Category: How-To Guide

In today’s interconnected world, our smartphones have become central to our lives. We rely on them for communication, navigation, entertainment, and even personal security. However, the convenience they offer comes with a price – the constant threat of cyberattacks. One often overlooked, yet significant, vulnerability in our smartphones is Bluetooth. By understanding the risks and taking simple precautions, you can enhance the security of your mobile device.

The Bluetooth Vulnerability

Bluetooth technology allows for wireless communication between devices over short distances. While this feature is incredibly handy for connecting wireless headphones, speakers, and other peripherals, it can also be exploited by malicious actors.

Bluejacking: This is a relatively harmless but intrusive form of cyberattack where someone sends unsolicited messages or files to your device. While not typically harmful, it can be annoying and may lead to your device’s battery drain.

Bluesnarfing: More serious than bluejacking, bluesnarfing is when cybercriminals access your mobile’s data, including contacts, emails, and messages, without your consent. This breach of privacy can have far-reaching consequences.

Blueborne Attack: This is one of the most critical Bluetooth vulnerabilities. It allows hackers to take control of your device completely. They can access data, install malware, and potentially turn your device into a part of a botnet.

How Turning Off Bluetooth Enhances Security

Disabling Bluetooth on your mobile device, when not in use, can significantly reduce the risk of these cyberattacks. Here’s how:

Preventing Unauthorized Access: Turning off Bluetooth eliminates the possibility of unauthorized connections. When your Bluetooth is off, it’s far more challenging for cyber-criminals to establish a connection with your device.

Avoiding Pairing Requests: Without Bluetooth enabled, you won’t receive any pairing requests from unknown devices. This ensures that you only connect with devices and peripherals that you trust.

Mitigating the Risk of Blueborne Attacks: Blueborne attacks are known to exploit vulnerabilities in Bluetooth connections. Disabling Bluetooth when you’re not actively using it eliminates this risk entirely.

Preserving Battery Life: Keeping Bluetooth on, even when not in use, can consume unnecessary battery life. By turning it off, you’ll extend your mobile’s battery life.

Best Practices for Bluetooth Security

While turning off Bluetooth is a straightforward and effective security measure, you can still enjoy the convenience of Bluetooth connectivity while keeping your device safe:

Use Bluetooth Wisely: Enable Bluetooth only when you need it, and turn it off when you’re finished.

Keep Your Device Updated: Ensure your mobile device’s operating system and apps are up-to-date. Manufacturers frequently release security patches that address known vulnerabilities.

Password Protection: Always secure your device with a strong, unique password or PIN. This provides an extra layer of protection if Bluetooth is inadvertently turned on or accessed by an attacker.

Be Cautious with Pairing: Only pair your device with trusted devices. Avoid connecting with unknown or unverified devices.

In conclusion, Bluetooth, while incredibly useful, can also be a gateway for cyberattacks on your mobile device. Turning off Bluetooth when you’re not actively using it is a simple and effective way to enhance your mobile device’s security. By following best practices and staying informed about potential risks, you can enjoy the convenience of Bluetooth without compromising your privacy and data security.

The post How Turning Off Bluetooth Can Safeguard Your Mobile from Cyber Attacks appeared first on Cybersecurity Insiders.

In the modern digital landscape, organizations face an ever-increasing barrage of cyber threats. Cybercriminals continually adapt their tactics, making it challenging for businesses to defend against potential cyber incidents. As a result, cybersecurity risks have become a top concern for businesses of all sizes and industries. While implementing robust cybersecurity measures is essential, another vital component in managing cyber risks is cyber insurance. Cyber insurance provides financial protection and support in the aftermath of a cyber incident, offering a safety net against potential financial losses. In this article, we will delve into the role of cyber insurance in managing cybersecurity risks and how it complements other cybersecurity practices, including Security Operations Center as a Service (SOCaaS).

Understanding Cyber Insurance

Cyber insurance, also known as cyber liability insurance or data breach insurance, is a specialized insurance product designed to mitigate the financial impact of a cyber incident. It covers various aspects, including data breaches, network security failures, business interruption losses, extortion, and legal costs associated with cyber incidents. The coverage can be tailored to meet the unique needs of different organizations, offering a sense of security in an increasingly unpredictable digital landscape.

  1. Financial Protection against Cyber Incidents

The primary role of cyber insurance is to provide financial protection in the event of a cyber incident. A cyber incident can lead to substantial financial losses, such as data recovery costs, legal fees, and regulatory fines. Cyber insurance helps alleviate these burdens, ensuring that organizations can recover without enduring crippling financial consequences.

  1. Breach Notification and Customer Support

Data breaches often require organizations to notify affected individuals and authorities promptly. Cyber insurance policies may include coverage for the costs associated with notifying customers, providing credit monitoring services, and offering customer support to affected parties. These measures can help maintain customer trust and loyalty in the aftermath of a cyber incident.

  1. Legal and Regulatory Support

Cyber incidents can lead to legal actions and regulatory investigations, especially in cases of data breaches involving sensitive customer information. Cyber insurance can cover legal fees and expenses incurred during litigation and regulatory investigations, ensuring organizations have the necessary resources to defend their interests.

  1. Business Interruption Coverage

Cyberattacks can disrupt business operations, leading to significant revenue losses. Cyber insurance can include coverage for business interruption losses, compensating organizations for lost income during the downtime caused by a cyber incident.

  1. Extortion and Ransomware Coverage

Ransomware attacks have become increasingly prevalent, with cybercriminals demanding ransoms to restore access to encrypted data. Cyber insurance can cover ransom payments or extortion costs, assisting organizations in resolving such incidents without compromising their financial stability.

