Category: For technologists

A new generation of security frameworks are gaining traction that are much better aligned to today’s cloud-centric, work-from-anywhere world.

Related: The importance of ‘attack surface management’

I’m referring specifically to Secure Access Service Edge (SASE) and Zero Trust (ZT).

SASE replaces perimeter-based defenses with more flexible, cloud-hosted security that can extend multiple layers of protection anywhere. ZT shifts networks to a “never-trust, always-verify” posture, locking down resources by default and requiring granular context to grant access.

With most business applications and data moving to cloud and users connecting from practically anywhere, SASE and Zero Trust offer more versatile and effective security. Assuming, of course, that they work the way they’re supposed to.

Effective testing

Modern SASE/ZT solutions can offer powerful protection for today’s distributed, cloud-centric business networks, but they also introduce new uncertainties for IT. Assuring performance, interoperability, resilience, and efficacy of a SASE implementation can be tricky.

What’s more, striking the right balance between protecting against advanced threats and ensuring high Quality of Experience (QoE) is not easy when new DevOps/SecOps tools are pushing out a 10X increase in software releases.

Effective testing becomes critical. Today’s highly distributed, intensely dynamic environment results in potentially thousands of hybrid cloud test cases that need to be continually verified. IT and security teams must address:

SASE assurance: Most Managed Security Service Providers (MSSPs) are bound by service-level agreements (SLAs) for the services they deliver, including SASE. Since there are no standard SASE key performance indicators (KPIs,) just determining how to validate SASE behavior can be problemat

ZT behavior: ZT frameworks grant access based on identity, policy, and context. Each of these elements must be validated across multiple security controls, like next-generation firewall (NGFW) and data loss protection (DLP) tools. Once again, there is no standard set of ZT test cases to guide this validation.

SASE applications: Applying strong security without impeding performance requires an understanding of the footprint, scalability, and robustness of different SASE application services in different cloud environments; these include NGFWs, application firewalls, secure web gateways, and more.

Edge NFs: Even when offered as a single “solution,” SASE edge clouds can include multiple proprietary NFs (SD-WAN, NGFW, ZT) each with its own API and management tool. These all need to be validated.

Security policy: Successfully enforcing policy in a SASE environment starts with validating security rule sets. With evolving threats and ongoing network changes, that can’t be a one-time job. Next-gen automated test tools can be leveraged to continually re-validate policies.

Testing principles

Clearly, SASE/ZT testing merits serious consideration, and the right test cases for one organization won’t necessarily map to another. Here are four pillars of effective SASE testing:

Test across all deployment environments. SASE architectures must be validated end to end—from users and branches, through SASE points of presence, to cloud application servers. Additionally, performance needs to be profiled across all networks and SASE behavior measured across all architectures—virtualized, containerized, and bare metal

Jeyaretnam

Test for the real world. Specific SASE KPIs unique to a company’s operating environment need to be identified. Simulating generic traffic patterns can be misleading. Care must be taken to ensure testing reflects real-world network and application traffic profiles.

Accurately simulate vulnerabilities. Realistic threat models likewise should be used to validate SASE security efficacy—including simulating the evasion and obfuscation techniques that real hackers use. And since malware and vulnerabilities constantly change, threat models must continually evolve too.

Prioritize QoE. The best all-around metric for SASE/ZT testing is QoE, as it reflects multiple underlying factors, including performance, error detection, encryption variability, overall transaction latency, and (for ZT) concurrent authentication rate. Security controls that impede important business activities, will motivate users to try to bypass them.

Despite the complexity of SASE/ZT validation, it’s easy to understand what effective testing looks like. The right tools in place can continually test a full range of use cases across all environments.

Organizations can draw on a new generation of automated, always-on SASE/ZT testing tools. These systems integrate automated continuous security and QoE providing the dynamic protection companies expect and need.

About the essayist: Sashi Jeyaretnam is Senior Director of Product Management for Security Solutions, at Spirent,  a British multinational telecommunications testing company headquartered in Crawley, West Sussex, in the United Kingdom.

Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard.

