Category Archives: Cybersecurity

Cybersecurity, News, Technology

Check Point Software celebrates World Youth Skills Day by highlighting the cybersecurity workforce shortage

  • At present, the global shortage of cybersecurity workers is estimated at 2.7 million people.
  • Girls, young people with disabilities, young people from the poorest households, rural communities, indigenous peoples, and minority groups, as well as those living in unstable countries, continue to be excluded due to a combination of factors.

 

Today marks World Youth Skills Day which, since its declaration by the UN in 2014, has served as a reminder of the importance of equipping young people with the skills they need to find a good career or to become an entrepreneur. Since that time, World Youth Skills Day has provided a unique opportunity for dialogue between young people, technical and vocational education and training (TVET) institutions, enterprises, employers’ and workers’ organizations, policy makers and development partners.

That is why Check Point Software, a leading provider of cybersecurity solutions globally, wants to highlight the current shortage of cybersecurity staff (around 2.7 million workers globally, according to a study by the Information System Security Certification Consortium (ISC).) Check Point also wants to emphasize the need to give young people the tools to enter the industry, regardless of their situation.

As a result of the COVID -19 pandemic most of the world had to go through a rapid shift to digital for which both infrastructure and institutions were not fully prepared, or at least not prepared to allow this to be done at pace. Many people had to adapt to working from home with all the dangers that this entails. The situation was made worse by the fact that there is a distinct shortage of cyber security experts around the world to keep cyber criminals at bay.

 

Collaboration between Check Point SecureAcademy and institutions around the world

To prepare students with the vital technology skills they need to secure the future, Check Point SecureAcademy was created to provide cybersecurity education worldwide through partnerships with third-party institutions under Check Point’s cybersecurity training umbrella known as: Check Point MIND, offering educators and students vital cybersecurity skills, learning resources and certifications through a “revenue-free” education programme.

Some 45,000 students at over 120 higher education institutions in 53 countries are currently using Check Point SecureAcademy’s free learning content, including the Cyber Range and HackerPoint simulation courses, to improve their knowledge of cybersecurity. Another offering is the Check Point SmartAwareness solution, which delivers cyber security awareness training for businesses that aims to prepare every employee with industry-leading training so that they are ready to deal with a real attack when it happens.

 

“This is a very important day to assert the rights of students around the world to have chance to pursue a career in the field they are most interested in, even if they are in environments where there is a lack of opportunity,” said Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software.“For our part, we are alarmed by the lack of available talent in a field like cybersecurity which offers so many quality career opportunities. We hope that with our efforts and those of the rest of the international community, we will be able to turn the situation round in the coming years.”

 

Cloud Platforms, Cybersecurity, News, Tech

11:11 Systems Completes the Acquisition of Static1

Acquisition strengthens cloud, connectivity and security portfolio and bolsters 11:11’s industry expertise, infrastructure and customer base

11:11 Systems (“11:11”), a managed infrastructure solutions provider, today announced the acquisition of Static1, a leader in managed network and IT infrastructure development and services. Driving increased productivity, efficiency and security for its customers, Static1 designs, builds, runs and optimises IT infrastructure.

The enterprise network infrastructure market is valued at $56B as of 2021 and is expected to grow significantly over the next five years. The shifting dynamics of remote work and the increased need for bandwidth and technology to enable the migration to wireless are major factors driving the growth of the connectivity market. IT leaders must ensure applications and data are connected, anywhere, anytime, but most businesses do not have the internal resources to manage those new complex infrastructure requirements.

“Feedback from customers has shown that there is a dearth of offerings that combine cloud, connectivity and security in one platform,” said Brett Diamond, CEO, 11:11 Systems. “We are focused on providing the platform for these three core pillars while ensuring that our customers’ apps and data are always running, accessible and protected. Static1 is a natural addition to our portfolio particularly because of the team’s significant depth in connectivity. With this acquisition, we will strengthen our existing managed services and add entrenched industry expertise and relationships to our portfolio.”

