Category Archives: EDITOR’S NEWS

Positive Technologies uncovers critical vulnerabilities in APC uninterrupted power supplies

Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, and Stephen Nosov have discovered four vulnerabilities in management cards for APC by Schneider Electric hardware. These uninterrupted power supply (UPS) units are used in various sectors. Two of the vulnerabilities received the maximum possible CVSS v3 score of 10, indicating a very high degree of risk.  

 

Security issues were found in APC MGE SNMP/Web Card Transverse 66074 management cards, which are present in several series of UPS units: Galaxy 5000/6000/9000, EPS 7000/8000/6000, Comet UPS/3000, Galaxy PW/3000/4000, and STS (Upsilon and Epsilon).[1]

 

The first vulnerability, CVE-2018-7243 (score 10), in the built-in web server (port 80/443/TCP) allows a remote attacker to bypass the authentication system and obtain full administrative access to the UPS, which jeopardizes the continued uptime of equipment connected to electrical power.

 

Schneider Electric recommends replacing vulnerable management cards with NMC kit G5K9635CH on the Galaxy 5000, Galaxy 6000, and Galaxy 9000. For the MGE EPS 7000 and MGE EPS 8000, the vendor recommends installing NMC kit G9KEPS9635CH. For other affected units, no replacement cards are available. The vendor also recommends following cybersecurity best practices in order to minimize risks.

 

The second vulnerability found in the built-in web server (port 80/443/TCP) enables an attacker to obtain sensitive information about the UPS unit (CVE-2018-7244, score 5.3).

 

Exploitation of the third vulnerability (CVE-2018-7245, score 7.3) can result in an unauthorized user changing the settings of the device, including disable parameters. To address these two vulnerabilities, users must, on the access control page, enable authentication for all HTML pages (this can be selected by the user during initial setup of the UPS).

 

With the fourth vulnerability (CVE-2018-7246, score 10), a remote attacker can intercept administrator account credentials. If SSL is not activated on the UPS, account credentials are sent in cleartext when the access control page is requested. The vendor advises specifying SSL as the default mode and applying special precautions to limit access to administration interfaces, such as by using Modbus RTU in combination with a Modbus/SNMP gateway.

 

For early detection of cyberincidents and awareness of ICS vulnerabilities, Positive Technologies offers PT ISIM and MaxPatrol for the specific needs of industrial protocols and networks.

The post Positive Technologies uncovers critical vulnerabilities in APC uninterrupted power supplies appeared first on IT SECURITY GURU.

Cyber Security Agency Eskenzi PR wins a Queen’s Award for Enterprise 2018

Her Majesty The Queen, advised by the Prime Minister, has honoured Eskenzi PR and Marketing with a Queen’s Award for Enterprise 2018, recognising its outstanding achievement in International Trade. Eskenzi has been in business for over twenty years, working with cyber security companies all over the world, to raise awareness of security issues organisations face and the cutting edge technology available to thwart cyber attacks.  This award comes at a time when the government is paying particular focus in this area, having recently launched its strategy to support the export of cyber security technology.

The Queen’s Award for Enterprise are the UK’s most prestigious business awards, recognising and celebrating business excellence across the UK. This year it has been given to just 152 companies for overseas trade and International growth.

Yvonne Eskenzi, Co-Founder at Eskenzi PR said: “The Queen’s Award is the highest accolade that any British company can achieve. For us, it is recognition of the contribution and hard work we, as an agency, deliver in the cyber security sphere. We’re proud to say we’ve been in the space, from the start, working tirelessly to highlight cyber security challenges organisations’ face daily, and promoting the technologies that help strengthen their defences. Over twenty years ago we helped to launch Infosecurity Europe – a cyber security exhibition held annually in London, it was a subject few outside of the sector understood, or even knew existed. Today it’s front page news and being debated during board meetings and at dinner parties around the world. I’m especially proud that we have won the Award for all our work overseas, recognising Eskenzi PR as the go to international PR agency for Cyber Security.”

Eskenzi PR Ltd is a specialist agency, working closely with the very best cyber security companies in the world, including those coming out of Israel, Silicon Valley, Europe and of course, the UK. Today, the agency represents over 25 companies, working with many leading vendors in cyber including Airbus Cybersecurity, Imperva, ESET and AlienVault.

By investing in technology, Eskenzi PR has the tools needed to ensure it remains one step ahead of its competitors, enabling the agency to grow quickly across the UK, France, Germany, Benelux, The Nordics, and, most importantly, the USA.

In choosing the winners of this award, the Queen is advised by the Prime Minister, who is assisted by an advisory committee including the government, industry and commerce, and trade unions. Successful organisations may fly the Queen’s Award flag at their principal premises and are entitled to use the emblem on their stationery, advertising and goods. A corporate award is valid for five years. Additionally, the Queen hosts a reception at Buckingham Palace for representatives of Eskenzi PR.

The two co-founders of Eskenzi PR – Yvonne Eskenzi and Neil Stinchcombe, who are a husband and wife team, will attend a reception at Buckingham Palace to meet HRH The Prince of Wales and other winners on 28th June.

The post Cyber Security Agency Eskenzi PR wins a Queen’s Award for Enterprise 2018 appeared first on IT SECURITY GURU.

TaskRabbit has been brought back to life – Security industry opinion

At the beginning of this week (Monday 16th), TaskRabbit, the IKEA-owned mobile marketplace that matches freelance labour with local demand, had its website and app hacked resulting in both shutting down and going offline. The company had offered a statement to its customers saying, “ we understand how important your personal information is and are working with an outside cybersecurity firm and law enforcement to determine the specifics.”

An investigation is under way to seek what information may have been compromised and how the breach occurred with TaskRabbit advising all users to change passwords and monitor for unusual activity across accounts in case of signs of stolen identity. This is sound security advice but what did the security industry have to say regarding the hack:

Bob Egner, VP at Outpost24 said that the reason this hackers targeted TaskRabbit data is due to it being interesting and valuable. He said, “attacks of this nature are attempted when there is a potential gain for the attacker in this case, to monitize any personal information that can be obtained.  All web applications are vulnerable, it’s only a matter of how much effort the attacker is required to expend.  It’s really an economic problem where the payback has to be larger than the expended effort.

Any public facing web application that holds large amounts of personal information should have a comprehensive application security testing program in place to assess the application, it’s data stores, the infrastructure on which it runs, and the users assigned to manage and operate the overall system.  Any weaknesses should be remediated in a prioritized way so that the potential for attack is reduced to the lowest possible level and maintained there.  The focus should be on the economic equation, where the effort required to compromise the system is much greater than the value of any stolen information.”

According to Tim Helming, director of product management at DomainTools, the TaskRabbit breach is an indication of how comprehensively nefarious actors can interfere with business functions–and potentially harm users. Tim goes on to say, “To take control of a website and expose such trusted resources as TaskRabbit’s GitHub repository, as well as daily transaction volumes and information regarding employees, the threat actors must have had comprehensive access to the network. While we don’t yet know the specifics of how this attack unfolded, it is a good reminder of the importance of practices such as least-privilege access controls, robust network segmentation, and strong phishing controls. Organizations need to take cybersecurity seriously, particularly when it could affect the livelihood, reputation and privacy of both employees and service users.”

The post TaskRabbit has been brought back to life – Security industry opinion appeared first on IT SECURITY GURU.

Employees responsible for 35% of ICO data security incidents since 2015

New analysis has found that over the last three years, 35% of all major data breaches were caused by negligent or malicious employees, costing the UK-based organisations involved almost £500,000 in fines from the Information Commissioner’s Office (ICO).

This study, carried out by global security software company Avecto, looked at all the breaches between August 2015 and January 2018, where the ICO issued fines for ‘failing to take appropriate technical and organisational measures against the unauthorised processing of personal data’.

Examples of data breaches directly caused by insiders at the organisations involved include negligent staff members sending emails containing personal data to the wrong people, as well as employee laptops being lost or stolen when taken out of the office. Another data breach which highlighted failed processes and resulted in a fine of £180,000 occurred when a server that was meant to be locked in a secure cupboard and contained a significant amount of sensitive information, was stolen.

In another instance, a malicious insider was able to access a data server room and steal information from a device, including 59,592 customer names, addresses, bank account and sort code numbers.

Andrew Avanessian, Chief Operating Officer at Avecto, said: “Strict company processes and staff training can’t be relied upon when it comes to safeguarding company devices and protecting sensitive data. Although both are important elements of a security strategy, people will make mistakes and can be easily duped into initiating malicious activity, meaning that employees are always going to be the weakest link.

“Organisations need to start by having the right technology in place to provide a solid security foundation that protects their data and their employees. For example, limiting administrative privileges is one simple way for organisations to massively reduce the threat so that all users have only the access they need to perform their job roles. Limiting unknown and therefore unauthorised applications from running ensures that employees are not subjected to drive by attacks. It is also crucially important to ensure employees have the freedom to get on with their jobs without limiting productivity.

“The analysis highlights a clear need for a defence-in-depth approach to security and a focus on having both the technological and operational processes in place to prevent data breaches.”

The post Employees responsible for 35% of ICO data security incidents since 2015 appeared first on IT SECURITY GURU.

SANS Experts Share Five Most Dangerous New Attack Techniques

Experts from SANS last night presented the five most dangerous new cyber attack techniques in their annual RSA keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare.

The five threats outlined are:

  1. Repositories and Cloud Storage Data Leakage
  2. Big Data Analytics, De-Anonymization, and Correlation
  3. Attackers Monetize Compromised Systems Using Crypto Coin Miners
  4. Recognition of Hardware Flaws
  5. More Malware and Attacks Disrupting ICS and Utilities Instead of Seeking Profit

Repositories and Cloud Storage Data Leakage

Ed Skoudis, a top hacker exploits expert, SANS Faculty Fellow and lead for the SANS Penetration Testing Curriculum, talked about the data leakage threats facing us from the increased use of repositories and cloud storage:

“Software today is built in a very different way than it was 10 or even 5 years ago, with vast online code repositories for collaboration and cloud data storage hosting mission-critical applications. However, attackers are increasingly targeting these kinds of repositories and cloud storage infrastructures, looking for passwords, crypto keys, access tokens, and terabytes of sensitive data.” 

He continued: “Defenders need to focus on data inventories, appointing a data curator for their organization and educating system architects and developers about how to secure data assets in the cloud. Additionally, the big cloud companies have each launched an AI service to help classify and defend data in their infrastructures. And finally, a variety of free tools are available that can help prevent and detect leakage of secrets through code repositories.”

Big Data Analytics, De-Anonymisation, and Correlation

Skoudis went on to talk about the threat of Big Data Analytics and how attackers are using data from several sources to de-anonymise users:

In the past, we battled attackers who were trying to get access to our machines to steal data for criminal use. Now the battle is shifting from hacking machines to hacking data — gathering data from disparate sources and fusing it together to de-anonymise users, find business weaknesses and opportunities, or otherwise undermine an organisation’s mission. We still need to prevent attackers from gaining shell on targets to steal data. However, defenders also need to start analysing risks associated with how their seemingly innocuous data can be combined with data from other sources to introduce business risk, all while carefully considering the privacy implications of their data and its potential to tarnish a brand or invite regulatory scrutiny.

Attackers Monetize Compromised Systems Using Crypto Coin Miners

Johannes Ullrich, is Dean of Research, SANS Institute and Director of SANS Internet Storm Center. He has been looking at the increasing use of crypto coin miners by cyber criminals:

Last year, we talked about how ransomware was used to sell data back to its owner and crypto-currencies were the tool of choice to pay the ransom. More recently, we have found that attackers are no longer bothering with data. Due to the flood of stolen data offered for sale, the value of most commonly stolen data like credit card numbers of PII has dropped significantly. Attackers are instead installing crypto coin miners. These attacks are more stealthy and less likely to be discovered and attackers can earn tens of thousands of dollars a month from crypto coin miners. Defenders therefore need to learn to detect these coin miners and to identify the vulnerabilities that have been exploited in order to install them.” 

Recognition of Hardware Flaws

Ullrich then went on to say that software developers often assume that hardware is flawless and that this is a dangerous assumption. He explains why and what needs to be done:

Hardware is no less complex then software and mistakes have been made in developing hardware just as they are made by software developers. Patching hardware is a lot more difficult and often not possible without replacing entire systems or suffering significant performance penalties. Developers therefore need to learn to create software without relying on hardware to mitigate any security issues. Similar to the way in which software uses encryption on untrusted networks, software needs to authenticate and encrypt data within the system. Some emerging homomorphic encryption algorithms may allow developers to operate on encrypted data without having to decrypt it first.”

Malware and Attacks Disrupting ICS and Utilities Instead of Seeking Profit

Finally, Head of R&D, SANS Institute, and top UK cyber threat expert, James Lyne, discussed the growing trend in malware and attacks that aren’t profit centred as we have largely seen in the past, but instead are focused on disrupting Industrial Control Systems (ICS) and utilities:

“Day to day the grand majority of malicious code has undeniably been focused on fraud and profit. Yet, with the relentless deployment of technology in our societies, the opportunity for political or even military influence only grows. And rare publicly visible attacks like Triton/TriSYS show the capability and intent of those who seek to compromise some of the highest risk components of industrial environments, i.e. the safety systems which have historically prevented critical security and safety meltdowns.” 

He continued:

“ICS systems are relatively immature and easy to exploit in comparison to the mainstream computing world. Many ICS systems lack the mitigations of modern operating systems and applications. The reliance on obscurity or isolation (both increasingly untrue) do not position them well to withstand a heightened focus on them, and we need to address this as an industry. More worrying is that attackers have demonstrated they have the inclination and resources to diversify their attacks, targeting the sensors that are used to provide data to the industrial controllers themselves. The next few years are likely to see some painful lessons being learned as this attack domain grows, since the mitigations are inconsistent and quite embryonic.”

The post SANS Experts Share Five Most Dangerous New Attack Techniques appeared first on IT SECURITY GURU.

Transavia keeps business flying with One Identity

One Identity, a proven leader in helping organisations get identity and access management (IAM) right, is helping Dutch low-cost airline, Transavia streamline business processes. Through its One Identity Active Roles deployment for a hybrid Active Directory environment, Transavia is able to save roughly 10 minutes per user on provisioning and de-provisioning tasks covering hundreds of extra staff during peak travel seasons.

Air travel companies experience extreme seasonal loads, taking on thousands of short-term staff as demand increases, and then releasing them during the quieter months.  For example, Trasavia hires an extra 400 staff each summer that all require access to business applications – whether systems for on-board merchandise sales or navigation tools – and each employee needs to be added to the company’s IT systems so they can do their jobs.

The Transavia service delivery team estimated that it deals with 1,500-2,000 changes in user roles each year.  The manual cost in time required to make these changes historically proved to be a significant drain on resources.

“We used to provision user roles manually, but this took far too long — 10–15 minutes per user,” said Anders Kok, service delivery manager at Transavia. “We wanted to automate the whole process, so we spoke to One Identity.

“Active Roles was a great fit for our business,” continued Kok. “We now have user groups in Active Directory for cabin crew, cockpit, and technical maintenance, and all the information feeds in automatically from our HR system. When a new person starts, their mailbox is there, the account is there, and basic rights are all there. They can get working straightaway.”

But, he said, the big win is in quality improvement. “A manual process has a high error rate of 20-30 percent, whereas in the automated One Identity solution this is reduced to a minimum.”

Transavia has also been able to get support from One Identity through its transition to the cloud, augmenting its on-premises Active Directory deployment with the cloud-based Azure Active Directory.

“One Identity Active Roles is the ideal identity and access management solution to address the user lifecycle management challenges of Active Directory and Azure Active Directory that Transavia had faced,” said Jackson Shaw, vice president of product management at One Identity. “Active Roles allows Transavia to overcome the shortfalls of native tools and manual processes by using automation for the creation, modification, and removal of user accounts across the hybrid AD environment. This level of consistency, security, and efficiency is something that most organisations lack when relying on native tools.”