Related: The demand for ‘digital trust’

Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage, with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

Maintained by the International Organization for Standardization (ISO), a global non-governmental group devoted to developing common technical standards, ISO 27001 is periodically updated to meet the latest critical threats. The most recent updates came in October 2022, when ISO 27001 was amended with enhanced focus on the software development lifecycle (SDLC).

These updates address the growing risk to application security (AppSec), and so they’re critically important for organizations to understand and implement in their IT systems ASAP.

Updated guidance 

Let’s examine how to put the latest ISO guidance into practice for better AppSec protection in enterprise systems. Doing so requires organizations to digest what the ISO 27001 revisions mean for their specific IT operations, and then figure out how best to implement the enhanced SDLC security protocols.

The new guidance is actually spelled out in both ISO 27001 and ISO 27002 – companion documents that together provide the security framework to protect all elements of the IT operation. The focus on securing the SDLC is driven by the rise in exploits that target security gaps in websites, online portals, APIs, and other parts of the app ecosystem to exfiltrate data, install ransomware, inflict reputational damage, or otherwise degrade enterprise security and the bottom line.

The revised ISO standard now stipulates more-robust cybersecurity management systems that reach all the way back into the SDLC to ensure that applications are inherently more secure as developers build them. In fact, for the first time, security testing within the SDLC is specifically required. And ISO 27001 specifies this testing should go beyond traditional vulnerability scanning toward a more multi-level and multi-methodology approach.

Achieving compliance

In seeking to secure the SDLC for ISO compliance, organizations will likely need to rely on a spectrum of testing tools working together to identify and prioritize the most critical threats. Here are 3 strategic priorities to help guide these efforts:

•Take a comprehensive, multi-level and multi-methodology approach – This includes employing multiple types of security testing in a single scan; setting up secure version control with formal rules for managing changes to existing systems; and applying security requirements to any outsourced development.

•Promote secure and agile coding practices – This includes subjecting deployed code to regression testing, code scanning, penetration, and other system testing; defining secure coding guidelines for each programming language; and creating secure repositories with restricted access to source code.

•Infuse security into application specifications and development workflow – This includes defining security requirements in the specification and design phase; scanning for vulnerable open-source software components; and employing tools that detect vulnerabilities in code that is deployed but not activated.

Comprehensive scanning

At the CTO and CIO level, these principles help guide the enterprise-wide strategy for ISO compliance. At the developer level, they will fundamentally reshape how programmers do their work day in and day out – including employing more project management tools and secure system architecture frameworks to track and mitigate risks at any stage in the SDLC.

Sciberras

The key throughout is to adopt a more holistic and comprehensive testing approach that aligns with the ISO 27001 requirements, since traditional vulnerability scanning is not powerful or proactive enough to secure the SDLC. The easiest way for organizations to mature their capabilities along these lines is to integrate a range of advanced AppSec testing protocols.

For example, the right AppSec partner can empower security teams with a blend of dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA) together in a single scan. These combined testing approaches help secure all stages of development, as well as production environments, without negatively impacting delivery times.

Recent updates to the ISO 27001 standard bring a much-needed focus to securing the entire SDLC. In working to comply with the revised standard, security and development teams are realizing that a blend of multiple, complementary testing protocols is needed to catch and even prevent issues far earlier in the development process.

These efforts will help elevate security right alongside achieving the designed functionality as the ultimate goals in every DevOps project.

About the essayist: Matthew Sciberras, CISO, VP of Information Security, at Invicti Security, which supplies advanced  DAST+IAST (dynamic+interactive application security testing) solutions that helps organizations of all sizes meet ISO 27001 compliance.

Well-placed malware can cause crippling losses – especially for small and mid-sized businesses.

Related: Threat detection for SMBs improves

Not only do cyberattacks cost SMBs money, but the damage to a brand’s reputation can also hurt growth and trigger the loss of current customers.

One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries. Attack that drew public scrutiny included:

•Ultimate Kronos Group got sued after a ransomware attack disrupted its Kronos Private Cloud payment systems, relied upon by huge corporations such as Tesla, MGM Resorts and hospitals That ransomware attack shut down payroll and human resources systems.

