By Stephanie Benoit Kurtz, Lead Faculty for the College of Information Systems and Technology at University of Phoenix

As we near the end of 2022, IT professionals look back at one of the worst years on record for incidents. Cyber attacks and breaches continue to rise with no end in sight. Organizations continue to invest in technology at a record pace; however still continue to be at risk. During 2022 over 65% of organizations expected security budgets to expand. Gartner estimates that $172 billion will be spent this year, up from $155 billion in 2021. With this increased spending the attacks continue at an exponential rate. According to Check Point  by mid-year cyber attacks have risen 42% globally. From supply chain breaches to ransomware organizations continue to struggle with how to avoid becoming an eventual statistic of being attacked.

As we look forward to 2023 a number of emerging trends are top security areas that executives should focus.

User Awareness

User awareness is still the number one area where organizations must continue to invest. The theft of credentials to leverage access continues to be the number one threat to organizations. According to the Ponemon Institute, over 54% of security incidents result from credential theft. This report states that 59% of organizations fail to maintain strict user account lifecycle management, leaving credentials that are no longer needed in the environment that can be compromised. It is this type of failure in credential management that bad actors leverage to gain access to accounts, and data. Lifecycle management of identities must improve to avoid these types of breaches. This area will continue to be an ongoing challenge for organizations in 2023.

Ransomware

Ransomware, as projected would continue to be a leading way for bad actors to leverage control and data to monetize hacking organizations. According to the SonicWall Cyber Threat Report, the global volume of ransomware is increasing by 98%. Although this number is down from 105% increase in 2021 the frequency and dollars spent continue to grow. Globally, healthcare, financial services, manufacturing and state and local governments continue to see a rise in the frequency of attacks. What is interesting about these attacks is that according to Veeam in the 2022 Ransomware Trends Report documents that 76% of those that participated in the research had experienced an attack. Of those only 69% that paid the ransom were able to obtain their data. A growing trend in this game of cat and mouse is that you may pay the ransom and still not be set free from the hackers control.

Third-Party/Supply Chain Risk

From internet providers to manufacturers, this continues to be an issue. In 2022 we witnessed several third-party supply chain breaches. Forbes earlier this year outlined how this topic has hit prime time in the board room and it continues to plague organizations. Accenture also highlighted this area for concern and illustrated the disruption of the supply chain as also part of the risk. That is not only vulnerabilities due to third parties but the actual disruption of supplies as it relates to technology disruptions. This challenge will continue in 2023 and we expect that the growth in this area will be in the double digits.

IoT and DoS

IoT/OT and DoS attack vectors were key areas in 2022 for an attack. Organizations are still trying to get their arms around exactly what is on the network and how vulnerable the devices are. Meanwhile, bad actors are finding ways to exploit devices connected to the internet at a record pace. As organizations accelerate adoption, security is woefully an afterthought. Bad actors will continue to take advantage of weak security postures in this area to exploit security holes to break into secured networks.

Mobile Device Attack Vector

Issues in this area have just exploded in 2022. These issues range from everything from application security to privacy of personal data. Organizations that write apps have to secure code, keys, and personal data. Few are taking the necessary precautions to validate that all of these areas are covered at a comprehensive level. The other challenge is that applications intentionally share personal data about the users. From locator services information to text messages, users fail to understand exactly what data is being collected from mobile devices and then shared or sold on the open market. This area is going to just explode in 2023, with users now starting to become more aware of these risks.

Phishing Targeted Attacks

This vector is still the number one way that bad actors get into networks. Phishing, Smishing, and Social Engineering are still extremely popular and the bad actors are getting more sophisticated on the methods, approaches and techniques used to gain information and credentials to gain access to systems and data. F5 posted last year that there was a 45% increase in phishing emails from 2020-2021. Expect that the number has again increased when this report is published for 2022. Bad actors are now using automated tools to carry out these attacks; with these tools they can send millions of phishing messages with a single click. The trend for 2023 is that smishing and mobile device attacks are growing as users ditch standard email and move to text and SMS messaging.

Other Trends for 2023  

Based on what is occurring in the market and the economy here are a few other items to consider as you look at trends in 2023. Resources are going to continue to be very difficult to retain, attract and find. With the changes that COVID-19 introduced into the workforce with remote work and just a large demand for few resources, it has been difficult this year to retain and attract talent. Workers are looking for big pay and larger flexibility in work locations and schedules. Organizations attempting to return to the office are finding that some of their best resources are not on board for that move. The resource constraints are going to continue in 2023, with security and cloud leading the way in highly sought-after talent.

Data security is going to be a big bet in 2023. Organizations have started figuring out that they have data everywhere and a lack of security controls to secure, encrypt and manage the data. This challenge and the compounding of third-party access and risk leave the board of directors and CIOs up at night. 2023 will be the year as some organizations start to admit their weaknesses internally and begin the process if identifying where data lives, how it is secured, who has access and complete lifecycle management.

