Commvault projects Cleanroom Recovery for ransomware thwarting customers

In today’s digital landscape, the threat of ransomware attacks looms over businesses of all sizes and industries. The emergence of AI-powered cyber-crime has only exacerbated this risk, making robust defense mechanisms more crucial than ever.

Enter Commvault, offering a solution that stands out in the battle against ransomware. Commvault’s Cleanroom Recovery leverages Microsoft Azure cloud infrastructure to provide customers with a secure space for immutable data backups. This innovative platform not only serves as a backup repository but also doubles as a testing environment for companies seeking to fortify their ransomware recovery strategies.

With Cleanroom Recovery, businesses gain access to a flexible and scalable infrastructure that simplifies the testing of data recovery plans across diverse IT environments. What’s more, the pay-as-you-go model ensures cost-effectiveness and peace of mind for customers utilizing Microsoft Azure cloud services.

Instantiation, a term commonly used in object-oriented programming, signifies the rapid creation of instances—a concept integral to Cleanroom Recovery’s agility and efficiency. This solution empowers customers to detect the latest recovered instances and tailor their recovery sequences to suit their workload requirements. Additionally, Cleanroom Recovery facilitates seamless conversion of virtual machines from any hypervisor to Azure VMs, ensuring adaptability and compatibility.

For organizations seeking to fortify their cyber recovery strategies and establish a secure storage environment, Commvault’s Cleanroom Recovery, powered by Metallic AI, offers an intelligent defense against ransomware attacks.

The post Commvault projects Cleanroom Recovery for ransomware thwarting customers appeared first on Cybersecurity Insiders.

April 30, 2024 at 08:42PM

Read More

The internet is now at the mercy of open source vulnerabilities.

The future of the Internet and new innovations, such as the metaverse and Web 3.0, is at a crossroads. The growing menace of vulnerabilities in open source platforms, siloed web management systems, and insufficient website oversight threaten to push the internet to breaking point.

At Forrit we conducted a comprehensive survey involving more than 500 key IT and marketing decision-makers to understand the challenges hindering the evolution of the internet. The results are worrying: While a majority (89%) of respondents expressed optimism regarding the transformative potential of Web 3.0 and the metaverse in reshaping how we interact online. However, a staggering 87% harbour concerns that the present condition of the internet will impede the realisation of these innovations.

What does this tell us? 

A significant source of concern arises from the technologies and CMS platforms employed by brands and businesses to build their digital real estate, such as websites and applications. We have found that even within heavily regulated industries, there is a reliance on CMSs that are highly susceptible to vulnerabilities and lack scalability. The issues are particularly acute with CMS solutions that rely on open source and organisations that have deployed multiple legacy or isolated layers within their web management platforms.

According to our survey, more than half of the respondents (57%) acknowledge the existence of security flaws on their websites. Such vulnerabilities can profoundly impact brand loyalty, as highlighted by over 4 in 5 (84%) who admitted that customers would lose trust in the brand if they discovered these security flaws.

These substantial challenges can result in heightened platform outages, the exposure of security vulnerabilities with potentially catastrophic consequences, and render the web virtually unusable. At Forrit, we have coined the term “Web O.No” to depict this bleak future of the internet. The widespread adoption of Web 3.0, the metaverse, and the promising innovations envisioned for the future remain uncertain until we can streamline business web assets and avoid the pitfalls of Web O.No.

Time to integrate siloed CMS and do away with the legacy approach

The concurrent use of multiple CMSs significantly exacerbates website security vulnerabilities. Our survey unveiled a startling statistic: a substantial 9 in 10 (88%) of enterprises engaged in the management of more than one CMS. The concern is that deploying multiple CMSs results in a proliferation of administrators and vendors, consequently introducing numerous points of vulnerability into the system architecture.

The reliance on multiple CMSs or legacy systems poses a formidable challenge to web governance. This is leading to a worrying CMS sprawl trend, making it increasingly difficult for IT teams to manage and monitor the numerous systems within the organisation. For instance, upholding regulatory compliance and standards across the system architecture can become arduous and resource-intensive.

Our research underscores this concern: just over one-third (34%) of respondents acknowledge that managing multiple content management platforms compromises their control over website content. Additionally, nearly half (47%) express uncertainty regarding the number of individuals with access to the site and/or the capacity to upload content. Similarly, an equivalent proportion of experts (48%) confess to being unable to comprehensively track every web page and, consequently, the extent of content across their websites.

Moreover, organisations face the risk of outages, malfunctioning interfaces, and the presence of hazardous content concealed within overlooked pages of reputable websites when employing multiple website management systems. Alarmingly, 44% admit to relinquishing control over website content directly due to this practice.

Concerning open source proliferation 

Open source licences are designed to encourage collaboration and knowledge sharing, cultivate an environment of collective innovation and unfettered creativity. However, it is precisely this characteristic that exposes these solutions to significant vulnerabilities. The community-driven ethos of open source projects renders them susceptible to exploitation by malicious actors.

Open source solutions, often developed by multiple anonymous third-party contributors and reliant on shared source code, are particularly vulnerable due to the inclusion of plug-ins. These plug-ins, integral to the functionality of open source platforms, create entry points for hackers, exposing businesses to significant cybersecurity threats. Malicious actors can exploit and manipulate CMS plug-ins, leveraging them as vectors to infiltrate widely deployed projects and penetrate enterprise networks.

The prevalence of open source vulnerabilities has become a source of concern for C-suite executives. As an example, the recent discovery of the malicious XZ backdoor within the widely utilised XZ open source library exemplifies the magnitude of the issue. With potentially millions of devices impacted, the ramifications for businesses can be dire and far-reaching.

There is light at the end of the tunnel

Businesses need to prioritise migrating away from open source CMS platforms and transitioning to a unified composable CMS to regain authority over their websites and fortify their online security. Our survey suggests that 89% of respondents advocate for embracing composable architecture to future-proof digital assets. Unlike conventional non-composable CMSs, which confine businesses within inflexible frameworks, composable platforms offer agility and versatility. Through modular components, organisations can seamlessly adapt their digital infrastructure to evolving demands, mitigating the risk of service interruptions. Closed-source composable CMSs afford enterprises the agility and innovation associated with open source solutions without compromising data security and confidentiality.

There is a promising outlook for the future of the internet and the emerging technologies shaping it. However, the full potential of transformative innovations for businesses will remain unattainable until we confront the disorder within our current internet infrastructure. The prevalence of insecure, fragmented, and sprawling CMS systems poses significant security vulnerabilities for businesses. If we fail to take action promptly, we risk transitioning from Web 2.0 to “Web O.No.”

 

The post The internet is now at the mercy of open source vulnerabilities. appeared first on Cybersecurity Insiders.