•The Ward Hadaway law firm lost sensitive client data to ransomware purveyors who demanded $6 million, or else they’d publish the data from the firm’s high profile clients online.

•The Costa Rican government declared a national emergency, after attackers crippled govenrment systems and demanded $20 million to restore them go normal.

•The Glenn County Office of Education in California suffered an attack limiting access to its own network. They paid $400,000 to regain access to accounts and protect prior and current students and teachers, whose Social Security numbers were in the data.

Amos

These are just a handful of examples of ransomware attacks in the last year. Some victims paid the ransom while others restored their systems without payment. Those that paid the blackmailers came to the conclusion that  restoring revenue generating operations, via rewarding criminals, was their best option.

Why not to pay

However, the U.S. Department of the Treasury warns against paying ransoms, citing the 37% annual increase in reported cases and 147% increase in costs. Paying doesn’t guarantee your business won’t be hacked again. It also spurs on the cybercriminals, showing them such attacks are profitable.

The U.S. Treasury says paying ransomware ransoms just encourages hackers to come up with bigger and bolder demands over time.

So wWhy would a business pay out money instead of cleaning up the mess and securing its systems? Some reasons include:

•Lack of resources to clean up the hacked files.

•Loss of money from downtime exceeds the ransom.

•To prevent damaging information from becoming public

Many business owners are also embarrassed they allowed criminals into their systems. They worry it makes them look careless and they want to cover the situation up by whatever means necessary.

Disincentivizing payment

What are some key ways of discouraging businesses from paying ransoms? Teach them to keep a full backup of all data. It’s much easier to restore lost information if the brand has a copy of it.

A plan of action is vital in the case of any hack. Taking steps to lock down information fast minimizes damage. Send out immediate notices to customers and ask them to reset their passwords, and inform them their data may be exposed to the dark web.

Report any hacking attempts or ransomware demands to the FBI or the authority in the business’s location.

Paying ransom to hackers only encourages them to attack other business owners, governments, and educational institutions. It’s best to stay away from paying out any funds in cryptocurrency or otherwise. Lean toward spending money on cleanup and restoration rather than a payoff.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

The United States will soon get some long-awaited cybersecurity updates.

Related: Spies use Tik Tok, balloons

That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts. Here’s a look at some broad themes to expect and how they will impact businesses:

•New vendor responsibilities.  Increased federal regulation puts more responsibility on hardware and software vendors compared to the customers who ultimately use their products.

Until now, people have primarily relied on market forces rather than regulatory authority. However, that approach often leads to bug-filled software because makers prioritize new product releases over ensuring they’re sufficiently secure.

These changes mean business representatives may see more marketing materials angled toward what hardware and software producers do to align with the new regulations. Product labeling may also become easier to understand, acting somewhat like food nutrition labels, except centered on security principles.

Coverage of the strategic security program from people with firsthand knowledge of the draft document suggests congressional action or executive authority will regulate how all critical sectors handle cybersecurity. It’s still unclear what that looks like in practice, but it certainly signifies a major change.

•Expanded cybersecurity budgets. Statistics suggest almost 50 percent of employees have never received cybersecurity training. It’s also easy to find research elsewhere highlighting how workers frequently make errors that might seem meaningless but ultimately expose files or corporate networks to cyberattacks and other risks.

The heightened awareness as more people became aware of the Biden administration’s plan helped spur a change that caused elevated stock market activity for several cybersecurity companies. This may have happened because people at more companies recognized the need for such products. After all, cybersecurity awareness training for employees is vital, but it can only go so far. Businesses must also invest in specialized tools for network monitoring and security.

However, those familiar with the content of the strategic cybersecurity program say not to expect uniform standards to apply across industries. Previous U.S. presidents have tried that without getting the desired effects. That means it’s best to wait and see Biden’s intentions before increasing cyber investments.

