Modern technologies and work flexibilities, such as cloud computing, work-from-anywhere, remote employees connecting to the internal network, and so on, enhance the organizations' operation and provide ease of management. Consequently, they impact the organizations' security controls and introduce additional attack surfaces or opportunities for intruders to attack. This situation demands security analysts to adopt modern attack surface management techniques and technologies.
When it comes to cybercrime, cybercriminals are constantly changing their tactics. Think back to 10 years ago; malware sites — malicious sites that attempt to install malware on a device – were a common attack vector. At the same time, sophisticated ransomware attacks on organizations were rare. Often, ransomware was used to target individuals, sometimes blackmailing them for having been on unsavory sites and asking for a few hundred dollars in ransom. Now, in 2021, the threat landscape has changed. Malware sites still exist, although they’re not the threat they once were, and ransomware is one of the biggest threats faced by organizations.
For any organization, insider attacks are like a severe illness: prevention is better than the cure. Like illnesses, insiders mask their malicious actions and can harm your organization for a long time before you detect them. This harm can be in the form of a loss of data, customers, money, etc. Planning a risk mitigation process helps to stop insider attacks at the early stages or reduce their potential damage. In this article, we discuss how to mitigate insider threats, why it’s worth doing, what the key steps are in this process, and how Ekran System can assist you with risk mitigation.
Cloud compliance is more important than ever, especially as businesses and organizations continue to engage in remote and digital work practices due to COVID-19. Even before the pandemic, more and more companies were migrating to the cloud. But what exactly is cloud compliance, and what are some best practices you should keep in mind if you’re shopping for a provider or looking to enhance your current computing system? Cloud compliance refers to the need for organizations and cloud computing providers to comply with applicable regulatory standards of cloud usage established through industry guidelines and local, national, and international laws.
Web applications and hosted software make up the largest attack surface for modern tech organizations. The most common web vulnerabilities being exploited go beyond the OWASP Top 10 list. At Detectify, we work in close collaboration with an invite-only community called Detectify Crowdsource to get the latest vulnerability research into the hands of security defenders. Besides knowing the vulnerabilities, you need the know how on how to mitigate them.
The executive order on cybersecurity President Biden issued in May doesn’t radically change federal cybersecurity practices for now, but it lays the groundwork for significant changes in the future. The EO directs multiple federal agencies to develop new policies and processes to safeguard federal networks, and also to improve the overall cybersecurity posture of all Americans. You can read insights about the EO in this blog post by Julian Waits , GM of cyber business unit & public sector for Devo.
Earlier this year, Gartner published its latest research on the Security Orchestration, Automation and Response (SOAR) market in a report entitled, “Is Your Organization Mature Enough for SOAR?”. We’ve been talking to clients about this very subject and agree with Gartner that SOAR tools can increase SecOps efficiency and consistency, provided organizations have laid the proper groundwork. Without that, we find that security teams are having a hard time realizing the expected value from their SOAR investments.
We are excited to announce the availability of Social Trends, adding social media intelligence (SOCMINT) to Snyk’s vulnerability data to help development and security teams prioritize vulnerabilities more effectively. Given the size of vulnerability backlogs facing organizations today, finding and fixing security vulnerabilities in a timely manner is a monumental task. There simply are not enough hands on deck to triage and tackle all the vulnerabilities on the list. That’s where prioritization comes into the picture. Assess the risk, prioritize where to focus your resources, and fix those vulnerabilities posing the greatest risk. Rinse and repeat.
Addressing security fatigue with small changes to your AppSec strategy can help you manage and minimize risks in your applications. How many times a day does something like this happen to you? Is it 10 times a day? 25? 100? I’m a highly technical security professional and I’m not even sure what I should do. What is PC-Doctor? What is SystemIdleCheck.exe? If I click No, will something not work the way that I want it to work? Each time you see such a prompt, what do you do?
Kubernetes helps with scaling, deploying, and managing containerized workloads, facilitating a faster deployment cycle and configuration management—all while providing improved access control.Kubernetes is also a CNCF project, meaning it’s cloud-native and can be easily deployed through any cloud provider. This blog will compare on-premises, or self-hosted,Kubernetes clusters to managed ones, as well as outline your options for Kubernetes in the cloud. To do this, we’ll look at ease of use and set-up,custom node support, cost, release cycles, version support, and more.