April 30, 2024 at 06:26PM

Read More

Tesla wins data security concerns in China

Tesla Inc, the pioneering electric car manufacturer with aspirations in automated driving technology, has triumphed in gaining approval from China, overcoming previous concerns about data security. Several years ago, the Chinese government imposed a ban on the sale of Tesla vehicles within its borders due to fears of excessive data collection from users.

However, the tide has turned following a visit by Tesla CEO Elon Musk to Beijing. Premier Li Qiang, the leading official of the Chinese Communist Party, announced that Tesla can now establish a manufacturing plant in China, citing compliance with the country’s stringent data laws. This pivotal decision coincided with Musk’s visit to the Asian nation.

Tesla has been vocal about its commitment to data security, particularly with its upcoming Full Self-Driving software. The company has secured permission to transfer data abroad, a significant milestone for its operations in China. Notably, Tesla plans to offer new features, such as full self-driving capability, through a subscription model, emphasizing continuous oversight of data usage.

However, speculation about the impact on competitors like BYD remains premature. Established players like BYD boast loyal customer bases, presenting a formidable challenge for newcomers like Tesla to carve out their share of the market.

It’s worth noting that all companies operating in China are prohibited from transferring locally generated data to external servers. Tesla has been granted a special exemption from this regulation, provided it adheres to the latest information security standards. This development is expected to fuel a surge in sales for Tesla’s Model Y and Model 3 in the coming weeks.

Bloomberg reports that Tesla vehicles offer users the ability to pause or halt data collection, a feature acknowledged by the Chinese Association of Automobile Manufacturers.

Currently, Tesla cars are being manufactured at the Shanghai Gigafactory, where strict adherence to regulations is enforced. As Tesla continues to navigate the complex landscape of data security and regulatory compliance in China, its presence in the world’s largest automotive market is poised for further expansion.

The post Tesla wins data security concerns in China appeared first on Cybersecurity Insiders.

April 30, 2024 at 10:32AM

Read More

Cyber Attack forces London Drugs to close temporarily

London Drugs, a British Columbia-based company with a robust pharmaceutical supply chain serving Western Canada, recently announced the closure of all 78 of its stores due to an IT issue.

Subsequently, the pharmaceutical supply chain, through its official communication channel X (formerly Twitter), revealed that the closure was a precautionary measure in response to a cyber attack, the details of which are still under investigation.

Information circulating on Telegram suggests that the attack may involve ransomware, a malicious software that encrypts data on servers and often involves stealing sensitive information to pressure victims through double extortion tactics.

Despite these challenges, pharmacists associated with the company are working diligently to support customers with urgent medication needs.

It’s lamentable that hackers seem to have lost sight of the human impact of their actions, targeting essential services and emergency needs solely for financial gain. Their relentless pursuit of profit disregards the profound consequences on the lives of those affected.

Law enforcement agencies are actively combating ransomware and other cyber threats, targeting groups like LockBit and those associated with government intelligence that orchestrate DDoS attacks. However, there’s no definitive solution to eliminate cybercrime entirely; authorities can only respond effectively once threats have materialized, rather than preemptively thwarting them during the planning stages.

In response to the incident, London Drugs has enlisted the expertise of security professionals to conduct a thorough forensic investigation. The company has committed to providing updates as the situation unfolds.

The post Cyber Attack forces London Drugs to close temporarily appeared first on Cybersecurity Insiders.

April 29, 2024 at 08:41PM

Read More

Ensuring Robust Security in Multi-Cloud Environments: Best Practices and Strategies

In today’s digital landscape, businesses are increasingly leveraging multi-cloud environments to meet their diverse computing needs. While multi-cloud adoption offers scalability, flexibility, and redundancy, it also introduces complex security challenges. Effectively managing security across multiple cloud platforms is paramount to safeguarding sensitive data, preserving regulatory compliance, and mitigating cyber threats.

Understanding Multi-Cloud Security Risks

Before delving into security best practices, it’s essential to grasp the inherent risks associated with multi-cloud environments. These include:

1. Data Breaches: With data distributed across various cloud platforms, the risk of unauthorized access and data breaches escalates.

2. Compliance Challenges: Meeting regulatory requirements across disparate cloud providers can be daunting, leading to compliance gaps and potential penalties.

3. Interoperability Issues: Ensuring seamless integration and communication between different cloud environments can pose interoperability challenges, potentially compromising security measures.

4. Vendor Lock-In: Over-reliance on a single cloud provider can result in vendor lock-in, limiting flexibility and hindering the ability to adapt to evolving security needs.

Best Practices for Multi-Cloud Security

To address these challenges and fortify security posture in multi-cloud environments, organizations can adopt the following best practices:

1. Comprehensive Risk Assessment: Conduct a thorough assessment of security risks and compliance requirements specific to each cloud provider. Identify sensitive data, potential vulnerabilities, and regulatory obligations to inform security strategies.

2. Unified Security Framework: Establish a unified security framework that spans across all cloud platforms. Implement consistent security policies, access controls, and encryption standards to maintain uniform protection.

3. Identity and Access Management (IAM): Implement robust IAM controls to manage user access and privileges across multiple cloud environments. Utilize centralized identity management solutions to enforce authentication protocols and ensure least privilege access.

4. Data Encryption: Encrypt data both in transit and at rest to safeguard against unauthorized access and data exfiltration. Leverage encryption mechanisms provided by cloud providers or deploy third-party encryption solutions for added security.

5. Continuous Monitoring and Threat Detection: Implement real-time monitoring and threat detection mechanisms to detect and respond to security incidents promptly. Leverage security information and event management (SIEM) tools to aggregate and analyze security logs across all cloud environments.

6. Automated Compliance Management: Utilize automation tools to streamline compliance management processes and ensure adherence to regulatory requirements across multi-cloud deployments. Automate compliance audits, risk assessments, and remediation efforts to maintain compliance posture.

7. Cloud-Native Security Solutions: Leverage cloud-native security solutions offered by cloud providers, such as AWS Security Hub, Azure Security Center, and Google Cloud Security Command Center. These platforms provide centralized visibility and control over security configurations and compliance status.

8. Regular Security Audits and Penetration Testing: Conduct regular security audits and penetration testing exercises to assess the effectiveness of security controls and identify potential vulnerabilities. Engage third-party security experts to perform comprehensive assessments and recommend remediation measures.

9. Disaster Recovery and Business Continuity Planning: Develop robust disaster recovery and business continuity plans tailored to multi-cloud environments. Implement redundant data backups, failover mechanisms, and disaster recovery orchestration to en-sure resilience in the event of disruptions or cyberattacks.