•Critical infrastructure revisions. Analysts also believe part of Biden’s strategy for cybersecurity will rewrite a policy from President Obama’s era that provides stipulations for keeping essential infrastructure secure. It may also include details about which types of companies fall into that category. If so, entities like cloud providers might need to take additional steps to maintain security. The same would likely be true for utility, telecommunications and transportation businesses.

Flynn

However, it’ll take a while to implement even once the Biden administration’s plan is officially published. That gives all affected companies time to make any necessary adjustments, regardless of whether they’re categorized as critical infrastructure providers.

People working at businesses highly likely to need stronger cybersecurity under the new strategy should consider consulting with cybersecurity experts. Those parties can advise them about where gaps remain and how the business is already doing well by following best practices for security.

Big changes lie ahead for U.S. cybersecurity policies and practices. The previewed content of cybersecurity plans from the Biden administration indicates people should expect significant shifts from what past leaders have tried. However, even once the details of this cybersecurity strategic plan are publicized, it’ll take a while before whatever’s different is widely adopted. Business leaders should be ready to act but refrain from making any relevant decisions before getting the details straight from the source.

About the essayist: Shannon Flynn is managing editor of ReHack Magazine. She writes about IoT, biztech, cybersecurity, cryptocurrency & blockchain, and trending news.

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss.

Related: The importance of preserving trust in 2023

Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers. But it’s a real and growing risk to be aware of.

In 2020, Forbes reported that pandemic layoffs and remote work served to increase the risk of company data loss. Tesla, for example, suffered two cybersecurity events after layoffs back in 2018.

Data loss isn’t necessarily spiteful. Imagine an employee creates a spreadsheet showing all your clients and the main points of contact for each. She updates this sheet, but forgets to share it internally.

She gets laid off, and she takes the spreadsheet with her because she believes that the work she created at her job belongs to her. This may sound like an edge case, but a survey by Biscom found that 87 percent of employees took data that they themselves had created from their last job.

Data theft can also be deliberate and malicious. That same employee might use that spreadsheet as a bargaining chip in securing a new job with your competitor.

Data theft can also happen as a result of hackers. In the infamous 2014 Sony hack, an employee moving from Deloitte to Sony allegedly took sensitive data with him when he left. It is believed that the employee was storing employee information from both Sony and Deloitte in his computer, leading to the salaries of 30,000 Deloitte employees being leaked.

Data loss prevention is a concept that’s been around since the ‘90s, but in the age of AI, machine learning, natural language processing, and all those other fun new buzzwords, it’s taken on new relevance and significance.

With relaxed security measures due to remote work, disgruntled employees due to sudden mass layoffs, and logistical oversights due to reorganization, company data can fall through the cracks. To keep up, companies need to use technology to ensure their most important asset, their information, is safe.

Consolidated visibility

Rittman

The first step is to know what you have. Then you can work on protecting it.

That’s why the first step in any layoff-proof data loss prevention strategy has to be the collection and categorization of all the company data that exists. This is both easier and harder thanks to a distributed system of information.

Data might be in spreadsheets, on Slack, on OneDrive, in custom databases, or any other number of off-premises cloud systems.

The best way to consolidate all that info is to use machine learning and artificial intelligence. First, identify all potential sources of data. You might also want to ensure you’re scanning all emails going in and out of the company.

Then, companies need to set up rules to determine what the AI identifies as what kind of data. For example, one priority is identifying personally identifiable information of your customers. You don’t want that leaving your data warehouses.

Another example is any kind of proprietary algorithm or system. For instance, if you’re Equifax, you don’t want any employee able to leave with your credit score algorithm.

Using a combination of AI and ML, you should be able to put together a comprehensive catalog of all company data.

Spotting anamolies

The next step is to train the AI to spot suspicious-looking behavior. For example, you might set it up so that when an employee starts downloading massive amounts of data, that gets flagged as suspicious.

You might also need to use technology that can use optical character recognition (OCR). For example, imagine instead of sharing that customer spreadsheet, our laid-off employee just takes a screenshot of it and emails it to herself.

Unless your data loss prevention strategy has OCR to read what screenshots are, you’d never be able to know that she walked off with that spreadsheet unless you manually went through every single one of her emails.

