As a managed service provider, you can never sit still. Change is constant, whether it’s the technology, business needs, or clients’ expectations. And while MSPs are accustomed to the churn, this time it’s different. Businesses are digitizing their assets and moving to the cloud, governments continue to layer on more data regulations, security threats are on the rise, and the pandemic has turned traditional office culture on its head. This means a lot of changes and challenges, but it also presents opportunities.
Of all the modern business ecosystems, the Fintech sector is one of the most volatile landscapes that is teeming with industry and technological disruptions. And, adding to the pre-existing list is Neobanking. Currently, there are 246 neo banks in the world, and the market projections suggest an annual average growth rate (CAGR) of 47.7 percent until 2028, amounting to 722.6 billion U.S. dollars. While they aim at making banking easier and razor-speed fast, they open more attack avenues for the attackers. Their digital channels are an open invitation to money-motivated cyber criminals and this adds to the concerns of all the stakeholders in the ecosystem.
News of ransomware attacks disrupting supply chains has increased recently. As threat actors disrupt businesses and critical infrastructure, they may appear to be working harder. However, cybercriminals treat ransomware as a business, enabling an underground industry. Ransomware-as-a-Service (RaaS) is a growing underground industry that continues to place sensitive information at risk.
In the world of threat detection and response, alert fatigue and tool sprawl are real problems. Security professionals are struggling to manage different tools and control points and still relying on manual processes, which results in security that is fragmented and reactive. Analysts need better visibility and control, more context, and better use of automation so they can cut through the noise and respond to threats faster and more effectively. XDR promises to optimize the security operations center (SOC) by accomplishing all the above.
There is a growing discussion among network engineers, DevOps teams, and security professionals about the security benefits of bastions. Many assume that they are the “old way” of network access and have little relevance in the modern cloud native stack. These speculations are not irrelevant as in recent years, the corporate IT network perimeter as we knew it is diminishing, and the concept has been shifted to data, identity, and compute perimeter.
In early 2020, almost every government agency embraced telework in response to the pandemic. With telework, employees operate outside the security perimeter that was put in place to protect them and the agency’s data. As a result, telework has had significant cybersecurity ramifications. Lookout has a long history of collaborating with the public sector to secure agency employees. This is why I’m excited that we have been selected by the National Institute of Standards and Technology (NIST) to collaborate on its Zero Trust architecture development efforts.
Learn how to set up continuous assurance with Code Dx to improve code quality and security at the speed of DevOps. Continuous integration (CI) has made a tremendous impact on how we develop software. The concept is simple: fail fast and fail often. This allows the team to fix problems before they become a big deal, saving time and money. The term itself was first coined by Grady Booch in his 1993 book “Object-Oriented Analysis and Design with Applications”: It gained in popularity when Kent Beck and Martin Fowler extended and evangelized the concept in 1999 in their book, “eXtreme Programming (XP)”.
Over the last year, we’ve made tremendous progress expanding NewEdge to provide Netskope customers with the global coverage they demand. We have real, full-compute data centers in nearly 50 regions today and plans to go live with our Lima, Peru data center in early October (which will be our fifth in Latin America). We also have near-term plans to expand into mainland China and are proud of our accomplishments in making NewEdge FedRAMP-ready, a critical requirement for doing business with the U.S government, as well as successfully completing the IRAP assessment at the PROTECTED level, which facilitates Netskope doing business with government agencies across Australia.
Netacea recently conducted a wide-ranging survey to uncover how much bots are really costing businesses. We compiled responses from 440 enterprise businesses spread across the US and UK, and have summed up our findings in an exclusive report, as well as an upcoming live webinar. Of all the sectors we surveyed, financial services was the industry most affected by API attacks, with 97% of businesses stating an API had been attacked by bots in 2020. Financial information is widely accessed by various systems and agencies via APIs, giving bad actors the opportunity to mask their activity and circumvent traditional, client-side security defenses.
You finally have some budget to buy tools for your application security (AppSec) program! GREAT! Purchasing the correct tools for your AppSec pogram can be overwhelming. Even when looking only at point solutions, there still may be some confusion on the value that various tools can provide. Sometimes you'll find the perfect tool, but others may offer you a similar tool with added manual penetration testing (MPT) as part of the overall bundle. That seems like a great idea for the budget. Let's dive in and see what these types of value these other offerings really provide.
I recently published a piece in Dark Reading covering the network security challenges of M&A activity. As we ease the restrictions put in place to combat COVID-19, we’re expecting to see business activity including M&A pick up speed, it’s important that the implications of integrating networks are fully understood to ensure that the expected business benefits are achieved as soon as possible.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law meant to protect sensitive electronic protected health information (ePHI). Every healthcare organization (“covered entity”) must comply with its two fundamental rules. In 2013, the U.S. Department of Health and Human Services (HHS) passed the HIPAA Omnibus Final Rule, which expanded compliance requirements to the business associates that also handle ePHI on behalf of covered entities.
Building an effective application security program for your organization begins with establishing policies and processes. Psychologist Abraham Maslow wrote, in 1964, “Give a small boy a hammer, and he will find that everything he encounters needs pounding.” This is commonly rephrased as “if you have a hammer, everything looks like a nail.”
Cybersecurity has been gaining more and more importance due to the increasing number of cyber attacks and hackers threatening organizations of every size. In order to enable your business operations to continue and your organization to be safe and secure, you should benefit from real-time security monitoring, threat detection, investigation and automated responses. Once implemented, a SIEM solution becomes a vital component of an enterprise security strategy.