10. Employee Training and Awareness: Foster a culture of security awareness among employees through regular training programs and educational initiatives. Educate users on security best practices, phishing awareness, and incident response protocols to mitigate human-related security risks.

Conclusion

In an era of increasing cloud adoption, securing multi-cloud environments requires a proactive and holistic approach. By implementing comprehensive security measures, leveraging cloud-native solutions, and fostering a culture of security awareness, organizations can effectively mitigate risks and ensure the integrity, confidentiality, and availability of data across diverse cloud platforms. Through continuous monitoring, automated compliance management, and regular security audits, businesses can navigate the complexities of multi-cloud security with confidence and resilience.

The post Ensuring Robust Security in Multi-Cloud Environments: Best Practices and Strategies appeared first on Cybersecurity Insiders.

April 29, 2024 at 03:43PM

Read More

Mitigating the biggest threats in supply chain security

Four years on from the SolarWinds hack, supply chains should still be top of mind for businesses. Warnings from the NCSC have reinforced this message, but in the UK just 13% of business decision-makers describe supply chain security as a top priority.

Perhaps they don’t realise how fragile and vulnerable software supply chains can be? A report from ReversingLabs found almost 11,200 unique malicious packages across major free and open-source software (FOSS) platforms in 2023, thirteen times as many as 2020. With FOSS a common part of many commercial software products, organisations need to better understand this threat, and the strategies they can use to mitigate it. 

Understanding FOSS in supply chains

According to Synopsis, around 97% of commercial codebases use FOSS to some degree. Why, if it’s so vulnerable? The answer is that the benefits of FOSS can far outweigh the risks: it reduces the cost of ownership, maintenance, upgrades, and support fees, and reduces the problem of vendor lock-in. Many businesses not only use FOSS, they contribute too, part of the give-and-take that makes open-source so useful.

It’s unlikely that organisations will stop using open-source software, given they would need to rewrite many core components of their product. In order to protect against attacks, security professionals need to “know their enemy”. The most common tactics used to compromise FOSS include: 

• Code injection—The threat actor inserts a backdoor into software updates. In most cases, malicious code is injected into a piece of software that is then distributed, allowing the attacker access to multiple organisations.

• Code substitution—Attackers replace code with malicious code, either by compromising the source code repository or by tampering with the software distribution channel.

• Code compromise—Exploitation of a vulnerability or a misconfiguration in the software development or delivery process, compromising the code. To illustrate, the NotPetya attack involved hackers exploiting a vulnerability in the M.E.Doc accounting software to deliver ransomware to Ukrainian organisations.

Creating a strategy for protection

Once they fully grasp the risks, security teams will need to do a lot of work to get a handle on the situation. However, it’s not an impossible task and in all likelihood, they’re not going to be starting from scratch—many will already have policies and tools in place that can be improved and built on. 

SBOMs: Software Bills of Materials (SBOMs) play an increasingly important role in enhancing supply chain security. SBOMs list the components and dependencies of a software product, such as open-source libraries, third-party software, and licences. It helps to identify and manage security risks in the software supply chain, such as vulnerabilities, malware, or outdated versions. It’s also necessary from a compliance perspective as the UK begins to enforce its cybersecurity strategy. 

Create a culture of security: It’s also necessary to establish a security-first culture and educate staff on risks and best practices. At a high level, this means understanding the risk an organisation faces, and a better appreciation for security. From a technical perspective, this includes how to use and deploy code safely, and how organisations can use authoritative sources and repositories to download or update open-source software to ensure security.

Patch, patch, patch: IT teams also need to be strict on their cyber hygiene, mainly in regards to patching. Everyone knows that patching is important but it’s also the bare minimum. To remain secure, organisations should work more proactively and regularly scan software components and dependencies for malicious code.

Limit access: A key component of Zero Trust is to never trust anyone and always verify. Dev teams can take this a step further and apply the “principle of least privilege” to software components and users, limiting their access to the minimum necessary resources and permissions. This can include implementing strong encryption and digital signatures to protect the confidentiality and integrity of software components and data is also imperative.

Stricter rules for vendors and suppliers: As an end user, third-party software audits should be a critical component of a strategy for protection. This includes performing due diligence on third-party vendors and suppliers and verifying their security policies and practices. It’s critical to establish clear contracts and service level agreements (SLAs) with third-party suppliers and define the roles and responsibilities in the supply chain.

It’s important to keep in mind that this is all reactive, a minimum of what should be done to keep organisations safe. Building on this with a more proactive approach will offer even better protection. This means continually monitoring and auditing the software supply chain for any suspicious activity. Only then can security teams be confident that they are doing enough to stay safe from supply chain attacks.

The post Mitigating the biggest threats in supply chain security appeared first on Cybersecurity Insiders.

April 26, 2024 at 11:39PM

Read More

Google Enterprise Security Program offers enhanced Malware and Phishing protection

Over recent years, Google Chrome has emerged as a dominant force in the realm of web browsing, capturing the attention of a vast online audience. Current estimates suggest that approximately 65% of the world’s internet users, equating to nearly 3 billion individuals, rely on Chrome as their browser of choice. However, this widespread usage has inevitably attracted the attention of cyber-criminals seeking to exploit vulnerabilities for nefarious purposes such as gathering intelligence and distributing malware.

In response to these threats, Alphabet Inc.’s subsidiary, Google, has been vigilant in addressing detected vulnerabilities through regular fixes and updates. In a proactive move to bolster security measures, the company has introduced Chrome Enterprise Premium, a subscription service available for a monthly fee of $6 per user. This premium offering boasts advanced features including enhanced malware and phishing protection, deep scanning capabilities for detecting various threats, and robust data loss prevention mechanisms.

Distinguishing between consumer and enterprise levels of Chrome subscriptions reveals a comprehensive package tailored for heightened security and streamlined management, notably through endpoint security solutions.

In a bid to align with evolving privacy regulations and concerns, Google has opted to postpone the implementation of third-party cookies in Chrome, allowing adequate time for regulatory reviews and ensuring compliance with emerging standards.

Furthermore, an important development in the Chrome ecosystem is the announcement that version 120 will not be compatible with devices running Android Nougat (Android 7.0 and 7.1). Consequently, users on Nougat, including those utilizing Nexus devices, will need to remain on version 119, potentially compromising browser stability and security for this segment of users.

The post Google Enterprise Security Program offers enhanced Malware and Phishing protection appeared first on Cybersecurity Insiders.

April 26, 2024 at 08:45PM

Read More

Navigating the Rising Tide of Cyber Attacks: Lessons from recent Cyber Incidents

In recent weeks, two high-profile cyber attacks have shaken industries across the globe, under-scoring the ever-present threat posed by malicious actors in the digital landscape. These incidents, targeting automotive giant Volkswagen and logistics firm Skanlog, serve as stark re-minders of the vulnerabilities inherent in our interconnected world and the critical need for robust cybersecurity measures.