The Role of SOC as a Service (SOCaaS) in Cyber Insurance

As organizations continue to face sophisticated cyber threats, many are turning to SOCaaS for expert cybersecurity services. SOC as a Service offers continuous monitoring, threat detection, and incident response capabilities to safeguard organizations against cyberattacks. The combination of cyber insurance and SOCaaS plays a crucial role in comprehensive risk management.

  1. Proactive Risk Mitigation

SOC as a Service (SOCaaS) plays a vital role in cyber insurance by offering proactive risk mitigation. SOCaaS providers employ advanced technologies and skilled analysts to continuously monitor an organization’s network, systems, and applications in real-time. This early detection and prevention of potential cyber threats can reduce the likelihood of security incidents that may trigger cyber insurance claims.

  1. Timely Incident Response

In the event of a cyber incident, SOCaaS providers respond promptly to contain and mitigate the impact of the breach. Their swift actions can minimize the extent of damage and potentially prevent the need for a cyber insurance claim. SOCaaS empowers organizations to act quickly and decisively, limiting financial losses and protecting their reputation.

  1. Enhanced Cybersecurity Posture

SOCaaS enhances an organization’s overall cybersecurity posture by continuously identifying vulnerabilities and areas of improvement. By addressing these weaknesses, organizations can lower their overall cyber risk profile, potentially leading to reduced cyber insurance premiums. The collaborative efforts of SOCaaS and cyber insurance create a proactive approach to cybersecurity, ensuring organizations are well-prepared to handle cyber threats.

  1. Risk Assessment and Insights

SOCaaS providers can collaborate with cyber insurance companies to conduct risk assessments and provide valuable insights into an organization’s security preparedness. This information can assist insurance underwriters in accurately evaluating an organization’s risk profile and offering appropriate coverage. The data and analysis from SOCaaS contribute to a more comprehensive understanding of an organization’s cyber risk exposure, enabling insurance providers to tailor policies to meet specific needs.

  1. Comprehensive Incident Reporting

SOCaaS generates detailed incident reports, documenting the nature and extent of cyber incidents. These reports can serve as essential documentation during the cyber insurance claim process, facilitating a smoother and more efficient resolution. The comprehensive incident reporting from SOCaaS ensures that cyber insurance claims are well-documented and supported by accurate and timely information.

  1. Continuous Monitoring and Detection

SOCaaS provides continuous monitoring and threat detection, significantly reducing the time between a cyber incident’s occurrence and its detection. This swift detection is critical for cyber insurance claims, as it allows organizations to respond promptly and minimize the impact of the breach. The proactive monitoring capabilities of SOCaaS bolster an organization’s ability to detect and address cyber incidents quickly and effectively.

  1. Regulatory Compliance Support

SOCaaS helps organizations stay in compliance with various regulatory requirements by monitoring and identifying potential security gaps that might result in non-compliance. Adhering to regulatory standards is crucial for maintaining insurance coverage, and SOCaaS ensures that organizations have the necessary security measures in place to meet regulatory obligations.

Conclusion

In the face of ever-evolving cyber threats, businesses must adopt a multi-faceted approach to cybersecurity. Cyber insurance and SOC as a Service (SOCaaS) form a powerful alliance, complementing each other to effectively manage cybersecurity risks. While cyber insurance provides financial protection in the aftermath of a cyber incident, SOCaaS offers proactive monitoring and incident response capabilities to prevent and detect security breaches. Together, these solutions create a robust defense against cyber threats, empowering organizations to navigate the digital landscape with confidence and resilience. As cyber risks continue to evolve, embracing both cyber insurance and SOCaaS becomes imperative for organizations seeking comprehensive cybersecurity risk management.

 

Image by Freepik

The post Cyber Insurance and SOC as a Service – Adapting to New Cybersecurity Challenges appeared first on Cybersecurity Insiders.

By Sravish Sridhar, CEO & Founder, TrustCloud

In our increasingly digitally connected world, cybersecurity risks are at an all time high and only growing. With this in mind, businesses are beginning to embrace and understand, if they didn’t before, just how essential a healthy governance, risk, and compliance (GRC) program is to their organization’s overall success.

Too Many Stakeholders Need Governance, Risk, and Compliance Reports

CISOs and their teams are now inundated with numerous requests to prove their security and privacy posture. Each stakeholder requires the data to be reported in different ways:

  • Customers & Partners: They want assurance that their data is protected. Often, they use compliance frameworks like SOC 2, ISO 27001, NIST, HIPAA and GDPR as proof of information security. In many cases, adherence to one of (or many of) these frameworks is a necessary qualification before an organization can consider becoming a customer or partner.
  • Boards & Company Leadership: Given the size of GRC investments, and the potential liability to boards and leaders, GRC is a business level priority that requires buy-in and support from the board and C-Suite. Not only do they want to know how these resources are impacting business, they also have a strong interest in mitigating company and personal liability that comes with a security breach.
  • Internal CISOs and InfoSec Team Reporting: These are the programs they lead, therefore security professionals are heavily invested in the strategy and results of risk management and compliance.
  • Regulators: They are in charge of coming up with the specific compliance and risk management measures all organizations should be adhering to, in order to adequately protect themselves and their customers from the growing and changing modern threat landscape.
  • Auditors: External auditors are looking for specific compliance and risk artifacts; the easier it is for them to find exactly what they need, the more likely a company is to pass an audit in a reasonable timeframe.
  • CFO: CFOs need justification for the budget they are giving to CISOs. So they want to see results. And not just any results, but results that positively impact or accelerate revenue.

