Seven Deadly Myths of DDoS Protection

Myth (noun). 1. an ancient story or set of stories, especially explaining the early history of a group of people or about natural events and facts; 2. a commonly believed but false idea. 

Myths in their purest form have been around since ancient times. Stories to help people understand and navigate the world around them. More recently, they’ve become less folklore and more fallacy as people buy into ideas that suit their narrative without any basis in fact. And, perhaps this is never more true than when it comes to cybersecurity. 

Whether it’s willful ignorance or the mistaken belief that a cyber event won’t happen to them, too many companies are operating under a set of misguided beliefs that they are safe, when nothing could be further from the truth. After many years in cybersecurity, most recently in distributed denial of service (DDoS) mitigation solutions, I can assure you no one is safe, especially when it comes to DDoS attacks. I’m sharing a few of the most common myths surrounding DDoS attacks and mitigation in hopes that by arming companies with the facts, they don’t fall victim to the fiction.

1.Nothing to see here. Whereas in 2008, the assertion that certain financial institutions were too big to fail saved them from certain ruin, a similar but opposite belief by some companies that they are too small to be noticed by cyberattackers could inadvertently lead them to certain ruin. Despite near-weekly evidence to the contrary, these organizations believe they aren’t significant enough to merit a blip on a threat actor’s radar. And while it may be true that they are an unlikely target of a nation state-based attack, there are plenty of ne’er do wells who are looking for an easy score, courtesy of an unprotected or underprotected company. If a company has an online presence, they are a potential victim, no matter their size or industry.

2.The total package. Simply implementing a DDoS protection solution is not enough to keep the wolves at bay. In fact, no solution can completely shield a company from potential attacks and those who claim they can should be avoided at all costs. That’s not to say that DDoS prevention solutions aren’t a worthwhile investment. They are and are an essential part of a company’s security posture. While they can mitigate various types of attacks, they cannot guarantee absolute protection. Threat actors are constantly working to outsmart the next, best security solution and are tailoring their tactics to leverage new vulnerabilities to their advantage. Companies need to make sure they are employing a comprehensive approach to security that includes a DDoS solution that limits downtime to seconds and not minutes.

3.One-size-fits-all (or does it?). There’s a misconception that one DDoS protection solution is the same as the next, with price being the main differentiator. Nothing could be further from the truth, however. Different solutions specialize in mitigating different types of attacks and offer varying levels of protection. Before shopping for a DDoS protection solution, organizations must have a solid understanding of their specific needs and choose a service provider accordingly. Ideally, a solution provider should provide options that will allow for protection at scale and that can be tailored to suit an organization’s needs now and in the future.

4.Faulty math. Some believe that implementing robust DDoS protection is cost-prohibitive and only necessary for large enterprises. However, DDoS attacks don’t discriminate and target businesses of all sizes. All too often, the cost of mitigation is often far lower than the potential losses incurred during an attack in terms of downtime, reputation damage, and lost revenue. In fact, research has found that the average loss to a business under DDoS attack is anywhere from thousands to hundreds of thousands of dollars per hour. Compare that to eliminating the cost of a DDoS protection solution from your budget, and the math doesn’t add up.

5.Firewall insufficiency, bandwidth buster. Firewalls are essential components of network security, but they are not the end-all, be-all when it comes to mitigating DDoS attacks. While firewalls play the important role of gate-keeper, stopping unwanted traffic, many DDoS attacks operate by overwhelming network resources, making them inaccessible to legitimate users. It might follow then that the key to success comes with adding bandwidth; unfortunately, a significant portion of DDoS attacks are non-volumetric in nature, meaning the bandwidth you added to alleviate the problem might just make things worse. Look for specialized DDoS protection services that employ advanced techniques such as traffic filtering, rate limiting, and behavioral analysis to mitigate these attacks effectively.

6.Set it and forget it: While it’s tempting to think that once you have DDoS protection measures in place you can go about your business and forget about them, you’d be wrong. Strong DDo protection demands continued monitoring, maintenance and updates to keep abreast of evolving threats. Therefore, it’s essential that companies regularly review and update their DDoS mitigation strategy. Attackers constantly develop new methods, and your defenses must evolve accordingly.

7.The call came from inside the house: All too often, organizations focus on protecting themselves from external DDoS attacks while overlooking the importance of protecting their internal networks from attacks that originate from inside the company. Insider threats or compromised devices can launch DDoS attacks that disrupt internal services and operations so make sure that any DDoS protection solution you consider accounts for both firms of attack

Whereas the idea that ignorance is bliss might be a balm meant to soothe a wrongdoer’s conscience, the stark reality is that what you don’t know can, in fact, be your undoing. Know the facts, and be prepared.

 

The post Seven Deadly Myths of DDoS Protection appeared first on Cybersecurity Insiders.

August 30, 2024 at 08:44PM

Read More

INE Security Named 2024 SC Awards Finalist

Cary, North Carolina, August 30th, 2024, CyberNewsWire

INE Security is pleased to announce that it has been recognized as a 2024 SC Award finalist in the Excellence Award category for Best IT Security-Related Training Program. Marking its 27th year, the SC Awards recognize the solutions, organizations, and individuals that have demonstrated exceptional achievement in advancing the security of information security. This year, the SC Awards received a remarkable number of entries across 34 specialty categories, with many notable companies earning nominations for their leadership and commitment to cybersecurity education.

“We are honored to be recognized as a finalist in the SC Awards for our commitment to excellence in IT security training,” said Dara Warn, CEO of INE Security. “This nomination reflects our dedication to empowering professionals with the knowledge and skills they need to tackle today’s sophisticated cybersecurity challenges. At INE Security, we remain committed to advancing the industry through the best cybersecurity training and certification platform, and innovative, high-quality training solutions that meet the evolving needs of the cybersecurity community.”

“The finalists for the 2024 SC Awards truly represent the forefront of cybersecurity innovation and leadership,” said Tom Spring, Editorial Director at SC Media. “These solutions, organizations, and professionals have demonstrated outstanding capabilities in addressing today’s complex and ever-changing threat landscape. We are proud to recognize their contributions to the cybersecurity community.”

INE Security has been recognized among the best cybersecurity training platform in 2024 by numerous organizations including:

• G2 as an online course provider and technical training provider
• G2’s 2024 Best Software Awards for Education Products 
• Security Boulevard’s list of the Top 10 Hacking Certifications for both the Certified Professional Penetration Tester (eCPPT) and Web Application Penetration Tester eXtreme (eWPTX) certifications

The SC Awards were evaluated by a distinguished panel of judges, including cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance community from sectors such as healthcare, financial services, education, and technology.

Winners of the 2024 SC Awards will be announced on September 17, 2024.

About INE Security:

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret.  

Users can learn more at www.cyberriskalliance.com.

Contact

Director of Global Strategic Communications and Events
Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security Named 2024 SC Awards Finalist appeared first on Cybersecurity Insiders.

August 30, 2024 at 04:05PM

Read More

Palo Alto Networks found to spread Malware

Palo Alto Networks is currently being misused as a cover for malware distribution. Although the California-based cybersecurity company is not involved in these activities, hackers are exploiting the company’s name to propagate malware disguised as the ‘Palo Alto Networks Global Protect Tool.’

This malware is primarily circulating in the Middle East, with plans to extend its reach to other regions, starting with Australia and Canada. Trend Micro’s security researchers have discovered that the malware communicates via a disguised VPN portal, allowing it to bypass many anti-malware solutions, particularly in sandbox environments. It is typically disseminated through phishing attacks and collects sensitive information such as IP addresses, operating system details, usernames, machine names, sleep time sequences, and operational hours. This data is then sent to command-and-control (C&C) servers, which issue further instructions.

While this incident is unlikely to significantly damage the reputation of Palo Alto Networks, it could still impact customer trust to some degree.

Interestingly, this malware issue coincides with increased media attention on Nikesh Arora, CEO of Palo Alto Networks. Arora, the highest-paid Indian-origin CEO, has been trending on social media not for his professional achievements, but due to his prominent wife, Ayesha Thapar. Mrs. Thapar, the Managing Director of Indian City Properties Limited and co-owner of Miami based telecom group and share holder in Thapar Group, has attracted significant online interest.

Recent findings by Unit 42 have also highlighted a surge in deepfake-driven scams, with public figures like Donald Trump, Kamala Harris, and Joe Biden being featured in fraudulent videos. This trend underscores the growing sophistication of cyber threats and the need for heightened vigilance.

The post Palo Alto Networks found to spread Malware appeared first on Cybersecurity Insiders.