Volkswagen, a stalwart of the automotive industry, found itself in the crosshairs of a sophisticated cyber attack, believed to be orchestrated by a notorious ransomware group. The breach, which targeted Volkswagen’s research and development servers, resulted in the unauthorized access and extraction of substantial volumes of sensitive data. Among the stolen information were crucial details pertaining to electric vehicle advancements, gasoline engine technology, and transmission systems—a treasure trove of intellectual property that could potentially com-promise Volkswagen’s competitive edge.

Meanwhile, in Sweden, a ransomware assault on Skanlog, a key logistics partner responsible for distributing alcohol through Systembolaget, has raised alarms of impending shortages in the country’s beverage supply chain. With Systembolaget holding the exclusive license to distribute alcohol across Sweden, the repercussions of the attack extend far beyond logistical disruptions, threatening to impact consumers and businesses alike.

The motives behind these attacks are manifold, ranging from financial extortion to geopolitical intrigue. In the case of Volkswagen, speculation abounds regarding the involvement of state-sponsored actors seeking to gain a competitive advantage or glean insights into strategic developments in the automotive sector. Conversely, the attack on Skanlog appears to be driven by the pursuit of monetary gain, with cyber-criminals leveraging the threat of supply chain disruptions to extract ransom payments.

As organizations grapple with the fallout from these incidents, the imperative to bolster cyber defenses and enhance resilience against future threats has never been clearer. From implementing robust encryption protocols and multifactor authentication measures to conducting regular cybersecurity audits and employee training, businesses must adopt a proactive stance in safe-guarding their digital assets and fortifying their defenses against evolving cyber threats.

Moreover, collaboration and information sharing among industry peers, government agencies, and cybersecurity experts are paramount in staying ahead of cyber adversaries. By pooling resources, sharing threat intelligence, and fostering a culture of cyber hygiene, stakeholders can collectively mitigate risks and mitigate the impact of potential cyber attacks on critical infrastructure and supply chains.

Ultimately, the recent spate of cyber attacks serves as a sobering reminder of the omnipresent dangers lurking in cyberspace. As businesses and governments grapple with the complex and ever-evolving threat landscape, the onus is on all stakeholders to remain vigilant, proactive, and adaptive in the face of adversity. Only by working together can we hope to navigate the treacherous waters of the digital age and emerge stronger and more resilient than ever before.

The post Navigating the Rising Tide of Cyber Attacks: Lessons from recent Cyber Incidents appeared first on Cybersecurity Insiders.

April 26, 2024 at 11:39AM

Read More

Google Facebook ads are deceptive and information stealing

Facebook users need to be on high alert as a new phishing scam has emerged, disguising itself as a website hosted by a reputable company but ultimately leading to a deceptive advertisement aimed at stealing sensitive information. This scam, operating under the guise of Facebook, is currently proliferating on Google and poses a significant threat by attempting to pilfer valuable data such as bank passwords and email addresses.

Cybersecurity expert Justin Poli was among the first to uncover this fraudulent scheme masquerading as Facebook, which facilitates the unauthorized extraction of personal information from unsuspecting online users under the pretext of a social media webpage.

In theory, companies vying for top rankings on Google are expected to adhere to strict guidelines prohibiting any malicious practices detrimental to online users. However, it appears that certain entities are exploiting loopholes, with internet giants placing advertisements in the names of reputable companies at the forefront of search engine results, only to deceive users and harvest their credentials.

In many instances, the administrators behind these ad campaigns are afforded special privileges, such as the ability to alter URLs even after the ads have been published—a capability exploited by cybercriminals to perpetrate their schemes.

In response to these threats, Google has issued a warning and asserted that its monitoring teams are diligently working to root out such malicious advertising campaigns. Moreover, recognizing the escalating sophistication of hackers, the tech behemoth is harnessing the power of artificial intelligence to fortify its efforts in providing a secure online environment for users seeking services.

Concurrently, online users are strongly advised against clicking on links sourced from dubious online platforms, including emails, SMS messages, and the initial search engine results.

It’s noteworthy that a study conducted by Deloitte has revealed that individuals belonging to Generation Z (aged between 14 and 26) are more susceptible to falling victim to such scams compared to older generations, such as baby boomers (aged between 58 and 76). This underscores the importance of raising awareness and implementing robust cybersecurity measures across all demographics.

The post Google Facebook ads are deceptive and information stealing appeared first on Cybersecurity Insiders.

April 26, 2024 at 11:34AM

Read More

Facebook end to end encryption a Boon or a Bane

Meta, encompassing Facebook and its subsidiaries, has staunchly advocated the end-to-end encryption safeguarding its messaging platforms, assuring users of protection against government surveillance, individual snooping, or corporate intrusion. However, the allure of highly encrypted messaging services can inadvertently provide sanctuary for criminal activities, thriving under the guise of anonymity these platforms offer.

Graeme Biggar, leading the National Crime Agency, highlighted a concerning shift in perspective regarding these encrypted services, particularly from the standpoint of governments and law enforcement agencies. During a recent gathering in London, approximately 30 European police chiefs voted to advocate for a partial relaxation of encryption protocols, aiming to afford law enforcers sustained access to vital data.

Mr. Biggar articulated his stance, citing the arduous process of obtaining court orders to breach the encrypted communications of individuals or groups. Such procedures, he argued, often consume substantial investigation time, presenting a window of opportunity for criminals engaged in illicit activities such as drug trafficking, human exploitation, homicide, and terrorism.

Contrastingly, companies like Apple Inc. defend their prioritization of customer data security and privacy concerns. By doing so, they aim to foster trust among users, thereby enhancing their market appeal and ultimately bolstering profit margins.

However, the dilemma persists: should companies compromise encryption standards in favor of facilitating law enforcement access? Such concessions could potentially expose private messages to malicious actors, exacerbating security and privacy vulnerabilities.

Law enforcement agencies are not seeking unfettered access to user data; rather, they advocate for lawful access to data generated, stored, and accessed by individuals or entities. This access, they argue, should be expedited, bypassing the cumbersome legal procedures that afford criminals precious time to execute nefarious activities with impunity.

The post Facebook end to end encryption a Boon or a Bane appeared first on Cybersecurity Insiders.

April 25, 2024 at 08:54PM

Read More

Ransomware Attacks Shake Automotive and Beverage Industries

Volkswagen, a prominent German automaker, has recently fallen victim to a sophisticated cyber attack, believed to be a variant of ransomware. The attack targeted Volkswagen’s R&D servers, allowing hackers, suspected to be part of a notorious ransomware group, to access and extract gigabytes of sensitive data.