You also have to take steps to stop data loss from happening. For example, your system should include a rule to automatically log out any users downloading a high number of files. It should also limit access for any soon-to-be laid off employees to sensitive material.

And finally, in the case of non-malicious theft, you should be able to quickly scan any employee-generated data to ensure files like comprehensive customer databases don’t get lost just because nobody knows they exist.

One major component of data loss prevention is to map the organization’s critical information. With a map of who has access to what, the knowledge is less likely to get lost when employees move on. This enables companies to classify the information and prevent data loss, or at least educate employees not to take data with them to their next job.

You should also have set up your system to flag suspicious events, such as the mass downloading of files, laid-off employees sending lots of emails, or people logging in from unusual locations.

Your final step is to patch those holes. With AI on the case, it will auto-recognize suspicious events and take care of them. You can also be assured that important or sensitive information won’t fall through the cracks of mass layoffs.

Data loss is a real threat. Make sure your company is up to the job of handling it.

About the essayist: Dr. Danny Rittman, is the CTO of GBT Technologies, a solution crafted to enable the rollout of IoT (Internet of Things), global mesh networks, artificial intelligence and for applications relating to integrated circuit design.

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond.

Related: Deploying human sensors

Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

According to a recent report, small businesses (defined as those with under 250 employees) receive the highest rate of targeted malicious emails at one in every 323 emails, and 87 percent of those businesses hold customer data that could be targeted in an attack.

Another report by Vade completed last year found that 87 percent of respondents agreed their organization could take the threat from email security more seriously.

Intelligent defense

Small-to-midsize businesses (SMBs) continue to think they’re “too small to be a target.” This is  a harmful misconception. Hackers may pick SMBs over larger companies for several reasons, namely because SMBs don’t have the same budget or resources dedicated to cybersecurity as large companies.

As attacks grow in number and sophistication, these smaller organizations will need technology that tightly integrates with modern productivity suites such as Microsoft 365 and/or Google Workspace that also provides comprehensive threat intelligence.

Secure email gateways (SEGs) are a common solution used by businesses both large and small to analyze emails for malicious content before they’re able to reach corporate systems. However, with the emergence of API-based or integrated email security solutions, SEGs have become obsolete.

Over the past couple of years, organizations have been opting for API-based email security solutions for reasons including increased visibility into productivity suites, easy deployment and ability to share threat intelligence from email with other applications used throughout the business operation.

Microsoft 365 and Google Workspace are the two most popular productivity suites used worldwide. While strides have been made to make both platforms more secure, it’s inevitable that when hackers run into roadblocks, they’re going to innovate their attack methods to sneak past whatever defenses stand in their way.

Consolidated visibility

The bottom line is, security operations centers (SOCs) and MSPs need solutions that allow them to quickly investigate and respond to email-borne threats transiting through networks without any misconfigurations that could harm, or even halt business operations.

One of the major challenges our customers have voiced to us is how difficult it is to monitor and manage threats from all their endpoints. They need better visibility into their cybersecurity landscape if they’re going to have any chance of protecting their assets effectively.

Additionally, IT teams are being overburdened by managing too many complex tools. They need solutions that allow for powerful integrations but consolidate the most important threat intelligence into simple dashboards.

Products that that speed up incident response times by automating remediation are going to become hot commodities as these suites continue to increase in popularity.

Wider protection

AI-based email solutions can tightly integrate with these suites to catch threats that Microsoft 365 and Google Workspace don’t identify…and perhaps more importantly, those solutions can learn from the threats they encounter to keep similar and more advanced ones from slipping past barriers in the future.

Gendre

In 2023, we predict MSPs and SMBs will invest in tools that integrate seamlessly with productivity suites, reduce incident response times, and lighten the load on IT teams, rather than invest in solutions that solely secure email.

We also predict hackers are already one step ahead and know these tools are going to become commonplace. It’s time for businesses small and large to level up their email security solutions with tools that can learn from and predict the bad guys’ next moves – not just move suspicious emails to spam.