August 30, 2024 at 11:10AM

Read More

Check Point Software acquires Cyberint Technologies

Check Point Software Technologies has officially announced its intention to acquire Cyberint, a pioneer in External Risk Management solutions; although the financial details of the transaction have not been disclosed. This strategic acquisition aims to significantly enhance Check Point’s Security Operations Center (SOC) capabilities and substantially expand its threat intelligence portfolio.

In 2013, Cyberint was honored with the prestigious ‘Company of the Year’ award by Frost & Sullivan, establishing itself as a leader in the realms of threat intelligence, digital risk protection, and attack surface management. The company serves a global clientele across 170 countries, including 69 Fortune 500 companies, reflecting its robust industry presence and expertise.

In today’s digital landscape, phishing attacks targeting employee login credentials have become a prevalent and ongoing threat. Cyberint excels in addressing this issue by providing real-time intelligence and proactive defense strategies. Leveraging advanced AI technologies, Cyberint aims to enhance information security while minimizing false positives, thus offering a comprehensive solution to mitigate these threats.

In related developments, Check Point Software Technologies is forecasting significant growth in the cybersecurity market by 2031. To capitalize on this opportunity, the company is planning to invest an additional $2 billion to facilitate further mergers and acquisitions. This strategic investment is intended to reduce competition and expand Check Point’s customer base by acquiring assets from other firms in the sector.

Moreover, Check Point highlights a critical trend in cybersecurity: 90% of attacks on corporate networks originate from phishing emails. Alarmingly, 72% of these phishing attacks lead to the dissemination of malware or ransomware, in addition to credential theft. With the rise of Generative AI, the sophistication of such attacks has evolved, with cybercriminals increasingly targeting the same compromised networks multiple times.

This acquisition and investment strategy underscores Check Point’s commitment to bolstering its cybersecurity infrastructure and expanding its influence in the industry, positioning itself to address emerging threats and sustain its competitive edge in the evolving digital threat landscape.

The post Check Point Software acquires Cyberint Technologies appeared first on Cybersecurity Insiders.

August 29, 2024 at 08:35PM

Read More

America witnesses $1.5 billion in Cyber Crime losses so far in 2024

A recent report from the FBI’s Internet Crime Complaint Center (IC3) reveals a significant surge in cyber-crime losses in the first half of 2024. From January to May 2024, the United States experienced $1.5 billion in cyber-crime losses—nearly double the $720 million reported during the same period last year.

FBI security experts are struggling to pinpoint the cause of this increase. The current theories suggest either a failure in government data protection or a rise in sophisticated cybercriminal tactics and higher ransom demands.

In response to these threats, the FBI has launched the ‘Take a Beat‘ campaign. This initiative aims to educate the public about the evolving cyber threat landscape and encourage careful online behavior to prevent falling victim to hackers and scammers.

Reporting cyber-crime is crucial. It not only helps federal agencies respond effectively but also informs others about potential threats, enhancing overall network security for both individuals and organizations.

Additionally, a report from Comparitech reveals that hackers have stolen over 6.7 million individual records from U.S. schools and colleges since 2018. This breach, involving data from more than 8,000 educational institutions, has resulted in $2.5 billion in losses due to downtime, hospital costs, and expenses related to hiring experts and negotiating with attackers.

The average downtime for affected institutions has increased significantly, from 6-7 days in 2021 to 13 days in the latest reports, highlighting the growing impact of cyber-attacks even as the world has shifted focus from the COVID-19 pandemic.

Staying informed about new technologies and countermeasures is essential to protecting ourselves from cyber threats.

The post America witnesses $1.5 billion in Cyber Crime losses so far in 2024 appeared first on Cybersecurity Insiders.

August 29, 2024 at 10:30AM

Read More

Hacktivists turning to ransomware spread

The landscape of cybercrime has undergone a significant transformation, with hacktivists increasingly abandoning their ideological motivations in favor of lucrative financial gains.

 A recent report by cybersecurity firm Seqrite reveals that many hacktivist groups are now actively involved in spreading ransomware, a trend driven by the potential for substantial profits.

However, not everything seems merry to those joining the crime, as law enforcement agencies, especially from the west are also doing their best in suppressing the crime to a certain extent by arresting the criminals or seizing their infrastructure to either disrupt their operations or shut them down on a permanent note, like BlackCat Ransomware group.

While law enforcement agencies are making strides in combating ransomware, the threat remains persistent. Despite increased efforts to arrest criminals and dismantle their infrastructure, ransomware groups continue to operate, targeting vulnerable organizations worldwide.

One of the factors contributing to the growth of ransomware is the reluctance of many organizations to pay ransoms. According to Arete, only a minority of victims are willing to meet the extortionists’ demands, often citing the high costs of recovery as a deterrent. This perceived profitability further incentivizes cybercriminals to engage in ransomware activities.

The consequences of ransomware attacks can be devastating, leading to significant financial losses, operational disruptions, and even business closures. A notable example is a British accounting software firm that was targeted by a ransomware gang in May 2023. Unable to recover from the attack, the company was forced to shut down its operations.

As the ransomware threat continues to evolve, organizations must prioritize robust cybersecurity measures to protect themselves against these attacks. By investing in proactive security solutions and developing effective incident response plans, businesses can mitigate the risks associated with ransomware and minimize the potential damage.

The post Hacktivists turning to ransomware spread appeared first on Cybersecurity Insiders.

August 28, 2024 at 08:52PM

Read More

BlackSuit Ransomware targets software firm and steals data of about 950k individuals

BlackSuit, the ransomware group responsible for the recent outage at CDK Global, has announced that it is compelled to release data on over 950,000 individuals from Young Consulting, now known as Connexure.

The ransomware gang claimed to have breached Connexure’s servers in April 2024, targeting confidential information. The Atlanta-based software firm detected the unauthorized access in May. Despite negotiations between Connexure’s senior management and the attackers, no agreement was reached regarding the ransom.

In July, BlackSuit revealed it possessed sensitive information, including social security numbers, full names, dates of birth, and insurance claim details. The group threatened further data leaks or sales if their demands were not met. The compromised data also includes financial reports, medical records, employee passport numbers, family details, contracts, contact information, and business agreements.

In August 2024, BlackSuit began releasing the stolen information. In response, Connexure announced that affected individuals would receive free credit monitoring services from Cyberscout, available through November 2024. The company, which provides integrated software for marketing and administration, is actively exploring ways to manage the impact of the cyberattack without paying the ransom.

One potential approach is to restore encrypted data from backups and report the incident to law enforcement. The law enforcement cyber units would then work to disrupt the criminals’ databases and destroy the stolen data permanently.

As per an advisory from the FBI and US-CISA issued in March 2024, a forthcoming ransomware variant is set to enter the cybersecurity landscape, marking itself as a rebrand or offshoot of the Royal Ransomware gang, notorious for purportedly amassing around $275 million in 2022.

This marks the fourth malware iteration linked to the Royal Ransomware lineage, joining the ranks of Blackmatter (a derivative of Darkside ransomware), Hunters International (formerly known as Hive), and NoEscape (previously identified as Avaddon).

The post BlackSuit Ransomware targets software firm and steals data of about 950k individuals appeared first on Cybersecurity Insiders.

August 28, 2024 at 11:05AM

Read More

Beyond the Campaign Trail: Strengthening Your Business’s Cyber Defenses for Election Season

As we near the 2024 US presidential election, businesses around the country face an escalating cybersecurity threat that demands immediate and sustained action. According to recent research, two-thirds of employees already report an increase in political emails hitting their work inboxes. This increase doesn’t just clutter mailboxes—it creates a perfect storm for potential ransomware attacks, putting organizations at significant risk. 

Cybercriminals are, at their core, opportunists. They recognize that major public events like elections create an ideal environment for their nefarious activities. During these times, emotions can run high. Americans also tend to pay closer attention to political news and communications. This means workers may be more susceptible to election-related phishing attempts designed to compromise their employers’ IT systems. 

The success of phishing attacks often depends on the attacker’s ability to engineer an emotional response. By tapping into the heightened political atmosphere, cybercriminals try to craft messages that provoke strong reactions, increasing the likelihood that recipients will click on malicious links without proper validation. 

Consider the typical election-related email: it might claim to contain breaking news about a candidate, allege a scandal or promise exclusive insider information. For an employee caught up in the political fervor, the temptation to click could override their usual sense of caution. This momentary lapse in judgment is all a skilled attacker needs to gain a foothold inside an organization’s network. 