The Impact of the SEC’s New Cybersecurity Regulations

The SEC recently published new rules for public companies specific to cybersecurity and compliance. With the new ruling, public companies will need to:

  • Disclose material cybersecurity incidents within four business days
  • Describe processes for “assessing, identifying, and managing material risks from cybersecurity threats”
  • Report and disclose material information regarding cybersecurity risk management, strategy, and governance on an annual basis
  • Describe the board of directors’ oversight of risks from cyber threats and management’s role and expertise in assessing risks and threats

While for now, this ruling only requires publicly traded companies to take these steps, these policies set new foundational standards for GRC and transparency when it comes to the way we do business. Not only will organizations be required to disclose cybersecurity incidents in a timely manner, but they will also have to share information on overall GRC and cybersecurity policies every year. Moreover, the SEC is specifically holding the board of directors and management responsible for GRC and management of cyber risk. Circling back to our question from earlier, “who cares about risk management & compliance?,” well the SEC is now making sure that an organization’s board of directors and management care, if they didn’t before.

Connecting Risk to Business Impact

While there are countless examples of what can happen to an organization when a cyber risk is exploited (think loss of data, customers, trust, tarnished brand reputation), CISOs are still struggling to connect risk to business impact and justify their security budgets.

An organization’s CFO and board will often evaluate projects based on impact, which means CISOs need data and evidence to connect how they protect against risk to how it impacts the business’s bottom line. While risk is a broad term, a more tangible definition is contractual risk – the commitments made to customers and partners, and the size of the contracts at stake if those commitments are not met. A concrete definition that reports in ARR (or another key revenue-related KPI) makes it easier for CISOs to communicate the size of relevant risks, which in turn help justify budget requests and program spend.

How Should CISOs Solve Their Reporting Requirements?

CISOs should be able to share a few key metrics that management, the board, and the CFO need to know in order to better understand the value and benefits being delivered from the security and GRC program. Metrics to share with key stakeholders include:

  • Potential Financial Impact: An estimate of how much this risk could cost factoring in direct financial loss, ransomware payments, legal costs, PR, lost business, lost competitive advantage, customer churn, or changes to insurance premiums.
  • Residual Financial Impact: How much of my potential financial impact still exists now that I have taken some action to reduce my risks? What’s the impact after I have created and implemented a treatment plan? How much liability am I still carrying?
  • Top Five Risks: CISOs and leadership teams should focus on the top five risks that have the greatest residual financial impact or represent key security threats along with how much progress is outstanding.
  • Revenue Accelerated by Security Programs: The ARR associated with contracts that required a security review. While not a direct measure of risk, it is helpful context to show how the security program impacts growth overall.

When a CISO is able to identify and share metrics like these, they can articulate the value and impact of their security and GRC program in terms that the C-Suite and board can understand, and better connect risk to business impact. When everyone is speaking the same language on compliance and risk, the result is an organization that is better aligned to prioritize, build, and maintain a healthy GRC and security program and showcase the results of that program and its benefits to customers and stakeholders.

 

Image by mindandi on Freepik

The post Why Are CISOs Struggling with Governance, Risk, and Compliance Reporting? appeared first on Cybersecurity Insiders.

Jaye Tillson, Field CTO at Axis Security

In an era where cyber threats are evolving at an alarming pace, the role of a Chief Information Security Officer (CISO) has never been more critical. Today, CISOs are the guardians of an organization’s digital assets, and in this role are facing a very daunting task–they are being called to protect sensitive data, maintain customer trust, and ensure business continuity. With an ever-expanding threat landscape, the ability to deliver on these three fronts has never been more challenging. As a result, it’s essential for CISOs to establish clear priorities to navigate these turbulent waters successfully.

In my role, I have the opportunity to meet regularly with security professionals from a variety of businesses all over the globe. Over the past six months in particular, that includes some extremely informative discussions with a sizeable group of CISOs. In this article, I wanted to share what I believe are the top three priorities that are at the forefront of their agenda.

Cyber Resilience

Today we are all operating in an interconnected world and many of the CISOs I spoke to believe that it’s not a matter of ‘if’ but ‘when’ a cyberattack will occur. It’s hard to argue with their view. Taking that viewpoint into account, their focus was on building cyber resilience within their organizations. For them, this meant preparing for, responding to, and recovering from cyber incidents effectively. Here are some key strategies that they are considering:

  • Incident Response Plan: Develop and regularly update a comprehensive incident response plan. Once this has been shared throughout the organization, make sure that all employees are aware of their roles and responsibilities during a cyber incident. From there, it’s imperative to put this plan to the test. This includes conducting regular drills and simulations to gauge the plan’s effectiveness and, if necessary, adjusting it as needed.
  • Data Backups and Recovery: Even with the best plan, data loss is always a possibility, especially since it is no longer housed in a single, central location. These CISO’s touched on the need to implement a robust data backup and recovery processes to minimize any data loss in case of a breach. This includes verifying the integrity of backups regularly and storing them securely offline to prevent ransomware attacks.
  • Threat Intelligence: Invest in threat intelligence tools and services to stay informed about emerging threats and vulnerabilities. These CISOs widely agreed that having regular access to this information would help them proactively defend against attacks.
  • Employee Training: No matter how many solutions you invest in and the simulations you conduct, human error still remains a significant factor in security breaches. In fact,  Verizon’s 2022 Data Breaches Investigations Report (DBIR) found that 82 percent of data breaches involve a human element. According to the DBIR, this includes incidents “in which employees expose information directly (for example, by misconfiguring databases) or by making a mistake that enables cyber criminals to access the organization’s systems.” Findings like this reinforce why these CISOs state it’s essential to conduct regular cybersecurity awareness training for all employees. The goal of these efforts is simple–ensure that everyone across the businesses fully understands the importance of security best practices.