Revealed by German broadcaster ZDF and news magazine Der Spiegel, the breach resulted in the theft of critical information related to electric vehicle developments, gasoline engine technology, transmission documents, and reports on dual clutch transmission systems.

In response, Volkswagen has launched an investigation into the incident, with its security team working diligently to assess the extent of the breach. The company has pledged to provide updates to the media once the investigation is complete.

An anonymous source within Volkswagen suggested that the attack may be linked to a hacking group based in China or affiliated with Chinese intelligence. Their purported aim is not only to acquire data but also to disrupt networks, potentially for intelligence gathering purposes.

In a separate incident, a ransomware attack on logistics firm Skanlog has raised concerns about potential alcohol shortages in Sweden. Skanlog is responsible for distributing beverages for Systembolaget, a government-owned chain that supplies alcohol across the country.

According to Mona Zuko, CEO of Skanlog, the cyber attack, attributed to a group from North Korea, aimed to create shortages of beer, wine, and spirits to pressure the government into paying the ransom demand.

Efforts to restore operations at Skanlog are underway, with IT teams working around the clock to recover systems. However, there are fears that the hackers may engage in double extortion tactics, where stolen data is encrypted and held for ransom, further complicating the situation.

Both incidents underscore the growing threat posed by cyber attacks to critical infrastructure and supply chains, highlighting the need for enhanced cybersecurity measures and vigilance across industries.

The post Ransomware Attacks Shake Automotive and Beverage Industries appeared first on Cybersecurity Insiders.

April 25, 2024 at 10:23AM

Read More

Overcoming security alert fatigue

Alert fatigue represents more than a mere inconvenience for Security Operations Centre (SOC) teams; it poses a tangible threat to enterprise security. When analysts confront a deluge of thousands of alerts daily, each necessitating triage, investigation, and correlation, valuable time is easily squandered on false positives, potentially overlooking genuine indicators of an enterprise-wide data breach.

On average, SOC teams contend with nearly 500 investigation-worthy endpoint security alerts each week, with ensuing investigations consuming 65% of their time. Compounding the issue, security teams grapple with under-resourcing, understaffing, and the burden of manual processes.

This is according to a recent Cybereason whitepaper titled ‘Eliminate Alert Fatigue: A Guide to more Efficient & Effective SOC Teams’.

These hurdles not only frustrate SOC team members, leading to stress, burnout, and turnover, but also detrimentally impact the organisation’s overall security posture. An operation-centric approach is imperative to effectively address these challenges, enabling the correlation of alerts, identification of root causes, provision of complete visibility into attack timelines, and simultaneous automation of tasks to enhance analyst efficiency significantly.

The relentless barrage of security alerts inundating SOC teams poses more than just a nuisance; it constitutes a genuine threat to enterprise security. The phenomenon known as alert fatigue not only overwhelms analysts but also compromises the ability to discern genuine threats amidst the noise, potentially leading to catastrophic consequences for organisational security.

At the core of alert fatigue lies information overload, exacerbated by the design of Security Information and Event Management (SIEM) platforms that prioritise visibility over discernment. An oversensitive SIEM inundates analysts with alerts for even the slightest anomalies, drowning them in a sea of data without clear indications of genuine threats.

Moreover, manual processes further impede efficiency, forcing analysts to navigate across disparate tools and siloed systems, amplifying the challenge of alert fatigue.

The consequences of alert fatigue extend far beyond mere inconvenience; they engender unacceptable outcomes for organisational security. Analysts, overwhelmed by the deluge of alerts and burdened by manual review processes, find themselves with insufficient time to focus on genuine threats, leading to critical detections being overlooked or delayed.

This not only prolongs response and remediation times but also increases the likelihood of undetected attacks, amplifying the damage inflicted upon the organisation.

To address the scourge of alert fatigue and enhance SOC efficiency, a paradigm shift is imperative. Enter the Cybereason Malicious Operation (MalOp) Detection, a groundbreaking approach that transcends traditional alert-centric models.

By contextualising alerts within the broader narrative of malicious operations, the MalOp provides analysts with a comprehensive view of attacks, correlating data across all impacted endpoints to streamline investigations and response efforts.

Central to the MalOp approach is the automation of mundane tasks, empowering analysts to focus their efforts on strategic analysis rather than laborious manual processes. By understanding the full narrative of an attack, Cybereason facilitates tailored response playbooks, enabling swift and decisive action with a single click, without sacrificing the necessity of human intervention.

Real-world success stories attest to the efficacy of the MalOp approach, with organisations experiencing exponential improvements in operational effectiveness and efficiency. By transitioning from an alert-centric to an operation-centric model, SOC teams can overcome the scourge of alert fatigue and bolster organisational security against evolving threats.

In essence, overcoming alert fatigue requires a holistic approach that combines advanced technology with human expertise, empowering SOC teams to stay ahead of adversaries and safeguard organisational assets.

 _______________________

 About Cybereason (https://www.cybereason.com/)

 Cybereason is a leader in future-ready attack protection, partnering with Defenders to end attacks at the endpoint, in the cloud, and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides predictive prevention, detection and response that is undefeated against modern ransomware and advanced attack techniques. The

Cybereason MalOp instantly delivers context-rich attack intelligence across every affected device, user, and system with unparalleled speed and accuracy. Cybereason turns threat data into actionable decisions at the speed of business. Cybereason is a privately held international company headquartered in California with customers in more than 40 countries.

Contact:

Brandon Rochat

Cybereason

Regional Sales Director, Africa

Mobile: +27824987308

Email:    brandon.rochat@cybereason.com

 

 

The post Overcoming security alert fatigue appeared first on Cybersecurity Insiders.

April 24, 2024 at 12:17PM

Read More

Change healthcare faces data leak threat despite paying $22 million as ransom

Change Healthcare, a subsidiary of UnitedHealth Group, has confirmed the transfer of 350 bitcoins, equivalent to $22 million USD, to a crypto wallet owned by the ALPHV Ransomware group.

Despite complying with the ransom demand, concerns linger for the victim regarding the integrity of the promise made by the BLACKCAT, also known as ALPHV, ransomware group to refrain from leaking the stolen data on the dark web.

The looming threat of cybercriminals reneging on their agreements often plagues victims, as there is a risk that hackers might opt to release the pilfered data even after receiving the ransom, typically within 6 to 10 months or even a year.

The demand for fresh data on the dark web remains high, with data older than 11 months fetching less than anticipated returns for cybercriminals. Consequently, hacking groups typically expedite the sale of stolen data within 1 or 2 months of a breach.