The research also highlighted another alarming statistic: more than a third of end users admitted that they’re at least somewhat likely to click on a link in a political campaign email, even if it appears suspicious. And one out of five are unlikely to validate a political campaign email before opening an attachment. 

This lack of caution is troubling on its own, but it gets worse:

Most U.S. workers access personal email on the same devices they use to access work correspondence. This blurring of personal and professional boundaries creates a significant vulnerability for businesses nationwide. An employee engrossed in the latest poll numbers or campaign developments might be less vigilant about cybersecurity best practices, especially if they’re toggling between work tasks and election news. 

The severe consequences of a successful phishing attack that leads to ransomware are numerous, from operational and financial disruption to legal and reputational repercussions. As outlined, these risks are becoming even more pronounced as the election season heats up. It’s crucial organizations bolster their cyber resilience and maintain a heightened state of vigilance to protect against potentially devastating attacks.

A comprehensive approach to heightened cyber resilience should include: 

• Employee education and awareness – Implement comprehensive training programs that teach staff to recognize and report suspicious emails, particularly those with political content. IT staff should conduct regular phishing simulations to test and reinforce employee best practices and to create a culture of cyber resilience awareness, where employees feel empowered to report potential threats without fear of reprimand. 
• Robust email security – Deploy advanced email security solutions capable of identifying and quarantining potential threats before they reach employee inboxes. Additionally, protocols like domain-based message authentication, reporting and conformance, sender policy frameworks and domain keys identified mail can reduce the risk of email spoofing, while AI-powered email filtering systems can detect subtle anomalies in message content and sender behavior. 
• Network segmentation and access control – Properly segmenting networks can limit the potential spread of ransomware. Implementing least-privilege access controls also helps ensure employees have access only to the data and systems necessary for their roles. 
• Comprehensive backup and recovery – Backup and recovery is your last line of defense against threats like ransomware. Maintain up-to-date, clean backups of critical data and systems and ensure you can efficiently and effectively recover from them. All the backups in the world do no good if you can’t recover them. IT leaders should consider AI-powered data protection along with a 3-2-1 backup strategy: at least three copies of backup data on at least two different media with at least one copy stored off-site and on immutable storage.
• Incident response planning – Develop and regularly update a detailed incident response plan that outlines steps to take in the event of a ransomware attack. Tabletop exercises should be conducted to familiarize key personnel with their roles and responsibilities during and after an incident, while partnerships with cyber resilience firms and legal cybersecurity counsel should be formed before a crisis occurs. 
• Endpoint protection monitoring – Deploy and maintain up-to-date endpoint protection software on all devices that access company resources. Endpoint detection and response solutions that can quickly identify and contain potential threats should be implemented as part of a zero-trust security model, which assumes no user or device is trustworthy. 
• Policy enforcement – Develop and enforce clear policies regarding the use of work devices for personal activities, especially during sensitive times like elections. These should include stricter controls on non-work-related web browsing and email use during high-risk periods. 

The convergence of personal political passion and access to critical company networks creates a potent risk that organizations cannot afford to ignore. As we move toward November, businesses must remain vigilant and proactive in their cyber resilience. Leaders should also view this period not just as a time of increased risk, but as an opportunity to strengthen their overall security posture. The steps outlined here to combat election-related ransomware threats will serve organizations long after the polls close, too, creating a more resilient and secure business environment now and in the future.

 

The post Beyond the Campaign Trail: Strengthening Your Business’s Cyber Defenses for Election Season appeared first on Cybersecurity Insiders.

August 27, 2024 at 09:58PM

Read More

CMMC vs DFARS vs NIST: What Are the Differences?

Although the federal government tasks companies with meeting cybersecurity mandates and other forms of regulatory compliance, few seem to cry foul. That’s largely because Washington, D.C., is expected to spend nearly $7 trillion in contracts by the end of the 2024 fiscal year. Those monetary rewards have nearly doubled over the last 10 years and are on track to exceed $8 trillion in 2029.

For defense contractors and other businesses to remain in the government’s good graces, industry leaders must meet and maintain some of the most stringent data security standards. The U.S. Department of Defense (DoD) is currently rolling out the Cybersecurity Maturity Model Certification (CMMC), which overlaps with and differs from the Defense Federal Acquisition Regulation Supplement (DFARS) and the National Institute of Standards and Technology (NIST) framework, particularly NIST SP 800-171. Understanding the differences between CMMC, DFARS, and NIST is essential if the more than 100,000 contractors, as well as subcontractors, that generate revenue from DoD contracts are to remain in compliance.

What is NIST?

Part of the U.S. Department of Commerce, the National Institute of Standards and Technology helps advance American scientific innovation, business competitiveness, and technologies by creating security standards. While its original purpose was to further the country’s economic prosperity, NIST SP 800-171 has been adopted as foundational data security thought leadership. This guidance outlines many of the best practices needed to safeguard data related to our national security.

The NIST SP 800-171 standard has been integrated into DFARS and is also the bedrock of the Pentagon’s CMMC 2.0 mandate. Direct defense contractors and those working in the private sector supply chain must adhere to one of three CMMC cyber hygiene levels or risk being sidelined.

What is CMMC 2.0?

The CMMC model has undergone some modifications since the Pentagon published its 2020 interim rule in the Federal Register. A change in governance resulted in scrapping a five-tiered cybersecurity model in favor of three tiers. Based on NIST SP 800-171 and other data security protocols, CMMC 2.0 brings many of the most determined cybersecurity measures under one umbrella. Every organization that stores or transmits DoD-related Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) must meet CMMC compliance.

What is DFARS?

The Defense Federal Acquisition Regulation Supplement involves an additional layer of rules that pertain to the Federal Acquisition Regulation, also known as FAR. Rolled out during the 1980s, these supplemental DoD directives came into play when the Pentagon purchased goods, materials, and services. What began as a set of quality-related standards evolved into a set of guidelines designed to also protect national security. Along with wide-reaching product and services regulations, DFARS also has rules for CUI.

For example, the DFARS 7012 clause mandates that defense contractors and subcontractors adequately secure critical DoD data and promptly report any cyberattacks. Private-sector companies operating in the military defense niche must adopt roughly 79 security protocols, disclose cyber incidents, and ensure ongoing systems monitoring of OpSec Information, Export-Controlled Information, and Controlled Technical Information. While there was not necessarily a problem with the evolving DFARS mandate in terms of technical elements, the DoD decided to pull the best of the best measures into one policy.

How Do CMMC, DFARS & NIST Overlap and Differ?

It’s important to keep in mind that both CMMC and DFARS base much of their cybersecurity measures on NIST SP 800-171. If one were to conduct a side-by-side comparison of the 79 DFARS and more than 100 CMMC controls, they would fit into categories such as the following.

• Configuration Management
• Critical Incident Response Protocols
• Cybersecurity Awareness Training
• Data Storage and Transfer Protections
• Data and Network Monitoring
• Network Access Control
• Risk Assessments
• Security Audits and Accountability
• System Login Authentication
• User Identification and Approval

These NIST security priorities may apply in different fashions to DFARS and CMMC, but they share a common theme. The digital security measures are all designed to deter, detect, and expel threat actors. Beyond the technical NIST differences between DFARS and CMMC, the latter does not allow organizations that possess or transfer highly sensitive information to self-assess without oversight. They must enlist the support of a CMMC Third-Party Assessor Organization (C3PAO) to perform rigorous testing and report the findings to the DoD. In CMMC Level I and some Level II instances, an outfit may follow the self-testing procedures and report that score. Many reach out to a C3PAO to determine which CMMC cyber hygiene applies, refine the network, and integrate mandated protections.

By contrast, DFARS allowed, perhaps, too many military supply-chain companies to self-assess and trust them to maintain a robust cybersecurity posture. That issue resulted in an unacceptable number of data breaches and stolen national security secrets. Federal officials developed CMMC to effectively override much of the DFARS mandate and ensure ongoing cybersecurity compliance.

How to Comply with CMMC or DFARS

If your organization is currently NIST SP 800-171, in all likelihood, it also meets the DFARS standards. However, your enterprise will still need to demonstrate CMMC 2.0 compliance because the newly minted security measure integrates NIST SP 800-171 plus wide-reaching others.

The best way to accomplish compliance is to onboard a C3PAO that can perform an assessment in light of these regulations and meet the applicable cybersecurity standard.

Author Bio

John Funk is a Creative Consultant at SevenAtoms. A lifelong writer and storyteller, he has a passion for tech and cybersecurity. When he’s not found enjoying craft beer or playing Dungeons & Dragons, John can be often found spending time with his cats.