Static1 is a leader in complex industries such as media, entertainment, pharmaceutical, retail, financial services and not-for-profits. Their services span the gamut from connectivity to security management to monitoring, network, infrastructure and SD-Wan technology. Through this acquisition, Static1’s team and technology will complement 11:11’s recent acquisitions of Unitas, Cleareon, iland and Green Cloud Defense– each of which hold market leadership positions within the cloud, connectivity and security spaces.

“11:11 and Static1 share a vision for addressing the most pressing issues that businesses face,” adds Anthony Lobretto, president and CTO, Static1. “This exciting step forward benefits our customers with continued best-in-class support, greater uptime, reliability and security, all while reaping the benefits of accessing the full spectrum of purpose-driven solutions 11:11 has to offer.”

11:11 is backed by Tiger Infrastructure Partners, a middle-market private equity firm that invests in growing infrastructure platforms.

Q Advisors, a global TMT investment banking boutique, acted as exclusive financial advisor to 11:11 Systems in connection with this transaction. Perkins Coie acted as legal advisor to 11:11 Systems. The terms of the transaction were not disclosed.

 

ABOUT 11:11 SYSTEMS

11:11 Systems is a managed infrastructure solutions provider that holistically addresses the challenges of next-generation managed cloud, connectivity and security requirements. The 11:11 model empowers customers and partners to “Rethink Connected,” which includes fully integrated, fully-automated services, activities and data powered on a single platform delivering increased performance, optimisation and savings. Learn more at 11:11Systems.com.

ABOUT STATIC1

Static1 is a Managed Services Expert that focuses on clients needing solutions to process complex data sets, share high bandwidth files across the globe, manage remote workforces while protecting data security and integrity, and more. With the tools, processes and knowledge to design, build, run and optimise IT infrastructures, Static1 builds what companies need and services what the company builds, taking great pride in helping clients anticipate, operate, integrate and collaborate better. For more information and a full review of capabilities, visit Static1 at www.static1.com

ABOUT TIGER INFRASTRUCTURE PARTNERS

Tiger Infrastructure Partners is an innovative, middle-market private equity firm that invests in new and growing infrastructure platforms. Tiger Infrastructure targets investments in communications (digital), energy transition, transportation, and related sectors, primarily located in North America and Europe. For more information, visit www.tigerinfrastructure.com.

Cybersecurity, News

Crossword Cybersecurity’s Identiproof demonstrates early commitment to Open Badges V3 in the Jobs for the Future Plugfest

7 July 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, is pleased to announce that its Identiproof verifiable credentials (VC) product has successfully achieved its first milestone at the recently held Jobs for the Future (JFF) Plugfest. The plugfest focused on making verified digital Learning and Employment Records (LERs) more widely and safely accessible to a larger number of employers via digital wallets. Twenty companies from the USA, Europe and Australasia participated in the first JFF Plugfest held on 6 June 2022.

Crossword is participating in the project through its involvement with the World Wide Web Consortium (W3C) Verifiable Credentials for Education Task Force (VC-EDU) initiative. Crossword participated in the technical discussions, and created a demo, using Identiproof’s iPhone wallet connected to its Issuer. As a result, Identiproof has successfully passed the first milestone requirement of displaying certificates in a user-friendly format as a verifiable credential as defined by the Open Badges V3 standard.

The JFF Plugfest plays an essential role in driving the growth of a skills-based marketplace, especially important at this time of labour shortages, by enabling employees to hold their LERs in their digital wallets. Digital LERs are digital resumés with secure, verifiable, and readily accessible records of people’s skills, educational experiences, and work histories.

The JFF Plugfest is being organised in the USA by JFF, the National LER Advisory Council, the National Governors Association and Brain Trust, in order to demonstrate interworking between W3C VC products, and is being funded by Walmart (amongst others).