The next area for 2023 trends is application security. In general, CI/CD pipeline and security around application development is a big area for concern. This in combination with Dev/Sec/Ops have operated in the WE DEVELOPERS WILL TAKE CARE OF SECURITY for years. This is the pandora’s box of items within an organization. Often, consistent controls are found, and a lack of auditing and identity lifecycle management is almost non-existent. Contractors, for example, who worked on last years development project, still have administrative rights to code and systems.

The last crystal ball item for next year is the rise in FINOPS. This is the awareness that security, development, and cloud all cost money and how FINOPS is the next big bet to analyze spend, trends, baselines and look for cost optimization, reductions, waste and abuse. From overspending in the cloud to shelfware, organizations have been on a spending spree and with the tightening of the economy and budgets, CIOs are going to be looking for every dime that can be saved or shaved off the budget.

2022 is not over, but there are ways to start looking forward to your 2023 strategy and how your organization and improve security without breaking the bank. How your organization prepares for some of these trends could be the difference between a better-layered defense strategy or the next headline in the local paper about a breach of your network.

About the Author:

Stephanie Benoit Kurtz is Lead Faculty for the College of Information Systems and Technology at University of Phoenix and has taught IT-related courses over the past 20 years. She is also Principal Security Consultant at Trace3. Stephanie has over 25 years of industry experience in Information Technology and Security Solutions and Consulting.

The post 2022 Security Challenges and 2023 Security Predictions appeared first on Cybersecurity Insiders.

By John Scimone, President, Chief Security Officer, Dell Technologies

As we enter the new year with a backdrop of economic uncertainty, it’s critical organizations prioritize addressing the longstanding security challenges the industry continues to struggle with and attackers continue to compromise. Threat actors are opportunistic and will target the easiest, most accessible weak point they find. With an emphasis on cybersecurity fundamentals, organizations will be better prepared for the new year and beyond.

During challenging economic times, we should expect to see an increase in crime including incidents of insider threats. While these incidents may not have malicious intent, such as employees taking work files to give them a leg up in a new job should they become unemployed, they pose a risk to the organization. By prioritizing the basics like employee security training, organizations can help ensure information remains protected.

Cybersecurity fundamentals, while they may sound easy or even obvious, are measures organizations continue to find incredibly difficult to implement across their enterprises. In addition to employee training, other areas that remain essential include establishing and maintaining a complete inventory of all technology assets (laptops, servers, domain websites, cloud instances, etc.), aggressive scanning for and timely patching of vulnerabilities on those assets, and comprehensive monitoring of all assets using modern cybersecurity tools.

My main prediction this year is that my prediction next year will not change. Cybersecurity fundamentals will continue to remain elusive to most organizations, despite it being more important now than ever to become “brilliant at the basics” when it comes to cybersecurity.

John Scimone, President, Chief Security Officer, Dell Technologies

The post 2023 Security Prediction: Back to the Basics appeared first on Cybersecurity Insiders.

By Michael DeCesare, CEO & President, Exabeam

As the digital economy grows, organizations have become increasingly susceptible to cyberattacks. Adversaries actively seek opportunities to exploit gaps within IT systems, applications, or hardware, causing trillions of dollars worth of damage annually. As a result, security teams are leveraging security capabilities in the form of Security Information and Event Management (SIEM) software to help identify and respond to security threats in real-time.

SIEM enables security teams to detect and respond to threats, manage incident response, and minimize risks. Over the last 20+ years, the SIEM market has procured substantial growth within the technology industry.

Today, SIEM accounts for approximately $4.4 billion of total cybersecurity spending and is expected to increase to $6.4 billion globally by 2027. This is easy to understand as SIEM has evolved into the data store for cybersecurity data which has been exploding as the volume of data and number of alerts is growing exponentially.

According to Ponemon Institute, the average number of cybersecurity products a company uses is 45. Some vendors claim Fortune 2000 companies have upwards of 130 tools, with each generating both log files as well as alerts. But before we go into where the SIEM market goes from here, let’s first take a look back at how SIEM has evolved.

Phase 1: The first SIEMs took in data and served up alerts

In the early part of the century, the first wave of SIEM vendors were the likes of ArcSight (now owned by Micro Focus) and QRadar (now owned by IBM). These early SIEMs married both log files (raw data) and security alerts (summarised events). Back then, it was about ingesting data and kicking off alerts from all the cybersecurity products that were being used –– mostly host- and network-based intrusion detection devices (ISS et al), network tools, and firewalls (Check Point, Cisco, et al). Endpoint and anti-virus software would come a little later.

Most of what a SIEM could do back then was get data in, aggregate it, and send alerts to security teams. They were also used for data retention and compliance.