One Identity continues to act as a trusted advisor to Transavia, assisting with its user lifecycle challenges.

“We rely on the excellent advice from One Identity Services…  One Identity knows our business and our idiosyncrasies, so we listen when it challenges our decisions,” concluded Kok.

The post Transavia keeps business flying with One Identity appeared first on IT SECURITY GURU.

New Accenture study finds 87 per cent of focused cyberattacks are prevented

With ransomware and distributed denial of service (DDoS) attacks on the rise, the average number of focused cyberattacks per organisation has more than doubled this year compared to the previous 12 months (232 through January 2018 versus 106 through January 2017). In the face of these growing cyber threats, organisations are demonstrating far more success in detecting and blocking them, according to a new study from Accenture (NYSE: ACN).

 

Yet, despite making significant progress, only two out of five organisations are currently investing in breakthrough technologies like machine learning, artificial intelligence (AI) and automation, indicating there is even more ground to be gained by increasing investment in cyber resilient innovations and solutions.

 

The study was conducted from January to mid-March 2018 and investigated focused attacks defined as having the potential to both penetrate network defences and cause damage, or extract high-value assets and processes from within organisations. Despite the increased pressure of ransomware attacks, which more than doubled in frequency last year, the study found organisations are upping their game and now preventing 87 per cent of all focused attacks compared to 70 per cent in 2017. However, with 13 per cent of focused attacks penetrating defences, organisations are still facing an average of 30 successful security breaches per year which cause damage or result in the loss of high-value assets.

 

“Only one in eight focused cyberattacks are getting through versus one in three last year, indicating that organisations are doing a better job of preventing data from being hacked, stolen or leaked,” said Kelly Bissell, managing director of Accenture Security. “While the findings of this study demonstrate that organisations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organisations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organisations in the next two to three years. That’s an encouraging projection.”

 

Security Teams Find Breaches Faster

It’s also taking less time to detect a security breach; from months and years to now days and weeks. On average, 89 per cent of respondents said their internal security teams detected breaches within one month compared to only 32 per cent of teams last year. This year, 55 per cent of organisations took one week or less to detect a breach compared to 10 per cent last year.

 

Although companies are detecting breaches faster, security teams are still only finding 64 per cent of them, which is similar to last year, and they’re collaborating with others outside their organisations to find the remaining breaches. This underscores the importance of collaborative efforts among business and government sectors to stop cyberattacks. When asked how they learn about attacks that the security team has been unable to detect, respondents indicated that more than one-third (38 per cent) are found by white-hat hackers or through a peer or competitor (up from 15 per cent, comparatively, in 2017). Interestingly, only 15 per cent of undetected breaches are found through law enforcement, which is down from 32 per cent the previous year.

 

Addressing Cybersecurity from the Inside Out

On average, respondents said only two-thirds (67 per cent) of their organisation is actively protected by their cybersecurity program. And, while external incidents continue to pose a serious threat, the survey reveals that organisations should not forget about the enemy from within. Two of the top three cyberattacks with the highest frequency and greatest impact are internal attacks and accidentally published information.

 

When asked which capabilities were most needed to fill gaps in their cybersecurity solutions, the top two responses were cyber threat analytics and security monitoring (46 per cent each). Organisations realise the benefits derived from investing in emerging technologies. A large majority of respondents (83 per cent) agree that new technologies such as artificial intelligence, machine or deep learning, user behaviour analytics, and blockchain are essential to securing the future of organisations.

 

Five steps organisations can take to achieve cyber resilience include:

  1. Build a strong foundation. Identify high value assets and harden them. Ensure controls are deployed across the organisational value chain, not just the corporate function.
  2. Pressure test resilience like an attacker. Enhance red defence and blue defence teams with player-coaches that move between them and provide analysis on where improvements need to be made.
  3. Employ breakthrough technologies. Free up investment capacity to invest in technologies that can automate your defences. Utilise automated orchestration capabilities and advanced behavioural analytics.
  4. Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.
  5. Evolve the role of CISO. Develop the next generation CISO — steeped in the business and balancing security based on business risk tolerance.

 

For the 2018 State of Cyber Resilience study, Accenture surveyed 4,600 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries. The purpose of the study is to understand the extent to which companies prioritise security, the effectiveness of current security efforts and the adequacy of existing investments. More than 98 per cent of respondents were sole or key decision-makers in cybersecurity strategy and spending for their organisation. For the purposes of this research, a cyber resilient business applies fluid security strategies to respond quickly to threats, to minimise damage and continue to operate under attack. It can therefore introduce innovative offerings and business models securely, strengthen customer trust, and grow with confidence.

The post New Accenture study finds 87 per cent of focused cyberattacks are prevented appeared first on IT SECURITY GURU.

85 Percent of Consumers Say Businesses Should Be Doing More to Actively Protect Their Data

A new survey shows that 78 percent of U.S. respondents say a company’s ability to keep their data private is “extremely important” and only 20 percent “completely trust” organizations they interact with to maintain the privacy of their data.

The poll underscores the public’s view of the obligation that organizations have to handle data responsibly and protect it from hackers.

The online survey of 10,000 consumers, conducted by the Harris Poll on behalf of IBM, found that:

  • 75 percent will not buy a product from a company – no matter how great the products are – if they don’t trust the company to protect their data;
  • 73 percent think businesses are focused on profits over addressing consumers’ security needs;
  • 73 percent indicated it is extremely important that companies quickly take proper actions to stop a data breach; and
  • 60 percent are more concerned about cybersecurity than a potential war.

“Increasingly, we are seeing companies around the world trying to balance providing personalized services to consumers, while maintaining privacy,” said John Kelly, IBM Senior Vice President, Cognitive Solutions. “Getting this right requires companies working closely with each other and, importantly, with governments, to ensure the right protections are in place.”

IBM has been a vocal supporter of strong data privacy and security practices for decades. Recent actions include:

  • In 2014, IBM published an open letter to customers regarding government access to data;
  • In 2015, IBM supported the U.S. Cybersecurity Information Sharing Act (CISA), which provides protections from liability for organizations that share information on cyberattacks;
  • In 2015, IBM shared its 800TB collection of information on security threats to help organizations collaborate faster and more effectively to battle cybercrime;
  • In October 2017, IBM issued Data Responsibility @IBM to publish details and obligations about how the company handles clients’ data;

In 2017, IBM signed the EU Data Protection Code of Conduct for Cloud Service Providers, guaranteeing protection over and above the minimum legal requirement for protection of data in the cloud

The post 85 Percent of Consumers Say Businesses Should Be Doing More to Actively Protect Their Data appeared first on IT SECURITY GURU.

Nation State attacks 500% slower to evict from networks and can remain undetected for years

Cybersecurity specialist Secureworks is today releasing its Incident Response Insights Report.

The global report which pulls from real-world incidents unearths some surprising truths of the cybersecurity landscape; including the most targeted industries and preferred hacking tools used by cybercriminals. The report also hones in on the increasing complexity of nation state attacks.

Let me know if you’d like to speak to the authors of the report, Senior Security Researcher, Mike McLellan and/or Senior Security Researcher, Matthew Webster, who will be able to provide unique insight into the cybercriminal landscape and report findings.

 

Main research findings

 

  • The top three industries most impacted by targeted cyber threats were manufacturing, technology, and government
  • The average time it took to evict nation state attacks was 500% greater than the time to evict non-targeted threats, due to the often entrenched nature of adversaries plus the necessity to fully understand the extent of the threat actor’s capability and access
  • On average, these targeted cyber threats remained undetected in an organisation’s IT networks for 380 days. In fact, Incident responders frequently encountered threat actors that had access to compromised environments for months, sometimes even years
  • Phishing continues to be a hackers’ favorite method for gaining access into organisations. 40% of the incidents Secureworks conducted began with a phishing email
  • Financially-motivated criminal activity far outweighs government-sponsored threat actors and insider threats, with 83% of attacks being financially motivated
  • Compared to North America and the APJ region, organisations within EMEA adopted a far more reactive security approach to cyber threats rather than proactive
  • When a threat actor becomes aware of an eviction attempt, it can quickly become a complex game of ‘cat and mouse’ with threat actors aiming to avoid the attention of the respond

 

Secureworks Incident Response

Secureworks Incident Responders log 250 billion events every day, and help hundreds of organisations navigate through complex and high-risk incidents. This report shares best practices and valuable lessons learned over the past year from real-world incidents, and unearths the risks, remedies, and best practices for defending against cyber threats.

The post Nation State attacks 500% slower to evict from networks and can remain undetected for years appeared first on IT SECURITY GURU.

Outdated security solutions are putting businesses at risk of evolved cyberthreats

The latest trends in cybercrime have seen it all — advanced exploits allegedly developed by high-profile threat actors used in massive ransomware attacks, creativity of spam and phishing attacks on trending topics, and attacks relying heavily on social engineering or legitimate software used as cyber weapons. This evolution of cyberthreats calls for evolution in cybersecurity. The new Kaspersky Endpoint Security for Business is another landmark in this journey: more next generation detection with dynamic machine learning, increased visibility and granular security controls including vulnerability management, credentials protection and integration with EDR.

Next generation technologies in a completely new design

To maintain the highest standards of protection, which have been proven by independent researchers and thousands of customers worldwide, Kaspersky Endpoint Security for Business continues to evolve its detection techniques. This year’s innovation is supported with enhanced dynamic machine learning, allowing the detection of malicious activity in real-time. Other next generation technologies in the product include: Behavioral Detection, HIPS, Exploit Prevention and Remediation Engine.

A variety of broader security controls is supplemented with new capabilities. Those include an added mechanism that guards system-critical processes and prevents credential leakage against the use of mimikatz-like tools. Combined with other measures, this helps to protect businesses from current trending threats, like WannaMine, that hijack computers and use their resources to mine cryptocurrencies.

Vulnerability and Patch Management component allows for automated vulnerability elimination, including detection and prioritisation, patch and update downloads, testing and distribution. This reduces the risk of vulnerabilities in popular software being used by cybercriminals. Due to its automation features, this component also relieves security teams from unnecessary manual routine related to systems management and makes the process transparent.

The completely redesigned user interface visualises layers of protection and security components, showing the status and effectiveness of various next generation technologies — which allows customers to make sure that each protection layer is enabled and working.

Granular security management and complete visibility

Every organisation’s IT is a unique mix of systems, networks and devices — and IT security needs to fit into existing infrastructure and protect every element of it. New Kaspersky Endpoint Security for Business adds a wide variety of security controls for servers that are managed from a single point — including extended protection from ransomware, external traffic protection and Default Deny mode for Microsoft Windows Server, Exploit Prevention and Firewall configuration. These capabilities, available for both workstations and servers, allow for unified security management on the customer’s side.

A new level of visibility is achieved through full native integration with Kaspersky Endpoint Detection and Response. Due to this innovation, Kaspersky Endpoint Security for Business in combination with Kaspersky EDR can be used as an endpoint EDR agent for collection of metadata and IoCs. This innovation benefits businesses’ abilities to conduct a thorough investigation and remediation, should a serious cybersecurity incident occur.

Mobility management improvements include enhanced visibility through monitoring of protection across devices, simplified deployment and management via third-party EMM-systems for Android devices.

Scalability and flexible deployment on the customer’s side

The new version takes another major step towards improving manageability and deployment for customers among larger businesses. The product now brings Enterprise-ready scalability allowing for the management of up to 100,000 endpoints through a single server installation.

Combined with optimised performance and reduced resource consumption in the new light Cloud mode, this makes the product suitable for a company of any size and security needs: from mid segment to large corporations.

Alex Tai, CEO and Team Principal, DS Virgin Racing, comments: ‘We’re excited to partner with Kaspersky Lab. We all know that motorsport comes with inherent risks both sporting and technical, as such it is crucial to have the utmost confidence in every aspect of security and safety. We’re glad to find a trusted partner that takes away our cybersecurity concerns through proven quality of its products and technologies.’

Russ Madley, UK Head of Channel at Kaspersky Lab, says: “The ever-changing threat landscape means every business faces unique risks and challenges, even with the most advanced anti-malware protection in place. As threats continue to grow in complexity, it’s important cybersecurity companies continue to ensure their customers are protected with the most up to date security software. Kaspersky Endpoint Security is the latest addition that will help organisations address the growing number of challenges they face. Businesses can be assured that they will be quickly notified of malicious activity in real-time if a threat is detected.”

The product is available globally under both traditional and subscription licensing. Kaspersky Lab’s partners can address all regional pricing inquiries. More information about Kaspersky Security for Business and particular applications inside each edition is available on the global website.

The post Outdated security solutions are putting businesses at risk of evolved cyberthreats appeared first on IT SECURITY GURU.

31% of Brits have smart security gadgets in the home

Households in the UK are increasingly turning to smart technology to protect their homes, according to new research. The survey of 2,001 British adults carried out by gadgets and technology e-tailer, LaptopsDirect.co.uk, found that more than a third of Brits (31%) are using some form of smart security gadget in their home.

Perhaps not surprisingly, cost was an important factor when it comes to the increasing uptake of security technology, as 38% of those surveyed said the price is now more accessible. Outdoor CCTV topped the list as the most popular security technology Brits have in the home, with over half of the votes (52%). This was followed by 35% who revealed they have a video doorbell to protect their loved ones in the home. 33% have a smart alarm to keep themselves safe from intruders outside of the house and 17% install door and window sensors to keep their home safe from burglars.

A smart door lock, a keyless system which tracks who is entering the home, rounded off the list of the top five security gadgets for the home (12%) that Brits own. Just under half (41%) said they are more concerned about their security in the home now than ever before.

Mark Kelly, marketing manager at LaptopsDirect.co.uk, said: “As product development continues at a rapid rate and with this, more accessible prices, Brits have more sophisticated forms of protecting their homes to choose from than ever. It’s also interesting to see how this technology once was only seen on TV and in films but is now taking place in our homes. These handy gadgets also make security more accessible for those living in smaller spaces such as apartments. To get the most out of your smart home technology make sure you select the products best to serve your household’s security needs.”

Those aged 25 – 34 years old are the age group who are most likely to have this kind of technology in their homes.

The post 31% of Brits have smart security gadgets in the home appeared first on IT SECURITY GURU.

Risk of compromised credentials an HR problem, say senior executives

A worrying number of senior executives in the UK believe the risk of compromised user credentials (mainly stolen or misused passwords) – is an HR training problem, and not an IT issue, according to a study by Centrify, a leading provider of Zero Trust Security through the power of Next-Gen Access.

The study, commissioned through Dow Jones Customer Intelligence, shows that around one fifth (18 per cent) of respondents are happy to place responsibility for their security culture on their Human Resources (HR) department. However, nearly half (47 per cent) believe they have a strong enough security culture within their organisation to mitigate the risk of compromised credentials altogether. A further third claim that they have not experienced any problems relating to compromised credentials.

The study of 800 senior executives, including CEOs, Technical Officers (CIOs, CTOs and CISOs) and CFOs, in the UK and US, also indicates that many do not see compromised credentials as a significant risk, with 43 per cent perceiving default, stolen or weak passwords only as a minor threat or not a threat at all to an organisation’s success. Of these respondents, nearly half (45 per cent) say that a major breach due to compromised credentials would be needed for senior management to change its view on the subject. This is despite Verizon’s 2017 Data Breach Investigation Report indicating that 81 per cent of breaches now involve weak, default or stolen passwords.

Of the respondents that admit that they have suffered at least one significant cybersecurity breach in the last two years, a quarter (26 per cent) in the UK say that training and awareness would most likely have prevented the breach. However, with 23 per cent blaming a breach on senior management not treating cybersecurity as a top priority, the Centrify study suggests that attitudes and behaviour are unlikely to change very soon.

