Category: How-To Guide

In the contemporary digital environment, the specter of cyberattacks casts a shadow over organizations of every scale. Despite the essential role that cyber resilience plays in protecting sensitive information and ensuring seamless business operations, numerous enterprises, particularly those operating within constrained security budgets, encounter difficulties in erecting proficient cybersecurity protocols. Nevertheless, attaining a sturdy degree of cyber resilience remains attainable even amid financial limitations.

This article aims to elucidate fundamental strategies and actionable measures that enterprises can adopt to fortify their cyber resilience while adhering to stringent security budgetary constraints.

Prioritize Security Awareness Training

A strong foundation for cyber resilience begins with well-informed employees. Training staff members to recognize and respond to phishing attempts, social engineering tactics, and other common cyber threats is a cost-effective method to enhance an organization’s security posture. This training can empower employees to become the first line of defense against cyberattacks.

Implement Strong Password Policies

Password-related breaches are a significant concern. Encouraging the use of complex pass-words, multi-factor authentication (MFA), and regular password updates can significantly reduce the risk of unauthorized access. These measures require minimal investment while providing an extra layer of protection.

Leverage Open Source and Free Tools

There is a wide range of open-source and free cybersecurity tools available that can help organizations strengthen their defenses without straining their budgets. These tools include antivirus software, intrusion detection systems, and vulnerability scanners, among others.

Conduct Regular Risk Assessments

Identifying and prioritizing potential vulnerabilities is crucial. Regular risk assessments can help organizations identify their most critical assets and potential weaknesses. By understanding their specific risk landscape, organizations can allocate their limited resources more effectively.

Implement Basic Network Segmentation

Segmenting networks into smaller, isolated sections can limit the impact of a breach. While comprehensive network segmentation might require more resources, basic segmentation can still provide valuable protection by isolating sensitive data from less critical systems.

Establish an Incident Response Plan

Preparing for cyber incidents is essential. Developing an incident response plan that outlines the steps to take in case of a breach can minimize the damage and reduce recovery time. This plan should encompass communication protocols, roles and responsibilities, and strategies for containment.

Outsource Security Services

When internal resources are limited, outsourcing certain security services can be a cost-effective solution. Managed security service providers (MSSPs) offer specialized expertise and 24/7 monitoring that can enhance an organization’s security posture without the need for a large internal security team.

Continuous Monitoring and Updates

Regularly updating software, applications, and security patches is crucial for preventing known vulnerabilities from being exploited. Automated security updates can be set up to ensure systems are always up to date, reducing the risk of breaches.

Conclusion

Cyber resilience is not solely dependent on an organization’s budget but on its strategic approach to cybersecurity. By prioritizing employee training, embracing free tools, conducting risk assessments, and implementing well-defined security measures, even organizations with limited resources can enhance their ability to withstand cyber threats. In an increasingly digital world, proactive efforts toward cyber resilience are investments in the longevity and stability of any organization, regardless of its financial constraints.

The post How to obtain cyber resilience in low security budgets appeared first on Cybersecurity Insiders.

In the complex field of application security, the challenges surrounding open source software security require innovative solutions. In a recent interview with Varun Badhwar, Founder and CEO of Endor Labs, he provided detailed insights into these specific issues and how Endor Labs is positioning itself to tackle them head-on.

The Broken State of Application Security

Software developers currently spend more than half their time investigating an overwhelming number of security alerts and maintaining tools in CI/CD pipelines. Badhwar characterizes the problem:

“Application security is fundamentally broken today – engineering teams are constantly being asked to deploy numerous AppSec tools in the CI/CD pipeline, which creates substantial work for developers, slows down feature delivery, and adds friction.”

Endor Labs aims to mitigate this productivity tax by focusing on OSS security, with a goal to reduce 80% of vulnerability noise.

Open Source Security and Endor Labs’ Innovative Approach

Open source software (OSS) makes up a significant portion of modern application code, sometimes exceeding 90%. While fostering efficiency and collaboration, it also introduces vulnerabilities if not managed correctly.

Challenges in Open Source Security:

  1. Proliferation of OSS Components: With 80-90% of application code being borrowed from open source repositories, it’s essential to know what components are being used and how.
  2. False Positives: Traditional security tools generate an overwhelming number of false positives, creating a massive burden on developers.
  3. Incompleteness and Inaccuracy: Existing tools often lack insight into how open source code is being used, resulting in both noisy and incomplete risk assessments.
  4. Transitive Dependencies and Reputation Risks: Hidden vulnerabilities and dependencies are often overlooked, posing a latent threat to security.

Endor Labs’ Approach to Open Source Security

Endor Labs’ pioneering approach focuses on actual risks and utilization patterns within OSS. This empowers DevSecOps teams to prioritize risks, secure CI/CD pipelines, and meet compliance objectives like SBOMs. Their methodology includes:

  1. Intelligent Analysis: By understanding exactly how developers are using open source code, Endor Labs pinpoints the actual risks. 90% of code in modern applications is open source software, yet only 12% of that code is actually used within applications. Endor Labs replaces the existing breed of Software Composition Analysis (SCA) solutions that lack context on what parts of the code developers are actually using.
  2. Evidence-Driven Insights: Endor Labs employs an evidence-driven approach that assesses the true impact and risk of vulnerabilities based on how code is being used, rather than blanket evaluations.
  3. Eliminating Noise: By focusing on what matters, Endor Labs eliminates up to 80% of the noise associated with traditional tools, saving developers’ time.
  4. Tackling Hidden Risks: The solution addresses hidden dangers like vulnerabilities present in transitive dependencies, uncovering risks that might otherwise be missed. Endor Labs research reveals that 95% of vulnerabilities live in transitive dependencies, yet most organizations have no visibility into them.
  5. Holistic View of Risk: Endor Labs provides a comprehensive view of risk by evaluating not just the code but also the reputation and potential hazards associated with using specific open source components.
  6. Regulatory Compliance: With open source being labeled a national security issue, Endor Labs ensures that their approach aligns with regulatory requirements, including initiatives like Software Bill of Materials.