 

 

The post CMMC vs DFARS vs NIST: What Are the Differences? appeared first on Cybersecurity Insiders.

August 27, 2024 at 09:45PM

Read More

Cybersecurity boost by AI based Firewalls

Artificial intelligence (AI) is increasingly being integrated into software-based firewalls to bolster network security. These AI-enhanced firewalls utilize real-time monitoring and machine learning (ML) algorithms to detect and address cyber threats more effectively, often identifying potential risks before they materialize.

Applications of AI-Driven Firewalls

With cyber threats growing more sophisticated and targeting corporate networks, traditional firewalls are struggling to keep up. AI-powered firewalls provide a robust solution, offering advanced capabilities that enhance threat detection and response.

Here’s how they stand out:

Advanced Threat Detection: AI firewalls excel at identifying complex threats such as ransomware, malware, and advanced persistent threats (APTs). By analyzing network traffic patterns and detecting anomalies, these systems can pinpoint potential breaches with up to 95% accuracy, helping businesses avoid significant financial losses.

Real-Time Traffic Monitoring: These tools continuously scan network traffic for irregularities. By identifying and addressing anomalies in real time, AI firewalls offer proactive defense mechanisms that mitigate risks before they escalate.

Automated Response: With many organizations struggling to maintain large IT teams due to budget constraints, AI firewalls provide a crucial advantage. They automate the detection and isolation of compromised devices, reducing response times from hours or days to mere minutes. This automation helps protect sensitive data and infrastructure from malicious attacks.

Continuous Evolution: AI firewalls are designed to adapt and evolve alongside the changing cyber threat landscape. Through ongoing training and updates, the algorithms remain effective against emerging threats, ensuring that security measures stay current.

Enhanced Security Visibility: AI-driven firewalls improve security visibility and auditing capabilities. They simplify regulatory reporting and offer a clearer view of network security, making it easier to manage and respond to threats.

In summary, AI-powered firewalls represent a significant advancement in cybersecurity, offering sophisticated detection and response capabilities that keep pace with the ever-evolving cyber threat landscape.

The post Cybersecurity boost by AI based Firewalls appeared first on Cybersecurity Insiders.

August 27, 2024 at 08:40PM

Read More

Ransomware news headlines trending on Google

Patelco Credit Union Hit by Ransomware Attack Affecting 726,000 Customers

Patelco Credit Union, a U.S. nonprofit financial institution, has disclosed a ransomware attack that compromised its IT systems on June 29 of this year. The attack was carried out by a ransomware group known as Ransom HUB. The breach resulted in the exposure of sensitive information, including full names, Social Security numbers, driver’s license details, dates of birth, email addresses, and other personal contact information of 726,000 customers. Patelco is advising affected individuals to sign up for free credit monitoring services offered by Experian. The credit union also cautions customers to avoid sharing credit card details, CVVs, PINs, and expiration dates with anyone posing as bank or company officials to prevent falling victim to scams or fraud.

ARRL Pays $1 Million Ransom After Ransomware Attack

The American Radio Relay League (ARRL), a national association for amateur radio enthusiasts, has made headlines by paying a $1 million ransom following a ransomware attack in May. The attack encrypted files across several desktops and laptops running on both Linux and Windows systems. As ARRL had an insurance policy in place, the organization opted to pay the ransom, with plans to recover the amount through its insurance claim. Although law enforcement generally advises against paying ransoms, many organizations find it financially viable to do so when recovery costs exceed the losses from the attack.

Decline in Cyber Insurance Premiums Despite Rising Ransomware Threats

The frequency and sophistication of ransomware attacks are on the rise, yet the 2024 Cyber Insurance report by Howden reveals a surprising trend: cyber insurance premiums are decreasing. This decline may be attributed to enhanced cybersecurity measures, increased competition among insurance providers, and market expansion. However, concerns about coverage specifics and general distrust among potential policyholders remain. To address these issues, it is advisable for individuals and organizations to carefully review insurance policies, seek clarification from providers, and fully understand the coverage terms to mitigate misunderstandings and uncertainties.

The post Ransomware news headlines trending on Google appeared first on Cybersecurity Insiders.

August 27, 2024 at 10:56AM

Read More

Password creation tips for enhanced security

Companies like Google and Microsoft are simplifying life for users by allowing them to use a single password for multiple accounts. This approach makes it easier for users to remember just one password while accessing various services and apps.

However, in the face of threats such as brute force attacks and phishing, creating a strong password is crucial for protecting personal and sensitive information. Here are some key tips for crafting a robust password to help guard against cyber-attacks and unauthorized access:

1. Prioritize Length and Complexity: Experts recommend creating passwords that are at least 15-18 characters long. A strong password should combine letters, numbers, and special characters. This complexity significantly increases the time it takes for a hacker to crack the password using automated tools—often taking 5-6 years or more.

2. Avoid Predictability: Many users tend to choose passwords based on easily remembered personal details, such as pet names, family names, favorite celebrities, or birthdates. However, these types of passwords are often predictable and can be easily guessed by attackers. To enhance security, avoid using any easily accessible information.

3. Embrace Complexity: A complex password, such as “N!wjgdgsUTY%^_989,” helps strengthen account security through advanced cryptographic methods. Although such passwords can be difficult to remember, storing them securely—either on paper or in a protected digital format—can be a practical solution.

4. Diversify Your Passwords: While many companies advocate for using a single password across multiple accounts, it is generally safer to use different passwords for different accounts. If managing multiple passwords is challenging, consider using multi-factor authentication (MFA). MFA adds an extra layer of security by requiring additional verification, such as a PIN or a code sent to your mobile phone or email, in addition to your password.

By following these guidelines, you can significantly improve your online security and protect your accounts from unauthorized access and cyber threats.

The post Password creation tips for enhanced security appeared first on Cybersecurity Insiders.

August 26, 2024 at 08:46PM

Read More

How Chaos Engineering Makes Corporate Networks Resilient to Cyber Attacks

In an era where cyber threats are becoming increasingly sophisticated, traditional security measures alone are often not enough to safeguard corporate networks. This is where Chaos Engineering comes into play. By intentionally introducing controlled disruptions into a system, Chaos Engineering helps organizations enhance their resilience and preparedness against real-world cyber attacks.

Understanding Chaos Engineering
Chaos Engineering is a practice borrowed from the world of software development and operations, particularly from the domain of site reliability engineering (SRE). It involves deliberately creating failures and testing how systems respond. The goal is to identify weaknesses before they can be exploited by malicious actors. By simulating various types of failures—such as network outages, server crashes, or security breaches—organizations can better understand their systems’ behavior and improve their resilience.

The Benefits for Corporate Networks

1. Uncover Hidden Vulnerabilities- Chaos Engineering allows organizations to proactively identify and address vulnerabilities in their network infrastructure. By creating realistic scenarios that mimic potential cyber attacks, companies can discover weaknesses in their security protocols, configuration settings, and response mechanisms. This early detection helps in patching vulnerabilities before they are exploited by actual threats.

2. Test Incident Response Plan-Effective incident response is crucial during a cyber attack. Chaos Engineering provides a controlled environment to test and refine incident response plans. By simulating disruptions, teams can evaluate their procedures, communication strategies, and coordination efforts. This ensures that when a real attack occurs, the organization is well-prepared to respond quickly and effectively.

3. Improve System Resilience- Introducing controlled chaos into a network helps organizations understand how their systems behave under stress. This understanding enables them to design more resilient systems that can withstand and recover from disruptions. By learning how different components of the network interact and fail, companies can make informed decisions about improving their infrastructure to enhance overall resilience.

4. Enhance Security Posture- Chaos Engineering complements traditional security measures by providing insights into how security defenses hold up under simulated attacks. For example, testing how a network’s firewall or intrusion detection system responds to a breach can reveal potential gaps. This allows for fine-tuning of security controls and better alignment with the organization’s threat landscape.

5. Foster a Culture of Continuous Improvement- The practice of Chaos Engineering encourages a culture of continuous improvement and learning within an organization. It promotes a proactive mindset towards security and resilience, where teams are constantly seeking to understand and address potential weaknesses. This culture shift is crucial in staying ahead of evolving cyber threats and maintaining robust network defenses.

Implementing Chaos Engineering

To effectively implement Chaos Engineering in a corporate network, organizations should follow these steps:

1. Define Objectives: Clearly outline what you aim to achieve with Chaos Engineering. This could include improving system reliability, testing incident response, or identifying vulnerabilities.