About the essayist: Adrien Gendre is a co-founder of Vade and serves as its Chief Tech & Product Officer.  Founded in 2009, Vade supplies AI-based cybersecurity technologies that help companies defend many types of email-borne attacks.

The decision by the House of Representatives to ban  TikTok  from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds.

Related: The Golden Age of cyber espionage

On December 23, 2022, Congress, in a bipartisan spending bill, banned TikTok from all government devices. The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states.

The Tik Tok decision combines national security, social media, and “China” in only one institution’s change of policy. It reflects the challenge that continued use of social media presents to those within the federal circle of trust.

The Chinese government, as well as other foreign powers, actively probe all aspects of American life for information useful in compromising the Republic’s national security interests. They are active not only in stealing the federal government’s data, but also doing the same in our private and public corporations.

And no one piece of information is the exclusive goal of any intelligence operation; all types of information are useful if they can be gained.

No member of the House of Representatives will be allowed to download the TikTok app on any House-issued mobile phone. This mirrors the general practice of prudent Executive Branch leaders, supervisors, managers, and employees.

Many refuse to use social media at all. It is very rare for a CIA or NSA employee to have, for instance, a Facebook account. Entering the federal circle of trust requires changes in one’s personal life. Americans of older generations were more comfortable with making these changes.

Necessary choice

Meyer

Not so much anymore. It is a choice the security community will force upon everyone seeking access, from a member of Congress down to an entry-level staff member at the Defense Intelligence Agency.

The underlying Tik Tok security concern is that the social media app can be used by a foreign power to collect intelligence or information useful in blackmailing the user into releasing classified information.

The user does not need intent to do the Republic harm; the term “unwitting fool” is used in security circles of trust for situations in which an otherwise well-meaning simpleton plays the pawn role in an intelligence operation.

Removing social media apps as a “door” to gain access to classified information denies the foreign intelligence service one means of access. But the impact is lessened if the federal leaders, supervisors, managers, and employees then substitute personal accounts for government accounts.

And while Congress controls its own security clearances, it must coordinate with the Executive Branch to gain access; if it fails to present a security-safe profile by taking actions like the Tik Tok decision, the national security establishment headed by the Director of National Intelligence for the President will just deny access. Congress collects no intelligence of its own. It is wholly reliant on the President in this federal activity.

The security profiling mechanism governing Executive Branch decisions in this area is Guideline M: Use of Information Technology. It is also used by House and Senate security personnel when they advise Members of Congress and their staffs.

Destructive access

Under Guideline M, not all social media characteristics trigger a security concern. But social media apps can be used to make an unauthorized entry into an information system; they can be entry points for the modification, destruction, or manipulation of an information system or data; they can be used to gain unauthorized access to a compartmented area used to store classified information; and they can promote negligence and lax security practices. The decision is not made to limit communication; it is made to limit theft.

McKinion

Many have been focused on the events of January 6th and the security profiles of members of Congress thought to have encouraged the protest or insurrection. But the event to focus on preceded January 6th. On the morning of October 23, 2019, members of the House of Representatives stormed the compartmented area used by the House intelligence committee to receive, view, and discuss classified information provided by the President through his intelligence agencies.

In violating the rules for handling classified information, the storming raised questions regarding the Congressional commitment to maintaining the discipline necessary to protect classified information. That same discipline is needed to not misuse Tik Tok or one’s private email. Given the question hanging over Congressional reliability, Tik Tok—and other entry points—have to go.

About the essayist: Dan Meyer, is Managing Partner of Tully Rinckey PLLC’s Washington, D.C. office. He is a member and Vice -Chair of the National Security Lawyers Association. Lachlan McKinion is a law clerk in Tully Rinckey’s Washington, D.C., office. He focuses on national security and security clearance law.

The cybersecurity profession can be very rewarding, but at the same time quite taxing.

Related: Equipping SOCs for the long haul

In fact, stress factors  have risen to where some 45 percent of the security professionals polled in Deep Instinct’s third annual Voice of SecOps report said they’ve considered leaving the industry altogether.