Barry Scott, CTO EMEA, Centrify, comments: “Research from companies like Verizon shows us that most data breaches are the result of compromised credentials, whether obtained through phishing, default or weak passwords, or some other nefarious method. As we become increasingly mobile, and systems and applications more cloud-based, we must rethink outdated traditional ‘castle and moat’ security models, and adopt a Zero Trust Security approach. First, we must verify the user is who they say they are, then validate their device, and give them access only to what they need in order to do their job. Finally, we must learn and adapt to what’s ‘normal’ for the user, and ask for additional authentication (or block access) when risky or abnormal behaviour is detected.

“This is not just an HR problem, nor indeed an IT problem; it’s a company-wide issue that needs to be supported from the top down.  It’s only when senior management start to address cybersecurity as a priority, that it will become integral to the business and to the workforce as a whole.”

The post Risk of compromised credentials an HR problem, say senior executives appeared first on IT SECURITY GURU.

SE Labs Test Shows CylancePROTECT Identifies and Blocks Threats Years Before Malware Appears in the Wild

Cylance Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI powered prevention that blocks advanced cyberattacks, including fileless attacks, malware, advanced persistent threats, and zero-day attacks, today announced the results of SE Labs’ Predictive Malware Response Test of CylancePROTECT, its prevention-focused AI endpoint security product.

SE Labs determined the efficacy of artificial intelligence by identifying what they call Predictive Advantage (PA), the time difference between the creation of the AI model being tested and the first time a threat is identified. All past and present AI models of CylancePROTECT were tested against nine threats and five variants of each that were found in the wild after May, 2015. They were WannaCry, Cerber, Petya, NotPetya, Locky, Bad Rabbit, GhostAdmin, GoldenEye and Reyptson, all dating from February 2016 to November 2017. CylancePROTECT had an average predictive advantage of 25 months, and in some cases, it recognized and protected against threats that would not appear in the wild for another 33 months.

Traditional cybersecurity product tests measure the effectiveness of solutions against known, signature-based malware. However, the detection-based approach to cybersecurity has become ineffective in a rapidly evolving threat landscape. SE Labs’ methodology tests the ability of products to protect against unknown threats. For the test, the May 2015 model of CylancePROTECT was used offline or “self-contained” mode, without the benefit of updates or cloud queries. This allowed SE Labs to isolate and identify the power of older generations of AI against new and upcoming threats. It demonstrated that CylancePROTECT prevented advanced threats without reliance on signature-based learnings, and with no false positives.

“SE Labs asked if a previous version of CylancePROTECT could work in a modern context, against future threats. It’s a unique approach that forces you to consider the role AI plays in protecting users,” said Chad Skipper, VP Competitive Intelligence & Product Testing at Cylance. “Traditional AV relies on recognizing malware signatures to improve its product, but these results clearly show that a preventative, AI-based approach to security is both necessary and a better approach. SE Labs is highly regarded for their quality of tests, and we look forward to working with them to keep AI and a prevention-based approach front and center.”

Test results demonstrate the CylancePROTECT May 2015 model was capable of preventing threats that did not exist at the time the AI model was trained, and provide insight into how far ahead in time it could be effective without new knowledge. In the previous three years, Cylance has developed advanced generations with new insights and learnings. Test results show that CylancePROTECT is able to predict future attacks, giving users an advantage against future adversaries and threats.

“The cybersecurity landscape is crowded, causing confusion in the market and uncertainty from decision-makers as to how to allocate their resources. That is partly why we are developing advanced testing methodologies — to shine a light on the most effective products on the market,” said Simon Edwards, director of UK-based SE Labs. “We as an industry need a better way to test products, and this test is a step in the right direction. CylancePROTECT’s performance in this test showcases the power of its AI against some of the most damaging threats we’ve seen in the past three years.”

Cylance will be at the RSA Conference in San Francisco next week, April 16-20. Visit the Cylance booth in North Hall, booth #3911. For more information about Cylance’s RSA presence, please visit: https://pages.cylance.com/rsa-2018.

Methodology

Product testing was conducted between January 28 and March 24, 2018. The test was conducted without internet or other access to back-end systems. SE Labs conducted the test using virtual machines. Threats and legitimate applications were independently located and verified by SE Labs. Malicious and legitimate data was provided to Cylance once the full test was completed. The test was sponsored by Cylance, and the artificial intelligence models used in the test were chosen and provided by Cylance.

The post SE Labs Test Shows CylancePROTECT Identifies and Blocks Threats Years Before Malware Appears in the Wild appeared first on IT SECURITY GURU.

World’s Leading CISOs and cyber security professionals meet in London for exclusive debates

The fourth annual IT Security Analyst & CISO Forum Debates will take place this year in London on the 2nd  May at No 4 Hamilton Place from 2pm – 6pm.  This unique event consists of four panel debate sessions made up of some of the UK’s top CISOs from HSBC, GSK, Canon, Publicis Groupe and other global IT Security Association Leaders.

The panels will provide attendees with insight from cyber security leaders on: crisis communication in the event of a data breach, military tips for enterprise security, what good security looks like and ways to tackle the cyber security skills gap.

The IT Analyst and CISO Forum Debates, in partnership with ISACA London Chapter, is a well-established and invaluable event that will give registered attendees insight on some of the hottest boardroom topics.

Professionals interested in the event can register here and be eligible for 3 CPE credits towards SSCP®/CISSP® and ISACA certifications.

Full timetable:

2:00 – 2:45pm: What is “good security” anyway? CISOs top tips on what makes a company secure

In this panel, CISOs from all walks of industry will share their best practice and advice. From training, technology and techniques, these CISOs will have an open and frank discussion about what “good security” looks like in a modern enterprise.

Moderator: Sarb Sembhi, CTO, CISO & DPO, Virtually Informed

Panellists: Shan Lee, ‎Information Security Officer, TransferWise; Sandip Patel, Director, Information Security Consultancy, GSK; Quentyn Taylor, Director of Information Security, Canon Europe

2:50pm – 3:35pm: Crisis Communications in a post-GDPR world

With the EU’s General Data Protection Regulation (GDPR) on the horizon, what does the board need to make sure they are communicating to employees, customers and stakeholders should the worst happen and a data breach occurs? This discussion will offer best practice advice, what to steer clear of and when to notify when dealing with a data breach event.

Moderators: Lee Munson, security researcher, Comparitech.com

Panellists: Jonathan Armstrong, Partner, Cordery Compliance; Neil Stinchcombe, Director, Eskenzi PR; Sue Milton, Managing Director, SSM Governance Associates; Mark Deem, Partner, Cooley UK 

3:35pm – 4:00pm: BREAK

4:00pm – 4:45pm: What can the Military teach us when it comes to protecting the Enterprise?

This panel will bring together Military professionals to discuss what lessons companies can learn from taking a leaf out of their playbooks.

Moderator: Peter Wood, CEO, First Base Technologies LLP

Panellists: Gerry O’Neill, Director, Inforisca; James Hadley, Founder/CEO, Immersive Labs; Jennifer Dean, Chair of Law at the British Computer Society; Natan Bandler, CEO, Cy-OT

4:50pm – 5:30pm: What are those in the know doing to close the skills gap?

The skills gap has been a major problem plaguing the security industry and will continue to do so for the foreseeable future. Now it’s time for action – hear how some of the industry’s best practitioners and professionals are taking a stand and combating the problem head-on.

Moderator: Stephen Khan, Head of Information, HSBC

Panellists: Quentyn Taylor, Director of Information Security, Canon Europe; Steve Williamson, Audit Account Director, Information Security and Data Privacy, GSK; Thomas Langford, Chief Information Security Officer, Publicis Groupe; Matt Parsons, head of Cyber Skills policy team in DCMS; Peter Wood, CEO, First Base Technologies LLP

The CISO debates are time well spent. We tackle a broad range of security issues,” said Steve Williamson, Director, Risk & ITCP Mgmt, GlaxoSmithKline. “The debate is rich and stimulating as it is fed by many years of collective experience across different industries. I also value the opportunity to network with peers and analysts from different companies.”

Peter Wood, Director Emeritus, First Base Technologies added: “I’ve been privileged to attend and speak at the IT Security and CISO Forum debates for several years. Each event has delivered great speakers providing superb insight and innovative ideas, as well as the opportunity to meet with some of the industry’s leading professionals.”.

Sue Milton, Managing Director, SSM Governance Associates, agreed: “The ‘one-stop/one-size fits all security solution shop’ is a long-way off but insights on what makes solutions more effective can be found at the CISO event, giving professionals direct access to expertise through discussion and debate.  Whether a panel or audience member, together we bring the ideal solution that bit closer.”

PLEASE NOTE: Places are limited to IT Security Professionals who are currently working for commercial or government organisations and provide a commercial email on registration. Delegates MUST provide a company email address on registration, otherwise we will refuse your booking.

Notes to editors: We would be delighted if you could join us on the day.  Please contact Beth Nikolova (elizabeth@eskenzipr.com / 0207 1832 836) to reserve your place.

The post World’s Leading CISOs and cyber security professionals meet in London for exclusive debates appeared first on IT SECURITY GURU.

Ex GCHQ Director formally joins the advisory board of Immersive Labs

Immersive Labs has today confirmed ex-GCHQ Director, Robert Hannigan, as chairman of its advisory board. This is a key appointment for Immersive Labs, given Robert’s excellent understanding of the cyber threat landscape both in the UK and globally. It is also a strong endorsement of Immersive Labs innovative gaming approach to cyber security training and talent retention with someone of Robert’s calibre joining the organisation.

During his tenure as director of GCHQ, a number of key initiatives were introduced, including the formation of the National Cyber Security Centre (NCSC) which was part of Robert’s long-term cyber security strategy to improve the UK’s cyber defence – the first of its kind in the UK.

Today the NCSC continues to collaborate with the UK’s defence and intelligence agencies, as well as international partners, feeding into Robert’s vision to make the UK one of the safest places to live and do business online.

In recent years, Robert’s focus has included efforts to fill the cyber skills gap. He has always been a staunch advocate of the Immersive Labs practical learning environment, previously stating:

“Identifying, developing and measuring practical cyber security skills is the great challenge for all companies today. The Immersive Labs approach is the most exciting thing I’ve seen in this space: scalable, agile and appropriate to the way a new generation learns. It has the potential to disrupt and transform this crucial market.”

Welcoming Robert to Immersive Labs advisory board, its CEO James Hadley said, “It’s fantastic to welcome Robert onto the Immersive Labs team. He is a perfect fit to lead our advisory board, having already been instrumental in helping us grow our academies as well as our commercial proposition.”

Immersive Labs is exhibiting at the RSA conference in San Francisco next week, demonstrating its game changing enterprise skills platform. Visit www.immersivelabs.com to find out more.

The post Ex GCHQ Director formally joins the advisory board of Immersive Labs appeared first on IT SECURITY GURU.

Bitdefender survey shows Right Size EDR, not SOC needed to address Security Flaws

Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, today announced the results of its latest survey, showing that more than half of CISOs worldwide (65 percent UK) are worried about a global skills shortage. Sixty-nine percent of respondents around the globe also reported that their team is under resourced, with more than half of respondents in all markets but Italy reporting that their IT security team is too small. Seventy-two percent of information security professionals admitted that their IT team experienced agent and alert fatigue, and 33 percent of UK respondents said their budget could not accommodate infrastructure expansion.

 

The Bitdefender survey explores CISOs’ needs in the prevention-detection-response-investigation era and reveals how the lack of visibility, speed, and personnel affects the development of stronger security practices in companies with both over-burdened and under-resourced IT teams. The survey polled 1,050 people responsible for purchasing IT security within companies in the US and Europe.

 

Half of the CISOs surveyed worldwide admitted their company was breached in the past year, but one sixth of those respondents don’t know how the breach occurred. Fifty-seven percent of UK respondents had experienced an advanced attack or malware outbreak. One quarter of all respondents expect this issue to continue, and think their company is likely to face an ongoing security breach without them knowing it. Using existing security tools, UK CISOs believe 63 percent of advanced attacks can be prevented, detected, and isolated, but anticipate it would take three weeks to detect any such attack.

 

With the global cost of cybersecurity breaches expected to reach $6 trillion by 2021, analysts have seen companies’ security spending start migrating from prevention-only approaches to focus more on detection and response. Gartner expects that spending on enhancing endpoint detection and response (EDR) capabilities will become a key priority for security buyers through 2020.

 

Better tools needed for rapid detection and response

CISOs agree that prevention is faulty, but investigation is a burden. EDR capabilities can provide improved detection and response approaches to prolific security incidents, and using automation can help to address the global shortage of cybersecurity professionals. Specifically, EDR tools best fit resource-strapped businesses with lean IT teams that operate without a Security Operation Center (SOC). However, half of IT executives worldwide said that managing EDR tools is difficult or very difficult. In both the US and UK, 49 percent of all endpoint alerts triggered by monitoring and response techniques turned out to be false alarms. Sixty-nine percent of UK respondents in companies with no SOC said speed to investigate suspicious activities is one of their toughest challenges. Spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. It’s a race against time when filtering security alerts, which can be especially difficult if the organization is understaffed and overburdened. 38% of UK respondents, and one third of respondents across all markets, said that lack of proper security tools is the main obstacle that prevents rapid detection and response during a cyberattack.

 

Time is of the Essence

On average, 82 percent of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. CISOs attest that time is of the essence when isolating the incident to prevent spreading (68 percent), identifying how the breach occurs (55 percent), and evaluating losses and the impact of the breach (51 percent). CISOs agree that delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30 percent), understand the motivation for the cyberattack (19 percent), or improve the incident response plan for future attempts (17 percent).

 

“Today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations,” Bitdefender’s VP of Enterprise Solutions Harish Agastya said. “EDR for everyone can be achieved through a funnel-based approach of prevention-detection-investigation-response, leaving the EDR layer to focus on threats further down the funnel in the unknown or potential threat category, and IT teams to focus solely on the alerts and tasks that are truly significant.”

 

Bitdefender security specialists strongly advise enterprise CISOs consider: the importance and value of an integrated prevent-detect-investigate-respond-evolve approach to endpoint security.

 

  • Prevent: block all known bad and a high percentage of unknown bad automatically at pre-execution and on-execution layers without needing manual intervention
  • Detect: Gain visibility into suspicious events that could lead to an attack early by built-in intelligence from threat protection engines and analysis of a stream of behavioral events from an endpoint event recorder
  • Investigate: aided by root cause and contextually relevant information on the class of threat that is detected (via the built-in intelligence), the reason of detection (via threat analytics), and ultimate verdict (via an integrated sandbox)
  • Respond: via intuitive incident response interface that enables remedial actions immediately and widely across the enterprise without needing deep expertise
  • Evolve: enables the feedback loop from current detection to future prevention via in-place policy tuning and fortification

The post Bitdefender survey shows Right Size EDR, not SOC needed to address Security Flaws appeared first on IT SECURITY GURU.

Patch Tuesday Commentary, Chris Goettl, Director of Product Management, Security at Ivanti

Microsoft has released updates today including 65 vulnerability fixes.  While there are no Zero Day exploits in the April patch release, there were a couple of Zero Days identified between March and April Patch Tuesdays, which we will mention in a moment.  There is one public disclosure this month in SharePoint Server. The challenging aspect of this month is that there are enough critical vulnerabilities in the Operating System, browser updates, and in Office that all three should be prioritized.

While the CVE-2018-1038 vulnerability was identified between March and April Patch Tuesday’s, it should be a top priority for anyone who has Windows 7 for x64-based Systems or Windows Server 2008 R2 for x64-based Systems. If you have installed any of the servicing updates released during or after January 2018, you need to install 4100480 immediately to be protected from this Elevation of Privilege vulnerability.

Microsoft also released an update to the Malware Protection Engine that resolved a remote code execution vulnerability that was identified. The fix for this is simply to update to the latest definitions. For the majority of environments using Microsoft’s Malware Protection Engine, this would have happened automatically. In the article, they identify the minimum definition version needed to resolve this issue, which is Version 1.1.14700.5.