Endor Labs’ approach to open source and application security is not only revolutionary but necessary in today’s interconnected development lifecycle. By focusing on actual risks, reducing noise, and providing a comprehensive and intelligent analysis, they are shaping the future of how organizations manage and secure their applications and open source components.

Advice to Organizations and Developers

For organizations and developers, the future lies in consolidating the DevSecOps toolchain, simplifying tool deployments, and prioritizing the risks that matter. In the interview, Varun provided actionable guidance to both developers and organizations:

  1. Embrace Open Source While Ensuring Security: Utilize the benefits of open source software, but with a focus on security and compliance. Implement intelligent tools that understand how code is being used, thereby reducing noise and pinpointing real threats.
  2. Streamline Development Pipelines: Avoid overcomplication and duplication by consolidating the DevSecOps toolchain. Choose tools that simplify deployments, enforce consistent security policies, and enable building software that is “secure by default.”
  3. Foster Collaboration Between Teams: Work towards aligning engineering and security teams, viewing them as internal partners. Focus on real issues that matter most, creating a synergy that enhances overall productivity and security.
  4. Adhere to Regulatory Requirements: Stay abreast of regulatory standards such as Software Bill of Materials (SBOMs), recognizing the importance of transparency and compliance, especially as open source security continues to be a national concern.
  5. Adopt a ‘Trust but Verify’ Approach: Balance the use of open source with vigilant verification of its security. Encourage a development model that leverages OSS benefits without slowing down the development process, promoting a secure and innovative environment.

Endor Labs is at the forefront of reshaping how we approach application security. With a new $70 million round of funding and a clear mission to enable developers to be more productive without compromising on security, they are leading the way toward a more secure and efficient future in software development.

For more information on Endor Labs, visit https://www.endorlabs.com

The post Reducing the Productivity Tax in Open Source Software Security – A Deep Dive with Varun Badhwar of Endor Labs appeared first on Cybersecurity Insiders.

By Doug Dooley, COO, Data Theorem

The rise of cloud-native applications has revolutionized the way businesses operate, enabling them to scale rapidly and stay agile in a fast-paced digital environment. However, the increasing reliance on Application Programming Interfaces (APIs) to connect and share data between disparate systems has also brought new risks and vulnerabilities to the forefront. With every new API integration, the attack surface of an organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive data.

This article will attempt to shed some more light on:

  • API Attack Surfaces
  • Shadow APIs
  • Zombie APIs
  • API Protection

APIs have become the backbone of modern digital ecosystems, allowing organizations to streamline operations, automate processes, and provide seamless user experiences. They are the data transporters for all cloud-based applications and services. APIs act as intermediaries between applications, enabling them to communicate with each other and exchange data. They also provide access to critical services and functionality in your cloud-based applications. If an attacker gains access to your APIs, they can easily bypass security measures and gain access to your cloud-based applications, which can result in data breaches, financial losses, and reputational damage. For hackers looking to have the best return on investment (ROI) of their time and energy for exploiting and exfiltrating data, APIs are one of the best targets available today.

It’s clear these same APIs that enable innovation, revenue, and profits also create new avenues for attackers to achieve successful data breaches for their own financial gains. As the number of APIs in use grows, so does the attack surface of an organization. According to a recent industry study by Enterprise Strategy Group (ESG) titled “Securing the API Attack Surface”, the majority (75%) of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the dynamic nature of API attack surfaces.

API security is critical because APIs are often the important link in the security chain of modern applications. Developers often prioritize speed, features, functionality, and ease of use over security, which can leave APIs vulnerable to attacks. Additionally, cloud-native APIs are often exposed directly to the internet, making them accessible to anyone. This can make it easier for hackers to exploit vulnerabilities in your APIs and gain access to your cloud-based applications. As evidence, the same ESG study also revealed most all (92%) organizations have experienced at least one security incident related to insecure APIs in the past 12 months, while the majority of organizations (57%) have experienced multiple security incidents related to insecure APIs during the past year.

One of the biggest challenges in protecting an API environment is the proliferation of Shadow APIs. Shadow APIs are APIs that are used by developers or business units without the knowledge or approval of IT security teams. These APIs can be created by anyone with the technical knowledge to build them, and because they are not managed by the IT department they are often not subject to the same security controls and governance policies as officially sanctioned APIs.

Shadow APIs lack clarity of priority, ownership, and security policy controls. They often have a business purpose such as supporting features in a mobile and web applications, but no one is sure whether these APIs are running in production or non-production, who the clear owners are, and which security policy controls should be applied to protect them from attack. For example, a developer may create an API to streamline a workflow, or a business unit may create an API to integrate a third-party application. However, when these APIs are not properly vetted, tested, and secured, they can pose a significant risk to the organization. Shadow APIs can introduce vulnerabilities, such as unsecured endpoints, weak authentication mechanisms, and insufficient access controls, which can be exploited by attackers to gain unauthorized access to sensitive data.