Ransomware is at an all-time high; attackers are as elusive as ever. Thus the job of detecting an active adversary and stopping them before they can do material damage has become extremely difficult.

Some 91 percent of respondents reported feeling stress in their security roles, of which 46 percent stated that the level of stress had increased in the past 12 months.

Productivity disruptor

A significant proportion of security pros concede that stress is negatively impacting their ability to do their daily tasks at work; this is the result of a number of variables including:

•A gap between the number of qualified candidates to fill positions and experienced staff members; skilled security personnel are often poached for higher wages and larger responsibilities.

•An overwhelming number of security alerts leading some organizations to turn off warnings altogether.

•Elusive adversaries who continually re-invent new ways to execute attacks.

•Newly discovered software vulnerabilities and misconfigurations increasingly getting exploited before the organization has a chance to fix them.

Above all, the core exposure derives from an increasing number of unknown threats, according to a Divisional Head of Cybersecurity Compliance at a global motor manufacturer:

“The number of unknowns is increasing. The criminals know their existing malware signatures can be detected, so they are constantly looking to find new ways to attack. It’s like they’ve got Harry Potter’s invisibility cloak. We can never switch off.”

Hero mentality

Senior security leaders, i.e. CSOs and CISOs, need to be able to convey the risks that their teams face, especially to board members who can easily get lost in explanations of the endless technical nuances.

And the more senior the cybersecurity role, the more stressful the job. Amongst senior security leaders, the top stress factors were:

•Securing a remote workforce.

•Digital transformation affecting security.

•The threat of ransomware.

A UK-based CISO at a large police force puts it this way:

“We are too reliant on the hero mentality – we have some people who are working 16-18 hour days at times. That’s not sustainable, and we certainly shouldn’t be expecting people to put in those kinds of shifts as a part of our capability. They’ll burn out.”

Taming complexity

Here are a few ways security leaders can work to reduce stress:

•Lower the volume of alerts and reduce false positive rates. Overworked SOC teams have difficulty focusing  on what really matters.

•Pull from resources from other departments, such as IT or even finance, to put an emphasis on securing the organization.

•Create clear goals and measurements of success; help security teams justify resource expenditures.

•Foster a culture of reward and positivity.

Crowley

There is a great amount of discussion around AI for use cases in cybersecurity. Our survey found that 82 percent of respondents would rather depend on AI over humans to hunt threats, and 53 percent agreed that greater automation is necessary to improve security operations.

However, not all AI is created equal.  While machine learning has improved automation, it does not go far enough to make significant differences for SecOps teams.

By comparison, deep learning has been proven to provide a more preventative cyber posture for organizations. This can reduce alerts and false positives, and improve detection of actual threats bypassing controls today.

Overall, deep learning has been seen to improve not just the speed and scale of cybersecurity solutions, but the welfare and impact of security teams.

About the essayist: AKaren Crowley is the director of product marketing at Deep Instinct, a New York City-headquartered supplier of a purpose-built, deep learning cybersecurity framework.

Massively interconnected digital services could someday soon save the planet and improve the lives of one and all.

Related: Focusing on security leading indicators

But first, enterprises and small businesses, alike, must come to grips with software vulnerabilities that are cropping up – and being exploited – at a blistering pace.

Innovative vulnerability management solutions are taking shape to meet this challenge. One the newest and most promising spins out of the emerging discipline of machine learning operations, or MLOps.

One supplier in the thick of this development is a Seattle-based start-up, Protect AI.

Guest expert: D Dehghanpisheh, co-founder and CRO, Protect AI

I had the chance recently to visit with Daryan Dehghanpisheh, whose professional experience prior to co-founding Protect AI includes four years as the Global Leader of AI/ML Solution Architects at Amazon Web Services.

Protect AI launched in December 2022 with a  $13.5 million seed round stake, co-led by Acrew Capital and boldstart ventures, on the basis of  developing advanced tools to protect AI systems and machine learning models.