There are multiple critical vulnerabilities in the Windows Operating System, Internet Explorer and Edge browsers, and on Office this month.  There are a few critical kernel vulnerabilities resolved, several Microsoft graphics and TrueType font driver vulnerabilities resolved and a host of critical browser vulnerabilities resolved.

Microsoft has lifted the AV compliance key from the rest of the Windows OS updates in all but some vaguely mentioned edge cases. If you recall, the introduction of the Meltdown\Spectre mitigation updates caused a number of blue screens on systems running AV engines that were interacting with the kernel in unexpected ways.  Microsoft introduced this key to prevent the blue screen scenarios from occurring, but required customers to jump through hoops if their AV vendor did not apply the key or if they were not running AV on a system. That restriction is now fully removed.

On the non-Microsoft front Adobe has released several updates today including an update for Adobe Flash Player.  The Flash update resolves three critical vulnerabilities and three important vulnerabilities. Adobe Flash Player can show up in many forms on a single system. It can be installed on the system and as a plug-in in the major browsers, so to fully plug these vulnerabilities you may need to apply multiple updates on a single system.

Oracle is going to be releasing their quarterly Critical Patch Update next week on Tuesday, April 17th.  Expect an update for Java. We strongly urge rolling out Java updates as they release. Java may not be as highly targeted as it once was, but it is still a low-hanging fruit target for Threat Actors. The recent SamSam Ransomware attacks are good examples. SamSam is able to exploit a variety of software vulnerabilities including some in Java. Attackers know that Java is one of those products that lags behind updates, leaving a number of exploits open.

The post Patch Tuesday Commentary, Chris Goettl, Director of Product Management, Security at Ivanti appeared first on IT SECURITY GURU.

Are you ready to handle the Crisis Comms when you get breached?

You are just about to go to sleep when you get a text from your SOC team: code RED. They have discovered your company has suffered a serious breach and you need to decide what to do.  At this point, you are either in the position of having prepared for such an event and your team will follow checklists and playbooks. As part of this process, the team will inform the appropriate Execs on what the situation is and they will be ready to communicate the right information to the people who need to know using a tried and tested Crisis Comms plan. OR you do not have a plan, let alone a tested one, and panic mode sets in….

 

I am not going to go into all the reasons why you need to be prepared to handle Crisis Communications during a cyber incident, the most important thing to know is that it will make the difference between your organisation’s reputation and brand being damaged far more than it needs to be.   The other key issue is that how the breach notification process is handled could make a massive difference to mitigating the fine from regulators.

 

So what Crisis Communications plans and processes do you need to have in place to handle a breach?  Firstly, a cross functional crisis management team (including the board) needs to be established.  From there, a monitoring strategy can be put in place to mandate who is responsible for determining when an incident has occurred and how serious it is as well as a developing a plan for the crisis – which may work best as a series of checklists or a playbook.

 

Some important things at this point to consider are how to prepare for different breach scenarios (ie is it employee or customer data affected? IP theft? Ransomware? etc…).  This will influence your strategy with the different audiences.  Don’t forget to do practice runs with your internal and external comms teams and include media training where necessary.

 

Once you have done the ground work what goes into a comms plan?

 

  • Prepare crisis checklist to deal with potential scenarios
  • Create a timeline so everyone knows who will do what when
  • Team consults with legal and forensics team to determine what incident it is and establish who it affects
  • Can you keep it under wraps? (hint: this is not usually an option!!)
  • What are your regulatory responsibilities to disclose?
  • Which stakeholders are affected?
  • Who is responsible for communicating with each group and in what order?
  • If a regulator is involved, how can you minimise a fine by demonstrating appropriate action taken?
  • If customers are involved, what is the impact on them and how should they be informed?
  • If the press are involved, how will you manage the communications?

 

It is also important to note that social media can exponentially increase if not responded to quickly and appropriately, so it will need to be determined who is responsible for these interactions.  Keep in mind that messages must be consistent, so you will need to brief managers and employees, especially customer facing teams.  In addition, it will be helpful to prepare:

 

  • An FAQ on incident scenarios
  • Media trained spokespeople
  • An external comms plan with statements on anticipated likely breach scenarios developed by team
  • An internal comms plan

 

Check and review these plans quarterly with the team to see if your organisation’s risk profile has changed.

 

Finally, breathe; keep Calm and Carry on and you will get through it.  It is not a case of if, it is a case of when a breach will happen in your organisation. As breaches become more common, what counts is how you handle them that will set you apart as a leader in your organisation (and worthy of having that place at the boardroom table!)

 

If you would like to get some first-hand advice, I am organising a panel on Crisis Communications in a post-GDPR world at the IT Security Analyst and CISO Forum’s CISO Debates 2018 on Wednesday 2nd May 2018 in London.

 

With the EU’s General Data Protection Regulation (GDPR) on the horizon, what does the board need to make sure they are communicating to employees, customers and stakeholders should the worst happen and a data breach occurs? This discussion will offer best practice advice, what to steer clear of and when to notify when dealing with a data breach event.

 

Moderator: Lee Munson

Neil Stinchcombe, Eskenzi PR

Jonathan Armstrong, Partner, Cordery

Mark Deem, Partner, Cooley (UK) LLP

Sue Milton, Managing Director, SSM Governance Associates

 

Register for free here: https://www.eventbrite.ie/e/it-security-analyst-and-ciso-forums-ciso-debates-2018-tickets-43847984502?aff=es2

The post Are you ready to handle the Crisis Comms when you get breached? appeared first on IT SECURITY GURU.

The digital transformation roadblock: existing IAM solutions are creating major barriers to digital technology adoption

Digital transformation is a much-hyped business buzzword, driven by the adoption of cloud IT services around the world. This hype has seen enterprises scramble to become more digitally agile in a fight to stay competitive. In fact, a new study by OneLogin[2], the industry leader in Unified Access Management, reveals that 92% of UK enterprises have developed a digital transformation strategy, with over two-thirds of those surveyed expecting to deploy up to 100 new commercial SaaS apps and on-premise apps in the next twelve months alone. However, there is a fundamental flaw in their progress to a more digital future – navigating and securing the digital network across a combination of legacy IT, on-premise and cloud platforms. This is where Identity and Access Management (IAM) solutions have a role to play, but are falling short of unifying all corners of the corporate network.

 

With more cloud applications coming into the corporate network and employees switching between on-premise and cloud applications daily, the corporate network has become more complex than ever before. It is therefore unsurprising that almost 90% of the 250 IT decision makers surveyed see IAM as an important, if not critical, part of their digitalisation strategy.

 

Yet the survey results reveal a strong link between the barriers to digital transformation and the pain points they feel with their current IAM solution. Key barriers to digital transformation include a fear of spiralling costs (40%), legacy systems (46%) and project complexity (37%) and the major pain points for existing IAM solutions are cost (43%), complexity (45%) and fragmented access control for multiple environments (22%).

 

Enterprises need IAM to progress their digital transformation strategies, but there is clear demand for a solution that supports every end-point of the complex corporate network, regardless of whether it’s cloud-based or on-prem.

 

To combat this issue head-on and unify the corporate network through one single solution, OneLogin has announced the newest addition to its unified platform: OneLogin Access. The solution lets customers manage access for traditional on-premise applications through a “single pane” management console that also manages access for cloud applications.

 

“Never has it been more critical — or more complex — to securely manage access across the explosion of distributed applications, data, and intelligence,” said OneLogin CEO Brad Brooks. “Our Unified Access Management Platform featuring OneLogin Access is purpose-built for hybrid customer environments. Historically, a customer’s only option was building a cumbersome, multi-vendor, prohibitively expensive solution. That all changes today.”

Companies can now modify access privileges across all applications in real time vs. days or weeks, and slash access management costs by 50% or more — all with a single Unified Access Management Platform. This platform unifies access management not only for applications, but also for networks and devices, using SaaS infrastructure to synchronise all corporate users and user directories.

The post The digital transformation roadblock: existing IAM solutions are creating major barriers to digital technology adoption appeared first on IT SECURITY GURU.

Healthcare will become digitised by 2030 to keep services alive, experts predict

Within ten years your medical check-up could involve more interaction with sensors, cameras and robotic scanning devices than human doctors and nurses, as healthcare organisations re-build services around the Internet of Things (IoT), according to a new report by Aruba, a Hewlett Packard Enterprise company.

 

The ‘Building the Hospital of 2030’ report, features the results of interviews carried out with senior healthcare leaders and futureologists. It explains both the likelihood, and the need, for the healthcare industry to create smarter workplaces that incorporate mobile, cloud and IoT technology, and explores the ways in which this will transform the patient experience and improve clinical care.

 

The study makes five key predictions for how the industry will transform by 2030, including:

 

  1. Patient self-diagnosis: Using app-based and wearable tools to monitor your health and even carry out your own scans, patients will finally have the ability to self-diagnose a wide number of conditions at home, without needing to visit a surgery or hospital.

 

  1. The automated hospital: Hospital check-in will feature imaging technology that can assess your heart rate, temperature and respiratory rate from the moment you walk in, followed by sensors that can perform a blood pressure and ECG test within 10 seconds, and lead to an automatic triage or even diagnosis right there and then.

 

  1. Health professionals double their free time: Doctors and nurses, who are currently spending up to 70% of their time on administrative work, will be able to quickly analyse scans or patient records via their mobile device, freeing up huge amounts of their day to focus on patient care.

 

  1. Digital data repositories: Devices will automatically integrate with your digital patient records, automatically updating on your condition and treatment, giving caregivers a richer, real-time, readily-accessible data to make more better decisions.

 

  1. Acceptance of AI: As artificial intelligence (AI) starts to play an increasing role in diagnosis and treatments, public support will grow to the extent that you will be willing to be diagnosed by machine – provided that services are designed and implemented around patients, the benefits are explained, and permission is sought.

 

Explaining the ability of AI to enhance medical, care, UCL Professor, Dr. Hugh Montgomery said: “Within ten years, you may be able to essay around 50,000 different blood proteins from a single drop, and make much quicker, or even automatic, diagnoses. That’s radical and in no way happens at the moment. I might get 30 variables, today.”

 

On the topic of patient self-care, Digital Health Futurist, Maneesh Juneja adds: “Let’s say you are diagnosed with diabetes or high blood pressure in 10 years time. Once you’ve been diagnosed, a lot of the monitoring of how you’re taking your medication could be done without the healthcare system seeing you as frequently. They could track your data in real-time and know if you’re deviating from your recommended diet or treatment plan, then send you a digital nudge on your smartwatch or augmented reality glasses.”

 

Such advances are far from science-fiction, argues the report, and could prove vital in the struggle to better care for an ageing population: UN figures suggest that the population of over 60s will have increased 56% by 2030, greatly increasing the need for more efficient health services.

 

“We’re in for a massive transformation and disruption in the next 5-10 years for two reasons,” said Hugh Montgomery. “Firstly the technology’s changing that fast, and secondly, there’s this massive pressure to get it out there. Because if we don’t, health services are going to fall over.”

 

Digitising and securing the hospital

 

Recognising the need to modernise, healthcare organisations are already beginning the journey towards digitisation, says the report. Aruba’s own research finds that nearly two thirds (64%) of healthcare organisations have begun to connect patient monitors to their network, and 41% are connecting imaging or x-ray devices. Such measures are the building blocks for an Internet of Things (IoT) strategy, with potentially millions of interconnected medical, wearable and mobile devices sharing up-to-date information that can be more easily shared and used to provide higher quality care.

 

However, the approach is currently fraught with risk. 89% of healthcare organisations that have adopted an IoT strategy, have experienced an IoT-related data breach. With the explosion of new technology devices appearing over the course of the next decade, a key challenge for organisations will be to maintain visibility of all devices connecting to their network and sharing medical data, in order to apply strict security rules.

 

 

Morten Illum VP EMEA at Aruba, concludes: “The rise of digital health services is about improving patient experiences, and increasing accuracy and quality of care. Above all else, that is what we think healthcare providers and members of the public should be excited about. But data security risk is emerging as one big challenge here. That’s why these changes take time to deploy, and we expect to see healthcare companies partnering with technology providers to negotiate both technological and cultural change in the coming years. With the benefits that are on offer, it is certainly worth the effort.”

The post Healthcare will become digitised by 2030 to keep services alive, experts predict appeared first on IT SECURITY GURU.

Facebook’s data scandal – the impact

When news broke that Facebook was found to be mishandling user’s data, the company’s stock plummeted as both the social networking site and its owner, Mark Zuckerberg lost billions. A whistle-blower informed that millions of Facebook users had their data exploited by the political consultancy Cambridge Analytica which is accused of improperly using the data on behalf of political clients. It was reported that Facebook knew the data was being harvested in 2015 but did not alert users at the time. Mark Zuckerberg acknowledged that a “huge mistake” had been made, but the damage had already been done. Whatever trust users had in Facebook regarding their data security will have been shot to pieces. What could this negligence be down to?

Egil Bergenlind, CEO and founder of DPOrganizer believes there is a severe lack of consideration from top-tier technology companies when it comes to the handling of data. He said, “this boils down to a lack of transparency from the social media giant about what data is being held on its users, how it is being obtained, what it is being used for and with whom it is being shared and Facebook is not alone in this. The problem is that this leads to a lack of accountability and often results in the incorrect assumption that any data collected belongs to the company, rather than its individual users.”

What organisations need to start realising is the importance of reputation and how a scandal like this can have detrimental impact. When an organisation is lambasted in the headlines for suffering a data breach, the costs in damages can be in the millions. Yet the harm sustained to the reputation of an enterprise is something that cannot be quantified. The Equifax data breach in 2017 is a prime example of this.

The Facebook/Cambridge Analytica scandal will also trigger an immediate reaction on how organisations use Facebook. A belief shared by Chris Ross, SVP International at Barracuda, who claims that, “while the longer-term effect on Facebook’s reputation remains to be seen, we expect to see organisations making decisions about whether the platform poses a security risk and how to minimise the threat on those occasions where an alternative option just doesn’t exist.”

Humans have become more vigilant regarding their data privacy and organisations need to understand this notion and begin to take data security seriously, especially with data protection laws coming into force like the European General Data Protection Regulation. Richard Holmes, cyber services lead at CGI UK touched on this fact, stating “GDPR demands that organisations have a legal basis for processing personal information. Individuals will increasingly demand to know how their data is used and where it is shared.  Terms and conditions of collecting and processing personal information will need to be much clearer to meet this demand.”

Facebook has well and truly brought data security and privacy into the international spotlight and will no doubt bring about a much-needed change in the way organisations collect, store and use sensitive data. In Europe, GDPR is a step in the right direction but time will tell if more stricter laws need to be passed to see a dramatic change.

The post Facebook’s data scandal – the impact appeared first on IT SECURITY GURU.

Malwarebytes Unveils Endpoint Protection and Response to Simplify Endpoint Monitoring, Detection and Remediation

Malwarebytes™, the leading advanced malware prevention and remediation solution, today announced the release of Malwarebytes Endpoint Protection and Response.

 

When it comes to Endpoint Detection and Response (EDR), most businesses fall into one of three categories: they either don’t have EDR and have limited visibility into endpoint activity across their infrastructure; they have an EDR solution that provides visibility, but staff lack the time to gain the expertise necessary to leverage EDR data; or they have EDR and the expertise but the solution they are using simply provides alerts without resolution. Each of these circumstances often results in missed threats or extended dwell time.

 

“Many businesses don’t have the resources to bring on dedicated, highly-specialised EDR technology and talent, leaving them with a tool that simply adds to a long queue of alerts, without fixing the underlying problems,” said Marcin Kleczynski, CEO, Malwarebytes. “Endpoint Protection and Response provides proven endpoint protection with integrated detection and response capabilities via a single agent, so organisations of all sizes can easily protect their endpoints from targeted attacks, thoroughly remediate systems and rollback ransomware.” 