2. Develop Hypotheses: Formulate hypotheses about how your systems will respond to various disruptions. This helps in designing meaningful experiments and understanding the impact of different failure scenarios.

3. Design Experiments: Create experiments that simulate potential failures or attacks. Ensure that these experiments are controlled and reversible to avoid unintended consequences.

4. Conduct Experiments: Execute the experiments in a controlled environment, such as a staging or test environment. Monitor the results closely and gather data on system performance and response.

5. Analyze Results: Review the outcomes of the experiments to identify weaknesses and areas for improvement. Use this data to refine security measures, incident response plans, and system design.

6. Iterate and Improve: Based on the findings, make necessary changes and improvements to your network infrastructure and security protocols. Continuously repeat the process to adapt to new threats and maintain resilience.

Conclusion

Chaos Engineering is a powerful tool for enhancing the resilience of corporate networks against cyber attacks. By proactively simulating disruptions and testing responses, organizations can uncover vulnerabilities, improve incident response, and strengthen their security posture. Embracing Chaos Engineering as part of a comprehensive security strategy helps ensure that corporate networks are not only protected but also resilient in the face of evolving cyber threats.

The post How Chaos Engineering Makes Corporate Networks Resilient to Cyber Attacks appeared first on Cybersecurity Insiders.

August 26, 2024 at 10:44AM

Read More

Cyber Attack disrupts operations at Seattle Tacoma International Airport

A sophisticated cyber attack has reportedly disrupted operations at Seattle-Tacoma International Airport, affecting one of the busiest airports in the Pacific Northwest.

The attack, which occurred early Saturday morning, targeted the airport’s website and phone systems, causing significant disruptions. However, the airport’s mobile application remained functional, and travelers are encouraged to use it for updated information on boarding passes and gate details. Airport staff are also available to assist passengers with any additional needs.

According to sources familiar with the situation, the ongoing downtime, which extended into Sunday, is attributed to a cloud error or misconfiguration. IT teams are working around the clock to resolve the issue, and services are expected to be restored by Monday.

Owned by the Port of Seattle, SeaTac is encountering its first digital assault of this nature. Despite this, the airport has established proactive measures to mitigate the impact of such incidents.

In recent days, hackers have become increasingly sophisticated, posing threats that could potentially target operational equipment or GPS systems used in aviation. This particular attack was strategically timed over the weekend, during off-peak hours, to maximize damage both financially and reputationally.

Recently, Halliburton Oilfield was also hit by a cyber attack of ransomware variant and hitting critical infra has become a a habit for criminals as they are hitting networks that guaranty them ransom in one way or the other with a slight extra pressure of double extortion or triple extortion.

The post Cyber Attack disrupts operations at Seattle Tacoma International Airport appeared first on Cybersecurity Insiders.

August 26, 2024 at 10:36AM

Read More

Cybersecurity Strategy: Understanding the Benefits of Continuous Threat Exposure Management

The cybersecurity industry is littered with buzzwords, technologies and acronyms that can often be overwhelming for security professionals doing their best to keep up and ensure their organizations are being adequately protected. Naturally, it’s the leading analyst, research and consulting agencies that security practitioners listen to the most when it comes to making decisions regarding what technology investments to make for the business. 

As one of the leading industry consultancy and research firms, Gartner stated that AI risk and security management were the number one strategic technology trends for 2024. Understandable considering the adoption of AI technology within cybersecurity has been rife on both sides of the battlefield with threat actors actively using AI capabilities to cause more digital destruction, while cybersecurity vendors have looked to AI to enhance defenses. 

Gartner’s number two trend from the list was the birth of the Continuous Threat Exposure Management (CTEM) ideology to help counter cybersecurity risk. While it may be another acronym to remember, CTEM is here to stay because it is a valuable process to help organizations continually manage cyber hygiene and risk across all digital environments. Given the rapid expansion of modern digital attack surfaces, having automated and ongoing risk management is necessary to aid today’s security departments. 

With CTEM, there are five key stages to this concept which are: scope, discover, prioritize, validate and mobilize. The objective is to break these stages into more manageable components for organizations, allowing security teams to focus on the business-critical aspects first. In fact, the CTEM approach should be considered a priority by organizations because it is estimated they would be three times less likely to experience a breach by 2026, underscoring its critical importance.

What are CTEM’s components? 

At its core, CTEM is defined as “a five-stage approach that continuously exposes an organization’s networks, systems, and assets to simulated attacks to identify vulnerabilities and weaknesses.” It is a proactive approach to cybersecurity that involves continuously assessing and managing an organization’s exposure to cyber threats and is different from traditional vulnerability management approaches which often fail to provide businesses with an efficient detailed plan of action from the findings. 

If anything, security teams are left with long lists of vulnerabilities that need fixing but with blanket remediation guidance, which makes solving the problems and dealing with the real risk even more difficult.

Naturally, many security practitioners will use the CVSS (Common Vulnerability Scoring System) for aid because it offers prioritization and evaluation of vulnerabilities in a consumable manner, but where it fails is in its true description of the potential impact to a company if the vulnerability is not rectified. 

This is where CTEM excels because it will help businesses prioritize vulnerabilities based on their significance level. Such information gives clarity on where the security gaps are, allowing clear and actionable improvement plans to be made accordingly. Security teams will gain a new-level of comprehension as to their external attack surface and how to continuously manage overall threat exposure. CTEM encompasses creating a continuous process of discovery and remediation powered by real-time threat intelligence. With critical risks often hidden within digital infrastructures, continuous monitoring and management are key when following a CTEM blueprint.

Knowing the key stages of CTEM

The CTEM approach consists of five key stages with each playing an important role in protecting an organization:

1.Scope – allows the business to identify and scope its infrastructure for the critical areas that need to be analyzed and protected.

2.Discovery – after scoping, a list of vulnerable assets is revealed.

3.Prioritization – review the risks flagged and their potential impact on the business.

4.Validation – understand how threat actors can exploit these vulnerabilities, how monitoring systems may react, and if further footholds could be gained. 

5.Mobilization – agree on the resolution with actionable goals and objectives while providing effective reporting to convey the urgency to stakeholders. 

While these stages may already be incorporated in an organization’s defense, often they are siloed or not continuously in sync. Security departments that want to take their organization along the CTEM journey, leveraging security platforms that harness the power of External Attack Surface Management (EASM), Risk-based vulnerability Management (RBVM), Threat Intelligence and targeted testing, is necessary. 

By following the CTEM methodology, organizations can bring these critical components together in a structured approach to systematically address vulnerabilities, prioritize risks, effectively reduce the overall attack surface and protect the digital infrastructure. 

 

The post Cybersecurity Strategy: Understanding the Benefits of Continuous Threat Exposure Management appeared first on Cybersecurity Insiders.

August 24, 2024 at 09:16PM

Read More

The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of Software Risks

Introduction

Recent NetRise research found that vulnerability risks are, on average, 200 times greater than what traditional network-based vulnerability scanners report!

For years, traditional network-based vulnerability scanning has been a cornerstone of cybersecurity efforts for enterprise organizations. These scanners have played a critical role in identifying potential security weaknesses by analyzing network traffic and detecting known vulnerabilities in devices based on their make, model, and firmware versions. While these tools have been indispensable, they also have significant limitations that leave organizations vulnerable to hidden software risks.

As the cybersecurity landscape evolves, it is becoming increasingly clear that traditional vulnerability scanning methods are inadequate for addressing the complex and dynamic nature of modern software environments. This blog explores the limitations of these traditional methods, highlights findings from the NetRise Supply Chain Visibility & Risk Study, and discusses steps organizations can take to achieve comprehensive software visibility and better manage their vulnerability risks.

The Importance of Vulnerability Risk Management

Vulnerability risk management is a crucial component of any robust cybersecurity strategy. It involves identifying, assessing, and mitigating vulnerabilities to reduce the attack surface and protect against potential threats. Effective vulnerability risk management helps organizations prioritize their security efforts, allocate resources efficiently, and minimize the likelihood of successful cyberattacks.

By systematically identifying and addressing vulnerabilities, organizations can reduce their exposure to threats and improve their overall security posture. However, achieving this requires accurate and comprehensive visibility into all software components and their associated risks. Something traditional network-based vulnerability scanning cannot and does not provide.

Why Do Traditional Network-Based Scanners Underreport Software Vulnerabilities?