Zero Trust

Many of the CISOs felt that the traditional perimeter-based security model is no longer sufficient to protect their business against modern threats. These solutions were effective when their we focused on protecting everyone within a castle and moat (i.e., the corporate office)/ But we don’t work in castles anymore.

For this group there is widespread agreement that the answer is to adopt a Zero Trust approach to secure their organization’s digital assets. Zero Trust operates on the principle of “never trust, always verify,” and it requires a fundamental shift in how security is implemented. Their priorities were:

  • Identity and Access Management (IAM): Implement strict IAM policies to ensure that users and devices are authenticated and authorized before accessing any resources. This includes the use multi-factor authentication (MFA) wherever possible.
  • Micro-Segmentation: Divide the network into micro-segments to limit lateral movement for potential attackers. With micro-segmentation, each individual segment should have its own access controls and monitoring mechanisms.
  • Continuous Monitoring: Because security threats never sleep, businesses must employ continuous monitoring solutions that track user and device behavior, detect anomalies, and trigger alerts for suspicious activities in near real-time.
  • Application Security: Ensure that all applications, whether on-premises or in the cloud, are secure by design. In addition, regularly assess and update the business’s security posture to mitigate vulnerabilities.

Regulatory Compliance

As data privacy regulations continue to evolve worldwide, compliance is a significant concern for many of the CISOs, and with good reason. Non-compliance often leads to hefty fines and reputational damage. Just ask Amazon which in 2021 incurred an $877 million fine for breaches of the GDPR.  To address this priority, the CISOs intended to:

  • Stay Informed: Stay up-to-date with the latest data privacy regulations, such as GDPR, CCPA, NIS2, or any other relevant laws based on their organization’s geographic footprint and industry.
  • Data Protection: Implement robust data protection measures, including encryption, access controls, and data retention policies, to ensure compliance with regulatory requirements.
  • Third-party Risk Management: Evaluate and monitor the security practices of third-party vendors and partners to ensure they meet compliance standards, as their actions can impact their organization’s compliance status.
  • Documentation and Reporting: Maintain thorough records of security measures, audits, and compliance activities and be prepared to provide documentation to regulatory authorities if required.

Conclusion

As the digital landscape becomes increasingly complex and volatile, these CISOs knew they would be facing the formidable challenge of safeguarding their organizations against a barrage of cyber threats.  What was clear through my conversations is they all felt that by prioritizing cyber resilience, adopting Zero Trust, and ensuring regulatory compliance, they could build a robust security posture that not only protects their organization’s sensitive data but also strengthens customer trust and ensures business continuity in an ever-changing cybersecurity landscape. They also acknowledged that their role was seen as pivotal in the modern business world and that these top priorities should be their guide in securing the digital frontier.

Image by gpointstudio on Freepik

The post Top 3 Priorities for Today’s CISO: Safeguarding the Digital Frontier appeared first on Cybersecurity Insiders.

By Karthik Krishnan, CEO of Concentric.ai

October is Cybersecurity Awareness Month, and every year most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed and these best practices can no longer be the bare minimum.

The sheer number of threats to your data — both external and internal — are increasing exponentially, so maintaining a robust data security posture is paramount. From a data protection standpoint, perhaps the most difficult challenge to address is that business-critical data worth protecting now takes so many different forms. Intellectual property, financial data, business confidential information, PII, PCI data, and more create a very complex environment. 

Traditional data protection methods, like writing a rule to determine what data is worth protecting, are not enough in today’s cloud-centric environment. And think about how easy it is for your employees to create, modify and share sensitive content with anyone. Your sensitive data is constantly at risk from data loss, and relying on employees to ensure that data is shared with the right people at all times is ineffective.

In fact, according to the 2023 Verizon Data Breach Investigations report, 74% of all breaches involve the human element — either via social engineering error, privilege misuse, or use of stolen credentials. Concentric AI’s own 2023 Data Risk Report research reports that, on average, each organization had 802,000 data files at risk due to oversharing — that’s 402 files per employee. The risk to data is enormous.

As Cybersecurity Awareness Month approaches, it’s is a good reminder that data security posture management (DSPM) is  critical for organizations to implement for visibility into actionable insights on how to mitigate data security risk. DSPM empowers organizations to:

•   Identify all sensitive data

•   Monitor and identify risks to business-critical data

•   Remediate and protect that information

The following Data Security Posture Management (DSPM) checklist elements combined with new initiatives for Cybersecurity Awareness Month can help you create a comprehensive five-step guide through Awareness, Action and What You Need to Know:

1. Data Sensitivity: The Foundation of Security

Awareness: It is critical to be able to discover and identify your at-risk data. Knowing where your sensitive data resides is the first step in securing it. 

Action: Host workshops and webinars to educate employees about the types of sensitive data (PII, IP, etc.) in your organization, and why it’s crucial to protect them.

What You Need to Know: Understanding the types of data you’re handling can make a huge impact. Employees should be aware of what constitutes sensitive data and the risks associated with mishandling it. Workshops can cover topics like data classification, secure handling of PII, and the importance of data encryption.

2. Contextual Awareness: More Than Just Data Types

Awareness: Organizations must be able to understand the context of their data. Data is not just about types but also about the context around it.

Action: Use real-world examples to show how data can be misused if taken out of context. Encourage employees to think before they share.

What You Need to Know: Context matters. Data that seems harmless can become a security risk when placed in a different context. Employees need to be aware of and trained to consider the broader implications of the data they handle, including how it interacts with other data and systems.