 

According to ESG’s annual IT spending intentions research, IT and cybersecurity professionals have identified cybersecurity as the number one “problematic shortage” area across all of IT – for six years running. When complicated with a lack of trained EDR experts, very few companies have the resources and capabilities to accurately monitor, protect and respond to today’s threats. Malwarebytes Endpoint Protection and Response cuts through complexity, simplifies endpoint monitoring and detection, and makes remediation easy.

 

Malwarebytes Endpoint Protection and Response Features: 

 

Key features of Malwarebytes Endpoint Protection and Response protect across every stage of an attack including:

  • Cloud-based single management console and a unified agent.
  • Continuous visibility into endpoints –Endpoint Protection and Response’s flight recorder provides continuous monitoring and visibility into Windows desktops to obtain powerful insight. Businesses can easily track file system activity, network activity, process activity and registry activity. Flight recorder events are stored both locally and in the cloud, adding another sphere of safety.
  • Multi-layered protection – MalwarebytesEndpoint Protection and Response’s multi-vector protection (MVP) uses a seven-layered approach, which includes both static and dynamic detection techniques. This technique gives protection against all known and unknown threat types, from traditional viruses to tomorrow’s advanced threats.
  • Rapid identification and three modes of endpoint isolation – When an endpoint is compromised, Malwarebytesstops the bleeding by isolating the endpoint. Endpoint Protection and Response is the first product to offer three ways to isolate an endpoint. Network isolation restricts which processes can communicate. Process isolation to controls which processes are allowed to keep functioning. Desktop isolation alerts the end user and halts further interaction to limit damage. With these three controls, malware is rendered incommunicado and remote attackers are locked out.
  • Complete remediation and ransomware rollback –Malwarebytesproprietary linking engine provides complete and thorough remediation to rapidly return an endpoint to a truly healthy state and minimise impact to the end-user, post-compromise. Rollback technology winds back the clock up to 48 hours, negating the impact of ransomware with just-in-time backups prior to infection.

Customer Benefits:

 

Unlike other vendor solutions, Malwarebytes Endpoint Protection and Response provides:

  • Multi-layered protection incorporating signature-based and signature-less technologies
  • A proprietary Linking Engine Technology achieving complete and thorough remediation
  • Ease of deployment and management with remediation from a single console
  • Elimination of EDR complexity with three modes of endpoint isolation, automated remediation, and Ransomware Rollback up to 48 hours

Malwarebytes Endpoint Protection and Response allows organisations to proactively hunt for malware across all of their endpoints without the need for a dedicated resource. This increases the efficacy of protection and provides a lower total cost of ownership. The single console delivers significantly greater security visibility and direct drill-downs to explore and instantly manage all security events. All this is accomplished with reduced hardware cost and a reduced server footprint.

The post Malwarebytes Unveils Endpoint Protection and Response to Simplify Endpoint Monitoring, Detection and Remediation appeared first on IT SECURITY GURU.

Research Findings Show Industry Leaders Struggle to Balance Digital Innovation and Security

Akamai Technologies, Inc. (NASDAQ: AKAM), the world’s largest and most trusted cloud delivery platform, today released data noting how companies are struggling with the tug-of-war between advancing digital innovation and ensuring secure digital experiences that maintain user trust and mitigate risk. As part of a commissioned study of more than 350 global information technology leaders conducted by Forrester Consulting on behalf of Akamai, the results also show that the companies defined as being the most digitally mature — best balancing innovation and security– grow faster than their competitors.

As the world’s largest and most trusted cloud delivery platform, Akamai has delivered approximately 95 exabytes of data a year across billions of devices. Top financial institutions, online retailers, media and entertainment providers, and government organisations have leveraged the power of Akamai’s cloud platform to deliver exceptional digital experiences to customers. As a result, Akamai has seen firsthand the critical intersection of user experience and digital security, and how it ultimately impacts customer behavior.

“With the help of this research by Forrester, Akamai has created a way to evaluate how digitally mature a company is, based both on the effectiveness of its digital experience and the strength of its security posture,” said Ari Weil, vice president of product marketing, Akamai. “It is imperative for these innovators to strike a delicate balance between seamless digital experience and comprehensive security. We think our research shows how companies are achieving, or struggling to reach, that balance, and Akamai is ready to help usher any organisation along a path to digital maturity.”

Those interested in getting a jumpstart on your own digital maturity initiative can click here for a self-assessment to determine how well a company balances digital experience delivery with digital security. Following the assessment, check out this infographic on best practices for delivering digital experiences.

Digital innovation sits at the helm of today’s complex enterprise environment. The Forrester study indicates that delivery of digital experiences is critical to competitive edge, customer satisfaction and even more importantly — achieving customer trust. For any given enterprise organisation, meeting unique customer needs is a challenge — addressing disparate regions, network connectivity and device usage has complicated the ability to deliver secure, personalised digital experiences. The study examines how digital businesses across the globe and various industries align overall user experience and security with strategic priorities.

Findings from the survey research include:

  • Digital struggles are a reality: A high number of executives reported difficulty in achieving the proper balance between security and digital experiences. Most respondents feel as though their firm is strongest in security and trust, but weakest in digital experience maturity.
  • Trust is at an all-time low: More than one third of surveyed executives feel they only have a moderate level of trust from their customers, due in large part to suspicion around a company’s data use practices.
  • Lack of trust attributed to lack of security, equates to lack of revenue: Customers are more comfortable sharing data with companies they actually trust; when firms fail to deliver on security, their brand reputation, customer trust and even revenue are negatively impacted. In fact, the study notes that even suspicion of a company’s data use practices can lead to a 25 percent reduction in revenues.

To learn more about Forrester’s analysis into how industry leaders balance digital experience with customer trust, download the full study here.

The post Research Findings Show Industry Leaders Struggle to Balance Digital Innovation and Security appeared first on IT SECURITY GURU.

Study Reveals 40 Percent of Large Businesses Will Implement Intelligent Assistants or Chatbots by 2019

 Spiceworks today announced the results of a new survey examining the adoption and usage of intelligent assistants and AI chatbots in the workplace. The results show that within the next 12 months, 40 percent of large businesses – those with more than 500 employees – expect to implement one or more intelligent assistant or AI chatbot on company-owned devices, compared to 25 percent of mid-size companies and 27 percent of small businesses. The findings indicate that although adoption is on the rise, some organisations are holding back due to a lack of use cases in the workplace and privacy concerns.

Across all company sizes, Microsoft Cortana is the most commonly used intelligent assistant in the workplace, likely due to its native integration into Windows 10. Among organisations that have implemented intelligent assistants or chatbots on company-owned devices and services, the results show 49 percent are currently using Microsoft Cortana for work-related tasks, followed closely by Apple Siri at 47 percent. Additionally, 23 percent of organizations are using Google Assistant and 13 percent are using Amazon Alexa. Looking specifically at AI chatbots, the results show 14 percent of organizations are using AI chatbots integrated in collaboration tools (e.g., Microsoft Teams, Slack), while only 2 percent of organizations have custom-built AI chatbots. However, an additional 10 percent plan to build one in the next 12 months.

One in four organizations use AI chatbots and assistants to support team collaboration

Among companies using AI chatbots and intelligent assistants, 46 percent are using them for voice to text dictation, 26 percent are using them to support team collaboration, and 24 percent are using them for employee calendar management. Additionally, 14 percent are using AI chatbots and assistants for customer service and 13 percent are using them for IT help desk management.

In terms of which departments are supported by AI chatbots and assistants, the results show 53 percent of organizations use them within their IT department, 23 percent use them to support their administrative department, and 20 percent use them to support the customer service department. Sixteen percent of organizations are also using AI chatbots and assistants in their sales and marketing departments.

Among organizations that are not using AI chatbots or intelligent assistants, the results show 50 percent have not implemented them due to a lack of use cases in the workplace, while 29 percent note security and privacy concerns and 25 percent are holding back due to the cost.

IT professionals believe AI will help automate mundane tasks rather than replace jobs

Although 40 percent of IT professionals believe AI can replace entry-level jobs that don’t require human creativity, they feel relatively secure when it comes to their own jobs. Only 17 percent of IT professionals believe AI will put IT jobs at risk. In fact, 76 percent believe AI will help automate mundane tasks and enable more time to focus on strategic IT initiatives. On average, IT professionals believe 19 percent of their current daily tasks can be automated via AI and intelligent automation.

However, despite the rising adoption of AI, only 20 percent of IT professionals believe their organization has the proper skills, talent, and resources to implement and support AI technology. The study also revealed only 5 percent of IT professionals believe their organization values AI skillsets and experience when making hiring decisions.

“While AI has the potential to drastically alter life as we know it, the technology is still in its infancy,” said Peter Tsai, senior technology analyst at Spiceworks. “As a result, many companies aren’t thinking about the tools and expertise they’ll need to support artificial intelligence. However, AI is rapidly advancing and becoming a more integral part of our software, devices, and lives. As a result, companies should start putting policies and procedures in place so they can to take full advantage of and manage this technology in the future.”

The post Study Reveals 40 Percent of Large Businesses Will Implement Intelligent Assistants or Chatbots by 2019 appeared first on IT SECURITY GURU.

Global Trends Report Reveals All-Time High of 20,000 Vulnerabilities Last Year

Flexera, the company that’s reimagining how software is bought, sold, managed and secured, today released Vulnerability Review 2018 – Global Trends, the annual report from Secunia Research at Flexera. The report provides data on vulnerabilities to help companies understand the vulnerability landscape and devise strategies to secure their organizations. Vulnerabilities are a root cause of security issues – errors in software that can work as entry point for hackers, and be exploited to gain access to IT systems.

A Surge in Vulnerabilities

This year’s report reveals a continuing surge in vulnerability growth. In 2017 documented vulnerabilities increased 14 percent to 19,954, up from 17,147 in 2016. This means that companies are being exposed to an escalating number of security risks, underscoring the need to maintain continuous visibility of their software assets and the vulnerabilities affecting them. Companies also need to ensure critical vulnerabilities are prioritized and addressed before exploitation risk increases.

“There’s no question based on this year’s results, the risks remain high,” said Kasper Lindgaard, Director of Research and Security at Flexera. “As the potential for breaches expands, the pressure is on executives to increase vigilance through better operational processes – instead of reacting to risks that hit media headlines and cause disruption. The Equifax breach and WannaCry attacks taught us that.”

Avoiding Attack is Possible: 86 Percent of Patches Available on Disclosure Day

The Flexera report offers hope for companies seeking to minimize their risk of incidents. Patches were available for 86 percent of the vulnerabilities on the day of disclosure. In addition, zero-days – instances in which a vulnerability is exploited before public disclosure – remain rare. Only 14 of the 19,954 known vulnerabilities in 2017 were zero-days, a 40 percent drop from 2016.

“Organizations need to take advantage of this knowledge to remediate most vulnerabilities before risk of exploitation increases,” advised Lindgaard. “But the process cannot be adhoc. Without a consistently applied patching methodology, organizations will slip, leaving vulnerabilities unpatched for long periods. This gives criminals a large window of opportunity to execute their attacks. We advise a formal, automated software vulnerability management process that leverages intelligence to identify risks, prioritize their importance and resolve threats.”

Key Findings from the 2018 Vulnerability Review

  1. In 2017, Secunia Research at Flexera detected 19,954 vulnerabilities discovered in 1,865 applications from 259 vendors. This represents an increase of 38 percent over five years, and 14 percent when compared to the previous year.
  2. 86 percent of vulnerabilities had a patch available within 24 hours of disclosure, compared to 81 percent in the previous year.
  3. The number of zero-days – vulnerabilities exploited prior to public disclosure – dropped to 14, compared to 23 in the previous year.
  4. 17 percent of vulnerabilities in 2017 were ranked Highly Critical, and 0.3 percent as Extremely Critical.
  5. The primary attack vector to trigger an attack was via a remote network at 55 percent.

The post Global Trends Report Reveals All-Time High of 20,000 Vulnerabilities Last Year appeared first on IT SECURITY GURU.

60% of Critical Infrastructure Operators Say Cyber Security Controls Lacking

Indegy, the leader in industrial cyber security, today announced that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months.

“We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, CEO of Indegy. “As the recent joint DHS/FBI CERT Technical Alert illustrates, adversaries have compromised facilities across the US to conduct reconnaissance and likely develop “Red Button” capability for future attacks.”

Lack of Visibility and Control Cited

While organizations have made significant investments to secure their IT infrastructures, they have not fully addressed threats to operational technology (OT) environments. The recent Indegy poll of nearly 100 executives from various critical infrastructure organizations underscores the lack of preparedness in key sectors including energy, utilities and manufacturing. Among the key findings:

  • 35% of respondents said they have little visibility into the current state of security within their environment, while 23% reported they have no visibility
  • 63% claimed that insider threats and misconfigurations are the biggest security risks they currently face
  • 57% said they are not confident that their organization, and other infrastructure companies, are in control of OT security
  • Meanwhile, 44% of respondents indicated an increase in ICS spending was planned in the next 12 to 24 months, with 29% reporting they were not sure

To find out more about critical infrastructure and industrial security threats and countermeasures visit: https://www.indegy.com/resources/

The post 60% of Critical Infrastructure Operators Say Cyber Security Controls Lacking appeared first on IT SECURITY GURU.

Cyber Threat Intelligence is Maturing but 62 per cent of Respondents Say Lack of Skilled CTI Professionals is Major Roadblock to Implementation

SANS, the largest and most trusted provider of cyber security training and certification to professionals worldwide, has released the results of its annual SANS 2018 Cyber ​​Threat Intelligence Survey. The study sheds light on the evolution of Cyber ​​Threat Intelligence (CTI) in cyber security and shows that CTI is maturing as a discipline.

In one of the clearest trends SANS has seen in the last three years, respondents have increasingly stated that CTI is improving their prevention, detection and response capabilities. In 2018, 81 percent of respondents state their cyber threat intelligence implementations have resulted in improvements, compared to 78 percent in 2017 and 64 percent in 2016. In addition, the number of respondents who answered “unknown” (in other words, they didn’t feel they could answer the question confidently) has more than halved since 2016, jumping from 34 percent in 2016 to 21 percent in 2017, and now to only 15 percent in 2018.

What’s more, 68 percent of respondents say they have implemented CTI this year, and another 22 percent plan to introduce it in the future. Only 11 percent of companies have no plans to do so, falling from the previous year (15 percent). This indicates that CTI is becoming more useful overall, especially to security operations teams that are working hard to integrate intelligence into their prevention, detection and response strategies.

“As the threat landscape continues to change, and with more advanced attackers than ever, security teams need all the help they can get to more effectively prevent, detect and respond to threats,” says the survey’s author, Dave Shackleford, SANS Analyst and Senior Instructor. 

CTI skill set in demand

However, finding skilled staff to operate CTI consoles is getting more difficult, according to this year’s report, despite the trends showing that CTI can play an important role in an organisation’s security strategy. In this year’s survey, 62 percent of respondents cite a lack of trained CTI professionals and skills as a major roadblock, an increase of nearly 10 percentage points over 2017 (53 percent). This indicates that the more CTI is used and consumed, the more this skill set is in demand. It may therefore be much more difficult to find staff members who are experienced in setting up and operating CTI programs. Similarly, 39 percent cite a lack of technical ability to integrate CTI tools into the organizational environment. 

Better visibility and improved security operations
As a result of their CTI program efforts, respondents report better visibility and improved security operations. For example, 71 percent indicate overall satisfaction with visibility into threats and indicators of compromise (IoCs). When specifying improvements, 70 percent of participants report improved security operations, while 66 percent cite improved ability to detect previously unknown threats.

Responses to the 2018 survey reveal a growing emphasis on CTI being used for security operations tasks: detecting threats (79 percent), incident response (71 percent), blocking threats (70 percent) and threat hunting (a little further down the list at 62 percent). The survey responses indicate that threat intelligence is key in augmenting and improving firewall rules, network access control lists and reputation lists. Known sites and indicators associated with ransomware are then being shared through threat intelligence, allowing operations teams to quickly search for existing compromise and proactively block access from internal clients.