Another challenge facing organizations is the emergence of Zombie APIs. Zombie APIs are APIs that are no longer in use but are still active on the network and running in the cloud. These APIs can be left over from legacy systems, previous versions of the API, or retired applications; or they may have been created by developers who have since left the organization. Zombie APIs can be particularly dangerous because they may not be monitored or secured, making them vulnerable to exploitation.

While Zombie APIs do not have a clear business purpose, they consume resources, can add an expense for organizations, and create additional attack surface. For example, a Zombie API can be an older version of an API that is no longer connected to its original application but left in place for potential backward compatibility reasons. However, over time that legacy API is forgotten, yet its underlying resources (compute, storage, databases) that fuel the API’s operations are left running without proper oversight, maintenance, and security hardening. Attackers can use these APIs to gain unauthorized access to sensitive data, bypass security controls, and launch lateral movement attacks against other systems on the network. Zombie APIs can also be used to launch Server-Side Request Forgery (SSRF) or remote code execution (RCE) attacks, which can bring down entire systems and cause significant damage to an organization’s reputation as seen with the Capital One Breach and Log4shell global exploits, respectively.

To mitigate the risks posed by Shadow and Zombie APIs, organizations must take a proactive approach to API management and security. This includes developing a comprehensive API management strategy that includes security controls, active monitoring, and reporting capabilities.

One key aspect of API management is the establishment of a centralized API inventory catalog. This catalog should include all approved APIs, along with information about their functionality, usage, and security controls. This can help IT and security teams identify Shadow APIs and Zombie APIs, as well as track and monitor API usage to ensure compliance with governance policies.

Another important aspect of API management is the implementation of security controls. These may include encryption, access controls, authentication mechanisms, and threat detection and response capabilities. Security controls should be implemented at all layers of the API stack, from the application layer to the transport and infrastructure service layers, to ensure that APIs are protected against a wide range of attacks.

In addition, organizations should also implement scanning, observability, dynamic analysis and reporting capabilities to detect and respond to API-related threats. This may include real-time scanning of API usage, logging and run-time analysis of API activity, and alerting and reporting capabilities to notify IT and security teams of potential threats.

When it comes to securing APIs and reducing attack surfaces, Cloud Native Application Protection Platform (CNAPP) is a newer security framework that provides security specifically for cloud-native applications by protecting them against various API attacks threats. CNAPPs do three primary jobs: (1) artifact scanning in pre-production; (2) cloud configuration and posture management scanning; (3) run-time observability and dynamic analysis of applications and APIs, especially in production environments. With CNAPP scanning pre-production and production environments, an inventory list of all APIs and software assets is generated. If the dynamically generated inventory of cloud assets has APIs connected to them, Shadow or Zombie APIs can be discovered. As a result, CNAPPs help to identify these dangerous classes of APIs and help to add layers of protection to prevent them from causing harm and exposure from vulnerable API attack surfaces.

Ultimately, the key to managing the risks posed by expanding API attack surfaces with Shadow and Zombie APIs is to take a proactive approach to API management and security. When it comes to cloud security, CNAPP is well suited for organizations with cloud-native applications, microservices, and APIs that require application-level security. API security is a must-have when building out cloud-native applications, and CNAPP offers an effective approach for protecting expanding API attack surfaces, including those caused by Shadow and Zombie APIs.

The post Shadow APIs and Zombie APIs are Common in Every Organizations’ Growing API Attack Surface appeared first on Cybersecurity Insiders.

By Karen Lambrechts, Lansweeper

So much software, so little oversight!

That may be how many IT departments are feeling lately. According to MarketsAndMarkets, the global Software Asset Management (SAM) market size is expected to grow at a Compound Annual Growth Rate (CAGR) of 18.1% to $4.8 billion by 2026, up from $2 billion in 2021. Gartner also reported that enterprise spending on software is projected to increase by 9.3% in 2023.

The rapid growth of software in the enterprise has been spurred on by several factors:

  • the need for cost optimization
  • the rising demand for effective software license management
  • the increasing risk of software non-compliance.

The problem is, it’s getting tough to manage.

SAM is the process of managing and optimizing the use of software assets within an organization – including the management of software licensing, installations, and usage throughout the entire lifecycle, from acquisition to retirement.

SAM is an important practice for organizations because it helps to ensure compliance with licensing agreements and improve risk management, eliminating legal and financial penalties for non-compliance.

It also helps with decision-making, enabling organizations to realize cost savings by eliminating redundant software licensing, optimizing software usage, and negotiating better licensing agreements with software vendors.

Challenges in Software Asset Management

SAM can be a complex and challenging task for organizations. Some may lack visibility into their software usage, making it difficult to track and manage licenses effectively. Software licenses can be complex and difficult to understand as well, making compliance challenging. Often, organizations – especially smaller ones – lack sufficient staff, expertise and tools for an effective SAM program.

Additionally, the technology landscape is constantly evolving and new software applications are released regularly. This can make it difficult for organizations to perform software usage monitoring and keep up with licensing models and agreements. “Shadow IT” adds to the complexity. Employees may use unauthorized software applications, which can lead to non-compliance with license agreements.

Fortunately, there are best practices to follow to simplify software asset management, as well as a variety of tools that address these challenges and automate the process.