According to the National Governors Association, governors and state leaders in the USA are concerned about the current labour shortage, occurring during a time when so many skilled workers are unemployed or underemployed. Skills-based approaches to hiring and recruiting can make pathways to good careers more broadly accessible to a wider segment of the workforce and reduce workforce inequities by focusing on what workers can do, not on the degrees or credentials they’ve earned.

Participation in the JFF Plugfest and working with the Open Badges V3 standard places Crossword and its Identiproof platform at the forefront of the market in the drive for interoperability in the education sector. With 10.8 million certificates issued for vocational and other qualifications in England in the 2020 to 2021 academic year, the education sector is one of the exciting sectors for Identiproof to support digitisation and improved security through VC.

Jake Holloway, Chief Product Officer at Crossword, commented: “Identiproof is at the forefront of the credentials verification sector, and we are delighted to be participating in this prestigious project with leading organisations in the USA. Credentials verification is a critical requirement in matching skills and jobs. This is particularly important in the fast-moving technology sector, where coding and programming skill sets are in high demand but hard to quickly and easily verify at present. The Covid-19 pandemic has accelerated the move towards the digitalisation of everything, and credentials verification is one of the key growth areas.”

David Chadwick, R&D Director at Crossword, added: “As Crossword’s leading Self Sovereign Identity (SSI) product, Identiproof is targeted at the professional qualification’s market, amongst others, demonstrating interoperability with other verifiable credentials products will increasingly become a “must-have” customer requirement. Playing a leading role in specifying the technical requirements for JFF will allow Crossword to ensure that Identiproof stays ahead of the crowd”.

The JFF Plugfest has more than sufficient funds to award every successful participant at least $10K per completed Plugfest milestone. Two further Plugfest milestones are envisaged, to demonstrate credential issuing interoperability and credential verification interoperability. The next Plugfest is scheduled for November 2022.

Identiproof’s VC technology has wide ranging applications including digital ticketing, certificates, licenses, memberships, passports, proof of ownerships and many others. It provides a central technology in applications for the issuing of digital certificates and documents that cannot be forged or transferred, and that respect the privacy of the holders of those certificates. It does this through selective disclosure, whereby the recipient requests the minimum of information in conformance with GDPR. Identiproof is one of the first systems built to the 2019 W3C recommendations: The Verifiable Credentials Data Model and Web Authentication (FIDO2) – two new global web security standards.

Verifiable Credentials Limited, the provider of Identiproof™, was acquired by Crossword in May 2021. Identiproof achieved its early adoption of the W3C verifiable credentials standard thanks to Emeritus Professor David Chadwick being one of the six co-authors and editors of the standard and a well-known expert in the field of digital identity and verifiable credentials.

Cybersecurity, News, Social Media

Check Point Software Warns of the Four Most Common Mistakes on Social Networks

Sharing personal information, responding to unsolicited password reset emails, indiscriminately clicking any link and not checking URLs are all mistakes that can lead to your social media accounts being hacked

As of January 2022, more than half of the world uses social media. In other words, we are talking about 4.62 billion people for whom social media is already part of their daily lives and often takes up more of their time than they would like. However, although these platforms can be fun and are a great way of sharing experiences with friends, they also present a potentially dangerous cyber security risk.

So, what dangers do we need to look out for and what are the most common mistakes we make? Check Point Software, a leading provider of cybersecurity solutions globally, highlights the top four risk factors to bear in mind in order to stay safe when using social media:

 