The most prevalent first- and second-generation SIEMs also came with very basic correlation engines, the best they knew how to do at that time. They could build correlation rules and say, “If I see X, Y, and Z, then open a case in our ticketing system and send an alert to the security team”.

But on-premises processing power against “unstructured” data was still quite slow, so it could take eons to query your essentially raw data and get any semblance of an answer about the root cause of an alert, security incident, or otherwise.

Then the data got big

There still wasn’t nearly as much data as there is today. What was being generated back then was easily parked in a database –– usually Oracle or DB2 –– and behind the scenes. With time though, enterprises continued their digital journey, and the data began to explode in volume — but all of this data was still being forced inside rigid databases.

Eventually, structured databases could not keep up with the needs of IT or security teams. They couldn’t keep up with the volume, variety, or velocity of the data coming at them.

Early SIEM vendors also couldn’t keep up as structured databases were not able to adapt — and writing new parsers to ingest new log sources took weeks or months.

Phase 2: Splunk entered the market, making search and access easy

Splunk was founded in 2003 as essentially the first-ever flexible and powerful store and search engine for big data. It introduced indexing which can search any kind of raw data – from structured to unstructured – and quickly transformed the data into searchable events.

The company’s technology was a breakthrough because it made it so much easier for organizations to ingest, search, store, visualize and get insights from all of their growing data.

When they entered the SIEM market later, it changed the game for original SIEM vendors. Its first appearance as a Leader on the Gartner MQ for SIEM was in 2012. While the company’s bread and butter were mostly IT operations use cases up until that point, once they introduced a SIEM, the indexing and “schema at reading” capabilities allowed security teams to store, search and drill down into their data far more efficiently to get much faster SOC answers too.

Splunk’s architecture was far more effective than legacy vendors, and the company had been somewhat of a market leader for many years.

Phase 3: SIEM met UEBA, aka anomaly detection

At this point, the world was beginning to see more zero-day attacks: computer software vulnerabilities previously unknown until adversaries find and take advantage of them. The SIEM industry had to keep up by trying to make even more sense of the data that was being stored. Eventually, User and Entity Behavior Analytics (UEBA) was created to apply more cyberintelligence to this problem.

Most vendors were still trying to bolt some form of UEBA on top of their SIEM, but for UEBA to be at its best for anomaly detection, it needs to be able to pull data from all of the cyberdata lakes that companies create.

Exabeam announced our UEBA product in 2014 in the Partners’ Pavilion at a Splunk.conf User’s conference.

Around that time, most CISOs and security teams were drowning in a sea of data accompanied by too many security alerts, many of them not actionable. UEBA and alert triage tools have helped significantly, but this is still a problem today with legacy SIEMs.

Today’s SIEMs cost too much

Fast forward to 2022, and what we have is a set of antiquated technology stacks that are either still on-premises or have moved to the cloud as “lift and shifts”, which are super expensive to maintain. Combined with the fact that cyberdata is exploding, we end up with SIEMs that cost too much.

It’s not uncommon to see large organizations spend upwards of $10m per year on legacy and next-gen log management and SIEM solutions.

Some early SIEM players still have nearly 50% of their customer install base running their SIEMs on-premises, which is far more costly than the cloud. But even as more customers move to the cloud, they have woken up to the fact that SIEM costs have gotten out of control.

So where does SIEM go from here?

It’s time to bring the best of what cloud-native technology can do for SIEM. Cloud is super-fast, offers inexpensive storage, and instantaneous search, and can integrate a threat detection engine that can catch bad actors, including the majority who are now breaking in with valid credentials. In addition, proper regulation offers opportunities for expedited results.

According to research conducted by McKinsey & Company, highly regulated verticals are migrating to the cloud four times more quickly than low-regulated verticals. As a result, the cloud offers opportunities for market penetration in highly regulated markets and serves as a key differentiator for organizations to navigate complex data flows that contribute to cyber risk.

In more recent years, security-related markets have developed entire categories of orchestration players to simplify the combination of parallel processes. With cloud integration, orchestration can coordinate workflows and manage data across multiple landscapes including enterprise infrastructures, data centers, and public and private cloud offering opportunities for increased efficiency and improved risk management.

The SIEM industry has been ripe for forward evolution for some time. With cyberattacks proliferating, we strongly urge organizations to use productive combinations of products and services that vendors can tailor to their desired use cases and are flexible enough to scale. Doing so will facilitate the necessary momentum to increase SIEM penetration across all market segments; while simultaneously mitigating cyber risks.

About Michael DeCesare, CEO, Exabeam

Michael DeCesare is CEO and President of Exabeam. Prior to Exabeam, DeCesare served as CEO and President of ForeScout Technologies and continues to serve as a board member with this leader in Enterprise of Things security. Prior to ForeScout, DeCesare spent eight years at cybersecurity giant McAfee, serving four years as President and four years as SVP of Worldwide Sales and Operations. DeCesare has also served in SVP and worldwide sales leadership roles at Documentum, EMC, and Oracle over the course of his career in cybersecurity. He holds a B.A. in Communications from Villanova University.

