

An organization’s operations area unit is driven by data. As a technique of providing that data, blockchain can be best, since it provides immediate, shared, associated clear data held on an immutable ledger that may solely be accessed by allowed members of the network.

The adoption of blockchain technology is progressively being explored by IT organizations in a very wide selection of industries. Despite this, the inherent technical complexities, an absence of domain experience, and the operational overhead prices of developing, operating, and maintaining the blockchain typically hamper plans for adoption. BaaS, however, is presently being seen as a doable resolution to the present downside.

The right BaaS supplier will ease businesses transition to blockchain technology by giving them access to blockchain developers, It may also provide method and governance specialists. This would provide needed cloud infrastructure with less fear about startup and overhead prices.

A notable BaaS supplier also will provide an upscale supply of expertise and knowledge that may be leveraged to upgrade the protection of the systems. As a result, it can considerably reduce the amount of risks that may need to be addressed if it had been developed in-house.

How does BaaS work?

BaaS is when an external provider sets up for a customer all the mandatory “blockchain technology and infrastructure.” By paying for BaaS, a customer pays the BaaS manufacturer for the establishment and maintenance of blockchain connected nodes. The dynamic backend for the user and their company is handled by the BaaS provider.

The BaaS operator ensures the preservation and management of vital objects and services associated with blockchains. To boot, it can regulate information measures, allot capability, assess storage desires and determine security risks.

Think about BaaS as a web hosting provider. It takes you simply a few minutes to style an online page that reaches ample folks daily. In fact, you'll run your own website from your own workplace, use your own computer/server and either will do the work yourself or rent a support team.  

A good example of blockchain technology is Hyperledger violoncello, that could be a utility system and toolkit for blockchain modules that's kind of like a BaaS platform. The Hyperledger violoncello (HLC) system could be a distributed computing platform that helps folks manage and use blockchain systems with efficiency.

Conclusion:

Blockchain as a Service can be the catalyst for the wide-scale adoption of blockchain throughout varied industries and companies – any size of firm will currently merely “outsource” their technological advanced tasks so that they can concentrate on their core business instead of managing and developing their own blockchains.

BaaS not only makes blockchain technology accessible to a wider audience, but also conjointly supports the rising use cases of the technology. This can effectively increase your business scope. But be careful as it is a new technology – always calculate the ROI before adopting it.

The post Blockchain as a Service (BaaS) appeared first on Cybersecurity Insiders.