  1. Sharing personal information: this is a very common and dangerous mistake that happens every day on social networks. Cyber criminals are, first and foremost, looking to steal your personal information. Armed with this data they can then launch multiple phishing campaigns or even steal your cash. If we add to this, the fact that most people will use the same login details for different social media platforms, stealing credentials from one, gives hackers potential access to all of your social media accounts. So, it’s vital that you don’t share personal data and that you use different passwords to minimize the damage if you were to become the victim of an attack.
  2. Watch out for unsolicited password reset emails: there are so many social platforms around today that it is very easy to think that at some point there may be an incident with one of them and this is where hackers can take advantage. If you get an email asking you to change your password, even if you have not requested it, your first impulse is to click on the link and reset. This is dangerous, as it can give the cybercriminal access to your entire account. To avoid this, you should go directly to the social media platform’s page (don’t click on the link in the email) and renew your password from the same page (and then do the same for other accounts where you have the same password).
  3. Clicking on any link: Cybercriminals often use links to redirect users to malicious sites. These links can come in the form of an innocent looking email or SMS. If you receive such a link, the best way to protect yourself is to go to the site in question, via your usual browser, and check for any messages there, rather than clicking on a link in an unsolicited email or text message.
  4. Not checking URLs: Another trick that attackers use to steal your data is to change a URL to make it look like the genuine article. Using this technique, hackers can get a user to visit a website they believe to be trustworthy, such as their Facebook page where they are then asked to change their password, to redirect them to a cloned website so that they can steal as much information as they like. We have seen this recently with LinkedIn dominating Check Point’s Brand Phishing Report for the first time, accounting for more than half (52%) of all phishing attempts in the first quarter of this year. To avoid falling for these scams , it is important to check the URLs that you access, making sure that the website has an SSL security certificate. If it does have a security certificate you will see the letter “s” in the address bar. So, it should read: https://. Thanks to this technology, any confidential information sent between two systems is protected and this prevents cybercriminals from being able to access the data being transferred, including information that could be considered personal.

“It is clear that social networks play an important part in our daily lives, but we need to be on our guard. Social networks are one of the main targets of cybercriminals and knowing their techniques is the only way to be able to defend oneself properly. Today, on Social Networking Day, it is essential for us to alert users and warn them of the existing risks so that they remain safe from any type of attack through these platforms,” says Ian Porteous, Regional Director, Security Engineering, UK&I at Check Point Software.

 

Cybersecurity, News

Ransomware volume already doubled 2021 total by end of Q1 2022 says WatchGuard Threat Lab Report

New research shows Log4Shell detections tripled, PowerShell scripts heavily influenced a surge in endpoint attacks, the Emotet botnet came back in a big way and malicious cryptomining activity increased

28 June 2022 – Ransomware detections in the first quarter of this year doubled the total volume reported for 2021, according to the latest quarterly Internet Security Report from the WatchGuard Threat Lab. Researchers also found that the Emotet botnet came back in a big way, the infamous Log4Shell vulnerability tripled its attack efforts and malicious cryptomining activity increased.

Although findings from the Threat Lab’s Q4 2021 report showed ransomware attacks trending down year over year, that all changed in Q1 2022 with a massive explosion in ransomware detections. While Q4 2021 saw the downfall of the infamous REvil cybergang, WatchGuard analysis suggests that this opened the door for the LAPSUS$ extortion group to emerge, which along with many new ransomware variants such as BlackCat – the first known ransomware written in the Rust programming language – could be contributing factors to an ever-increasing ransomware and cyber-extortion threat landscape.

The report also shows that EMEA continues to be a hotspot for malware threats. Overall regional detections of basic and evasive malware show WatchGuard Fireboxes in EMEA were hit harder than those in North, Central and South America (AMER) at 57% and 22%, respectively, followed by Asia-Pacific (APAC) at 21%.

“Based on the early spike in ransomware this year and data from previous quarters, we predict 2022 will break our record for annual ransomware detections,” said Corey Nachreiner, chief security officer at WatchGuard. “We continue to urge companies to not only commit to implementing simple but critically important measures but also to adopt a true unified security approach that can adapt quickly and efficiently to growing and evolving threats.”

Other key findings from this Internet Security Report include:

  • Log4Shell makes its debut on the top 10 network attacks list – Publicly disclosed in early December 2021, the Apache Log4j2 vulnerability, also known as Log4Shell, debuted on the top 10 network attack list fashionably late this quarter. Compared to aggregate IPS detections in Q4 2021, the Log4Shell signature nearly tripled in the first quarter of this year. Highlighted as the top security incident in WatchGuard’s previous Internet Security Report, Log4Shell garnered attention for scoring a perfect 10.0 on CVSS, the maximum possible criticality for a vulnerability, and because of its widespread use in Java programs and the level of ease in arbitrary code execution.