Meanwhile, UnitedHealth has disclosed a staggering $872 million financial loss due to the cyber attack on Change Healthcare, during which hackers absconded with approximately 6TB of sensitive information from servers in February of this year.

Investigations have uncovered that the breach occurred in February, with the hackers making their presence known in March 2024. Presently, the BlackCat gang lies dormant following the FBI’s seizure of its servers, as they strategize their resurgence.

However, another ransomware syndicate, RansomHUB, claims to have re-penetrated Change Healthcare’s servers and is demanding a $15 million ransom.

Security experts later indicated that RansomHUB was formerly associated with BlackCat but has since severed ties with ALPHV to establish itself independently. Feeling slighted by the non-receipt of their share of the ransom as pledged, they now threaten to expose the data to potential buyers and other hackers.

Consequently, the victim finds themselves ensnared between two notorious criminal factions and may require the assistance of forensic experts to navigate this perilous situation. Regardless of the specific victim, the ramifications of this cyber attack will reverberate across the United States, impacting numerous pharmacies, hospitals, and medical practices.

The post Change healthcare faces data leak threat despite paying $22 million as ransom appeared first on Cybersecurity Insiders.

April 24, 2024 at 11:02AM

Read More

Four ways to make yourself a harder target for cybercriminals

All of us rely on at least one device in order to go about our daily lives. Our smartphones help us get from A to B, connect us with friends and manage our bank accounts, our work laptops allow us to earn an income, our home laptops allow us to play games and stream entertainment. So how would you feel if they were all taken away? 

 

With our reliance on technology increasing, so too does our level of risk when it comes to cybercrime. You might not think about it this way, but your smartphone, for example, holds the key to multiple accounts which store your personal information – yet most of us don’t have security software installed, or even a hugely secure password.

 

In this post, we explore four ways to keep your devices and information secure.

 

Use a password generator

Whilst many mobile apps now utilize biometric logins, passwords are still the dominant form of security for most websites. Using the same one, or even a slight variation for each site means that if a cybercriminal gets hold of your information, they have access to almost everything.

 

Most people don’t have the headspace to think of a variety of long, varied passwords and then keep that information in their brain for whenever they need it. Fortunately, secure, encrypted password generator programs allow you to create a unique password, made up of letters, symbols and numbers, and save it in a digital ‘vault’. You then only need to remember the master password, or use a biometric login to access this. The app will allow you to directly copy your password over, so you don’t even need to see what it is – heavily reducing the risk that someone will be able to crack it.

 

Setup multi-factor authentication

Most of us will be logged into our accounts in multiple places – for example, emails on your phone and on your laptop – as well as staying permanently logged in to social media apps. It’s quick and convenient, and you can get real-time notifications that allow you to stay connected and informed. Unfortunately, this practice means that it’s harder to notice if anything suspicious is happening on your accounts, as multiple people could be logged in, using your credentials, without you even realizing it.

 

Multi-factor authentication (MFA) adds another layer of security, requiring you to enter extra information such as an authentication code for any new login attempts. The chances are, a criminal would log in on a device that is unrecognized by your account, and so it would prompt an authorization check on your primary device, keeping your information secure. With many major social media sites and cloud providers now offering MFA, this is an easy, no-cost solution to make yourself a harder target for cybercriminals. 

 

Keep your software updated

Do you regularly hit ‘install later’ on the software update pop ups on your computer? If so, you could be putting your information at risk. With cyber threats regularly evolving, having the latest technology installed on your device can help tackle any new attacks that come your way. Whilst updates do often include layout changes or new features that you don’t necessarily want or need, they also offer vital additions to your computer’s defenses.

 

Be more cautious

The final step towards making it harder for cybercriminals to target you is to stay vigilant, and challenge any suspicious behavior. Scammers tend to target people who aren’t that cyber-savvy, so even a basic understanding of what to look out for can help protect your money and information.

 

For example, if a company calls you and asks for your details to solve a problem you’ve reported, you’re well within your rights to say that you’ll call them back. This way, you can make sure that you’re dialing the official phone number from your previous correspondence or their website, and haven’t been caught out by an impersonation scam.

 

Phishing emails are also an incredibly popular way for scammers to get hold of sensitive information or gain control over people in order to extort money. Research estimates that 3.4 billion spam emails are sent every day, so the chances are that all of us will see them in our inbox at some point. Don’t click on any links that you’re not sure about, open unusual attachments, or reply to any unknown senders. Criminals are also increasingly impersonating legitimate email accounts too, so look out for typos or other features that may suggest something isn’t quite right.

The post Four ways to make yourself a harder target for cybercriminals appeared first on Cybersecurity Insiders.

April 24, 2024 at 09:03AM

Read More

Veeam acquires Coveware to boost its ransomware protection

Veeam, a leading provider of backup solutions, has announced its acquisition of Coveware, a cyber incident response firm, in a move aimed at enhancing its ransomware protection technology. The terms of the acquisition remain undisclosed.

Coveware specializes in forensic investigation, extortion negotiation, remediation, and cryptocurrency settlements for companies affected by file-encrypting malware, commonly known as ransomware. Additionally, the company offers decryption services and provides free keys for certain less prominent malware variants.

Anand Eswaran, CEO of Veeam, emphasizes the importance of addressing ransomware threats, citing that 76% of organizations have experienced such attacks in the past year. With this acquisition, Veeam aims to integrate Coveware’s threat intelligence into its proactive data protection solutions.

A survey by IDC reveals that 36% of organizations struggle to recover their data due to backup failures, exacerbating ransomware incidents. Veeam aims to differentiate itself by offering a proactive approach to cyber protection, bolstered by Coveware’s expertise.

Through its Cyber Secure Program, Veeam plans to assist enterprises in ransomware protection, backed by a $5 million warranty. This proactive stance aims to mitigate the impact of ransomware attacks by ensuring data continuity and safeguarding against file-encrypting malware.

Enterprises seeking defense against ransomware attacks can rely on Veeam’s comprehensive solutions, which combine data continuity with advanced malware protection.

The post Veeam acquires Coveware to boost its ransomware protection appeared first on Cybersecurity Insiders.

April 23, 2024 at 08:54PM

Read More

Russian cyber forces cyber attack water tower just to make it overflow

A group known as the Cyber Army of Russia Reborn (CARR) has issued a stark warning, asserting its capability to breach United States water facilities and unleash chaos. This ominous declaration was accompanied by details shared on Telegram, showcasing their control over a water tower that resulted in overflow.

Located in Muleshoe, a US drinking water facility in Texas and serving approximately 5,000 residents near the New Mexico border became a target of CARR’s hacking prowess earlier this year. The facility’s automation rendered it vulnerable, allowing CARR, allegedly supported by the Russian government, to manipulate its systems. The consequence was an hour-long overflow, prompting an emergency declaration and impacting the surrounding area reliant on this vital fresh water source.