Fortunately, many organizations are sharing details about attacks and attackers, and numerous open source and commercial options exist for collecting and integrating this valuable intelligence. All of this has resulted in improvements in organizations’ abilities to improve security operations and detect previously unknown attacks,” Shackleford continues.

He summarises the results this way: “These results reinforce the trends we’re seeing that indicate CTI is being primarily aligned with the SOC and is tying into operational activities such as security monitoring, threat hunting and incident response.”

The full report can be found at: https://www.sans.org/reading-room/whitepapers/threats/cti-security-operations-2018-cyber-threat-intelligence-survey-38285

The post Cyber Threat Intelligence is Maturing but 62 per cent of Respondents Say Lack of Skilled CTI Professionals is Major Roadblock to Implementation appeared first on IT SECURITY GURU.

Cylance® Strengthens Executive Team with New Chief Information Officer, Chief Marketing Officer and Chief Product Officer

Cylance Inc., the company that revolutionized the antivirus and endpoint protection industry with true AI-powered prevention that blocks advanced cyberattacks, including fileless attacks, malware, advanced persistent threats, and zero-day attacks, today announced the appointment of Grant Johnson as Chief Marketing Officer (CMO) and Kumud Kalia as Chief Information Officer (CIO). The company also promoted Eric Cornelius to Chief Product Officer (CPO). Johnson and Kalia bring decades of leadership experience at global enterprise technology organizations. Cornelius has over a decade of experience as a trusted security practitioner and product builder.

“Cylance’s long-term vision to protect every person and device is only possible if we continue to bolster a best-in-class leadership team,” said Stuart McClure, Chairman and CEO at Cylance. “Grant and Kumud bring a stellar track record of executive leadership and the expertise required to propel our mission and build on our proven strategy. Not only are the new executives critical to our success, we are also recognizing Eric’s exemplary product and innovation leadership. Today, our executive team is stronger than ever as we establish Cylance as the global leader in endpoint protection.”

As CMO, Johnson will lead Cylance’s global marketing strategy and execution, reporting to Daniel Doimo, President and COO. Previously, Johnson was CMO at Kofax, a robotic process automation company. Johnson led Kofax’s marketing efforts during its growth from a private company through its IPO on Nasdaq and a rollup and integration of a $700 million software portfolio. During his extensive career, Johnson also held senior marketing roles at Pegasystems, Guidance Software, FileNet Corporation, FrontBridge and Symantec and developed substantial expertise in global market expansion, product line extension and customer acquisition to help drive rapid revenue growth.

“Cylance’s commitment to protecting every endpoint from the most advanced threats is redefining cybersecurity across every vertical,” Johnson said. “As Cylance emerges as the global leader in endpoint protection, I am excited to help drive the next phase of Cylance’s growth.”

As CIO, Kalia will be responsible for the strategy, implementation and management of the infrastructure and applications that support Cylance’s business processes and rapid growth. Kalia will report to Stuart McClure, Chairman and CEO. With over 30 years of experience scaling IT systems for high-growth companies, Kalia joins Cylance from Akamai Technologies, where he led IT and business transformation to enable the company’s growth. Previously, Kalia has held CIO and operations roles within global energy, telecom and finance organizations.

“Artificial intelligence-powered prevention represents the future of security,” Kalia said. “I am thrilled to join the Cylance team, helping our customers solve their most critical security challenges. I look forward to helping the team scale the business, and to delivering an agile user experience to customers, employees and partners.”

In his role as Chief Product Officer, Cornelius will drive product and innovation, and will continue to lead Cylance’s product management and corporate development teams. As a veteran security practitioner and product builder, Cornelius joined Cylance in 2012 as head of critical infrastructure and incident response under the services team and was later promoted to VP of Innovation. He was formerly Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the United States Department of Homeland Security.

“We have surpassed incredible milestones throughout my five years at Cylance,” Cornelius said. “From executing on our aggressive innovation agenda to expanding globally, the company is poised to accelerate our vision and take on new strategic opportunities.”

The post Cylance® Strengthens Executive Team with New Chief Information Officer, Chief Marketing Officer and Chief Product Officer appeared first on IT SECURITY GURU.

No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims

Over a quarter of businesses that have been hit by a Distributed Denial of Service (DDoS) attack don’t think they were the intended target, highlighting that businesses can’t afford to be complacent when it comes to today’s threat landscape. According to research from Kaspersky Lab, 27 per cent of respondents said being an innocent bystander was the most likely reason for DDoS attacks on their organisation, suggesting that all businesses are in the firing line, even when they are not on the hit list.

The continued threat of DDoS attacks and the value that they bring to those that deploy them – from halting company operations, through to accessing confidential information or demanding a ransom – means that all businesses are potential targets. Despite this, organisations are still showing signs of cyber-complacency, with 28 per cent not using specialised anti-DDoS protection because they believe they are unlikely to be targeted by DDoS attacks.

However, this complacency is misplaced. Of the companies that experienced a security incident within the last 12 months, 44 per cent blamed a DDoS attack as being a contributing factor to that incident – up from a quarter (25 per cent) in 2016. This shows the impact of these types of attacks in today’s workplace and the need for organisations to proactively defend themselves against them.

It’s not just unintended attacks that firms must be ready to ward off at a moment’s notice. Nearly a quarter (23 per cent) of businesses believe a competitor was behind a DDoS attack on their organisation – most likely for espionage or disruption purposes; 24 per cent believed it was used as a distraction tactic to hide another attack from IT staff, and 24 per cent believe that a DDoS attack was designed to specifically disrupt their operations.

“Businesses can’t afford to display an ‘it won’t happen to me mentality’ towards DDoS attacks, but a worryingly large proportion of organisations are still doing so – despite today’s heightened threat landscape,” commented David Emm, Principal Security Researcher at Kaspersky Lab. “Given the number of attacks that companies have faced over the last year, businesses must take responsibility for their cybersecurity – no organisation is safe from DDoS attacks. There is no room for complacency when it comes to keeping operations running smoothly and critical data protected.”

With the financial consequences of DDoS attacks ranging from fighting against the attack itself, to a loss of revenue or business opportunities, it’s certainly better to be safe than sorry. That’s where Kaspersky DDoS Protection comes into play, providing a fully-integrated solution with advanced intelligence capabilities to protect businesses of all sizes from the most complex and high-volume DDoS attacks. More information can be found here.

The post No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims appeared first on IT SECURITY GURU.

European Cyber Security Bloggers Awards Opens for Nominations

The European Cyber Security Bloggers Awards has returned in 2018 to recognise the best blogs and podcasts in the industry, as voted by peers. Nominations have now opened until midnight on the 30th of April.  The winners will be revealed at the security blogger’s meet up on Tuesday, 5th of June to coincide with Infosecurity Europe held at Kensington Olympia.

This year will see the third European Cyber Security Blogger Awards hosted by Brian Honan from BH Consulting and Eskenzi PR. Bloggers and podcasters can vote for their favourite blogs that must be focused on information security issues from around the world as well as Europe. The awards will take place alongside the Infosecurity Europe event to be held in London from June 5th to June 7th.

“Cyber security issues touch everyone’s life in some form or another; whether it’s in the workplace or personal use of the many devices and applications we use in our day to day lives,” said Brian Honan, founder of BH Consulting. “The European Cyber Security Bloggers Awards are designed to recognise the very best blogs and podcasts that help keep us up to date with the latest security advice and vulnerabilities – which is no easy feat in today’s security landscape.”

The categories under which security related blogs, podcasts etc. can be nominated are listed below:

Best Corporate Security Blog

The Best European Corporate Security Blog

Best European Security Podcast

Best Security Podcast

Best Security Video Blog

Best Personal Security Blog

Best European Personal Security Blog

Most Entertaining Blog

Most Educational Blog

Best New Security Blog (Must be live after 01/06/2015)

Best EU Security Tweeter

Grand Prix Prize for the Best Overall Security Blog

 

To vote, please visit: https://www.surveymonkey.com/r/eubloggerawards2018

Nominations close midnight GMT 30th April 2018. The nominated blogs will then be put forward to be voted on by the public and the panel of judges.

 

The winners of the awards will be announced at the security bloggers meetup on Tuesday the 5th of June at The Crown & Sceptre 34 Holland Road, London W14 starting at 18:00. Bloggers and podcasters can register here to attend: https://www.eventbrite.ie/myevent?eid=43660782576

“Eskenzi PR is delighted to be able to host the European Cyber Security Bloggers Awards as we know how much time and dedication goes into writing a truly insightful and balanced blog,” said Yvonne Eskenzi, Founder of Eskenzi PR. “As these awards are judged by the general public alongside a team of independent judges, it’ll be both intriguing and interesting to find out who everyone agrees is the vocal player out there, making a difference to the cyber-security industry! Time will tell!”

The judges who will be sifting through all the nominees for the awards include:

Javvad Malik from AlienVault; Jack Daniel from Tenable; Brian Honan from BH Consulting; Yvonne Eskenzi from Eskenzi PR; Quentyn Taylor from Canon Europe and Dan Raywood from Infosecurity Magazine.

The post European Cyber Security Bloggers Awards Opens for Nominations appeared first on IT SECURITY GURU.

Macro-less Word Document Attacks on the Rise and Zero Day Malware Variants Jump 167 Percent

Total malware attacks are up by 33 percent and cyber criminals are increasingly leveraging Microsoft Office documents to trick victims and deliver malicious payloads, according to the latest Internet Security Report from WatchGuard Technologies, based on global threat intelligence data from nearly 40,000 Firebox appliances. WatchGuard has also launched a new Threat Landscape data visualisation tool, giving public access to daily updates about the most prevalent computer and network security threats affecting SMBs and distributed enterprises.

Dynamic Data Exchange (DDE) attacks topped WatchGuard’s top-ten malware list as hackers increasingly exploited issues within the Microsoft Office standard to execute code. Also called ‘macro-less malware’, these malicious documents often use PowerShell and obfuscated script to get past network defences. Additionally, two of the top-ten network attacks involved Microsoft Office exploits, further emphasising the growing trend of malicious document attacks.

Overall, malware attacks grew significantly, while zero day malware variants jumped 167 percent. WatchGuard Fireboxes blocked over 30 million malware variants in Q4 2017, which was a 33 percent increase over the previous quarter. Out of the total threats prevented, the subset of new or zero day malware instances rose steeply by 167 percent, compared to the previous quarter. These increases can likely be attributed to heightened criminal activity during the holiday season.

 

“After a full year of collecting and analysing Firebox Feed data, we can clearly see that cyber criminals are continuing to leverage sophisticated, evasive attacks and resourceful malware delivery schemes to steal valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Although these criminal tactics may vary over time, we can be certain that this broad trend will persist, so the risks have never been greater for small and midsize organisations with less IT and security resources. We encourage businesses of all sizes to proactively mitigate these threats with layered security services, advanced malware protection and employee education and training in security best practices.”

 

The report also shows that nearly half of all malware detected eluded basic antivirus (AV) solutions. WatchGuard Fireboxes block malware using both legacy signature-based detection techniques and a modern, proactive behavioural detection solution – APT Blocker – which provides advanced malware protection by catching malware variants missed by legacy AV signatures. This zero day malware accounted for 46 percent of all malware in Q4. This level of growth suggests criminals are using more sophisticated evasion techniques capable of slipping attacks past traditional AV services, which further underscores the importance of behaviour-based defences.

 

Script-based attacks caught by signatures for JavaScript and Visual Basic Script threats, such as downloaders and droppers, accounted for 48 percent of top malware detected in Q4. Users should take note of the continued popularity of these attacks and watch out for malicious script in web pages and email attachments of any kind.

 

The full Internet Security Report features evaluations of the quarter’s most pervasive malware and network attacks, recommendations for useful defensive strategies in today’s threat landscape, and a detailed breakdown of “the Krack Attack” – one of the top information security issues in 2017.

 

Additionally, the report includes a new research project from the WatchGuard Threat Lab, which analyses a database of more than 1 billion stolen password records to stress just how often users choose weak passwords and re-use credentials across multiple accounts. This quarter’s conclusions are based on anonymised Firebox Feed data from nearly 40,000 active WatchGuard Fireboxes worldwide, which blocked more than 30 million malware variants (783 per device) and 6.9 million network attacks (178 per device) in Q4 2017.

The post Macro-less Word Document Attacks on the Rise and Zero Day Malware Variants Jump 167 Percent appeared first on IT SECURITY GURU.

Consumer Groups Calls on Mark Zuckerberg to Step Down As Facebook CEO and Board Chair Amid Data Breach, Privacy Scandals

SumOfUs, an international consumer watchdog with more than 14 million members around the world, is demanding that Facebook CEO Mark Zuckerberg step down amid several now-public controversies regarding the company’s use of user data, and its collection and distribution.

 

Last week, Facebook stated that it had suspended Strategic Communication Laboratories (SCL), and its political data analytics firm, Cambridge Analytica, for violating the company’s policies on data collection and retention. Both SCL and Cambridge Analytica ran data operations for Donald Trump’s 2016 presidential election campaign, and are widely credited with helping Trump more effectively target voters on Facebook, though the exact nature of their role is unknown. Over the weekend, Facebook admitted that it had been collecting call and text history from some users for years.

 

In reaction to the news, and in light of other issues concerning privacy, censorship and data collection at Facebook, Lisa Lindsley, Capital Markets Advisor for SumOfUs, issued the following statement, calling on Facebook’s Mark Zuckerberg to step down as CEO and Board Chair.

 

“Facebook CEO Mark Zuckerberg should step down. For too long, Mark Zuckerberg has kept users in the dark about how it censors speech, allowed companies like SCL and Cambridge Analytica to take advantage of users on its platform, and collected private user call and text data. This is unacceptable.

 

“Last year, we worked with Facebook shareholders to urge that the company create an independent board chair, warning that the current structure, where Zuckerberg serves as his own boss, was a recipe for disaster.  

 

“Multiple scandals later, it’s clear that enough is enough. Zuckerberg has proven himself unable or unwilling to protect Facebook’s user data or privacy, which is why we firmly believe that shareholders should take action to remove him as CEO and Board Chair.

 

“It’s time for new leadership at Facebook—one that protects users from unethical data collection, state-sponsored censorship, and privacy violations.”

 

Last year, SumOfUs asked Facebook to adopt an independent board chair to oversee Zuckerberg and other managers.  The SumOfUs shareholder proposal received support of almost half of the shares not controlled by Zuckerberg.

 

SumOfUs also targeted Mark Zuckerberg with a petition last year over Facebook’s removal of Black Lives Matter-related videos and police violence, and other state-sponsored censorship around the globe. The joint petition gathered nearly 600,000 signatures.

The post Consumer Groups Calls on Mark Zuckerberg to Step Down As Facebook CEO and Board Chair Amid Data Breach, Privacy Scandals appeared first on IT SECURITY GURU.

Organisations with Threat Detection platforms can cut time taken to identify a threat by 80 percent

A new Total Economic Impact (TEI) study conducted by Forrester Consulting and commissioned by AlienVault, a leading crowdsourced threat intelligence provider, examined the potential return on investment (ROI) for organisations that deployed the AlienVault Unified Security Management (USM) Platform and has revealed excelling results for the product.

Organisations that deployed the AlienVault solution saw an 80 percent improvement in threat detection and incident response time, effectively reducing the risk of a security breach and bringing down the average costs of a cyber incident.

With the average cost of a cyber attack reportedly costing $11.7m a year, this could be some welcomed news for organisations seeking to invest in a new security solution.

The research also revealed that organisations that utilised the cloud-based security monitoring solution, AlienVault USM Anywhere, would save more than $40,000 annually in threat intelligence spending.

“The results of the study are clear – there are significant benefits to our differentiated approach,”  said Barmak Meftah, AlienVault’s president and CEO. “A SaaS-driven deployment model that integrates critical security capabilities into a unified platform enabling faster detection and response to threats. We commissioned this study from Forrester to help organisations and partners better understand why it’s time to re-think how they approach security.”