The post The Evolution of SIEM: Where It’s Been and Where It is Going appeared first on Cybersecurity Insiders.

October is the official month we dedicate to raising awareness around cybersecurity, and this year’s theme asks everyone to “see yourself in cyber,” meaning everyday people are at the heart of keeping our digital world safe. Although the topic of cybersecurity appears complicated and esoteric, each and every one of us can contribute in some way.

Below, cybersecurity experts share advice on cost-effective cybersecurity policies, backup and disaster recovery techniques, diversity in security teams and more to commemorate NCSAM this October.

Gal Helemski, CTO and co-founder, PlainID

Adversaries have become increasingly effective in their phishing campaigns as of late and thus this National Cybersecurity Awareness Month, it is critical that organizations reinforce all security infrastructure. When an internal breach occurs where networks are compromised, identity remains the priority challenge. Organizations must adopt a “Zero Trust” approach, which means trusting no one to begin with – and revalidating the identity is approved for access at every stage, based on context.

Building a strong defense is fantastic and much recommended as a layer for staying protected against adversaries. However, once a user is compromised, especially one with administrative credentials, they are already in your network and limiting movement is key to avoiding continental damage and risk. This month, organizations should focus on educating against phishing attempts, and investing in an identity first approach as a fundamental concept for cyber security defense.

Aaron Sandeen, CEO and co-founder, Cyber Security Works 

Ransomware and other cyberattacks have been used in a variety of ways throughout the year, underscoring the attackers’ growing technological sophistication and the threat to businesses throughout the globe. Seemingly enough, cyber-attacking groups are typically successful when they are one step ahead and can exploit system flaws. This Cybersecurity Awareness month, IT leaders must challenge themselves to expand their cybersecurity visibility of known and unknown assets.

The way for corporations to prevent cyberattacks is through proactive defense. There are already 13 CISA-known exploitable vulnerabilities that need patching by the end of October 2022. One of the steps that businesses can take to avert disaster is to patch the vulnerabilities that threat groups and attackers exploit. Understanding how vulnerable you are to ransomware attacks and monitoring your security posture through continual vulnerability management and proactive penetration testing is essential to fortifying your defenses, especially when new hacking organizations arise.

Konrad Fellmann, CISO and VP of IT infrastructure, Cubic Corporation

“We are living in a time where every person and business is vulnerable to cyber threats. Mass transit agencies are no exception—in fact, they are appealing targets simply because, as part of the critical infrastructure, they help U.S. commerce and cities to run. If a transit agency is shut down and we can’t move people or goods, the criminals claim victory.

Another top goal for malicious hacks on transit agencies is getting a ransom paid. This is why we consider ransomware to be a significant threat. It’s also why we’ve seen cyber liability premiums rise nearly 300 to 400% over the past couple years. The good news is, while most transit agencies already had some cybersecurity measures in place, the new regulations put forth by the TSA are helping to further establish a standard for security in the transit sector. Additionally, programs like National Cybersecurity Awareness Month are effective at helping to educate everyone on proactive measures for preventing breaches.

To that end, Cubic’s number one priority is maintaining the trust, security and privacy of our customers, their patrons and data. We are very focused on ensuring data protection and supporting the use of security best practices across everything we do. For example, we certify to industry standards such as the Payment Card Industry Data Security Standard (PCI-DSS) and ISO 27001 in order to ensure and verify the effective implementation of strong security controls. We also maintain close working relationships with multiple cyber industry associations and government agencies to stay aware of ongoing trends and gather threat intelligence to continually improve our security posture.”

Arti Raman, CEO & founder, Titaniam

“It is our jobs as cybersecurity professionals to have everyday processes and systems in place and running smoothly so that our data remains secure. However, as hard as we work, bad actors work just as hard and are constantly trying to beat the systems and processes put into place.

In honor of National Cybersecurity Awareness Month, I want to highlight how the human element of cybersecurity is often overlooked. The human piece is thought of as a weak link in every enterprise’s security posture, and while it may be true, it can also be a source of power. If we put ourselves in the shoes of others, we can take a moment and reflect on how we would react and respond. When it comes to any of these breaches we have seen recently, it is important to extend empathy to all those involved, and not blame, but rather come together on how we can build stronger protections and alliances against these cyber criminals.”

Richard Barreto, CISO, Progress

“Strong and unique passwords are first-in-line in any organization’s defense to a network compromise or data breach. Three quarters of Americans are frustrated with the overwhelming number of passwords they need to remember, and the average user has more than 90 online accounts that require credentials. Furthermore, developers are also responsible for maintaining secret keys. To avoid the impact of compromised credentials, it is imperative security teams provide employees and development teams resources to “self-serve” the set-up of a password manager and highlight the benefits of using one. A password manager can help users identify a spoofed website (they will only auto-fill a password to a site’s URL it recognizes) and is a great selling point to many employees. Lastly, if your organization’s budget allows it, prioritizing an enterprise license for employee use is a great ROI in defending your first line.