For example, consider an employee’s first name. On its own, a first name like “John” seems harmless. But combined with other pieces of data such as a last name, email address, or office location, it can be used to craft a convincing phishing email. Imagine if you receive an email that addresses you by your full name and references your specific office location or recent company activities. It would appear legitimate and could trick an unsuspecting employee into revealing sensitive information or clicking on a malicious link.

3. Risk Assessment Drills: Preparing for the Worst

Awareness: Organizations need to understand where there is risk to sensitive data in order to protect it. Knowing the vulnerabilities can help in crafting better security policies.

Action: Conduct mock drills to simulate scenarios where sensitive data might be at risk due to inappropriate permissions or risky sharing. This happens far more often than you think.

What You Need to Know: Mock drills can help employees understand the real-world implications of data breaches. These drills can simulate phishing attacks, unauthorized data sharing, and even insider threats. The key is to help employees understand the importance of following data security protocols. Hint: while employees need to know these implications, your organization should be leveraging solutions that reduce the burden on employees.

4. Permission Audits: Who Has Access? 

Awareness: It is very important for organizations to be able to track and understand data lineage and permissions. Knowing who has access to what data is crucial.

Action: Dedicate a week to auditing and correcting data permissions across all platforms. Make it a company-wide initiative.

What You Need to Know: Regular audits of data permissions can prevent unauthorized or risky access to sensitive information. During Cybersecurity Awareness Month, make it a point to review and update permissions, ensuring that employees have access to only the data necessary to do their jobs. The principles of least privilege and zero trust are applicable here.

5. Actionable Insights: The Path Forward

Awareness: Finally, organizations need to be able to take action and remediate any risk. Proactive measures can significantly reduce the risk of a data breach.

Action: Share weekly insights on the company’s data risk posture. Highlight any successful remediations as well as areas that need attention.

What You Need to Know: Transparency is key. Sharing insights about the company’s data risk posture can empower employees to take individual actions that contribute to the organization’s overall security. Celebrate the wins, but also highlight any underlying risks that need to be mitigated.

Cybersecurity Awareness Success: Combining security awareness with robust DSPM

Cybersecurity is a shared responsibility, and Cybersecurity Awareness Month is the perfect time to reinforce this message. Combining data security awareness with robust DSPM is key for keeping data secure.

All organizations can achieve a strong level of data security via a solid cybersecurity awareness program, and by following tips and best practices in order to minimize the impact of a data breach. Having the best of both worlds is achievable with a security-aware workforce and a robust DSPM solution.

 

Image by Freepik

The post Top Five Steps to Elevate Your Data Security Posture Management and Secure Your Data appeared first on Cybersecurity Insiders.

By Maor Bin, CEO, Adaptive Shield

One piece of advice I like to give security professionals is this – it’s often instructive to view cybersecurity from the threat actor’s perspective. In a SaaS world, that means understanding the behavior patterns of threat actors and then identifying the SaaS entry point they would likely prioritize.

What you’ll likely find is that bad actors often focus on highly coveted access points. Some examples include orphan accounts, unused local admin accounts, and other high-privilege, underutilized accounts that were involved in SaaS app setup.

In the early days of SaaS security, the tools were designed to protect access to SaaS apps, looking mostly at log-ins, passwords, and SSO. What many don’t realize is that SaaS security has evolved into a much more comprehensive security program.

The evolution of SaaS security is essential because businesses are becoming increasingly more SaaS driven—Fortune Business Insights reports that “the global SaaS market is projected to grow from $273.55 billion in 2023 to $908.21 billion by 2030.” This growth demands a holistic SaaS ecosystem security program that can help protect an organization by eliminating vulnerabilities and mitigating risk using the latest cybersecurity methodologies.

Now for the big question—where do you start?

Begin with Identity Fabric

Identity is one of the main barriers that threat actors must overcome. In fact, today, a person’s identity is often all that’s standing between a threat actor and a company’s most sensitive data. Identity fabric is a concept put forth by Gartner, which can be used to prevent this type of attack. This concept, which includes Identity and Access Management (IAM) and Identity Governance and Administration (IGA), requires centralized access control over decentralized applications and must be capable of tracking access from humans and machines, including access granted to third-party applications.

Speed is also important. Identity fabric must be fast, operating with near-imperceptible latency, so it doesn’t impact the user experience. The speed must be accompanied with an effective alert system that sounds the alarm in the event of suspicious activities, such as the creation of new admin accounts.

Complement with Endpoint Protection

Another important element is Endpoint Protection. Today this is rarely considered when teams strategize over SaaS security approaches. This is a big mistake. Computers and other devices that access the SaaS stack are often using outdated operating systems, web browsers, anti-virus software, or other outdated software. All of these can be exploited. For example, a keylogger on a computer used by a high-privileged SaaS admin can hand over the keys to valuable SaaS data.

Endpoint protection is vital to a holistic SaaS ecosystem security program because it allows teams to monitor device operating systems being used to access the SaaS stack, check compliance of the device to global standards and company policy and generate a user risk assessment.

By combining endpoint protection hygiene data with SaaS data and associating devices with users, security teams can manage SaaS risks. With this context, the organization can develop security policies and prioritize and manage the remediation of device vulnerabilities or limit access.

Deploy SaaS Threat Detection

The detection of SaaS threats requires an identity-centric approach. Identity Threat Detection & Response (ITDR) is defined as a set of security measures designed to detect and respond to identity-related Indications of Compromise (IoCs), suspicious activities and malicious applications that have accidentally been installed by users.

Once in the security team’s hands, they can investigate and respond to these threats.