Best Practices for Software Asset Management

Effective Software Asset Management can help organizations to reduce costs, minimize legal risks, and improve operational efficiency. Here are some best practices for SAM:

  • Establish SAM policies and procedures. Develop and communicate clear policies for SAM that define roles and responsibilities, and establish processes for software procurement, deployment, and retirement. The policies should also outline procedures for tracking and managing licenses.
  • Educate employees. Educate employees about SAM policies and procedures, including the importance of complying with license agreements and the risks associated with using unauthorized software.
  • Conduct regular software audits. Regularly audit software usage and licenses to identify instances of over-licensing or under-licensing, and take corrective action as necessary. Additionally, monitor vendors to ensure that they comply with license agreements and provide the necessary support and maintenance.
  • Use SAM tools. Use software tools to automate the SAM process, including software discovery, license tracking and compliance reporting.

Following these best practices for SAM will help to reduce risk and costs, and optimize the use and availability of software across the organization.

Effective SAM is a huge undertaking for most organizations, but having the correct tools that can automate and streamline the process helps to reduce the cost, hassle and risk associated with the process. With these in place, you can reap the benefits of software compliance and optimization. Benefits such as:

  1. Cost savings: SAM helps organizations avoid over and under-licensing, and eliminates unnecessary software purchases. It helps to minimize software costs and reduce overall IT expenditures. Gartner states that an organization can save up to 30% of its software spend in the first year of implementing a SAM program.
  2. Risk management: Optimizing software usage and managing it properly helps to reduce the risk of incurring fines for non-compliance. Vendor audits are faster and easier, because the information vendors need is readily available.
  3. Improved security: SAM helps to identify and manage security risks associated with unlicensed or unauthorized software, reducing the risk of security breaches and data loss.
  4. Better software inventory management: SAM provides a centralized view of an organization’s software assets, making software usage monitoring and management easy, and ensuring that software is up-to-date and secure.
  5. Improved vendor management: SAM improves vendor relationship management, reducing the risk of overpayment and ensuring vendors provide the expected level of service and support.

Make sure you have the right tools that allow you to build a comprehensive IT asset inventory that includes all the software used throughout your organization – along with all hardware, operational technology, IoT, and cloud assets in your environment.

Added Software License Compliance capabilities enable you to track software license keys automatically and create an overview of your software license purchases.

By adopting this approach and following these processes, you will be more confident that you’ll always have the most accurate and complete information for managing your software estate.

The post What is Software Asset Management? And why you should care appeared first on Cybersecurity Insiders.

By Craig Lurey, CTO and Co-Founder, Keeper Security

As Artificial Intelligence–better known as AI–proves to be a revolutionary technology that is already leaving an indelible mark on many aspects of our lives, criminals are actively seeking ways to use that same technology for nefarious purposes. In the world of cybersecurity, we expect a dramatic uptick in malicious actors using AI techniques to attack online accounts and data.

Yet, despite stolen credentials being a leading cause of data breaches, organizations and individuals alike continue to neglect good password hygiene. Keeper Security’s Password Management Report: Unifying Perception with Reality revealed a mere 25% of consumers use a strong and unique password for every account. The consequences of this negligence, compounded with the explosion in AI, grow more dangerous every day.

Today, we are seeing several attack methods for using AI to crack passwords: acoustic side-channel, brute force and dictionary.

Cybercriminals can use AI to analyze the distinct sound patterns produced by keyboard keystrokes in what’s called an acoustic side-channel attack. Each key emits a slightly different sound when pressed, which can be captured and analyzed to determine the character being typed. By processing these sound patterns using AI algorithms, cybercriminals can determine the password being entered and use it to compromise an account. A new study from Cornell University demonstrates this growing risk. The Cornell researchers trained an AI model on audio recordings of people typing, and the AI learned to identify the unique sound that each key makes–with 95% accuracy.

In a brute force attack, AI can be used to automate the arduous process of guessing various password combinations until the correct password is found. This method is particularly effective against weak and short passwords because of the low levels of entropy. With AI, cybercriminals can quickly cycle through an immense number of password combinations, dramatically increasing the speed at which they crack simple passwords.

Dictionary attacks are another popular method of cracking passwords in which a cybercriminal uses common words or phrases to determine a user’s credentials. With the power of AI, these bad actors can automate the process of testing a large list of common words and phrases that are often used as passwords. These lists can include words found in the dictionary, on leaked password databases and even terms specific to a target’s interests.

It’s easy to feel overwhelmed by the cyberthreats posed by AI, and more risks seem to emerge every day. The Password Management Report: Unifying Perception with Reality report further revealed that 64% of respondents are not confident that they are managing their passwords well.

However, following a few best practices can help protect against the cybercriminals that are using AI for their own malicious purposes:

  • Create strong, unique passwords for all accounts. Using different, high-strength passwords for all accounts is crucial. This way, if one account is breached through AI, a cybercriminal does not gain access to all of the accounts that use the same password. When it comes to password creation, passwords should be at least 16 characters with a mix of uppercase and lowercase letters, a variety of special characters and a random assortment of numbers. Consider using a passphrase rather than a single word and avoid using guessable information such as familiar names, birthdates and addresses.
  • Implement Multi-Factor Authentication (MFA) as an additional layer of security. MFA is a security measure that requires users to provide more than one form of authentication to access a service or application. The idea behind MFA is to create an additional layer of security beyond the traditional username and password, by mandating that users provide additional proof of their identity. Several forms of MFA exist with different levels of protection. Using a hardware device such as a Yubikey offers the best MFA protection, but using a software application such as Google Authenticator or password managers that store TOTP codes are also sufficient. Using SMS is very common but this offers low security due to the risks of SIM swapping and other well known attacks.
  • Use a password manager. One of the simplest and most secure ways to protect passwords is by using a dedicated password manager. Specifically, using a password manager shields sensitive data from AI-based password attacks by:

o   Aiding users in creating strong passwords that resist common password-cracking methods, including dictionary attacks.

o   Providing warnings for weak and reused passwords, thus prompting users to change them, and minimizing the risk of accounts being compromised through password-cracking techniques like brute force attacks.

o   Autofilling credentials to safeguard against cybercriminals deciphering passwords through an acoustic side-channel attack.