Similarly, many recent high-profile breaches have been the result of successful phishing attacks or the malicious use of multi-factor authentication (MFA). Things like preparing employees with how to handle MFA fatigue or deploying a phishing simulation program are easy ways to keep your teams engaged and alert. To initiate measurable change within your organization, training and communication efforts should be consistent and not only focus on behaviors for employees to follow at work but also help protect them at home too. Employees who are more conscious of security best practices in their personal lives will exercise those same precautions at work. Finally, one of the most important actions every organization can take is to create a culture where reporting security concerns is encouraged and praised.”

Raffael Marty, EVP and GM of cybersecurity, ConnectWise

“The workplace has undergone an evolution in recent years. The added complexities of new technologies such as BYOD and the continued penetration and adoption of SaaS applications, combined with the overnight shift to work from home practices and constantly changing regulations, have left many businesses struggling to keep up. All the while, the increased threat of cybersecurity attacks looms over businesses, with over three-quarters of Small and Medium sized Businesses (SMBs) reporting that they have been impacted by at least one cyber attack in 2021.

Having solid cyber security policies is critical for all organizations in today’s digital age. For SMB’s who lack the expertise and resources in-house to defend themselves against threats, the risks can be difficult to manage. Gone are the days when SMBs were considered “immune” to cyberattacks. For these organisations, partnering with a Managed Service Provider (MSP) makes it possible to protect their systems and data from an attack.

No matter the security products and services a business consumes, there are four cost-effective elements that every business needs to implement to ensure success:

  1. Incident preparedness: It’s not if but when an attack will occur. Being prepared for the possible incident is key. The ability to swiftly react to an incident can make a significant difference to business operations. Understanding points of contact, process owners, and decision makers in the case of an incident will assist in quickly containing a threat and bringing the business back operational.

  2. Patch management: Patch management may seem complicated, but it really isn’t. Whether done manually or with a solution, software updates and patches should be promptly installed – not just on laptops and servers but also on firewalls and other network devices such as routers, APs and office equipment.

  3. Password hygiene: Whilst often taken for granted, passwords are the first line of defense against malicious activities in the digital space. Using different passwords for different sites and services, regularly changing passwords, and implementing Multi-factor authentication (MFA) where possible, is key.

  4. Backups: To have and to test from this day forward. Not only do organizations need to test their backups regularly to ensure they work, but they should also be stored offline on a regular basis.”

Christopher Rogers, technology evangelist at Zerto, a Hewlett Packard Enterprise company

“A lot has changed in the 19 years since October was first recognised as National Cybersecurity Awareness Month (NCSAM). With the risk of ransomware attacks now greater than ever before, the significance of cybersecurity protocols — for both organizations and individuals — cannot be overstated. This Cybersecurity Awareness Month offers the opportunity to examine our own internet security habits and ensure that the correct infrastructures are in place to handle the ever-present threat of a cybersecurity attack.

However, now that the question of a cyber attack is not if, but when, organizations must be prepared for not only the attack itself but also, arguably more importantly, the recovery. Businesses need backup and disaster recovery plans that ensure that they can recover quickly and minimize disruption and data loss — limiting downtime and restoring operations in a matter of seconds or minutes, rather than days or weeks.  When it comes to cybersecurity, protection alone is not enough, and a recovery plan should be an essential part of every cyber strategy.”

Jeff Sizemore, chief governance officer at Egnyte

“In today’s hybrid work environment, companies across business disciplines and industries are navigating increased cyberattacks and rapidly-evolving data privacy regulations amid explosions in data volume and usage. Unfortunately, many organizational stakeholders do not understand how to properly secure and manage their mission-critical data.

This Cybersecurity Awareness Month and beyond, organizations should take proactive steps to enhance cybersecurity, such as updating incident response plans, prioritizing company-wide cybersecurity awareness training, and limiting access to critical data on a ‘business need to know’ basis. It’s time that cybersecurity is no longer considered to be an optional budget line-item. Cybersecurity is not just something that highly regulated industries or critical infrastructure need to be concerned with; today’s environment has made this a necessity for all organizations, no matter the size or tenure. By further educating employees and executive management on the importance of data security and governance, companies can be better protected against potential threats like ransomware.

Finally, organizations should put technology on their side to provide a single source of truth for all structured and unstructured data. Not only does this enable secure file collaboration, but it allows companies to better understand where their data lives, how it’s used, and who has access to it.”

Surya Varanasi, CTO, StorCentric

“As an IT professional, CyberSecurity Awareness Month reminds us how critical it is to continuously educate yourself and your workforce about the malicious techniques used by cybercriminals, and how to practice proper cyber hygiene in order to decrease potential vulnerabilities.