Secure the Breadth and Depth of the Ecosystem

For most organizations, the SaaS stack covers a broad range of applications that touch every department. However, a major mistake many security teams make is that they tend to focus their efforts on the most critical applications, such as CRM or Workspace. As a result, while they protect data in these areas, they are exposing sensitive records stored within all the other applications.

Best practices do dictate that teams begin by securing the most important applications within the organization’s stack, but they don’t suggest stopping there. Securing the SaaS ecosystem requires an approach that is both broad in terms of covering every application and deep in terms of security checks.

The Attainment of SaaS Ecosystem Security

SaaS-enabled businesses are increasingly becoming the norm as companies experience the vast benefits that come with these new cloud offerings. Naturally, these new environments introduce new challenges, especially for security teams.

The best way to secure a growing SaaS stack is through a holistic approach that leverages the SaaS security tools that deliver a comprehensive approach to all SaaS apps in the stack. In addition, they must emphasize securing identity-based access points as well as endpoint devices that access SaaS applications, and review 3rd party applications that are connected to various SaaS hubs while maturing the organization’s ability to prevent threats.

This is how businesses can soar in the cloud while keeping this new and growing environment fully protected.

The post Kickstarting a Holistic SaaS Ecosystem Security Program appeared first on Cybersecurity Insiders.

By Dr Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs

Like a short blanket that covers the wearer’s head or feet, but never both at the same time, security teams can only dedicate their time, money, and resources to so many problems at once. The short blanket dilemma is a perennial issue in IT security. Teams deploy their budgets and resources to cover one exposed spot, but this inevitably leaves other areas out in the cold. A perfect example is the choice organizations face between preventing and detecting threats. Unfortunately, it is very rare for organizations to excel at both.

Picus recently conducted an analysis of 14 million cyberattack simulations performed by our platform in the first half of 2023, revealing the extent of this short blanket problem. Our Blue Report highlights four ‘impossible trade-offs’ that hinder organizations’ readiness to defend themselves against the latest threats.

1. Choosing which attacks to prioritize

With unlimited time, resources, and knowledge, security could be an easy job. In reality, however, every security team must choose which attacks to prioritize and which to de-prioritize based on their own time and resource constraints.

Our simulation data shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) will prevent 6 out of every 10 attacks. However, some types of attacks are prevented far more effectively than others. For instance, organizations can prevent 73% of malware downloads but only 18% of data exfiltration attacks.

There are also wide variations in organizations’ ability to prevent specific threats. For example, more than a third of organizations can prevent Black Basta and BianLian ransomware attacks but only 17% can prevent Mount Locker. This is despite Mount Locker’s emergence in 2021, long before the other two malware types. It suggests that security teams are having to prioritize and deprioritize their defense against different ransomware groups over time.

2. Choosing which vulnerabilities to remediate

The Blue Report also reveals the limitations of security teams’ approach to managing common vulnerabilities and exposures (CVEs). Some organizations focus on fixing long-standing vulnerabilities first, but others will actively prioritize more recent vulnerabilities over older ones.

Today, the majority of organizations remain exposed to several critical and high risk CVEs that have been known for years. Some CVEs discovered in 2019 remain a threat to more than 80% of organizations. With limited resources, vulnerability management teams must choose to remediate some CVEs over others – at their peril.

3. Choosing to optimize prevention or detection controls

The data shows that the better an organization is at preventing threats, the weaker it is at detecting them, and vice versa. For instance, globally, healthcare is the least effective sector at preventing attacks but is twice as successful as the average organization when it comes to detecting them. North American organizations are almost twice as successful at preventing attacks as they are at triggering alerts to detect attacks in progress.

Different organizations, sectors, and even regions all have a reason to choose between a prevention or detection-first approach to security. However, the data shows in black and white that most organizations struggle to be proficient at both.

4. Choosing to log or create an alert

Organizations leveraging security event and incident management (SIEM) solutions also face decisions about how much to invest in attack detection. In most cases, organizations will prioritize logging over alerting, but do neither very well. Simulation data shows that, on average, organizations log 4 out of 10 attacks but only generate alerts for 2 in 10 attacks.

Faced with a trade-off in time and resources, organizations are prioritizing logging over alerting – but both areas require improvement.

The short blanket problem solved

Since preventing and detecting every threat is practically impossible, security teams will always have to prioritize some aspects of security more than others. It may not be possible to ask the board for a bigger blanket. However, it should be possible to ensure that it is always applied where it is needed to fit the needs of its wearer.

The goal for CISOs is to consistently make the best decisions for their organization’s specific needs. They need real-time data to prove where there are gaps in their defenses at any given moment. They need to be honest about which parts of the business are out in the cold, so that they can determine the level of risk they are prepared to accept.

This requires being proactive rather than reactive, and discovering the potential for  security incidents before they happen. Indeed, CISOs are increasingly following the principles of continuous threat exposure management (CTEM) to achieve a more holistic view of their risks. By adopting a more unified approach that incorporates insights from attack simulations combined with attack surface and vulnerability data, security teams can allocate resources efficiently and effectively to address their most critical exposures. As a result, they can simultaneously improve their ability to prioritize their attention in the areas that will have the greatest security impact.

The post How a data-driven approach to threat exposure can fix ‘the short blanket problem’ appeared first on Cybersecurity Insiders.

By Dotan Nahum, Head of Developer-First Security at Check Point Software Technologies

In an era where data breaches and cybersecurity attacks are rampant, secure software design has become not only a matter of technical proficiency, but a crucial component of corporate responsibility. It has led to a significant rise in the importance of secure design patterns – recurring solutions to common problems in software design that account for security.