Passkeys are another great option, although their availability is limited. A passkey is a cryptographic key that allows users to log in to accounts and apps without having to enter a password. Passkeys are simpler to use than many traditional methods of authentication and are phishing-resistant, making it possible for users to log in to supported websites seamlessly and more securely. While passkeys are a long way off from ubiquitous use across the internet, passkey directories offer up-to-date lists of websites and platforms that currently support their use.

The volume and severity of AI-driven cyberattacks has the potential to greatly intensify. Now is the time for everyone to shore up their defenses to protect against existing attack vectors, as well as these new and evolving threats. Adopting password best practices is a critical first step.

The post Password Protection in the Era of AI-Based Attacks appeared first on Cybersecurity Insiders.

By Giri Radhakrishnan, Technical Product Marketing Manager, Tigera

Distributed Denial-of-Service (DDoS) attack techniques are evolving, creating new risks and challenges for cloud-first enterprises.

In a DDoS attack, an application or service becomes unavailable to users due to resources exceeding its capacity and causing the app to either crash or become unresponsive. Threat actors are becoming increasingly sophisticated–new DDoS attack techniques have emerged that target cloud-native and Kubernetes-based applications. Cloud-native applications are designed to scale up resources automatically (pods, CPU cycles, memory, etc.) when inbound requests spike, resulting in higher usage bills. Cybercriminals have now exploited this, generating illegitimate requests that lead to scaling resources up and down without resulting in actual business revenue. This attack method, dubbed a “yo-yo attack”, leads to revenue loss and a host of other issues for impacted organizations.

While the intent of a DDoS attack is not directly stealing money, data, or installing ransomware, any type of application downtime indirectly translates into monetary loss. Troubleshooting and mitigation efforts also result in lost productivity for IT professionals when they are already burdened with multiple security alerts.

Deploying container security solutions is critical to detecting DDoS attacks and helping to stop them before they become devastating. When it comes to container security solution capabilities to prevent and address DDoS attacks, security leaders should:

  • Use a solution that can build a baseline behavior for nodes, pods, and services with respect to the amount of traffic that is normal at any given period of time. Deviation from the baseline behavior could inform the user about a potential DDoS attack.
  • Use a broad set of container security tools, especially at runtime, with anomaly detection. If there is any presence of malicious activity either on the network or the container, alerting capabilities give operators quick and detailed information on potential impending threats.
  • Put strong zero-trust workload access control policies in place to restrict lateral movement should attackers gain a foothold in the environment within the Kubernetes cluster.

Although detecting a DDoS attack itself is a huge task, the job is only half done until you have the best mitigating strategies. The earlier you are able to start detecting and blocking the attack traffic, the better protected you are against application downtime. When it comes to DDoS attacks in Kubernetes, it’s important to first confirm if a basic Kubernetes Network Policy can help with responding to an attack. Bear in mind that the default Kubernetes Network Policy does not have the ability to do a few things that are critical to stopping a DDoS attack in Kubernetes.

There are two critical requirements to stop a DDoS attack when it happens: Global Network Policy and Host EndPoint (HEP) for policy enforcement. When these two are combined with a capability to define entire IP ranges or CIDR blocks, and perform XDP offloading, you can effectively stop a DDoS attack before it results in an outage or causes monetary loss.

Attackers are becoming more sophisticated with DDoS techniques, and the political landscape in war-affected regions has created an uptick in these attacks. Since applications in Kubernetes pose an equal, if not greater, security risk of DDoS attacks, organizations need new ways to detect and mitigate threats. Against this backdrop, deploying robust, comprehensive container security solutions is key.

The post DDoS Attacks in a Kubernetes Environment: Detection and Mitigation appeared first on Cybersecurity Insiders.

Grant Warkins, Director, Technical Advisor Services, MOXFIVE

In today’s digital landscape, businesses face an ever-increasing risk of email compromise, which can lead to significant financial losses due to fraud and reputational damage to customers. Safeguarding your organization’s email assets is crucial to mitigate these threats effectively, and here are some essential security measures that businesses should consider when it comes to protecting against a potential business email compromise.

Multifactor Authentication (MFA)

Enforcing multifactor authentication is a vital step in preventing business email compromise (BEC). Whether you’re using a local email server like Microsoft Exchange or a cloud-based solution like Microsoft 365 (M365), MFA should be enabled on all public-facing email assets. It’s essential to configure cloud resources, such as M365, to enforce modern authentication. This ensures the MFA process during login. Companies should also disable basic authentication settings because MFA alone is ineffective if vulnerable legacy protocols are still active. MFA solutions like Okta and DUO offer comprehensive frameworks for protecting accounts across multiple critical applications.

Email Security Solutions

Email security-as-a-solution has become a critical cybersecurity control for businesses of all sizes. These solutions integrate with email services to filter out a wide range of threats, from inbound phishing emails to malware. Products such as Abnormal and Proofpoint provide comprehensive protection, acting as the first line of defense against hackers, spam, and malware. Configuring email security solutions to generate alerts for suspicious activities, such as unusual login locations, help in detecting breaches promptly.