Traditional network-based vulnerability scanners can under report the extent of software vulnerabilities due to inherent limitations in their approach. These scanners typically perform surface-level assessments, focusing on known vulnerabilities associated with device make and model names, and possibly firmware versions. They rely on looking up the make, model, and firmware in existing vulnerability databases to generate a list of known vulnerabilities specifically reported for these devices.

However, this approach fails to account for vulnerabilities in deeply embedded software components and third-party libraries that make up the device’s firmware and software stack. Vulnerability scanning from the outside cannot discover these detailed software components and libraries in the code, and thus cannot report on known vulnerabilities for the device that is running those software components.

The difficulty in getting to the entire software stack SBOM (Software Bill of Materials) and corresponding vulnerabilities has led to an attitude of acceptance throughout the industry when it comes to the risk these devices and software can pose in the network. This must change. Organizations need to adopt automated software analysis methods that provide a comprehensive and granular view of all software components and risks, complementing existing vulnerability scanning processes and helping prioritize the full list of vulnerabilities for security teams.

Examples of the Underreporting of Software Vulnerabilities

The most concerning finding from the recent NetRise Supply Chain Visibility & Risk Study is the significant underestimation of software vulnerability risks in networking equipment. The research uncovered that vulnerability risks are, on average, 200 times greater than what traditional network-based vulnerability scanners report. This discrepancy highlights a critical blind spot in current cybersecurity practices.

Read more in the NetRise Supply Chain Visibility and Risk Study, Edition 1: Networking Equipment; Q3 2024

Implications of Underestimation

This finding is particularly concerning because it means organizations have a false sense of security, believing their systems are more secure than they actually are. This false sense of security can lead to inadequate risk management practices and unpreparedness for potential attacks. The study underscores the urgent need for comprehensive software visibility because, without detailed insights into the entire software stack and their vulnerabilities, organizations cannot effectively prioritize and mitigate risks.

The implications of underestimating software vulnerabilities are far-reaching and severe:

1.False sense of security:

Incomplete scanning provides a false sense of security, leading organizations to believe they are more protected than they are. This can result in complacency and a lack of urgency in addressing critical vulnerabilities. At a minimum, organizations should understand their risk levels, even if all they do is explicitly acknowledge and accept these risks. 

2.Unaddressed risks and vulnerabilities:

Undetected vulnerabilities remain unaddressed, leaving systems exposed to potential exploits. These hidden vulnerabilities can be exploited by attackers, leading to significant security breaches.

3.Increased risk of exposure to software supply chain cyberattacks

Undetected threats can have substantial financial and operational impacts, especially if the company is hit with a complex to respond to and remediate supply chain cyber-attack.

Steps to Address the Limitations

To address these challenges, organizations must prioritize achieving comprehensive software visibility. The findings from the NetRise study underscore the critical importance of having a detailed understanding of all software components within the supply chain. Here are some basic steps companies should consider:

1. Generate comprehensive SBOMs

Creating detailed software bills of materials (SBOMs) is the foundation of effective supply chain security. SBOMs provide a clear inventory of all software components, including third-party libraries and dependencies. This inventory is essential for identifying and managing risks effectively.

2.Implement automated software risk analysis

Traditional network-based vulnerability scanners often underreport vulnerability information as we’ve seen. By augmenting these scans with detailed software risk analysis methods, companies can uncover a much more complete risk picture, ensuring a more thorough risk assessment. Automated tools can help generate and analyze SBOMs, providing continuous and up-to-date visibility.

3.Prioritize risk management

Once comprehensive visibility is achieved, organizations should prioritize vulnerabilities based on factors beyond CVSS scores, such as weaponization and network accessibility. This approach ensures that the most critical threats are addressed first. Feeding this vulnerability information into existing security operations center (SOC) tools ensures it is widely available and actionable.

4.Continuous monitoring and updating

Supply chain security is not a one-time effort. Continuous monitoring of software components is essential to stay ahead of emerging threats. Companies should establish processes for ongoing vulnerability assessment and remediation, ensuring that their software inventory is always current, and risks are continuously managed.

By focusing on these steps, organizations can significantly enhance their supply chain security processes, mitigate risks more effectively, and protect their critical assets.

Conclusion

The limitations of traditional network-based vulnerability scanning methods are becoming increasingly apparent in today’s complex cybersecurity landscape. These methods often fail to provide a complete picture of the vulnerabilities within an organization’s software environment, leading to a false sense of security and unaddressed risks. To address these challenges, organizations must adopt more robust vulnerability assessment strategies that include comprehensive software visibility and detailed risk analysis.

By generating comprehensive SBOMs, implementing automated software risk analysis, prioritizing risk management, and maintaining continuous monitoring and updating, organizations can significantly improve their vulnerability management practices and protect against evolving threats. The key takeaway is clear: comprehensive software visibility is essential for effective cybersecurity. Organizations cannot secure what they cannot see, and achieving detailed visibility into all software components is the first step towards a robust and resilient security strategy.

The post The Limitations of Traditional Network-Based Vulnerability Scanning – And the Systematic Underestimation of Software Risks appeared first on Cybersecurity Insiders.

August 24, 2024 at 08:45PM

Read More

Data Security Posture Management (DSPM) is an Important First Step in Deploying Gen AI and Copilot Tools

Microsoft’s advanced AI assistant, Copilot, has gained significant traction in corporate environments and is rapidly changing how users interact with data across Microsoft 365 applications. Although Copilot introduces countless new possibilities, it has also brought challenges related to data access and security that must be considered.  

As organizations embrace digital transformation and AI adoption, protecting all information is critical, especially data generated by AI. With increasing reliance on AI and machine learning technologies to streamline operations, increase productivity, and reduce costs, classifying and ensuring adequate access controls to sensitive data is paramount to keeping it safe.  

Ultimately, Copilot has brought four key security issues into organizations. First, its output inherits sensitivity labels from the input, which means if data is not classified correctly, the output will also be incorrectly classified. In the case where sensitive data used to generate a quarterly financial report is not correctly classified at the input stage, Copilot will generate a comprehensive report including sensitive earnings data yet fail to classify this data as confidential. A report like this could inadvertently be shared with an external stakeholder.  

Copilot also inherits access control permissions from its inputs, and thus the output inherits these permissions. If data has inappropriate permissioning, sharing and entitlements, the output will also have the same issues possibly leading to a potentially devastating data breach or loss. Concentric AI’s Data Risk Report shows that a great number of business-critical files are at risk from oversharing, erroneous access permissions, inappropriate classification, and unfortunately can be seen by users both internal or external who should not have access.  

Consider this example: An HR manager using Copilot to create an internal report which includes employee’s personal information -and may have source data with overly permissive access controls. This would allow any department member to view all employee records. As a result, this Copilot-generated report would inherit these permissions, and sensitive employee information would be accessible to all department members, violating privacy policies and potentially leading to legal challenges. 

The third key security issue with Copilot is due to company context on sensitivity not factored into the output. Every company has sensitive data including financial records, intellectual property and business confidential customer data. However, Copilot is unlikely to factor this context into its decision making around outputs or who should have access to it.  

Imagine a product development team using Copilot to brainstorm new product ideas based on existing intellectual property (IP) and R&D data, with inputs that might include confidential information about upcoming patents. Copilot, lacking context on the company’s sensitivity towards this IP, will incorporate detailed descriptions of these patents in its output. If this output is shared with a broader audience, the company has inadvertently exposed future product plans and risks IP theft. 

Lastly, Copilot output is unclassified and output that may be sensitive could easily be accessible by anyone. For example, a marketing team could use Copilot to analyze customer feedback, generating a report on customer satisfaction trends. Perhaps the input data contains sensitive customer information, such as criticism of unreleased products. Since Copilot outputs are unclassified by default, the generated report will not flag any of the sensitive customer feedback as confidential. If the report is uploaded to a shared company server without appropriate access restrictions, internal leaks and competitive disadvantage become a significant risk.  

Why we need data security posture management for AI usage 

Data security posture management (DSPM) is an essential pre-requisite to deploying and operating Copilot to help ensure that organizations can adequately balance Copilot’s productivity increases while ensuring sensitive data is protected.   

DSPM empowers organizations to discover sensitive data, visibility into where it resides and determine the type of sensitive data existing across cloud environments. DSPM provides the ability to identify risks by proactively detecting and assessing business-critical data, thereby preventing potential breaches before they occur.  In addition, DSPM uniquely classifies data – by tagging and labeling sensitive data. Overall DSPM helps to remediate and protect sensitive information against unauthorized data loss and access.  