 

  • Emotet’s comeback tour continues – Despite law enforcement disruption efforts in early 2021, Emotet accounts for three of the top 10 detections and the top widespread malware this quarter following its resurgence in Q4 2021. Detections of Trojan.Vita, which heavily targeted Japan and appeared in the top five encrypted malware list, and Trojan.Valyria both use exploits in Microsoft Office to download the botnet Emotet. The third malware sample related to Emotet, MSIL.Mensa.4, can spread over connected storage devices and mostly targeted networks in the US. Threat Lab data indicates Emotet acts as the dropper, downloading and installing the file from a malware delivery server.

 

  • PowerShell scripts lead the charge in surging endpoint attacks – Overall endpoint detections for Q1 were up about 38% from the previous quarter. Scripts, specifically PowerShell scripts, were the dominating attack vector. Accounting for 88% of all detections, scripts single-handedly pushed the number of overall endpoint detections clear past the figure reported for the previous quarter. PowerShell scripts were responsible for 99.6% of script detections in Q1, showing how attackers are moving to fileless and living-off-the-land attacks using legitimate tools. Although these scripts are the clear choice for attackers, WatchGuard’s data shows that other malware origin sources shouldn’t be overlooked.

 

  • Legitimate cryptomining operations associated with malicious activity – All three new additions to the top malware domains list in Q1 were related to Nanopool. This popular platform aggregates cryptocurrency mining activity to enable steady returns. These domains are technically legitimate domains associated with a legitimate organization. However, connections to these mining pools almost always originate in a business or education network from malware infections versus legitimate mining operations.

 

  • Businesses still facing a wide range of unique network attacks – While the top 10 IPS signatures accounted for 87% of all network attacks; unique detections reached their highest count since Q1 2019. This increase indicates that automated attacks are focusing on a smaller subset of potential exploits rather than trying everything but the kitchen sink. However, businesses are still experiencing a wide range of detections.

WatchGuard’s quarterly research reports are based on anonymised Firebox Feed data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab’s research efforts. In Q1, WatchGuard blocked a total of more than 21.5 million malware variants (274 per device) and nearly 4.7 million network threats (60 per device). The full report includes details on additional malware and network trends from Q1 2022, recommended security strategies and critical defence tips for businesses of all sizes and in any sector, and more.

For a detailed view of WatchGuard’s research, read the complete Q1 2022 Internet Security Report here, or visit: https://www.watchguard.com/wgrd-resource-center/security-report-q1-2022

Cybersecurity, News

Crossword Cybersecurity Plc announces new Supply Chain Cyber practice in response to increasing threat of supply chain cyber attacks

  • New integrated practice addresses 4x forecast growth in supply chain cyber attacks

28 June 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today announced the creation of a new integrated Supply Chain Cyber practice.

In response to client demand and the substantial increase in supply chain cyber threat levels, the integrated practice provides a set of controls, processes and tools, along with a range of managed services, advice and training to massively reduce the risk of direct cyber-attacks as well as threats via third parties across a company’s supply chain.

The practice provides an end-to-end approach to supply chain cybersecurity and includes a standard operating model (SOM) and a substantially updated version of Rizikon Assurance, Crossword’s SaaS platform used by supplier management and cybersecurity teams and across an organisation to underpin the controls, tools and data needed to reduce supply chain risk.

Updated Rizikon features include automated assurance, flexible reporting and new dashboards that improve supply chain cyber assurance, risk and compliance strategy, policy and operations.

Experienced cybersecurity consultant, Ryan King, has been appointed as Practice Lead and is supported by a dedicated team of experts specialising in supply chain cyber risk.