Deploying a SIEM requires strategic planning. When deciding on a deployment, an organization must consider the level of risk it is willing to assume, what its security priorities are, and which use cases to implement. From there, your security operations team must thoughtfully identify their inputs — the data the SIEM solution will gather — before rolling out anything. Otherwise, you won’t obtain your desired outputs to identify high-fidelity alerts to act on. While there’s a wide range of security data your team can consider, the scope of data your SIEM gathers must ladder up to the use cases and security objectives your team has established.
Hybrid clouds are an elegant and adaptable technology solution for combining public and private cloud storage with more traditional IT infrastructure. While the hybrid cloud model provides a number of benefits, it requires a different security approach than private data storage options. Keep reading to learn more about the pros and cons of hybrid cloud computing, as well as the best security measures for protecting the data stored there.
Organizations can take various steps to protect their operational technology (OT) environments against digital threats. But some stand out more than others. In particular, network segmentation is described as “the first answer to insufficient ICS (Industrial Control System) cybersecurity.” Experts advocate zoning ICS assets to coordinate informational technology (IT) and OT environments effectively. That doesn’t always happen, however. Indeed, the WannaCry and NotPetya attacks decimated the OT side of the affected organizations’ infrastructure partly because segmentation was not in place. Otherwise, the impact of the attacks could have been mitigated at least in some way.
Forensic investigators can track your exact location by following the biological traces left on every object you touched. In the digital world, your online activity is much easier to track because digital prints are larger, harder to hide, and even harder to erase. This poses a serious cybersecurity problem for all businesses. To maintain customer appeal, the adoption of cutting-edge technology is critical, but this effort increases internet-facing resources giving cybercriminals more options to target.
The CISO of a large state agency shared with me the automated tools he used to mine intelligence about his IT suppliers, and their sub-suppliers and interconnections by way of vetting for security posture. He truly recognized the threat of third parties long before the SolarWinds hack. His due diligence sparked inspiration for this blog. Can a business assume that third party security controls are strong enough to protect their digital supply chains? What about cloud-based assets? Who is responsible when a business is breached? Is that totally “on” the supplier(s) involved? And what about subcontractors to suppliers?
Everyone tracks progress. Whether it’s academics, health, or job skills, people need visibility into where they started and how well they’re advancing toward a goal. From a business perspective, tracking progress gives insight into whether the organization is prioritizing activities for long-term initiatives or whether it needs to take corrective action. Sometimes, the progress reports remain internal. Other times, organizations share them with customers and business partners.
As organizations look for ways to improve network performance for user-facing application data, it is becoming increasingly evident that routing requests all the way to internal data centers is the least optimized model. Doing so increases latency, reduces available bandwidth, increases bandwidth requirements at the data center, and increases overall costs. However, with elevated concerns over cybersecurity, accessibility, and control, organizations must look for ways to architect access to these user-facing systems and data but do so with optimized performance in mind.
Although the Sarbanes-Oxley Act of 2002 (SOX) has been around for nearly two decades, many companies still struggle to meet compliance requirements. Initially enacted in response to public companies mishandling financial reporting, SOX is a compliance requirement for all public companies. Understanding SOX compliance, as well as its requirements and controls, helps organizations create more robust governance processes.
With the regular and much needed update to critical standards such as HIPAA, auditors and compliance experts need to be continuously on their toes to review and acquaint themselves with these new developments. One of the latest such updates is the Health Information Portability and Accountability (HIPAA) Enforcement rule, which has caused quite a stir in the industry due to confusion about its applicability. To set certain things clear, HIPAA Enforcement will not be applicable as long as organizations value the privacy and security of the Protected Health Information (PHI) of their customers while also abiding by the HIPAA compliance requirements.
Security teams that work in highly regulated industries or build solutions for consumers must adhere to compliance controls and regimes required for their business. One of the most important compliance requirements for many companies is the SOC 2 audit. The SOC 2 audit provides detailed information and quality assurance about essential security factors such as the confidentiality of data under your organization’s stewardship, privacy controls, and many other standards.