While awaiting confirmation from the White House’s vigilance committee, if verified, this incident would mark a historic milestone as the first publicly acknowledged hack on North America’s critical infrastructure by Russia. Notably, it would follow similar cyber intrusions attributed to China and Iran.

Speculation linking CARR to the breach gains traction, with past exploits including disrupting the South Korea Olympics Opening Ceremony in 2018 and infiltrating the Chernobyl nuclear plant in 2017. The motive behind targeting water, nuclear, and power facilities remains unclear. However, security experts caution that such groups aim to exploit vulnerabilities for intelligence gathering and sow political discord domestically and internationally.

In light of these threats, stakeholders responsible for critical infrastructure must adopt proactive measures to mitigate risks and safeguard against potential disruptions.

The post Russian cyber forces cyber attack water tower just to make it overflow appeared first on Cybersecurity Insiders.

April 23, 2024 at 12:07PM

Read More

More companies refuse to pay ransom in 2024

In 2024, a significant shift in corporate response to ransomware attacks has emerged, reflecting a resolute stance against capitulation to hackers’ demands for ransom payments. Coveware, a notable cybersecurity firm, has underscored this trend, revealing that merely 28% of affected companies opted to pay ransom in the initial quarter of the year, with the majority steadfastly refusing or failing to comply.

The encouraging development lies in the proactive measures adopted by organizations, equipping themselves with advanced tools designed to thwart such cyber assaults or fortify their defenses against malicious software threats. Additionally, law enforcement agencies have intensified efforts to trace cryptocurrency transactions, exerting considerable pressure on cybercriminals who seek financial gain through coercive means such as demanding ransom payments in exchange for decryption keys.

Compounding this deterrent is the glaring reality that perpetrators often renege on their promises to provide decryption keys upon receiving payment and frequently fail to honor commitments regarding the non-publication or non-resale of stolen data. Consequently, an increasing number of companies are opting to forego negotiations with hackers and instead are resorting to data recovery from secure backups.

In a recent announcement, both the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have imposed restrictions on ransom payments, stipulating that victimized companies are prohibited from exceeding a payment threshold of $100,000 without obtaining judicial and local law enforcement authorization; a law that still has to be substantiated by representatives of both houses. This regulatory intervention serves to dissuade ransomware-stricken entities from succumbing to extortion demands.

Security experts advocate for prudent investments in robust data backup solutions, citing their pivotal role in preserving data integrity and facilitating swift recovery in the aftermath of a cyber attack. However, the implementation of such precautionary measures often encounters obstacles stemming from budgetary constraints, leaving businesses vulnerable to the devastating consequences of ransomware incursions.

In essence, the prevailing narrative underscores a growing consensus among targeted enterprises to eschew the payment of ransoms, bolstered by enhanced cybersecurity protocols, regulatory scrutiny, and a strategic emphasis on data resilience and recovery mechanisms.

The post More companies refuse to pay ransom in 2024 appeared first on Cybersecurity Insiders.

April 22, 2024 at 08:42PM

Read More

Safeguarding Your Gmail Account: Strategies to Defend Against Fraud

In today’s digital age, email has become an indispensable tool for communication, both personal and professional. Among the most widely used email services is Gmail, provided by Google. However, with the convenience of email also comes the risk of fraud and unauthorized access to your account.

Protecting your Gmail account from fraud is essential to safeguard your personal information, sensitive data, and digital identity. In this article, we’ll explore strategies to defend against Gmail account frauds.

Enable Two-Factor Authentication (2FA)

One of the most effective ways to enhance the security of your Gmail account is by enabling Two-Factor Authentication (2FA). With 2FA enabled, accessing your account requires not only your password but also a second form of verification, such as a code sent to your phone or generated by an authentication app. This additional layer of security significantly reduces the risk of unauthorized access, even if your password is compromised.

Create a Strong Password

Ensure that your Gmail account is protected by a strong, unique password. Avoid using easily guessable passwords such as “123456” or “password.” Instead, create a complex password comprising a mix of letters, numbers, and special characters. Consider using a reputable password manager to generate and store secure passwords for all your online accounts, including Gmail.

Beware of Phishing Attempts

Phishing is a common tactic used by fraudsters to trick users into revealing their login credentials or personal information. Be cautious of unsolicited emails, especially those requesting sensitive information or urging immediate action. Verify the legitimacy of email sender addresses and avoid clicking on suspicious links or attachments. Google provides built-in phishing protection in Gmail, but remaining vigilant is crucial.

Regularly Review Account Activity

Keep a close eye on your Gmail account activity by regularly reviewing the “Recent activity” section. This feature allows you to monitor login locations, devices, and sessions associated with your account. If you notice any unfamiliar activity or login attempts from unrecognized devices or locations, take immediate action to secure your account, such as changing your password and enabling 2FA.

Update Security Settings

Take advantage of Gmail’s built-in security features and regularly review your account’s security settings. Google offers various security options, such as device management, app permissions, and account recovery settings. Ensure that these settings are configured according to your preferences and security requirements. Stay informed about new security features and updates released by Google to enhance the protection of your Gmail account.

Educate Yourself and Others

Stay informed about common email scams and fraud tactics to recognize and avoid potential threats. Educate yourself and others, such as friends, family members, and colleagues, about best practices for email security and fraud prevention. Encourage them to implement security measures such as 2FA, strong passwords, and email verification procedures.

Conclusion

Protecting your Gmail account from fraud requires a proactive approach and adherence to security best practices. By implementing strategies such as enabling Two-Factor Authentication, using strong passwords, being cautious of phishing attempts, reviewing account activity, updating security settings, and educating yourself and others, you can significantly reduce the risk of unauthorized access and safeguard your digital identity. Remember, maintaining the security of your Gmail account is essential for protecting your personal information and ensuring a safe online experience.

 

The post Safeguarding Your Gmail Account: Strategies to Defend Against Fraud appeared first on Cybersecurity Insiders.

April 22, 2024 at 11:11AM

Read More

EASA Alerts Airlines Amid Suspected Cyber-Attacks on UK-Bound Flights

European Union Aviation Safety Agency (EASA) has issued a cautionary alert following reports of cyber-attacks targeting flights bound for the United Kingdom. These incidents have raised serious concerns regarding the safety and security of air travel, prompting EASA to advise airlines and flight crews to remain vigilant and take necessary precautions.

According to EASA, some UK-bound flights, carrying holidaymakers and essential personnel, have experienced disruptions to their GPS systems due to suspected cyber-attacks. The interference has resulted in pilots encountering unexpected incidents during flight, posing potential risks to passenger safety.