A secure design pattern does not exclusively mean designing software that works as intended. It involves creating a system that continues to operate correctly under malicious attacks, safeguarding the system’s data and its users’ privacy. It’s a proactive approach to prevent potential security flaws rather than a reactive one where developers patch up vulnerabilities after exploitation.

From Start to Finish: The Importance of Consistency and Security

Secure design patterns are not mere add-ons or isolated fixes; rather, they are foundational paradigms that guide developers in designing secure software from the ground up. Traditional software development often relies on reactive security measures to patch vulnerabilities after they are discovered. However, secure design patterns promote a proactive approach to security by mitigating potential threats during the initial design phase. By building security into the core of the software architecture, developers can significantly reduce the likelihood of vulnerabilities, enhance the system’s overall resilience, and maintain consistent security measures across multiple projects.

7 Steps to Implement Secure Design Patterns Today

Implementing secure design patterns is not a one-time task. It’s an ongoing process that evolves as new security threats and mitigation techniques emerge. The key is to create a culture of security in your organization where every member understands the importance of security and their role in maintaining it. These seven steps provide a solid foundation, but true security requires constant vigilance, learning, and adaptation.

Use Design Patterns that Promote Security

Several design patterns inherently enhance the security of a system. For instance, the Proxy Pattern can add an additional layer of protection when accessing sensitive data or communicating with external services. The Factory Pattern helps to instantiate objects in a controlled manner, reducing the chances of improper instantiation that could lead to vulnerabilities.

Adopt the Principle of Least Privilege (PoLP)

The principle of least privilege (PoLP) is a crucial part of secure design that should be reviewed regularly. It entails that a user (or a process) should only have the bare minimum privileges necessary to perform a task, and no more. Implementing PoLP can limit the potential damage caused by errors or security breaches. In the design phase, consider the roles and privileges each component needs and restrict excess rights proactively.

Implement Input Validation and Sanitization

A standard gateway for attackers is improperly validated and sanitized user inputs, and injecting malicious code or data into your system can have catastrophic consequences like XSS and SQL injection attacks. You can use strict input validation patterns for every input field in your application and sanitize data to neutralize or remove any potentially harmful elements before processing them.

Use Secure Communication Protocols

Secure data transmission is critical to safeguard sensitive information from interception and unauthorized access. Use secure communication protocols like HTTPS and TLS to encrypt data during transit. You can implement secure design patterns like the ‘Decorator’ pattern to encapsulate secure communication logic within relevant modules.

Monitor and Update Dependencies Regularly

Stay vigilant about the security of third-party libraries and dependencies used in your software projects. Regularly monitor for security updates and patches and promptly address any known vulnerabilities. The ‘Observer’ pattern can assist in maintaining a dynamic and responsive approach to monitoring and updating dependencies.

Adopt Secure Coding Standards

Secure coding standards provide developers with guidelines to prevent common programming errors that can lead to security vulnerabilities. Some reliable sources include the CERT Secure Coding Standards or OWASP Secure Coding Practices. Following these standards ensures the codebase maintains a strong foundation against security flaws and reinforces good coding practices.

Continuous Security Testing and Auditing

Designing and developing secure software is not enough; continuous security testing is key to maintaining robust security. Regularly conduct penetration testing, static code analysis, and security audits to identify potential vulnerabilities. Additionally, consider implementing security as part of your DevOps process (DevSecOps), integrating security checks into the continuous integration and delivery (CI/CD) pipeline.

Remember, the cost of ignoring secure design patterns can be immense, leading to financial losses and damage to an organization’s reputation and trust. As we continue to digitize and interconnect every aspect of our lives, secure design is more than a good practice – it is a fundamental necessity for software development in the 21st century.

Dotan Nahum is the Head of Developer-First Security at Check Point Software Technologies. https://spectralops.io  Dotan was the co-founder and CEO at Spectralops, which was acquired by Check Point Software, and now is the Head of Developer-First Security. Dotan is an experienced hands-on technological guru & code ninja. Major open-source contributor. High expertise with React, Node.js, Go, React Native, distributed systems and infrastructure (Hadoop, Spark, Docker, AWS, etc.)

 

The post 7 Steps to Implement Secure Design Patterns – A Robust Foundation for Software Security appeared first on Cybersecurity Insiders.

By Michael Angelo Zummo, Threat Intel Expert – CybersixgillPhishing tools and services are common and accessible on the underground. We took a close look at one of them and discovered how easy it can be to launch a phishing scheme.

Phishing is a type of cyberattack in which attackers attempt to deceive individuals into divulging sensitive information, such as usernames, passwords, credit card details, and other personal or financial information. This is typically done by posing as a trustworthy entity, such as a reputable company, financial institution, government agency, or even a friend or colleague.

The cyber underground hosts more than just leaked data, credentials, and narcotics. It is also a marketplace for a variety of tools and services to assist threat actors in carrying out their attacks. This includes phishing.

In the past month alone, underground forums and markets hosted over 2,427 conversations about phishing attacks, templates, kits, and services, with another 17,000 on Telegram, including chatter about services and kits for sale (Figure 1).

Figure 1. A phishing service is advertised in the underground.

Phishing templates

Much of the focus on phishing consisted of threat actors seeking or offering templates. For example, on July 26, a threat actor on a dark web forum requested that anyone with a Santander Bank email template private message them for further discussion (Figure 2).

Figure 2. A threat actor requesting an email template to phish Santander Bank.

Furthermore, other threat actors advertised their phishing and scam pages, such as this post on a popular hacking forum (Figure 3).