Furthermore, the research which was carried out by Forrester and based on in-depth AlienVault customer interviews and analysis, uncovered that over a three-year period, organisations will also see a return on investment of up to six times as well as see a reduction in compliance reporting by 94 percent, a saving of nearly 6,000 hours of compliance reporting for auditors.

Meftah continues saying, “in addition to operational efficiency gains, organizations can reduce risk while ensuring compliance mandates are met to help drive business growth. To detect security threats and manage compliance, many organisations and MSSPs are using traditional point solutions, but this approach is expensive and resource intensive.”

To view the full study click here: https://www.alienvault.com/resource-center/analyst-reports/forrester-total-economic-impact-study

The post Organisations with Threat Detection platforms can cut time taken to identify a threat by 80 percent appeared first on IT SECURITY GURU.

Over half of European companies unprepared for email-based cyberattacks

Today Cofense, the leading provider of human-driven phishing defence solutions worldwide, announced the results of its European-wide Phishing Response Trends Report, which looked at the phishing response strategies of IT security decision-makers across a variety of industries throughout Europe. The report found that 57 percent of European companies believed they were unprepared for a phishing attack, despite 78 percent of IT professionals having dealt with a security incident originating from a deceptive email. This was significantly lower than the 66 percent in the US that had dealt with a similar incident.

Across all the European countries surveyed, security teams reported that they are struggling to manage their response to the number of suspicious emails being received. The US and Europe differ, however, in their appetite for automated email analysis to solve this problem. 59 percent of respondents in Europe had automated email analysis on their wish list, compared to only 33 percent in the US. Arguably, this could point to the skills gap much discussed across Europe . With organisations of all sizes struggling to find IT talent and particularly cyber security skills, perhaps the need for an automated and integrated system to deal with suspicious emails is being felt more acutely in Europe.

Other key findings in the report include:

– The number one security concern is phishing and email-related threats.

– 41 percent of respondents say their biggest anti-phishing challenge is poorly integrated security systems.

– 6 in 10 companies believe they have insufficient defences against email-based threats.

– The UK reports the most suspicious emails each week across Europe with 23 percent reporting more than 500, Belgium reports the least at 16 percent followed by Germany at 18 percent, France at 20 percent and the Netherlands at 22 percent.

With phishing and email-related threats being the primary security concern of the European-based survey respondents, it is critical that businesses have an effective strategy to counter the attack vector which is fully integrated with broader security solutions. It is paramount, for example, that phishing simulations are akin to the real thing and encourage reporting which, in turn, can not only stop a malicious email compromising an enterprise’s network, but can give the incident response team a head start.

“The analysis of email-based attacks gives us extremely valuable insight into the security posture of European organisations,” said Rohyt Belani, co-founder and CEO of Cofense. “What we’re really looking at here is addressing human susceptibility and building human resiliency to work in concert with technology to combat security threats facing Europe. Technology solutions alone have proved time and time again that they can only go so far to protect enterprises. It is not enough to lock down systems and force users into acting a certain way, instead we need to build a human-driven phishing defence posture that leverages human instinct for detection and technology to scale response,” he concluded.

The full report is available for download here: https://cofense.com/phishing-response-trends-europe/

To learn more about Cofense’s incident response solutions, please visit: https://cofense.com/product-services/triage/

The post Over half of European companies unprepared for email-based cyberattacks appeared first on IT SECURITY GURU.

Registration now open for the annual IT Security CISO Debates and Conference

The IT Security Guru is pleased to announce that registration is now open for the IT Security CISO Debates and Conference with a comprehensive line up of topics including the cyber security skills shortage, GDPR and industry’s best practices.

The UK’s top CISOs and global IT Security Association Leaders will lead these exciting and current debating sessions and earn CPE credits towards your SSCP®/CISSP® and ISACA certifications.

The full conference line up is as follows:

2:00 – 2:45pm: What is “good security” anyway? CISOs top tips on what makes a company secure

In this panel, CISOs from all walks of industry will share their best practice and advice. From training, technology and techniques, these CISOs will have an open and frank discussion about what “good security” looks like in a modern enterprise.

Moderator: Sarb Sembhi, CTO, CISO & DPO, Virtually Informed

Panellists: Shan Lee, ‎Information Security Officer, TransferWise; Sandip Patel, Director, Information Security Consultancy, GSK; Quentyn Taylor, Director of Information Security, Canon Europe

2:50pm – 3:35pm: Crisis Communications in a post-GDPR world

With the EU’s General Data Protection Regulation (GDPR) on the horizon, what does the board need to make sure they are communicating to employees, customers and stakeholders should the worst happen and a data breach occurs? This discussion will offer best practice advice, what to steer clear of and when to notify when dealing with a data breach event.

Moderators: Lee Munson

Panellists: Jonathan Armstrong, Partner, Cordery Compliance; Neil Stinchcombe, Director, Eskenzi PR; Sue Milton, Managing Director, SSM Governance Associates; Mark Deem, Partner, Cooley UK

3:35pm – 4:00pm: BREAK

4:00pm – 4:45pm: What can the Military teach us when it comes to protecting the Enterprise?

This panel will bring together Military professionals to discuss what lessons companies can learn from taking a leaf out of their playbooks.

Moderator: Peter Wood, CEO, First Base Technologies LLP

Panellists: Gerry O’Neill, Director, Inforisca; James Hadley, Founder/CEO, Immersive Labs; Jennifer Dean, Chair of Law at the British Computer Society

4:50pm – 5:30pm: What are those in the know doing to close the skills gap?

The skills gap has been a major problem plaguing the security industry and will continue to do so for the foreseeable future. Now it’s time for action – hear how some of the industry’s best practitioners and professionals are taking a stand and combating the problem head-on.

Moderator: Stephen Khan, Head of Information, HSBC;

Panellists: Quentyn Taylor, Director of Information Security, Canon Europe; Steve Williamson, Audit Account Director, Information Security and Data Privacy, GSK; Thomas Langford, Chief Information Security Officer, Publicis Groupe; Matt Parsons, head of Cyber Skills policy team in DCMS; Peter Wood, CEO, First Base Technologies LLP

5:30pm – 6:00pm: Food and Drink reception

To secure your place to attend the IT Security CISO Debates hosted by IT Security Guru and learn from the UK’s top industry experts,  please register: https://www.eventbrite.ie/e/it-security-analyst-and-ciso-forums-ciso-debates-2018-tickets-43847984502?aff=es2

The post Registration now open for the annual IT Security CISO Debates and Conference appeared first on IT SECURITY GURU.

Global Organisations Fail to Invest in Much-Needed Security Ahead of GDPR

Less than two-thirds (63%) of global organisations have a breach notification process in place for their customers, while only half have increased investment in IT security ahead of the GDPR despite complaints from tech staff, according to Trend Micro.

The global cybersecurity leader polled over 1,000 IT decision makers from businesses with 500+ employees around the world: in the UK, US, France, Italy, Spain, Netherlands, Germany, Poland, Sweden, Austria and Switzerland.

Its findings revealed that just 51% have increased security investments to help with compliance, despite a quarter of respondents complaining that “lack of sufficient IT security protection” (25%) and a “lack of efficient data security” (24%) are the biggest challenges to compliance efforts.

Less than a third (31%) said they have invested in encryption, despite it being one of the few technologies named in the GDPR. Similarly, few organisations have spent money on Data Loss Prevention (33%) or advanced technologies designed to detect network intruders (34%).

A quarter of organisations (25%) claimed that limited resource are the biggest challenge to compliance, providing further insight into some of the reasons behind this under-investment.

“The GDPR is clear that organisations must find state-of-the-art technologies to help repel cyber-threats and keep key data and systems secure. It’s concerning that IT leaders either don’t have the funds, or can’t find the right tools to tackle compliance,” said Simon Edwards, Cyber Security Solution Architect at Trend Micro. “Organisations need defence-in-depth combining a cross-generational blend of tools and techniques, from the endpoint to the network and hybrid cloud environment.”

Aside from a lack of investment in security, the research also revealed that just 37% of global organisations have invested in staff awareness programmes.

The 72-hour window 

The study also uncovered evidence that many firms aren’t prepared to handle new requirements to notify of a breach within 72 hours.

A fifth (21%) of respondents said they have a formal process in place to notify only the data protection authority. However, Article 34 of the GDPR states that individuals must also be notified if a breach results in a high risk to their rights and freedoms.

Some 6% of respondents said they have no process in place at all, while a worrying 11% didn’t know if they had one or not.

There are also concerns around preparations to support the so-called “right to be forgotten”, a key part of the GDPR.

Although 77% of global respondents said they have adequate processes to address any customer requests concerning personal data managed by the organisation, it was a different story for data handled by third parties.

Around a third of organisations either didn’t know or had no processes/tech in place to handle right to be forgotten requests for data collected by third-party agencies (36%), cloud providers (32%) and partners (32%).

The post Global Organisations Fail to Invest in Much-Needed Security Ahead of GDPR appeared first on IT SECURITY GURU.

Malicious Apps in Global App Stores Decrease 37 Percent, Feral Apps Lose Ground to Third-Party Stores

Malicious mobile apps were on the decline in Q4 of 2017 largely due to a decrease in the inventory of AndroidAPKDescargar, the most prolific dealer of blacklisted apps, according to digital threat management leader RiskIQ in its Q4 mobile threat landscape report, which analysed 120 mobile app stores and more than 2 billion daily scanned resources. Listing and analysing the app stores hosting the most malicious mobile apps and the most prolific developers of potentially malicious apps, the report documents the return of familiar threats such as brand imitation, phishing, and malware—as well as the discovery of a bankbot network preying on cryptocurrency customers.

Feral Apps are Down

The Google Play store again led the way with the most blacklisted apps, but Q4’s analysis confirmed that feral apps—apps available for download outside of a store on the web—fell in popularity for the first time in several quarters, falling from the number two spot and giving way to three other stores:

  • ‘AndroidAPKDescargar’ had 7,419 blacklisted apps, comprising 41 percent of the apps RiskIQ observed in their store
  • ‘9game.com’ had 4,083 blacklisted apps, accounting for 86 percent of the total apps RiskIQ observed
  • ‘9apps’ had 3,644 blacklisted, 15 percent of the total apps 

‘KitApps’ Makes Another Appearance Indicating a Wider Trend

One consistent developer observed almost every quarter is ‘KitApps, Inc.’ With 147 blacklisted apps in 2017, 96 percent of those were found in the AndroidAPKDescargar store. Of these blacklisted apps, 137 contain Trojans and 133 have adware—two categories of blacklisted apps that can be found en masse across the AndroidAPKDescargar store. This may indicate the store is being used as a hub for campaigns in which actors are repackaging apps with Trojans and adware. 

Riding the Cryptocurrency Wave

In November, RiskIQ researchers found a mobile app that was trying to pass itself off as a cryptocurrency market price app. This app was found to be part of the bankbot family of mobile Trojans and would monitor the device that installed it for a list of target apps. If the app were launched while the Trojan was installed, the Trojan would put an overlay over the legitimate app and collect sensitive information, such as login credentials from the banking customer. 

Mobile Threat Actors are “Well-Connected”

In October, RiskIQ researchers were able to take malware hashes associated with the Red Alert 2 Android Trojan and find samples that contained data that was used to uncover infrastructure used by the malware. Pivoting off a host found in the APK, researchers discovered an IP address and registrant address, both of which led to further infrastructure. Two additional domains were found to be hosting more malicious apps claiming to be Adobe Flash Player updates, showing the breadth of infrastructure of mobile threat campaigns.

“Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques, and offer security education can help,”  said Mike Wyatt, director of Product Operations at RiskIQ. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.”

 

For specific metrics or to learn more, download the RiskIQ Mobile Threat Landscape Q4 2017 Report at https://www.riskiq.com/research/2017-q4-mobile-threat-landscape-report/.

The post Malicious Apps in Global App Stores Decrease 37 Percent, Feral Apps Lose Ground to Third-Party Stores appeared first on IT SECURITY GURU.

Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats

Webroot, the Smarter Cybersecurity® company, revealed the results from the 2018 edition of its annual threat report, which demonstrated attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.

The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence. 

Notable Findings and Analysis: 

  • Cryptojacking is gaining traction as a profitable and anonymous attack that requires minimal effort. Since September 2017, more than 5,000 websites have been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by hijacking site visitors’ CPU power.
  • Windows 10 is almost twice as safe as Windows 7. However, the data reveals that the operating system migration rate for enterprises has been quite slow; Webroot saw only 32 percent of corporate devices running Windows 10 by the end of 2017.
  • Polymorphism, i.e. creating slightly different variants of malicious or unwanted files, has become mainstream. In 2017, 93 percent of the malware encountered and 95 percent of potentially unwanted applications (PUAs) were only seen on one machine. In these instances, the identifiers are unique and undetectable by traditional signature-based security approaches.
  • Ransomware and its variants became an even more serious threat. This past year, new and reused ransomware variants were distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.
  • High-risk IP addresses continue to cycle from malicious to benign and back again. Webroot saw 10,000 malicious IP addresses reused an average of 18 times each in 2017. The vast majority of malicious IP addresses represent spam sites (65 percent), followed by scanners (19 percent), and Windows exploits (9 percent).
  • Of the hundreds of thousands of new websites created each day in 2017, 25 percent of URLS were deemed malicious, suspicious, or moderately risky. High-risk URLs fell into two major categories: malware sites (33 percent) and proxy avoidance and anonymizers (40 percent).
  • Phishing attacks are becoming increasingly targeted, using social engineering and IP masking to achieve greater success. On average, phishing sites were online from four to eight hours, meaning they were designed to evade traditional anti-phishing strategies. Only 62 domains were responsible for 90 percent of the phishing attacks observed in 2017.
  • Mobile devices continue to be a prime target for attackers—32 percent of mobile apps were found to be malicious. Trojans continue to be the most prevalent form of malicious mobile apps (67 percent), followed by PUAs (20 percent). 

Hal Lonas, Chief Technology Officer, Webroot said “Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative. Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike.”

The post Legacy Cybersecurity Defenses Won’t Keep Pace with New Ransomware and Cryptojacking Threats appeared first on IT SECURITY GURU.

Former TalkTalk and GCHQ Chief Executives announced as keynote speakers at Infosecurity Europe 2018

Infosecurity Europe, the region’s number one information security event, has announced Baroness Dido Harding and Robert Hannigan will deliver opening keynotes at this year’s event, which takes place at Olympia, London, 5-7 June, speaking on 5 and 7 June respectively.

Baroness Harding, Chair of NHS Improvement, will give a talk titled – View from the Board: A CEO’s Perspective on Cybersecurity, in which she will draw on her seven years as Chief Executive of TalkTalk PLC during which she led the company through one Britain’s most high-profile cyber-attacks. She will explore what a CEO really needs from the information security function, how to promote a security culture across the enterprise and how, in the event of a breach, to work with the CEO to minimise impact and protect the reputation of the organisation.

Baroness Dido Harding said: “Technology is accelerating at an extraordinary rate across all aspects of our society and as cyber-attacks get ever more frequent and sophisticated, the information security community faces huge challenges ahead.   I am very much looking forward to presenting Infosecurity Europe’s opening keynote to an audience that is striving to be one step ahead of the cyber adversary to keep our world a safer place.”

As former Director GCHQ, the UK government’s largest intelligence and cyber agency, Robert Hannigan has a long history of involvement in cybersecurity and technology, having drawn up the UK’s first Cybersecurity Strategy and outlined the government’s ambition of making the UK ‘the safest place to live and do business online’.  In his talk, Weaponising the Web: Nation-State Hacking & What it Means for Enterprise Cybersecurity, Robert will discuss the reality of alleged nation-state sponsored cybercrime emanating from countries such as Russia and North Korea, the risk to different types of organisations and how to mitigate that risk.