Five worthy reads is a regular column on five noteworthy items we’ve discovered while researching trending and timeless topics. This week, we explore why organizations should implement Zero Trust in 2021. In 2010, John Kindervag introduced the concept of “Zero Trust” which has become a touchstone for cyber resilience and persistent security. Zero Trust is not a security product, architecture, or technology. It’s a strategy or set of principles defining how to approach security; it sets the assumptions behind what we do. The core principle of Zero Trust is “Never trust, always verify!” No matter the device, user, system or location whether inside or outside, the organization’s security perimeter should not be trusted.
The recent flurry of supply chain attacks has left a trail of carnage spanning across the globe Because supply chain attacks compromise a higher number of victims with less effort, cybercriminals are unlikely to forgo this efficient attack method without a fight. A Recent study by Sonatype confirms that supply chain attacks are on the rise, and according to IBM, the global average cost of a data breach is currently US$ 3.86 million So the chances of suffering a supply chain attack are higher and the repercussions are more costly than ever before.
You know that uncomfortable feeling in the pit of your stomach when you didn’t study for the test and you think you’ll get a failing grade? You stare blankly at the test questions and feel completely lost and adrift. It’s like having a conversation with a colleague who casually drops a term or acronym related to the Internet of Things (IoT), and you suddenly find yourself on unfamiliar ground. When you work cross-functionally across IT, security, DevOps and identity teams, there are several IoT terms that are bound to come up. You can help yourself, your team, and your career by getting familiar with them. Here are some of the most common ones.
As a result of the Covid-19 pandemic, organizations in all industries ramped up their digital transformation efforts to make online operations easier for their employees and customers. But with more and more organizations online, the digital attack surface is growing at a record pace. The more applications with vulnerable code, the more opportunities for a cyberattack. In fact, our research found that 76 percent of applications have at least one security vulnerability. So how will this shape the future of cybersecurity, and software security? There are three key technology trends that we believe will impact cybersecurity, and software security, the most over the next several years.
Servers are the backbone of an organisation’s IT infrastructure as they provide both information and computational services to its users. And because of their critical role, servers are always a prime target for hackers looking to exploit any vulnerability they can find, leading to data breaches and financial and reputational damage.
As every responsible company does, we too scan our containerized applications for vulnerabilities before deploying them in production. In a recent scan, our security team found 56 high and critical vulnerabilities coming from container base-image and open-source components.
Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.
Fraudulent phone calls have been an issue for years, and they’re becoming more common. According to a recent report from Truecaller, 59.49 million Americans lost money to scam calls in the past year, costing $29.8 billion. These threats have risen in both number and cost, and businesses can’t afford to ignore this trend. Small and medium-sized businesses are popular targets for fraud, as they often have less security. Since they also have comparatively more to lose, protecting against these schemes is crucial. Most businesses today understand the importance of internet security, but this report highlights how they should consider phone scams, too.
Ransomware. Nearly every day, we learn about another major attack on companies such as JBS, Kaseya, and Quanta, a key supplier to Apple. Along with the increase in attacks, recent reports have shown the average ransomware recovery cost skyrocketed to $1.85 million this year. And, as companies have become more willing to accept attackers’ ransom demands to restore their mission-critical operations, the average ransomware payment has jumped to more than $170,000.
Why fixing software issues as you code matters and how Rapid Scan SAST can help. It’s common knowledge that fixing bugs early in the software development life cycle (SDLC) is much faster and less costly than doing it later. However, did you know that developers prefer finding and fixing bugs as they code rather than getting a list of identified issues even just one day later?
It’s no secret that Covid-19 has accelerated the number of cyber-attacks and data breaches witnessed across the globe. Increased reliance on technology as the world worked, shopped and socialised from home increased the surface area for attackers, who capitalised on a growing amount of PII (personally identifiable information) available across the internet. According to the FBI’s 2020 Internet Crime Report, the Internet Crime Complaint Center received nearly 800,000 cybercrime complaints in 2020, with reported losses exceeding $4.1 billion.