Figure 3. Threat actors offering their phish and scamp pages for sale on an underground forum.

Phishing Tools and Services

There are a variety of phishing tools and services available for threat actors in the underground. The most notable in the past month was the phishing-as-a-service program, Evilproxy, which provides the ability to run phishing attacks with reverse proxy capabilities that steal credentials and assist in bypassing 2FA (Figure 4).

Figure 4. A threat actor advertising their phishing as a service with EvilProxy.

EvilPhish

For those looking for less expensive options, there are free tools available that can be used for experimentation or in real attacks. For example, EvilPhish is an open-source tool available on Github that simply creates an evil twin of a web page and redirects traffic to a local web server hosting the phishing page. To demonstrate how accessible these tools are for threat actors, we installed EvilPhish in our attack box and tried it for ourselves.

EvilPhish is a simple script that copies a web page of your choosing to use as a template for your own phishing page. For the demonstration, we used Cybersixgill’s portal login page and downloaded the HTML to save in our EvilPhish folder. From there, we ran a command on that file, “./NewPage” and moved all the files to our WebPages folder (Figure 5).

Figure 5. Copying HTML file to WebPages folder.

Next, we ran the EvilPhish script on our WebPages folder to create the new phishing page (Figure 6).

Figure 6. Running the ./EvilPhish script on the HTML files.

As you can see in the below screenshot, our phishing page ran locally while waiting for users to input their credentials (Figure 7).

Figure 7. A phishing page impersonating Cybersixgill that we created with EvilPhish.

As a test, we inserted “test” for the username and password to see what EvilPhish captured (Figure 8).

Figure 8. Example of captured user credentials entered on our phishing page.

Once we confirm the tool works, all that a threat actor would need to do is host this on a public domain and redirect traffic to the scam page through various techniques such as embedded links, phishing emails, SMS, and more. Additionally, one can make the page look more convincing through some HTML and CSS modifications.

Conclusion

The cyber underground continues to provide a variety of avenues and opportunities for threat actors to engage in malicious activities. Free, easy-to-use tools are widely available, and actors can deploy them in successful attacks. A curious threat actor with an appetite for cybercrime can inflict a lot of damage.

Fortunately, organizations can take measures to defend themselves. Here are a few tips to proactively defend against phishing attacks.

– Conduct education and awareness training for employees
– Verify senders of emails and use filters when possible
– Enable two-factor authentication for an extra layer of protection
– Implement typosquatting and domain monitoring into your security stack– Monitor underground channels to detect phishing templates, tools, and services targeting your organization with real-time, comprehensive threat intelligence.

The post Dangers of Deep Sea Phishing – A Dive Into a Real-World Attack appeared first on Cybersecurity Insiders.

Virtualized data centers have become the backbone of modern IT infrastructure, offering scalability, efficiency, and cost-effectiveness. However, as data center virtualization continues to grow, ensuring utmost security has become paramount. This article explores strategies and best practices for achieving maximum security in virtualization filled data centers, safeguarding your critical assets, and maintaining compliance with industry regulations.

1. Implement Strong Access Controls: Start by implementing stringent access controls to protect your virtualized environment. Utilize multifactor authentication (MFA) for all users and administrators. Role-based access control (RBAC) should be used to grant permissions based on job roles, limiting access to sensitive data and functions.

2. Regularly Update and Patch: Virtualized environments are susceptible to vulnerabilities, just like any other system. Regularly update and patch your hypervisors, virtualization management software, and guest operating systems. Automated patch management tools can help streamline this process and minimize the risk of exploitation.

3. Network Segmentation: Divide your virtualized data center into segments or zones, each with its own security policies. This reduces the attack surface and isolates potential breaches, limiting lateral movement for attackers. Implement firewalls and intrusion detection systems (IDS) between segments for added security.

4. Encrypted Data Storage and Transmission: Ensure that data at rest and in transit is encrypted. Use encryption technologies such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for data in transit and storage encryption for virtual disks. This protects sensitive information from interception and theft.

5. Regular Vulnerability Scanning: Perform regular vulnerability scans and penetration tests to identify weaknesses in your virtualized data center. Address vulnerabilities promptly and conduct follow-up assessments to verify that issues have been resolved.

6. Intrusion Detection and Prevention Systems (IDS/IPS): Implement IDS/IPS solutions to monitor network traffic and detect suspicious activity in real-time. These systems can automatically block or alert administrators to potential threats, reducing response time.

7. Backup and Disaster Recovery: Have a robust backup and disaster recovery plan in place. Regularly back up critical data and virtual machines (VMs) to ensure quick recovery in case of a security incident or hardware failure. Test your disaster recovery plan to ensure it functions as expected.

8. Security Awareness Training: Invest in security awareness training for your staff. Educate them about the latest threats, social engineering tactics, and best practices for se-cure behavior. Employees are often the first line of defense against cyberattacks.

9. Continuous Monitoring and Auditing: Implement continuous monitoring and auditing of your virtualized environment. Log and analyze activities to detect anomalies and unauthorized access. Compliance with industry regulations may require thorough audit trails.

10.Security Updates for VMs: Regularly update and patch the guest operating systems and software running within your virtual machines. Automated tools can help manage this process efficiently.

Conclusion

Securing virtualized data centers is essential for protecting sensitive data, maintaining operational continuity, and complying with regulatory requirements. By following these best practices, you can build a robust security posture for your virtualized environment, ensuring the utmost security in an ever-evolving threat landscape. Remember that security is an ongoing process, and staying vigilant is key to safeguarding your virtualized data center.

The post How to Achieve Maximum Security in Virtualized Data Centers appeared first on Cybersecurity Insiders.