Employee Security Awareness Training

In addition to MFA and email security solutions, educating employees about email security best practices is essential. Companies should invest in training their users to recognize and report phishing emails and other signs of suspicious email behavior. This should be a more than a one-off initiative–ongoing education on the latest security risks and regular phishing email awareness tests are crucial.

Some areas to consider include:

  • Conduct phishing simulations and provide fraud education which will help create a stronger defense by cultivating alert employees who understand current threats and their role in maintaining organizational security.
  • Educate all employees about password best practices and emphasize the importance of creating strong passwords and changing them regularly and how these will significantly enhance the security footprint.
  • Discuss the importance of establishing a two-step verification process for any wire transfer requests or changes to existing B2B accounting information. This way, an employee can receive verbal confirmation from a trusted source that the request made is legitimate.

Separate Personal and Professional Email Accounts

One request most of us have heard before is not to use our business email accounts for personal communications. But these communications typically have not touched on this from a security perspective.  The fact is that using business emails for personal tasks increases the risk of those accounts and associated credentials being harvested. It can also compromise the security of both personal and professional data. Employees should be encouraged to maintain separate email accounts for personal and work-related activities.

Audit Logging

Audit logging of email-related activities is critical for conducting thorough BEC investigations. Email or cloud tenant administrators should ensure that audit logging is enabled and set to an appropriate retention period. In addition, security, legal, and administrative teams should collaborate to ensure that audit logging meets compliance requirements for security or regulatory purposes. In cloud environments like M365 or Google Workspace, audit logging tracks activity across accounts, mailboxes, and other relevant log sources, providing valuable assistance to forensic providers during BEC investigations. It’s important to note that audit logging must be enabled in advance and does not work retroactively.

Consider Automated Protocols for Email Security

In addition to implementing the aforementioned best practices, businesses should consider using ancillary protocols to enhance email security. Two critical protocols are domain-based messaging authentication reporting and conformance (DMARC) and brand indicators for message identification (BIMI). DMARC helps protect domains from spoofing by authenticating email servers and providing instructions for handling emails that fail authentication. BIMI leverages DMARC and other protocols to authenticate emails from legitimate sources and display a company logo, enhancing brand awareness and mitigating the risk of fraudulent emails.

Cyber Liability Insurance

Cyber liability insurance plays a vital role in mitigating the financial impact of email compromise incidents. It is important to review your policy to ensure it covers identity loss and aligns with your risk tolerance. Ideally, the policy should specify a trusted forensic provider, ensuring a timely response in the event of a BEC. Insurance panel providers may take additional time to engage in an incident response scenario, which can cause delays and complications.

Engage Outside Counsel and Report to the FBI

When facing a BEC attack, it is advisable to engage outside legal counsel to provide guidance on response strategies and oversee the investigation. Additionally, reporting the attack to the FBI is crucial for intelligence collection and potential recovery of wire transfer funds. Compliance with data privacy and notification obligations is essential, and involving appropriate authorities can aid in the overall resolution of the incident.

Business email compromise poses a significant threat to organizations, but by implementing these essential security measures, businesses can strengthen their defenses against email-related attacks. From enforcing multifactor authentication to training employees and engaging third-party solutions, proactive steps can significantly reduce the risk of falling victim to email compromise. Remember, protecting your email assets is not a one-time effort but an ongoing commitment to maintaining a secure digital environment for your business.

 

Grant Warkins

Director, Technical Advisor Services, MOXFIVE

Grant is a cyber security leader with decades of success helping clients navigate complex security investigations and building proactive security programs to mitigate risk. As a technical advisor at MOXFIVE, Grant assists clients in managing forensic investigations, recovering networks from cyber security attacks, and providing valuable insight on proactive controls that can make networks more resilient.

The post Protecting Your Business from Email Compromise: Essential Security Measures appeared first on Cybersecurity Insiders.

If you’re only conducting snapshot in time security tests, you aren’t doing enough to protect your business.

By Erik Holmes, CEO, Cyber Guards

I’ve helped develop cybersecurity strategies for numerous companies over the past two decades.

There’s a standard line I find myself repeating all the time:

“If you test your security program once per year, you have an opportunity to improve your security program once per year.

If you test your security program daily, you have the opportunity to improve your security program every day.”

The average organization brings simulated attackers in once or twice a year to test the quality of their cyber security systems. But your controls need to prevent threats daily, so shouldn’t you be testing your security more often?

Organizations, large and small, are making this mistake. Toyota Japan recently revealed that they’d accidentally left the personal data of over 2 million customers exposed for nearly 10 years. Toyota added that it’s introducing a system to continuously monitor its cloud so the organization can detect and respond to threats faster.

Continuous security testing and attack path management help organizations gain a clearer picture of their cybersecurity posture. They’re more effective methods than traditional snapshot in time penetration testing, which gives a static view of a constantly-changing system. If you or your cybersecurity provider aren’t testing continuously and analyzing attack paths, there’s a good chance that the core assets of your business are at risk.

Let’s explain why, and explore three ways you can make sure you’re doing what’s needed to protect your business from bad actors and other threats:

What are continuous testing and attack path management?

Continuous security testing is a process that involves regularly searching your company’s software assets to identify issues and determine whether the controls in place would prevent an attack.

Attack path management is a method that focuses on identifying the root cause of the issues and rapidly closing down the paths that an attacker could take to exploit or damage critical assets.