While the exact origins of these cyber-attacks remain unconfirmed, there are speculations pointing towards Russia as a potential culprit. Evidence suggesting Russian involvement has prompted heightened scrutiny and calls for proactive measures to address the threat posed by such malicious activities.

A recent report published in ‘The SUN’ alleged that Russian forces may have been responsible for spoofing attacks on a Royal Air Force (RAF) plane carrying Grant Shapps, the Defense Secretary. The plane’s GPS coordinates were reportedly manipulated, leading to coordination challenges between the pilots and ground crews at various national airports.

Flight logs have indicated that these cyber-attacks predominantly occur when flights are en route to regions under Kremlin control, including the Baltic region, Black Sea, and eastern Mediterranean. This pattern has raised concerns about the deliberate targeting of specific flight paths by hostile actors.

In response to these threats, EASA is urging pilots to exercise caution and consider alternative routes when flying through regions potentially affected by cyber-attacks. Additionally, flight crews are advised to maintain constant communication with ground staff at both departure and destination airports to mitigate any potential risks.

The manipulation of GPS coordinates and electronic interference poses significant dangers to aviation safety, including the risk of crashes, hijackings, and misdirected flights. Such disruptions not only endanger the lives of passengers and crew but also have broader implications for global air travel security.

While concrete evidence linking Moscow to these cyber-attacks is yet to be established, the geopolitical context, including the UK’s support for Ukraine, raises suspicions about Russian involvement. However, it’s essential to approach these allegations with caution and await further investigation.

Recent incidents of electromagnetic interference affecting maritime vessels further highlight the need for comprehensive measures to protect transportation systems from electronic disruptions. Safeguarding both air and sea travel against cyber threats requires coordinated efforts and investment in cybersecurity infrastructure.

In conclusion, EASA’s alert underscores the urgent need for heightened vigilance and preparedness within the aviation industry to address the growing threat of cyber-attacks on air travel. Collaborative efforts between governments, regulatory bodies, and industry stakeholders are essential to ensure the safety and security of passengers and crew in an increasingly interconnected world.

The post EASA Alerts Airlines Amid Suspected Cyber-Attacks on UK-Bound Flights appeared first on Cybersecurity Insiders.

April 22, 2024 at 11:04AM

Read More

Defining and Understanding Trust Assurance

Trust is perhaps the most foundational principle that shapes how businesses operate. It’s important to customers, partners, employees, and just about any stakeholder you can think of. The process of building, earning, and keeping trust for an organization is quite complex, as it often is between people. No amount of analysis or metrics can calculate just how valuable trust really is. And in today’s increasingly digital world, trust feels more important than ever before. 

 

Even simple purchases today often ask consumers to provide some form of personal information or to create an account. Our devices, email addresses, and personal information are shared with and connected to the brands we choose to do business with. The same applies to business-to-business interactions. Regulatory requirements and business complexity continues to grow, but CISOs are stuck with legacy tools and spreadsheets that provide limited visibility into security posture. Today’s digitally connected business world is giving rise to the concept of “trust assurance.”

 

Pillars of Trust Assurance 

Trust assurance enables a consistent, adaptable measure of confidence that privacy and security controls, processes, and systems are effective, predictive, and transparent. It ensures that risks are mitigated to meet compliance standards for a given industry, country, contract, etc., and that this will be the case on an ongoing basis. Modern CISOs are being asked to reduce enterprise risk and align with business growth. By adopting the core pillars of trust assurance, they can build an InfoSec program that earns the trust of customers, as well as company leadership.

 

1. Predictive: Modern IT-GRC (government, risk, compliance) programs and platforms are moving to real-time risk management. With the power of artificial intelligence (AI), platforms today can adapt to meet changing organizational needs. GRC platforms should be able to automatically adapt to changes in business and regulatory requirements by updating policies and the associated controls and tests, as well as adjusting risk assessments in real time.

2. Integrated: A system cannot be truly predictive or real time if it’s built on siloed, static data. APIs and data graphs are critical infrastructure elements that enable time efficiency, data accuracy, and overall confidence in GRC program efficacy.  

3. Transparency: Successful CISOs and InfoSec leaders do not work in the shadows; their security program and its impact should be clear to potential customers and partners, as well as company leadership.  Without the ability to clearly communicate the impact of GRC programs, CISOs will continue to be undervalued and underfunded. 

 

Trust Assurance Business Value

By embodying the pillars of trust assurance, CISOs can deliver newfound business value to their organization. This includes:

• Lowering Costs: IT and GRC budgets are shrinking, while manual solutions are not effective enough for managing the modern threat landscape and compliance requirements. Investing in an AI and API-based programmatic automation and verification solution for GRC delivers cost savings, even as GRC programs scale up or require more maintenance to meet compliance and security standards. 

• Accelerating Revenue: As organizations need to meet an expanding list of regulatory requirements, manual processes won’t cut it. But trust assurance embodies transparent, real-time API-based sharing of a company’s trust posture. This unlocks the ability to close deals faster and evaluate vendor risk with greater accuracy. 

• Protecting Against Liability: CISOs can verify their organization is meeting contractual privacy and security regulation requirements, calculate risk, and evaluate the effectiveness of controls in place. With clear visibility into control status and quantitative risk assessment, CISOs can provide metrics on how the program reduces overall risk and liability.

• Building a Culture of Trust: By making sure every employee is trained and educated on GRC and cybersecurity, it builds a culture of trust. Everyone knows their responsibility and role in protecting their organization, as well as protecting the data and shared information with customers and partners. 

 

An Evolving Threat Environment Requires A New Approach 

CISOs today have to navigate an array of different security challenges. Internally, they must manage and protect their services and servers, with complex IT infrastructures, cloud migration, and ongoing compliance requirements. They must also support the business, product, and sales teams with vendor security and compliance assessments, certifications, and questionnaires. 

 

Automation has helped to streamline some of these often labor-intensive tasks and associated human errors. But most automated platforms rely on static information and standardized workflows and processes. When a new customer has tailored specifications, it can create plenty more work than expected. By relying on point-in-time data, the dynamic nature of organizational infrastructure and associated risk is not truly captured and addressed. 

 

Instead, CISOs need to buy into trust assurance. With the support of technology that leverages AI and APIs for integrated, real-time, predictive GRC capabilities, and the accountability and understanding that comes from everyone being on the same page for security, CISOs can build trust assurance with stakeholders. So as changes happen in real-time, or specific requests come in, compliance, security, and trust can be prioritized and kept.

The post Defining and Understanding Trust Assurance appeared first on Cybersecurity Insiders.

April 20, 2024 at 11:18AM

Read More