We discussed how the fledgling field of MLSecOps parallels the arrival and maturation of DevSecOps. “DevSecOps is putting security at the heart of everything you do from a DevOps perspective,” Dehghanpisheh told me. “We want to do the same thing with MLOps . . . treat security as an integral part of development, not just as an afterthought”

For a full drill down on how Protect AI hopes to mainstream MLSecOps – and how that could accelerate the arrival of massively interconnected digital systems — please give the accompanying podcast a listen.

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

(LW provides consulting services to the vendors we cover.)

 

Small and medium-sized businesses are facing immense security challenges and these are the same as those of mid-size or larger enterprises.

Related: Myths about safe browsing

Clearly, SMBs need to be alert for cyberattacks, but they also need to stay focused on their business and not sacrifice productivity.

Organizations are confronted with a severe security threats landscape, and it is critical that they have the ability to prevent, detect and respond to these threats in a timely manner. Hence, using a threat prevention and detection solution that doesn’t disrupt day-to-day operations while providing early warning and stopping potential threats before they escalate is essential.

Our dependence on technology has grown and so has the number of ways that criminals can exploit vulnerabilities to gain access to sensitive information or disrupt critical systems. Today, businesses of all sizes must be vigilant in protecting their data and infrastructure from a wide variety of threats, including malware, phishing, and denial-of-service attacks.

While the threat landscape is constantly evolving, there are a few trends that we are seeing in the modern cybersecurity landscape:

•Increased use of AI and automation by attackers.

•A shift from traditional malware to ransomware.

•An increase in sophisticated phishing attacks.

•A rise in targeted attacks against specific industries.

Threat detection solutions can be used to protect against both known and unknown threats, and can be deployed as part of a simple or comprehensive security strategy, since some of their most significant benefits for an SMB or larger enterprise are:

•Quick identification and classification of threats, allowing businesses to respond in real-time and thus reducing the chances of a data breach or other security incidents.

•Advanced analytics to reduce false positives, giving businesses peace of mind that their security systems are working as intended.

•Centralized management, which simplifies identifying and responding to threats across an organization.

Leveraging AI

The market has shifted – I am currently seeing strong demand for the ability to reduce time spent on removing threats. Hence, the advancements being done to pre-analyze data for the operator are a big shift in what the market is trying to achieve.

Kjaersgaard

There are a number of different factors that have contributed to this shift, including the rise of sophisticated cyberattacks, the growing importance of your data security, and the need for your organization to be able to respond quickly to incidents for compliance. As a result, there is an increased demand for threat detection solutions that can provide faster and actually effective responses to threats.

Moreover, one of the most important trends in threat detection is the move toward artificial intelligence (AI). AI-powered solutions are able to quickly identify patterns in data that may indicate a security breach. They can also rapidly respond to threats, often before humans even realize there is an issue.

Another trend is the use of cloud-based solutions. Cloud-based threat detection solutions offer a number of advantages over traditional on-premises solutions, including lower costs, scalability, and easier management – all of them being strong requirements from SMB-sized organizations.

Role of managed services

Finally, many vendors are now offering managed security services that include threat detection as part of a consolidated package. This can be an attractive option for SMBs that don’t have the resources to invest in their own security team or infrastructure. EDR, NDR, XDR and MDR are all great alternatives that SMBs can choose to strengthen their security posture.

For SMBs that want control in their own hands and cannot afford SIEM/SOAR solutions, Heimdal is launching a groundbreaking new technology with our Threat-hunting and Action Center, which will open up a new category in the cybersecurity market and combine four key elements under one unified roof: detection, visualization, threat-hunting, and remediation. These attributes combined with Heimdal’s solutions will enable the tool to serve as a single point of contact for risk management.

Our upcoming product is powered by Heimdal’s XTP (eXtended Threat Protection) engine to provide real-time visibility, rich intel, contextual awareness, and data to identify, protect and react to sophisticated threats, in a very easy-to-use and fast action environment.

SMBs can stay ahead of the curve. The key is effective threat detection, which requires the right tools in place for your specific environment and needs. Thus, you can leverage the latest advances in threat detection and protect your business from a constantly evolving security threats landscape.

About the essayist: Morten Kjaersgaard is CEO of Heimdal Security