The concepts work together. Continuous testing allows you to gain awareness of potential problems and attack path management helps you diagnose and fix them.

Both of these cybersecurity methodologies have emerged in the last 5-10 years. Most large companies are employing them, but they haven’t trickled down the SMB market as quickly.

Why are they so important?

Together, these strategies allow business leaders to gain immediate and continuous knowledge of their cybersecurity posture — rather than relying on outdated information that comes a few times a year.

I like to use the metaphor of cleaning a house. If you’re not continuously sweeping floors and wiping windows, your house will eventually get dirty. Failing to monitor your security posture means you’re less likely to find things that are out of place.

These methods are superior to alternatives. Snapshot in time testing, as the name suggests, only reveals your cybersecurity status at a singular point in time. This method can give you a misleading view of your cybersecurity. You’re limited by factors such as:

  • Time: You might get a biased view based on seasonality, employees on PTO, etc.
  • Scope: You can only test so many things in a given period, as opposed to coming back to the well continuously.
  • Experience: If a cybersecurity professional sees something they don’t understand, it can get lost in the shuffle as they move on to something new.

Continuous security testing and attack path management help limit these constraints.

How to ensure your business is protected

Once you understand the importance of these methods, what can you do to make sure you’re protected?

Utilize free resources

I’d recommend that every organization looks into two free online resources:

  • MITRE ATT&CK® Framework, which describes tactics and techniques that threat actors use to move into a new environment. Make sure your cybersecurity provider has all of these methods covered.
  • Atomic Red Team™, a library of tests mapped to the MITRE ATT&CK® framework that teams can use to run tests on their environment on a regular basis.

Protect your most critical assets first

In the past, it was thought that if a bad actor couldn’t get past your firewall, you were safe. That’s not true anymore. I like to focus on a layered approach to threat remediation.

Work with your leadership team to identify the core elements of your business: your intellectual property (IP), personally identifiable data (PII), payment card industry data (PCI), etc. Draw attack paths to these critical assets and remediate those paths first. Then work outwards.

Evaluate your vendors

If you’re paying a vendor to use certain strategies, it’s fair to make sure that they’re actually using them. Even “best in class” organizations can be caught slacking. Especially if you’re a small or medium-sized business, make sure that your cybersecurity vendor is doing everything they can to protect your business.

AI and the future of continuous security testing

Pretty soon, artificial intelligence is going to help every business access the tools they need to continuously test their security and close down attack paths.

I’d predict that in the next few years, the Atomic Red Team will be able to tie AI and ML into their package of tests. Ideally, AI will be able to set up environments and deploy tests on its own. It’ll allow you to go on the offensive when it comes to security. This represents a potential game-changer for smaller companies that don’t have large in-house cybersecurity teams.

But for now, I’d recommend coupling continuous security testing with an industry-recognized framework to build a truly effective cybersecurity strategy. The more you test, the more likely you are to identify and subdue potential threats to your company.

 

Erik Holmes is the Chief Executive Officer at Cyber Guards, a people-first managed cybersecurity services company based in Memphis, Tennessee. Prior to founding Cyber Guards, Erik led Red Team Assessments at Deloitte Consulting, which he joined after a stint as Regional Director at BlackHorse Solutions. He was stationed at SEAL Team Six for ten years and has served eight combat deployments in Iraq, Afghanistan and Somalia.

The post Continuous Security Testing Is The Key To Strengthening Your Cybersecurity appeared first on Cybersecurity Insiders.

By Istvan Lam, CEO of Tresorit

According to a new report from the UK’s cyber security agency, the National Cyber Security Centre (NCSC), the number of ‘hackers for hire’ is set to grow over the next five years, leading to more cyber attacks and increasingly unpredictable threats. A rise in spyware and other hacking tools is also anticipated, which will have a profound impact on the UK’s digital landscape.

Cyber threats are already a huge concern for UK businesses, with cyber-attacks on SMEs up 39 per cent last year from 2020, so it’s not surprising this news is adding even more anxiety. What’s more, the new assessment highlights that the threat will not only become greater but also less predictable as more hackers for hire are tasked with going after a broader range of targets, meaning any business, of any size and across any industry could be at risk.

With this in mind, businesses would do well to take proactive measures to protect their sensitive information and communications. End-to-end encryption software is vital in this regard, providing businesses with a secure and reliable way to protect their data and prevent cyber-attacks.

How can this software protect businesses against the threat of cyber-attacks? How is it designed to keep data safe at all times and why exactly should businesses take this extra step to ensure financial data, personal information and intellectual property are kept safe? Is it really essential, does it provide optimum protection and what other measures can businesses take to minimize cyber threats?

How exactly does end-to-end encryption work?

Although many businesses believe all encryption types offer end-to-end protection for data at all times, end-to-end encryption isn’t in fact the standard for all encryption types; often data will only be encrypted while it is being stored, or while it is in transit. End-to-end encryption means that every file and relevant file metadata on the device in question is encrypted using a unique randomly generated encryption key, and files can only be accessed with a user’s unique decryption key so that data is stored as safely as possible. End-to-end encryption also provides an added layer of security for businesses that use cloud-based storage and collaboration tools. Tresorit’s content collaboration platform, for example, offers businesses ultimate protection, as files stored in the cloud are encrypted before they are uploaded, making it extremely difficult for hackers to access them.