As data moves through the network and across structured and unstructured data stores, it is labeled appropriately no matter where it resides. It is then monitored for risks, such as risk sharing, inaccurate entitlements, inappropriate permissions, or wrong location.

The full potential of Copilot can be unlocked safely with DSPM. When it comes to deploying any type of AI tool, including Copilot, DSPM is critical before, during and after deployment. The risk to sensitive data is high enough without Copilot in the mix; adding it blindly greatly amplifies that risk for organizations. 

DSPM addresses the four security challenges organizations face before, during and after a Copilot deployment. DSPM’s approach to managing risks involves sophisticated natural language processing (NLP) capabilities to accurately categorize data, including outputs from Copilot. This ensures that sensitive information is correctly identified and protected, addressing potential security risks without compromising productivity. 

With incorrectly classified output due to inherited sensitivity labels, DSPM solutions mitigate this risk by implementing advanced data discovery and classification processes that automatically identify and classify data based on its content and context before input into Copilot. DSPM can also continuously monitor data flows, reclassifying data as necessary and ensuring that any data processed by Copilot and its subsequent outputs maintains the correct classification levels. By ensuring that all data is accurately classified at the source, DSPM prevents incorrect sensitivity labels from being propagated through Copilot’s outputs.  

Before data is processed by Copilot, DSPM tools can enforce the principle of least privilege, correcting over-permissive access settings and preventing sensitive outputs from being inadvertently shared or exposed. This proactive approach to permissions management significantly reduces the risk of data breaches and loss. When it comes to inappropriate permissioning, sharing and entitlements, DSPM addresses this challenge by providing granular visibility into data access controls and entitlements across the organization’s data stores. It automatically assesses and adjusts permissions based on the data’s classification, ensuring that only authorized users have access to sensitive information.

Regarding lack of company context in output sensitivity, advanced DSPM systems leverage sophisticated natural language processing and machine learning algorithms to understand the nuanced context of data, including its relevance to specific business processes and its sensitivity level.

By integrating DSPM with Copilot, organizations can ensure Copilot is informed about company-specific sensitivity context, providing a blueprint for Copilot as it factors in this critical information when generating outputs. This ensures that sensitive data, such as intellectual property or confidential business information, is handled appropriately, maintaining confidentiality and integrity.

Finally, DSPM solutions directly address the challenge of unclassified outputs by automatically classifying all data processed by Copilot, ensuring that outputs are immediately tagged with the appropriate sensitivity labels. This automatic classification extends to Copilot-generated content, ensuring that any sensitive information contained within these outputs is immediately recognized and protected according to its classification.

By enforcing strict classification protocols, DSPM ensures that sensitive outputs are not inadvertently accessible, maintaining strict access controls based on the data’s sensitivity and compliance requirements.

The post Data Security Posture Management (DSPM) is an Important First Step in Deploying Gen AI and Copilot Tools appeared first on Cybersecurity Insiders.

August 24, 2024 at 07:21PM

Read More

Report Finds 50% of Organizations Experienced Major Breaches in the Past Year

New research by Team Cymru, a global leader in external threat intelligence and exposure management, reveals that 50% of organizations experienced a major security breach in the past year. The “Voice of a Threat Hunter 2024” report, which surveyed 293 cybersecurity professionals, highlights the critical importance of threat hunting programs in mitigating these breaches.

Despite the rise in cyber attacks, the report found that 72% of those who faced a breach credited their threat hunting program with playing a crucial role in preventing or minimizing the impact. This finding underscores the need for organizations to invest in proactive security measures.

David Monnier, Chief Evangelist at Team Cymru, emphasized the significance of these findings: “The report paints a picture of a cybersecurity landscape where no organization is immune, but the robustness of threat hunting programs has proven essential in mitigating the impact of breaches.”

According to the report, organizations that prioritize proactive detection, real-time threat intelligence, and third-party monitoring are better positioned to defend against sophisticated cyber threats. However, challenges remain, with 39% of respondents citing a lack of funding and data as major obstacles to effective threat hunting.

“In today’s evolving threat landscape, investing in the right tools and strategies is critical to success,” Monnier added.

Additional key findings: 

Key Findings: 

• The majority say proactive detection of previously unknown threats is their top objective. 
• 53% say they would quit their job today to go work at an organization that offered better threat hunting tools and technology even if paid less.  
• The most valuable threat hunting product is network forensic detection, netflow telemetry, raw network telemetry data and/or full packet captures. 
• The top priority for the next year is expanding third-party monitoring for signals of compromise

It’s essential for organizations to fortify their cybersecurity defenses by implementing robust threat hunting programs that go beyond their network borders.

Read the full report here: Voice of a Threat Hunter 2024.

 

The post Report Finds 50% of Organizations Experienced Major Breaches in the Past Year appeared first on Cybersecurity Insiders.

August 23, 2024 at 11:57AM

Read More

Ransomware hits in these specific timings and steals data from Google Chrome

In recent discussions, we’ve explored how ransomware attacks are carried out, their common targets, and the impact on affected companies. A recent study by Malwarebytes has shed light on the specific timing of these attacks, offering new insights into their patterns.

According to Marcin Kleczynski, CEO of Malwarebytes, ransomware attacks frequently occur between 1:00 a.m. and 5:00 a.m. on weekends, particularly on Fridays. During these hours, many companies are in a state of reduced activity, with fewer IT staff available to respond to incidents.

The study also highlights a troubling trend in the sophistication and speed of ransomware spread. Previously, the interval between initial access and data encryption was about three weeks. However, in the past year, this time frame has dramatically decreased to just 6 to 13 hours. This rapid progression underscores the urgent need for swift detection and response measures to combat these attacks effectively.

Malwarebytes also noted that many ransomware groups operate from locations far from their victims. This geographic distance often limits the effectiveness of legal actions and prosecution, as jurisdictional boundaries can complicate enforcement.

In related news, cybersecurity researchers from Sophos X-Ops have identified that the perpetrators behind the Qilin Ransomware are engaging in mass credential theft from Google Chrome browsers. With Google Chrome holding approximately 62% of the browser market—thanks in part to its widespread use on Android smartphones—this issue is particularly concerning.

To mitigate these risks, Sophos advises users to employ password managers, which adhere to industry best practices for safeguarding credentials. They also recommend implementing multi-factor authentication (MFA) as an additional layer of security. For optimal protection, users should create passwords that are at least 15 characters long, combining letters, numbers, and special characters.

The post Ransomware hits in these specific timings and steals data from Google Chrome appeared first on Cybersecurity Insiders.

August 23, 2024 at 10:49AM

Read More

Is your organisation at risk?

As security and identity management become increasingly more complex with 60% of breaches attributed to insider threats, compromising on access control just makes no sense. More importantly, choosing the right partner is more crucial than ever.

According to IDECO CEO Marius Coetzee, IDEMIA’s biometric readers are known for their exceptional high quality and longevity, ensuring that your investment in security technology is protected for years to come. “With a reputation for accuracy and cutting-edge technology, IDEMIA delivers robust access control solutions that provide peace of mind and operational efficiency.”

“Their commitment to quality, innovation, and customer satisfaction has positioned them as the Corporate Standard and go-to choice for organisations seeking reliable and long-term security solutions,” he stresses.

Quality and reliability

High quality is a hallmark of IDEMIA’s offerings. The company’s biometric solutions are crafted with precision, ensuring accuracy, reliability and reducing the likelihood of false acceptance. Businesses can trust IDEMIA to deliver consistent, high-quality performance that meets the rigorous demands of modern security environments.

IDEMIA ensures reliability through world-class matching algorithms, advanced manufacturing processes, and stringent quality assurance checks at every production stage. This meticulous approach minimises defects and guarantees best in class performance.

Understanding the Total Cost of Ownership (TCO)

When investing in biometric solutions, it’s essential to consider the total cost of ownership (TCO) beyond the initial purchase price. With IDEMIA, one is investing in longevity and quality, which stands the test of time. This approach prevents the costly cycle of replacing biometric readers every few years.

IDEMIA offers robust, scalable solutions that minimise implementation, maintenance, and operational costs. The company’s products are designed for durability and efficiency, delivering long-term savings and reducing the need for constant updates or repairs.

Vendor stability and reputation

Partnering with a stable and reputable vendor is crucial for long-term success. IDEMIA’s reputation for stability and long-term viability makes it a trustworthy partner. The company earns trust through a proven track record of delivering high-quality, innovative solutions.

Coetzee says their commitment to continuous technological advancements guarantees that your biometric solutions are always equipped with the latest innovations. “Regular updates and upgrades are included, ensuring your investment evolves with the latest technological trends and security standards.”