Today, the process of backing up has become highly automated. But now, as ransomware and other malware attacks continue to increase in severity and sophistication, we understand that proper cyber hygiene must include protecting backed up data by making it immutable and by eliminating any way that data can be deleted or corrupted.

An Unbreakable Backup does exactly that by creating an immutable, object-locked format, and then takes it a step further by storing the admin keys in another location entirely for added protection. Other key capabilities users should look for include policy-driven data integrity checks that can scrub the data for faults, and auto-heals without any user intervention. In addition, the solution should deliver high availability with dual controllers and RAID-based protection that can provide data access in the event of component failure. Recovery of data will also be faster because RAID-protected disk arrays are able to read faster than they can write. With an Unbreakable Backup solution that encompasses these capabilities, users can ease their worry about their ability to recover — and redirect their time and attention to activities that more directly impact the organization’s bottom-line objectives.”

Brian Dunagan, vice president of engineering, Retrospect, a StorCentric Company

“CyberSecurity Awareness Month is a great reminder that we must remain vigilant and always be thinking about how to handle the next wave of cyberattacks. While external bad actors, ransomware and other malware, are the most common threats, malicious or even careless employee actions can also present cybersecurity risks. In other words, it is virtually a given that at some point most will suffer a failure, disaster or cyberattack. However, given the world’s economic and political climate, the customers I speak with are most concerned about their ability to detect and recover from a malicious ransomware attack.

My advice to these customers is that beyond protection, organizations must be able to detect ransomware as early as possible to stop the threat and ensure their ability to remediate and recover. A backup solution that includes anomaly detection to identify changes in an environment that warrants the attention of IT is a must. Administrators must be able to tailor anomaly detection to their business’s specific systems and workflows, with capabilities such as customizable filtering and thresholds for each of their backup policies. And, those anomalies must be immediately reported to management, as well as aggregated for future ML/analyzing purposes.

The next step after detecting the anomaly is providing the ability to recover in the event of a successful ransomware attack. This is best accomplished with an immutable backup copy of data (i.e., object locking) which makes certain that the data backup cannot be altered or changed in any way.”

Gunnar Peterson, CISO, Forter

“In the cybersecurity world, there is a quote that ‘defenders think in lists, attackers think in graphs.’ It means that an adversary’s ability to find unexpected connections gives them the upper hand over those defending the system. After all, attackers are known for thinking outside of the box, which is why complex passwords and multi-factor authentication (MFA) by themselves do not solve the rising data breach numbers. To respond, defenders need to think differently.

National Cybersecurity Awareness Month also coincides with Dyslexia Awareness Month. On the surface, it may seem like the two aren’t related. However, neurodiverse individuals are a huge asset to security teams, bringing unique perspectives to problem-solving and breaking the cycle of group think. Seeking out neurodiverse teammates in hiring, and recognizing and building around their strengths can be a vital asset to anticipating an adversary’s moves and uncovering potential solutions to problems before they arise.

This is a growing challenge for certain organizations, and I hope this month is a wake-up call for security managers to widen the aperture in ways of working and dismantle the systems that are set up to develop and reward cookie-cutter operators. Neurodiversity is a security strength and we should collectively work to foster a more inclusive industry for everyone.”

Kathryn Kun, director of information security, Forter

“The legend of the ‘skills gap’ has been permeating the cybersecurity industry for quite some time. More and more technical leaders in the last few years have questioned whether or not it exists. Research seems to say yes, with industry analysts predicting that the digital skills gap will leave about 85 million jobs unfilled by 2030, but it doesn’t paint a complete or accurate picture. In all actuality, the skills gap is just a recruiting gap, where companies fail to look beyond limiting job qualifications or the usual candidate pools to include individuals with not-so-traditional backgrounds that could have given them desperately needed skills.

In fact, my own path to security was unorthodox. I have degrees in philosophy and chemical engineering; and spent the majority of my early career without ever considering a role in cybersecurity. But it’s precisely the skills I mastered in these disciplines that have helped me carve out a place in information security.

In honor of this year’s National Cybersecurity Awareness Month theme, ‘See Yourself in Cyber,’ I would like to encourage company leaders to think outside of the box and see how other job roles such as librarians, educators, sales and communications professionals, HR and civil service workers and more could fit into the security field. Because as long as we keep hiring from a limited perspective and one-size-fits-all resumes, we will continue to do the greater cybersecurity industry a disservice. Examining what skills we need to hire for, and focusing on where else we can find those skills will only strengthen our ability to fight against adversaries.”