Robert Hannigan said: “Nation-state sponsored cyber-attacks are a daily reality for organisations not just in the UK but globally. In particular, countries around the world are seeking opportunities to exploit increasingly technologically-integrated Western infrastructure. I look forward to sharing my experience with the Infosecurity Europe audience about the cyber threats posed by nation-states and how to prevent and defend against them successfully.”

Victoria Windsor, Content Manager, Infosecurity Europe, said: “Baroness Harding’s perspective on the crucial issue of how to engage senior leaders in cybersecurity will be a fascinating start to our
Keynote Stage programme. Few people can claim to be as knowledgeable about nation-state hacking as Robert Hannigan, and I’m sure his talk will really resonate with our audience. I’m delighted to be welcoming two speakers with such different, but equally insightful, perspectives to the Keynote Stage this year.”

Reflecting the need for the information security community to get one step ahead of the cyber adversary, the Keynote Stage will address the challenges of building strong cybersecurity strategies and tactics to protect an organisation’s critical information assets as the world around transforms.

The theme of this year’s Infosecurity Europe is Building Tomorrow’s Cybersecurity Today.

The post Former TalkTalk and GCHQ Chief Executives announced as keynote speakers at Infosecurity Europe 2018 appeared first on IT SECURITY GURU.

Cryptocurrency sites hit hard by DDoS in Q4 2017

Imperva has released its Q4 2017 Global DDoS Threat Landscape Report and key findings reveal that the cryptocurrency industry continued to draw the attention of DDoS offenders, ranking as the fifth most attacked industry during the quarter alongside some of the more regular attack targets.

Imperva says that the increase in attacks against bitcoin-related sites is likely linked to a growth spike experienced by the industry late last year when cryptocurrency prices reached an all-time high. As prices have since subsided, it will be interesting to see if the overall number of attacks declines as well in the coming months.

Igal Zeifman, security evangelist at Imperva, said: “In the second half of 2017 the cryptocurrency industry became an attractive target for DDoS attacks, now ranking as the fifth on the most attacked list. While it hard to know for sure, it is likely that many of these attacks were driven by the accelerated financial growth the industry had experienced in the last month of the year. This, together with the resulting media coverage, likely drew the attention of bad actors. Another contributing factor was likely the relative lack of security readiness of the young industry, that has been flourishing in an accelerated pace and hasn’t had time to adequately address the security concerns that come with that growth. Whatever the reasons are, data collected by us in the last six months of 2017 shows that attacks against crypto industry are now the new norm. ”  

Application Layer Attacks Double, Assaults Become More Persistent

The report also revealed that the number of application layer attacks nearly doubled in Q4 2017, just as the number of network layer assaults declined.

This quarter, Imperva saw a spike in the number of application assaults, which increased 43 percent over their Q3 levels. Network layer attacks, on the other hand, fell by more than 50 percent since last quarter. In the case of network layer attacks, the number of repeat DDoS assaults went up to 67.4 percent, compared to 57.8 percent in Q3. However, the average number of attack decreased, as most of the repeat assaults consisted of two to five bursts.

Interestingly, even as the number of application layer assaults went up and network layer attacks decreased, both became more persistent. Imperva’s data shows that 63.3 percent of application layer DDoS targets were subjected to repeat attacks, up from 46.7 last quarter. The increase in attack persistence reflects the growing ease with which bad actors can launch multiple DDoS attacks. Today, even if a mitigation service is able to deflect an initial attack, perpetrators have every reason to try again and again, until they take down their target or grow bored and move on

The post Cryptocurrency sites hit hard by DDoS in Q4 2017 appeared first on IT SECURITY GURU.

9 Web Application Threats that Continue to Target Sites

Vulnerabilities in web applications can occur in several areas including DBA tools (e.g., phpMyAdmin), SaaS applications, and content management systems, such as WordPress. With web apps being an integral part of business processes, insecure web applications make an easy target, potentially resulting in damaged client relations, rescinded licenses, or even legal actions.

Based on Imperva’s experience, the nine vectors listed below are commonly used by competitors and bad actors to steal data or disrupt web applications.

  1. Web Scraping – Probing website data is useful in several ways, including conducting market research and page ranking by search engines. But in some cases, there’s a grey area where illicit web scrapers deploy bots to steal database information. In a competitive business category, bot operatives are able to duplicate your site content elsewhere using their name. E-commerce sites are especially vulnerable, and it’s not uncommon for scrapers to set up their site to constantly underbid your pricing.
  2. Backdoor Attack – Being a form of malware, a backdoor circumvents login authentication to enter a system. Many organizations offer employees and partners remote access to application resources, including file servers and databases. This enables bad actors to trigger system commands in the compromised system and keep their malware updated. The attacker’s files are usually heavily cloaked, making detection problematic. We all heard about WannaCry, Petya, Locky, among other ransomware that emerged after 2010 and took over hundreds of thousands of computers around the world. While most of the attacks required the victims to pay a ransom in exchange to recover back their data, there were others that went beyond and also provided a backdoor access to the companies’ systems.
  3. SQL Injection (SQLI) – SQL injection relies on SQL code to manipulate database back-ends. It gains access to data your organization didn’t intend to make public, such as secure company data, user databases, or customer information. Unwanted file deletion is also a possibility in some cases. The perpetrator can even grant themselves admin rights. Here are some examples here that just happened in 2017: WordPress, Hetzner South Africa, GoDaddy, and of course, Equifax. Just counting the last one, around 145 million records were compromised.
  4. Cross-Site Scripting (XSS) – Cross-site scripting is a common vector that inserts malicious code into a web application found to be vulnerable. Unlike other web attack types, such as SQLI, its objective isn’t your web application. Rather, it targets its users, resulting in harm to your clients and the reputation of your organization.
  5. Reflected XSS – Reflected XSS assaults (a.k.a., non-persistent attacks) use a malicious script to reflect traffic to a visitor’s browser from your web application. Initiated via a link, a request is directed to a vulnerable website—possibly yours. Your web application is then manipulated to activate harmful scripts.
  6. Cross-Site Request Forgery (CSRF) – Also known as XSRF, Sea Surf, or session riding, cross-site request forgery deceives the user’s browser—logged into your application—to run an unauthorized action. A CSRF can transfer funds in an authorized manner and change passwords, in addition to stealing session cookies and business data.
  7. Man in the Middle Attack (MITM) – A man in the middle attack can occur when a bad actor positions himself between your application and an unsuspecting user. MITM can be used for eavesdropping or impersonation— nothing appears amiss in the latter. Meanwhile, account credentials, credit card numbers, and other personal information can easily be harvested by the attacker.
  8. Phishing Attack – Phishing continues to be a favorite of social engineering practitioners. Like MITM, it can be set up to steal user data—such as credit card and login information. The perpetrator, posing as a trustworthy entity, fools their prey into opening an email, text memo, or instant message. The latter is then enticed to click a link that hides a payload. Such an action can cause malware to be surreptitiously installed. It’s also possible for ransomware to freeze the user’s PC, or for sensitive data to be passed. One of the top examples here is the Target data breach that exposed more than 40 million payment cards during the holidays. The simplicity about this attack was that it just needed to steal the credentials of a third-party contractor who was in charge of Target’s HVAC systems. In order to perform remote maintenance on air conditioners the contractor had access to Target’s contractor network, giving the perpetrator access once its account was hacked.
  9. Remote File inclusion (RFI) – Remote file inclusion (RFI) exploits weaknesses in those web applications that dynamically call external scripts. Taking advantage of that function, an RFI attack uploads malware and takes over the system.

The post 9 Web Application Threats that Continue to Target Sites appeared first on IT SECURITY GURU.

The Digital Disconnect: 70% of UK employees not equipped with necessary tools and training

Sungard Availability Services ® (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, today reveals that the skills shortage is having a detrimental impact on UK businesses and could pose serious risks in the years ahead. Both IT Decision Makers (31%), and Line of Business Decision Makers (41%) have labelled it as their biggest issue impacting digital initiatives, with seven in ten employees claiming they’re not getting the training or tools they need to add value back to the business.

Technology priorities

Despite extensive media hype and scare-mongering about the technologies such as Artificial Intelligence (AI) impacting or replacing human jobs, research* undertaken on behalf of Sungard AS reveals that just under half (49%)  of UK businesses have this listed as a technology that will help them prepare for the challenges they face.  In reality, Cloud (75%), Internet of Things (69%) and Big Data Analytics (64%) are the big three when ranking these technologies, AI doesn’t even make the top four.

Employee disconnect

At least in the immediate future, many jobs and processes that are mooted to be automated or taken over by robots will stay firmly within the remit of the human workforce; yet 70% employees state they are underprepared for the digital journey ahead. Businesses therefore need to invest in their staff – not just in strategic technologies.  This will ensure that employees feel supported by and committed to their organisations, and be confident they can do their jobs now and in the future.  For business leaders, it means their companies have the skills in situ to optimise all technology investments.

Despite the benefits in doing so, the extent to which the majority of UK businesses are not prioritising investment in people makes for grim reading. Over a quarter of UK workers stated that a lack of training has stopped them from adopting digital working practices, only 30% claiming their company has provided them with the tools to overcome the challenges they are facing.

Meanwhile, increasing employee satisfaction, increasing staff mobility and increasing staff retention levels were revealed to be the three lowest priorities for business decision makers over the next two years, at only 32%, 23% and 19% respectively.

Communication is key

The research also found that businesses need to be more transparent about how they intend to navigate future challenges. Only 32% of UK employees polled feel like they are kept up to speed with their employer’s digital roadmap. This is in stark contrast to the 75% of ITDMs who reported that they are kept well informed of strategic direction.

This lack of business-wide communication could have serious ramifications for business leaders and commercial success, especially when the UK is heading into the uncharted waters of Brexit, and has the European GDPR directive looming on the near horizon. For example, when asked about their understanding of the changes that will come into force as a result of GDPR, a large majority (84%) of line of business heads in the UK have some understanding, compared to 3% of employees who say they understand completely, contrasting with the 50% who report they do not understand at all. Considering that employees are often the weak link in an organisation’s security chain, this lack of understanding about their roles and responsibilities when it comes to security compliance should serve as a wakeup call to businesses.

Commenting on the findings, Kathy Schneider, CMO, Sungard Availability Services said:

“In addition to Brexit and GDPR, the lack of digital skills is yet another challenge facing UK organisations over the next couple of years.   To remain competitive, businesses will need to prioritise digital skills development and training to help navigate the new technology trends.   This means investing not only in technologies and systems, but also in training around the required skills. Communication of the challenges and the digital journey ahead will be vital to ensuring business resiliency. Failure to do so could open businesses up to unnecessary – and avoidable – risks.”

Eddie Curzon, Regional Director at the CBI adds:

“Despite the widespread news coverage highlighting the impact that skills shortages are having on UK plc and associated GDP, these findings suggest that some businesses are not making their staff a priority. A good business thrives off people, processes and technology and need to place equal emphasis on each to avoid going off course.”     

The post The Digital Disconnect: 70% of UK employees not equipped with necessary tools and training appeared first on IT SECURITY GURU.

Budget Cuts, Staff Shortages and Cyber Threats Keep IT Leads Awake at Night as GDPR Looms

43% of IT executives at European financial institutions reveal that fears of a cyber-attack keep them awake at night – two months before the General Data Protection Regulation (GDPR) comes into force, according to figures published by financial services IT consultancy and service provider Excelian, Luxoft Financial Services – a division of Luxoft (NYSE:LXFT).

The survey of over 200 IT executives working in capital markets, wealth management and corporate banking reveals that although 89% agree implementing a cybersecurity strategy is a top priority, budget cuts and staff shortages make implementing cybersecurity strategies difficult. 55% of respondents cite a lack of IT investment as a significant source of stress in their role, rising to 63% of professionals in the UK alone. However, those in Switzerland and Austria are less concerned about budget cuts, with only 40% and 43% of IT professionals expressing frustrations, respectively.

IT executives also feel they don’t have access to the right talent and are not fully trained – 54% say they are frustrated by a lack of training and learning opportunities, whilst 26% are also kept awake by a skills shortage in their IT department. As a result, 36% of IT professionals working in the financial services sector are reluctant to recommend increasing cybersecurity spend.

“IT departments in banks are being pulled in two directions,” says Marcin Swiety, Global Head of Luxoft’s Information Security practice. “Banks want to focus on digital innovation, but IT professionals feel unable to escape from the ever-present cyber threat. Budget cuts are leaving smaller teams with fewer spare hours in the day. Unable to plan ahead, they spend their days firefighting problems and upgrading legacy systems.”

 European IT professionals working in financial institutions on both the buy-side and sell-side also believe that insufficient cybersecurity strategies combined with reacting to other daily struggles is preoccupying too much of their time. On average, IT executives say more than half of a CIO’s role is responding to events as they happen, whereas only 40% of their role is proactive. 

The complexity of internal technology systems at larger and more established institutions in particular also forces those CIOs to have less time to implement change. 28% of IT executives say that the complicated internal processes make it more difficult to implement cybersecurity strategies.

“Most financial institutions want to capitalise on technologies like blockchain, AI and the cloud, but they are difficult to implement both securely and at pace,” says Mr Swiety. “If we want to see digital transformations that are truly protected from the cyber threat, then institutions must find a way for IT departments to free up their time.”

The post Budget Cuts, Staff Shortages and Cyber Threats Keep IT Leads Awake at Night as GDPR Looms appeared first on IT SECURITY GURU.

More than a quarter of companies expect to be breached in next 6 months

Nearly 4 in 5 companies (79%) were hit by a breach in the last year, according to new research from Balabit. The report, called the Known Unknowns of Cyber Security, also revealed that 7 out of 10 (68%) businesses expect to be impacted by further breaches this year with more than a quarter anticipating this happening within the next 6 months.

The Unknown Network Survey, undertaken in the UK, France, Germany and the US, reveals the attitudes of 400 IT and security professionals when it comes to businesses’ concerns over IT security and their experience of IT security breaches, their understanding of how and when breaches occur and how they are trying to combat hackers.

Knowing your environment

The majority of businesses know very little about the nature of the security breaches that take place within their organisations. Whilst a high percentage of companies are experiencing breaches, less than half (48%) stated they would be fully confident knowing a breach had even happened, meaning that more could have taken place without their knowledge.

Only 42% feel very confident about what data was accessed and a mere 39% were fully confident that they could identify the source of a breach. As privileged users, or those with the most access within an organisation are the most vulnerable to attack or becoming insider threats, it’s imperative for businesses to protect access to critical IT systems and sensitive data.

This is leading to internal tension within businesses around the development of cohesive security strategies. With half of all security breaches being employee-related, 69% of senior IT professionals agree that insider data breach is the biggest threat many are facing in terms of network security. It should come as no surprise that 80% of respondents agreed that educating employees is key to securing the network. The truth is however, that businesses must aim for a balance between technology and employee education in order to tackle the insider threat, whether that’s a malicious or accidental threat.

“Attacks are becoming more and more sophisticated and every organisation is at risk.’ said Csaba Krasznay, Security Evangelist, Balabit. “Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy.”

“What’s really alarming, though, is that the majority of businesses know very little about the nature of the security breaches that are happening to them. Many even admit that a security breach could quite feasibly go unnoticed. That’s how loose a grip we’ve got on them, or how little we really understand them. We know about breaches, sure – but we really don’t know enough.” Krasznay continued.

Turning the security unknowns into knowns

Whilst 83% of businesses agree that technology is effective in preventing breaches, 73% think technology struggles to keep up with security threats. It’s little wonder that there is still no cohesive response to the on-going threat of cybercrime.

The research demonstrates that when more often than not, the threat is unpredictable and exists already within a business, it is essential to create comprehensive security strategies. This should incorporate a balance of both employee education and appropriate security technology. This way, organisations can ensure that they know their environments and are prepared to tackle ever-evolving security threats.

The post More than a quarter of companies expect to be breached in next 6 months appeared first on IT SECURITY GURU.