In other words, end-to-end software is designed to protect communication channels by encrypting messages at the sender’s device and decrypting them at the receiver’s device, making it almost impossible for hackers to intercept and decipher the messages. And with the ever-growing threat of cyber-attacks and hackers for hire, this ‘gold standard’ of encryption, which ensures utmost security and privacy for data at all times, is crucial.

How risky is it to go without?

Cyber-attacks are designed to cause maximum disruption, exploiting vulnerabilities within a business IT framework. Such attacks can result in the theft of commercially sensitive information or intellectual property, software or data destruction or deletion, thefts of funds, liability to third parties such as customers and supply chain partners and reputational damage.

Cyber security attacks such as data breach can be devastating and ultimately wipe out a company. End-to-end encryption can help prevent such breaches by making it virtually impossible for hackers to access sensitive information and with 43 per cent of UK businesses identifying a cyber security breach in the last year, organizations would do well to put this extra layer of protection in place.

What else can be done?

There are a number of other cybersecurity measures businesses can take other than end-to-end encryption, to minimize the risk of cyber threats. Organizations should ensure they implement regular security audits, run up-to-date antivirus software, use strong passwords, and put in place intrusion detection and prevention systems. Cyber security awareness training for employees is also vital for helping to reduce risks. Businesses should ensure employees are trained on a wide range of security topics such as how to respond to threat situations, Phishing and secure data handling.

The role of business leaders

Senior leaders of organizations have a huge responsibility when it comes to ensuring their business is cyber aware and ultimately cyber secure. They should be having essential discussions about cyber security with their organization’s technical experts and key stakeholders and should ensure that their company’s cyber security policy is communicated throughout the business with all staff given the necessary training. The NCSC has recently launched new resources as part of its Cyber Security Board Toolkit, to encourage senior leaders to treat cyber risks with the same importance as legal or financial risks and to make sure the potentially devastating consequences of an attack are filtered through the organization. It also includes a range of activities for organizations to participate in as well as key success indicators and materials to help organizations engage their staff on the topic.

Final thoughts

With a growing number of hackers for hire marketplace and an ever-increasing risk of cyber threats, businesses should take heed and ensure they’ve put the highest standard of security and protection in place for their company’s data and information. Cyber-attacks can have deadly consequences and can mean the end of the road for many businesses, so not only should companies embrace end-to-end encryption but they should take time to assess the range of cyber security protection measures they have in place, so that no stone is left unturned. Business leaders have a huge role to play when it comes to ensuring their organization can protect itself from, respond to and recover from a cyber-attack, data breach or service outage.

The post Rising Threat of ‘Hackers for Hire’ – How End-to-End Encryption Software Safeguards Businesses appeared first on Cybersecurity Insiders.

By James Robinson, Deputy CISO Netskope

Over the past 30 days, the most pressing question facing CIOs and CISOs right now is, ”how much?” How much access to ChatGPT do we actually give our employees? Top security leaders are left to decide whether they should completely ban ChatGPT in their organizations, or embrace the use of it. So which option should they pick?

A simple answer is to implement a managed allowance. However, this may only work if your organization is doing all the right things with sensitive data protection and the responsible use of AI/ML in your own platforms and products. Your organization must effectively convey where and how it’s using AI to customers, prospects, partners, and third- and fourth-party suppliers in order to build successful and securely enabled programs that are governance-driven.

Organizations that simply “shut off” access to ChatGPT may feel initially more secure, but they are also denying its many productive uses and potentially putting themselves—and their entire teams—behind the innovation curve. To avoid falling behind, organizations should consider prioritizing the implementation of a managed allowance of ChatGPT and other generative AI tools.

Governing ChatGPT within your organization

Netskope has been deeply focused on the productive use of AI and ML since our founding in 2012. Like everyone, we’ve just observed an inflection point for generative AI. Unless you were a data scientist, you likely weren’t doing much with generative AI before November 2022. And as a security practitioner, developer, application builder, or technology enthusiast your exposure was focused on use not development of the features. But since the public release of ChatGPT, everyone is able to access these services and technologies without any prior knowledge about the tool. Anyone with a browser today, right now, can go in and understand what ChatGPT can and can’t do.

When something quickly becomes the dominant topic of conversation in business and technology this quickly—and ChatGPT definitely has—leaders have essentially two choices:

  • Prohibit or severely limit its use
  • Create a culture where they allow people to understand the use of this technology—and embrace its use—without putting the business at risk

For those on your team who are allowed access to ChatGPT, you must enable responsible access. Here at the dawn of mainstream generative AI adoption, we’re going to see at least as much disruptive behavior as we did at the dawn of the online search engine decades ago, and where we saw different threats and a lot of data made publicly available that arguably should not have been.

Managing third and fourth-party risk

As organizations implement the productive business use of generative AI by the appropriate users, we will also see the rise of copilots being used. This will force security companies to be responsible for obtaining critical information from their third- or fourth-party suppliers regarding AI-associated tools. These questions can help guide the assessment:

  • How much of a supplier’s code is written by AI?
  • Can your organization review the AI-written code?
  • Who owns the AI technology your suppliers are using?
  • Who owns the content they produce?
  • Is shift-left licensing involved, and is that a problem?

AI is here to stay. With the right cultural orientation, users within organizations are better able to understand and use the technology without compromising the company’s security posture. However, this needs to be combined with the right technology orientation, meaning modern data loss prevention (DLP) controls that prevent misuse and exfiltration of data, and are also part of an infrastructure that enables teams to respond quickly in the event of that data’s misuse.

The post Don’t Shut Off ChatGPT, Implement a Managed Allowance Instead appeared first on Cybersecurity Insiders.