Carl D’Halluin, CTO, Datadobi

“Orphaned data, or data that lives in an organization’s network but was created and owned by a now deactivated employee, is a major problem that almost every enterprise across all industries is facing. Holding onto data that isn’t owned by anyone, and that IT leaders have no visibility into, can introduce major risk to a company because of the data’s unknown content. This National Cybersecurity Awareness Month, IT leaders should focus efforts on managing their unstructured data to eliminate costly and risk-inducing orphaned data. We recommend that IT teams look for an unstructured data management platform with key capabilities. These include the ability to expose where orphaned data exists, search for and tag all of this data, and then take action to migrate or delete all orphaned data. With better visibility into and management of their data, organizations can stay secure this October and beyond.”

Richard Bird, chief security officer, Traceable AI

“Take a moment and consider how you operate in your analog (IRL) life when it comes to security. You wouldn’t leave a notepad with all of your important personal data, alarm codes and passwords in the middle of your yard. You wouldn’t spread your tax returns or health records out on the dining room table for all of your friends and visitors to see. Take the conscious lessons about personal security that you already know and do in real life and just simply apply that same level of attention to your digital security.”

Justin McCarthy, co-founder and CTO, strongDM

“The cybersecurity industry is constantly competing to stay one step ahead of adversaries. If the increased frequency of malicious hacks and breaches as of late teaches us anything, it should be that there’s risk associated with any use of infrastructure credentials. After all, we’re all human, and it’s easy to make a small mistake with potentially devastating consequences.

In honor of National Cybersecurity Awareness Month, I would urge CISOs and other security leaders to consider adopting modern security and access solutions that remove credentials completely from the equation. Doing so can give security teams peace of mind that login information can’t end up in the wrong hands. It also allows employees to focus on day-to-day tasks without worrying about potentially exposing themselves and the company to undue risk.”

Ralph Pisani, president, Exabeam

“In honor of National Cybersecurity Awareness Month, I wanted to share a few pieces of practical advice for organizations to reduce the risk of credential-based attacks and minimize damage if they do occur:

  1. Every employee is a target. Adversaries will often cast a wide net, so it’s important that everyone stay on guard and use complex passwords, recognize the signs of a phishing scheme and practice good cyber hygiene.

  2. Assume a breach has happened. In all actuality, your systems and employees have already been compromised; and your credentials have been compromised, stolen, and likely resold for future uses.  What you need to do now is to detect these attacks at speed to minimize the damage.

  3. You can’t find abnormal until normal is known first. Establish a baseline of normal user behavior. Using behavioral detection analytics, you can understand patterns for every user, device and peer group to uncover what is beyond legacy detection capabilities.

Security teams are looking for the needle in the haystack, rather than the haystack itself. Taking the time to educate yourself about credential-based attacks and understanding normal user and device behavior can go a long way in bolstering your organization’s security posture.”

Amit Shaked, co-founder and CEO, Laminar

“In our multi-vendor, multi-cloud world, it has become more challenging than ever for companies to have visibility into where their data resides, who has access to what, and why. This has caused more than one in two organizations to experience a breach in the past two years, and thousands of sensitive data files to be extorted and leaked on the Dark Web.

With October being National Cybersecurity Awareness Month, I only have one question for security leaders:

Do you know where your sensitive data lives and do you have the tools and resources to manage it?

To safeguard against a majority of today’s data breaches, organizations must have complete data observability and adopt a data-centric approach to cloud security. After all, how can you protect what you can’t see? Prioritizing visibility helps security teams understand where an organization’s most sensitive data is, whether or not it has proper controls in place, if it is being monitored or not and reduces the risk of ‘shadow’ (unknown or unmanaged) data.”

MarKeith Allen,  senior vice president and managing director of mission driven organizations, Diligent

In 2022, collaboration tools are more important than ever, however, we need to be sure that their security is not neglected as our reliance on them grows. Collaborative technologies are frequently used without restriction, creating shadow IT that enhances the danger of internal leaks when access privileges and security regulations weren’t strictly adhered to or enforced. As employees navigate their new hybrid or at-home working environments, a lack of consistently applied cybersecurity practices can follow and possibly lead to bad outcomes.

Open communication channels, such as Slack, messaging, and personal email, are excellent for informally exchanging information, but they frequently lack the security or access rights required for private discussions between executives, the board, legal, HR, risk, and compliance departments. Organizations require secure working conditions and workflows that enable them to transmit extremely sensitive information without fear of it being unintentionally diverted, forwarded, leaked, or even stolen. Additionally, the system must be user-friendly and practical so that executives stick to its workflows and procedures rather than straying to other systems and jeopardizing security. These actions go a long way toward reducing insider threats if they are taken.

Terry Storrar, managing director at Leaseweb UK

“This year’s National Cyber Security Awareness Month theme is “See Yourself in Cyber”, which aims to draw attention to the fact that, although cybersecurity is a complex subject, the human element is crucial.

“With the implementation of remote and hybrid work, basic cyber hygiene has taken a real hit in some organizations. Away from the office, employees are now far more likely to, for example, connect to unsafe networks, transfer corporate data to personal devices, or share unencrypted files. Threat actors are acutely aware of this trend and relentlessly taking advantage of these vulnerabilities.