DevSecOps is a process that aims to build security in at the outset of software development. It ensures security audits and testing throughout the agile development process so that security is a priority – not an afterthought. A new survey of more than 1,000 security leaders conducted by Ponemon Research and security firm Reliaquest finds almost half (49%) of security leaders are enabling DevSecOps best practices in their organizations. That’s a promising number. But with the obvious benefits that come with ensuring secure software development, why aren’t more organizations on board with DevSecOps yet?
The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification; however, most businesses are still unaware of their responsibilities. Details such as what an organization should report, when, to whom it should be reported, and what should be included in the breach notification are some of the major aspects that businesses overlook. This negligence can result in substantial fines.
Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have disrupted entire supply chains. While many companies have invested large sums to protect against such attacks, part of a fulsome security program requires the ability to demonstrably validate this security readiness.
Connected devices offer healthcare providers ways to remotely monitor patient health. Additionally, hospitals use these devices for enhanced patient care, including medication delivery and vitals monitoring. However, malicious actors often use unsecured IoMT as part of their attack methodologies. To enhance the security of electronic Protected Health Information (ePHI), healthcare organizations need to secure the Internet of Medical Things (IoMT) as part of their cybersecurity risk mitigation efforts.
In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners Office, they are up by 11% compared to 2020. This increase is significant and must be studied more closely, but let us start at the beginning.
Service accounts can be privileged local user or domain user accounts or have domain administrative privileges. Service accounts best practice involves usage to execute applications and run automated services. A single service account can easily be referenced in many applications or processes. The critical nature of their usage and their use makes them challenging to manage. In this post, we will explore service account’s work, some everyday use cases and account types across different environments, best practices and solutions for managing and securing service accounts.
Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.
Understanding your organization’s cybersecurity posture is becoming more important every day. So how do you know how secure your IT infrastructure really is? One way to get a glimpse into your organization’s security is penetration testing: pretending (or hiring someone to pretend) to be a hacker, attempting to infiltrate your organization’s physical and cyber systems however possible. “Pen testing” lets you understand your organization’s cybersecurity measures so you can avoid cybersecurity threats, and in many cases, so you can stay compliant.
When presented with an opportunity, people who never even planned to attack your organization may turn into a severe cybersecurity threat. Forget to block a dismissed employee from accessing your system and they may steal or alter your critical data. Grant a third-party contractor excessive access to your infrastructure and they may cause a serious data breach. That’s why it’s crucial to make sure you don’t give insiders an opportunity to turn malicious.
The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic. More than three-quarters of respondents went on to predict that their organization’s networks would become even more connected in the years that follow.
A network vulnerability assessment is the reviewing and analyzing of an organization’s network infrastructure to find cybersecurity vulnerabilities and network security loopholes. The assessment can be carried out either manually or by using vulnerability analysis software — although the latter is preferred because it’s less susceptible to human error and usually delivers more accurate results. The goal of a vulnerability assessment is to determine the strength of a company’s network security, and along the way to uncover any security vulnerabilities that might compromise overall business operations, cybersecurity, and privacy of a computer network.
In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system. Critically, this vulnerability exposed production AWS credentials that could be used to alter release artifacts and access production infrastructure.
Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file, registry entry, RSoP, command output, or data captured in some other way) emerges. If the change was expected, TE helps customers to promote the change to the baseline. The current state of the information then becomes the new baseline. The baseline for each system is the current system state.
Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists, process isolations, and more. Native controls are not a new concept. In fact, they have existed for years in operating systems, cloud providers, and lately, Kubernetes. However, most security products do not leverage them.
Netacea recently surveyed 440 businesses from across the USA and UK to understand how much financial impact bot attacks are having across different industries. Read the full results in our report: The Bot Management Review: What Are Bots Costing Your Business?
Technology companies love abbreviations and acronyms. Starting with what’s probably the original tech company, International Business Machines (better known as IBM), initials, abbreviations and acronyms continue to dominate the personal computer (PC), telecommunications (telco), security operations (SecOps), and many other tech industries. Speaking of security, one acronym that is increasingly important to SOC (that’s security operations center) teams is SIEM, formally known as security information and event management.
When it comes to PHP, composer is without discussion, THE package manager. It’s fast, easy to use, actively maintained and very secure — or so most thought. On April 21, 2021, a command injection vulnerability was reported, which shook the PHP community. Fortunately it didn’t have a very big impact, but it could have. The problem with the vulnerability is that it affected the very heart of the Composer supply chain: Packagist servers. If this issue hadn’t been detected on time, the consequences could have been extremely severe, since PHP supports over 80% of the web and Composer is used in most of them.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by Congress in 1996 to prevent medical fraud and to assure the security of protected health information (PHI), such as names, Social Security numbers, medical records, financial information, electronic health transactions and code sets. The law is managed by the U.S. Department of Health & Human Services (HHS). PHI that is stored, transmitted, or accessed electronically, also known as electronic protected health information (ePHI), also falls under HIPAA regulations. Regulation of ePHI is especially significant given the modern threat landscape and the increasing number of data breaches hitting the healthcare sector today.
The California Privacy Rights Act (CPRA) is an extension of the 2018 California Consumer Privacy Act (CCPA). The goal of both laws is to enhance the privacy rights of California residents with regards to the personal information that companies collect about them, giving them the right to see, delete and limit the sale of that data. The CPRA will be fully implemented in mid-2023. In this article, we will take a close look at the provisions of CPRA and how it amends the CCPA. We also provide answers to common questions about these privacy laws in the FAQ section at the end of the post.