Compatibility and integration

IDEMIA’s technology stack is designed for seamless compatibility with existing infrastructure. Its solutions integrate smoothly with current systems, ensuring robust security and easy adoption. The advanced biometric and cryptographic technologies used by IDEMIA enhance overall security while facilitating integration across various platforms.

The company’s products are trusted by governments and leading corporations worldwide, solidifying IDEMIA’s status as a top-tier provider in the field.

Comprehensive support

IDEMIA excels in providing extensive support services, including training, implementation assistance, and ongoing local support. Its commitment to customer service ensures that organisations can maximise the benefits of their solutions, with expert guidance available every step of the way.

“This comprehensive support is crucial for maintaining their position as the corporate standard in biometrics. By offering tailored solutions and hands-on support, IDEMIA helps organisations achieve their security goals with minimal hassle and maximum return on investment,” he explains.

Longevity versus warranty

More importantly, IDEMIA’s products are engineered for longevity, surpassing standard warranty periods. This emphasis on durability means organisations experience fewer repairs and updates, minimising downtime and ensuring consistent performance.

By focusing on long-term reliability, IDEMIA provides a dependable security solution, reducing the total cost of ownership (TCO) for clients. The extended lifespan of IDEMIA’s products enhances their value proposition, offering peace of mind and sustained security.

Ethical practices and sustainability

IDEMIA is committed to ethical practices and sustainability. Its solutions are designed with a focus on environmental responsibility, ensuring that businesses can achieve their security goals without compromising on ethical standards. This commitment extends to data privacy and protection, aligning with global security practices.

For sustainability, IDEMIA incorporates eco-friendly materials in their products and designs solutions with energy efficiency in mind. The company’s operations emphasise waste reduction, recycling, and minimising resource usage, contributing to a sustainable future while upholding high ethical standards.

Global Security Practices: GDPR and POPIA Compliance

With the many stringent data protection regulations, IDEMIA’s solutions are meticulously designed to comply with global security practices like GDPR and POPIA, ensuring robust data protection and privacy. It incorporates advanced encryption techniques to safeguard personal data during collection, storage, and transmission.

IDEMIA’s comprehensive approach to data security helps organisations maintain compliance while leveraging cutting-edge biometric technologies, ensuring that businesses can operate confidently, knowing their biometric data is handled in accordance with the highest legal and ethical standards.

Vision

Coetzee says a vendor’s vision and future plans are critical to long-term success. “IDEMIA envisions a future where biometric solutions enhance security, convenience, and efficiency across various sectors. Their mission is to make it safer and easier for people to pay, connect, be identified, access, travel, and stay safe by continuously reinventing the way we interact.”

IDEMIA’s technical roadmap aligns with the evolving needs of modern businesses, focusing on innovation and scalability. The company’s strategic direction ensures that their solutions remain relevant and effective, keeping pace with technological advancements and market demands.

In conclusion, Coetzee states: “IDEMIA sets the corporate standard in biometrics by distinguishing itself through a combination of innovative technology, robust support services, a clear strategic vision, cost-effectiveness, and unwavering reliability.”

“Their commitment to quality, privacy, ethical practices, and global compliance ensures that businesses can trust IDEMIA for their biometric needs. By choosing IDEMIA, organisations align themselves with a leader in the industry, securing a reliable and forward-thinking partner for their biometric solutions,” he concludes.

The post Is your organisation at risk? appeared first on Cybersecurity Insiders.

August 23, 2024 at 08:00AM

Read More

INE Security Launches Initiatives to Invest in the Education of Aspiring Cybersecurity Professionals

Cary, North Carolina, August 22nd, 2024, CyberNewsWire

INE Security, a global cybersecurity training and certification provider, recently launched initiatives with several higher education institutions in an ongoing campaign to invest in the education of aspiring cybersecurity professionals.

“There is a critical skills gap in the industry, which has enormous implications for businesses and individuals alike,” said Dara Warn, INE Security’s CEO. “We are working to partner with higher education institutions to close that gap, rewrite the book on how to prepare cybersecurity students, and ultimately reinforce the entire industry’s strength and security.”

According to the team, in a world where digital threats transcend borders, the need for robust cybersecurity education has never been more critical. Universities around the globe are stepping up, recognizing that their role in preparing the next generation of cybersecurity experts is crucial not only for national security but also for maintaining global competitiveness. As cyber threats become more sophisticated, educational institutions are compelled to provide their students with the skills necessary to navigate and mitigate these risks effectively.

One of the most pressing reasons for advanced cybersecurity training is the sheer scale and global nature of cyber threats. According to the 2020 Cost of a Data Breach Report by IBM, the average total cost of a data breach globally reached $3.86 million, highlighting the severe economic impact of these incidents. This global threat landscape requires a workforce that is not only technically proficient but also equipped with a comprehensive understanding of international cybersecurity challenges.

INE Security + Columbus State University

Columbus State University (CSU) is a public university located in the southeastern United States, serving approximately 7,000 students annually. To address the growing demand for skilled cybersecurity professionals in Georgia, CSU launched the NEXUS program in 2017, driven by the state’s identified shortage of 15,000-30,000 IT and cybersecurity professionals. The challenge was that CSU’s cybersecurity education lacked hands-on labs and certification opportunities, making it difficult for students to gain practical skills and accredited certifications essential for the cybersecurity workforce. 

In 2019, CSU partnered with INE Security to integrate the Junior Penetration Tester (eJPT) certification into its curriculum. The eJPT learning path’s hands-on nature, robust application, and immediate feedback were key in addressing the practical training gap. Cybersecurity lecturers at CSU led the integration of the eJPT certification. Since then, 122 students have registered and completed the certification, following a progressive training model starting with IT Fundamentals and CompTIA certifications, followed by eJPT, and culminating in the SEC+ certification. The eJPT certification ensures foundational skills for advanced roles, with a 90% first-attempt pass rate and immediate feedback for those retaking the exam.

INE Security + FOUR18 Intelligence

FOUR18 Intelligence works with students to deliver live-fire training, and partnered with INE Security to enhance hands-on, real-world cyber defense education. The collaboration aims to make high-quality cybersecurity training accessible and impactful for learners at every stage of their career, anywhere in the world. Part of the strategy centers around FOUR18’s DEF3NSE system, which is the first of its kind to offer live-fire cyber threat learning and micro-internships at scale. The partnership is designed to provide students a truly immersive learning experience that prepares them for real-world security risks through practical hands-on engagement, a goal achieved through the joining of INE Security and FOUR18 Intelligence. 

INE Security + Virtually Testing Foundation 

Virtually Testing Foundation (VTF) is a California-based 501(c)3 e-learning non-profit organization that started with a mission to educate and help people transition into the field of cybersecurity. INE Security partnered with VTF as a technical training resource, giving the organization’s interns access to premium training, hands-on labs, on-demand videos, immersive learning tactics, and discounted access to highly sought-after industry certifications. The partnership opportunity enables VTF interns to access top-tier training materials at no cost, representing a crucial stride in equipping individuals with cybersecurity skills to close critical skills gaps. 

Career Prospects

The career prospects in the cybersecurity field are highly promising. The Bureau of Labor Statistics projects a 31% growth in employment for information security analysts from 2019 to 2029, significantly faster than the average for all occupations. This demand reflects the critical need for cybersecurity professionals who are well-versed in handling both national and international challenges.

Furthermore, the integration of advanced technologies like artificial intelligence and machine learning in combating cybercrime highlights the evolving nature of the field and the continuous learning opportunities it presents. Universities that collaborate with cybersecurity firms to incorporate these technologies into their training programs not only enhance the learning experience but also ensure that their students are prepared for the future demands of the cybersecurity landscape.

Higher education Impact on The Future

Higher education institutions and organizations that invest in comprehensive cybersecurity training, especially through partnerships with experienced cybersecurity training partners, are making a significant contribution to the global economy. By equipping students with the necessary skills to face and address international cyber challenges effectively, these institutions are ensuring that their graduates are not only competitive but also ready to lead in the global arena. These efforts not only protect the institutions’ data and reputations but also prepare their students for a world where cybersecurity expertise is revered and essential.

About INE Security:

INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

Contact

Director of Global Strategic Communications and Events
Kathryn Brown
INE Security
kbrown@ine.com

The post INE Security Launches Initiatives to Invest in the Education of Aspiring Cybersecurity Professionals appeared first on Cybersecurity Insiders.

August 22, 2024 at 10:05PM

Read More