“However, as concerning as these practices are, they are often relatively simple to fix. Standard security training for all employees is one of the most basic, yet effective methods an organization can implement. Yet, too many businesses are failing to safeguard their data in this way. In fact, a recent survey found that only 61% of employees reported being offered cybersecurity training by their employers.

“By offering appropriate training, companies can reduce the security risks that come from poor cyber hygiene and encourage good daily security routines for all their employees. At the end of the day, lack of education and human error are two of the largest contributors to data breaches. This National Cybersecurity Awareness Month, businesses should start thinking about making safeguarding protocols and cybersecurity training accessible for all employees”.

The post People Take Center Stage this National Cyber Security Awareness Month appeared first on Cybersecurity Insiders.

By: Jason Elmer, CEO, Drawbridge

The cyber landscape has changed dramatically over the last year. As companies increasingly adopted permanent remote and hybrid work policies, cybercriminals attempted to remain one step ahead – and in many cases succeeded. In fact, the global volume of ransomware attacks increased by 151% in just the first six months of 2021, with the average cost of a breach recorded at US $3.6 million per incident.

The types of attacks threat actors execute has rapidly evolved. In a recent attack on Nvidia, threat actors demanded product updates and open sourcing – a stark contrast from traditional monetary demands by ransomware groups. We are also now seeing the proliferation of weaponized cyberattacks in the face of geopolitical events. This new era of attacks demonstrate that the cyber landscape will never be the same.

How are businesses responding? Cyber and information security is at the top of the list of planned investments for CIOs in 2022, with 66% reporting they expect to increase associated investments. But while planned investments look good on paper, they can only help protect your firm if they are adequately designed and deployed.

Now is the time for businesses to immediately evaluate and buttress their cyber defenses. To begin, here are six strategic cyber investments your business should immediately assess to protect yourself for the next six months – and beyond:

  1. Secure Access Service Edge (SASE) – SASE is merging many of the great technologies that are critical in hybrid work environments. Zero Trust access to multiple cloud and SaaS services (similar to SSO) with the addition of layered security normally found on physical end points or offices, such as web-filters, mail-filters, and Data Loss Prevention (DLP) tools.
  2. Single Sign-on (SSO) – The core technology that allows disparate systems all to identify users from a single set of credentials. SSO centralizes access and simplifies management of services and permissions over Clouds and SaaS from a single management point.
  3. Extended Detection and Response (XDR) – XDR combines the power of endpoint detect and response services with other traditional network security controls to provide a better overall picture of abnormal activity from more than one data point. Abnormal network activity can be tracked and blocked on endpoints before it reaches devices. XDR continues a trend in the cybersecurity marketplace where technologies communicate for better security coverage.
  1. Real-time vulnerability management – Real-time vulnerability tracking keeps firms secure even in remote environments by monitoring installed software, network information and more. Real-time cyber risk monitoring enables firms to protect their most sensitive data and safeguard against internal and external threats. Continuous risk mitigation solutions and reporting and cyber programs tested using real-world scenarios provide a clear picture of how the business would defend against and respond to an incident.
  1. Thorough cyber risk assessment – A cyber risk assessment will help your firm make thoughtful cybersecurity procedure decisions. Risk assessments can identify risks to organizational operations and assets resulting from the use of information systems. In the event of a breach or a potential breach, the assessment can reveal the signs early, allowing your business to mitigate the impact of damages, additional risks, or stolen assets and information.
  1. Employee training – Employees are your first line of defense against cyberattacks and should be prioritized as such. Employee training can heighten employee awareness surrounding critical data and dramatically reduce the likelihood of employees falling victim to phishing attacks. Phishing attacks are particularly concerning as they often begin via email or text message and can result in a widespread breach that affects the entire business. Conducting training with simulated cyberattacks can better prepare your employees for what they may encounter.

Selecting the right solutions that meet your needs

Regardless of the size of your business or the industry in which you operate, you must make cybersecurity a top priority or risk falling victim to malicious parties that can compromise your business operations, third-parties and clients.

But where do you begin? Start by assessing your current cybersecurity program. List all components that are working well, and which features require improvement. Then prioritize your needs and direct your investments to best protect the business and your critical data. This type of proactive assessment and investment is key to remaining vigilant and ensuring your business does not fall prey to devastating ransomware attacks, data breaches or reputational damage.

An attack can happen at a moment’s notice. It simply cannot be overstated – the time is now to prioritize your cyber defenses and invest in protecting your business against the growing number of threat actors. And remember: Cybersecurity is not a one-time, all-or-nothing check box exercise. It is an ongoing, continuous journey to ensure your business is protected.

The post Six strategic cyber investments for the next six months – and beyond appeared first on Cybersecurity Insiders.