Today’s cyber threat potential is huge and growing fast. The European Under Agency for Cybersecurity (ENISA) reported in 2021 that it expected supply chain attacks to quadruple over the following 12 months. As a result, industries including but not limited to banking, retail and manufacturing are under mounting financial, reputational and regulatory pressure to take control of cybersecurity risks.

For organisations of any size, the greatest threats to cybersecurity are suppliers, third parties and connected technologies because they are so hard to control. Recent research independently conducted for Crossword of over 200 Chief Information Security Officers (CISOs) found that 83 per cent of CISOs viewed “ensuring that the entire supply chain is water-tight in its ability to defend and recover against threat actors” as a challenge.

Today’s solutions are failing – Crossword’s end-to-end approach addresses the fundamentals

Many organisations are still using internally focused ideas and solutions to try and address cybersecurity risks in the supply chain, but by definition these are not sufficient since they fail to holistically integrate the cyber risks originating from external third parties. Furthermore, the longer and more diverse a supply chain becomes, the faster the risks multiply in tandem with an organisation’s inability to monitor and manage those risks.

Crossword’s Supply Chain Cyber approach is dedicated to meeting any organisation’s cybersecurity and supply chain resilience obligations by providing an end-to-end solution. Crossword’s Supply Chain Cyber offering provides:

  • A team of cybersecurity industry experts, dedicated to defining and delivering risk management best practice
  • A comprehensive and flexible supply chain cybersecurity Standard Operating Model that defines processes, techniques and structures needed to manage supply chain assurance, compliance, and risk in any industry
  • An updated version of Rizikon Assurance – an automated, SaaS-based platform for managing supply chain cyber assurance, compliance and risk strategy, policy, and operations
  • Cost-effective supplier cyber audits and security testing
  • Consulting services including supply chain cyber benchmarking, maturity assessments and advisory consulting, and training
  • Complete managed services for supply chain cyber assurance, compliance, and risk management.

Stuart Jubb, Group Managing Director at Crossword Cybersecurity Plc, commented: “A whole new operating model and mindset is required to properly address supply chain cyber risks and attacks. Looking only inwards and relying on internally focussed controls, systems and thinking is not enough to protect organisations today. Crossword’s Supply Chain Cyber practice addresses the severity and fast-growing nature of risks present in supply chains. It gives our customers the tools and processes to securely and cost effectively manage these risks, benefiting not only the customer, but all members of their supply chain. The objective is to minimise collective risk and ensure cost-effective governance and adherence to regulations across all industries.”

Rizikon – elevate your supplier risk management

The supply chain cyber standard operating model (SCC SOM) is supported by Rizikon Assurance, a SaaS platform used by supplier management and cybersecurity teams and across an organisation to underpin the controls, tools and data needed to reduce supply chain cyber risk.

Rizikon automates processes such as designing supply chain cyber policy, grouping suppliers, creating detailed assurance plans, applying appropriate assurance methods to each group, and reporting on risk, compliance, and assurance coverage across the whole supply chain. Rizikon also integrates with existing tools and data sources.

Learn more about Crossword’s Supply Chain Cyber practice and standard operating model by visiting: https://www.crosswordcybersecurity.com/supply-chain-cyber

Cardiff, Cybersecurity, News, Swansea, Wrexham

PureCyber Pledges to Strengthen Security of Welsh SMEs

Cyber security consultancy PureCyber has teamed up with FSB Wales, Swansea University and Thomas Carroll Group to run free roadshows to raise cyber awareness across Wales with the first events planned in Cardiff and Wrexham.

The events at Cardiff City Stadium on Wednesday (June 29th) and Wrexham FC on September 15th are funded by Higher Education Funding Council Wales and focus on making Wales’ many successful and growing SMEs cyber aware and cyber secure.

The team from PureCyber, which recently rebranded from Wolfberry, will be on hand to talk to SMEs about the growing concerns around cyber safety and the simple steps they can take to improve their cyber security posture.

Last year the NSCS (National Cyber Security Centre) reported that cybercrime is the most likely crime to impact on any business, with more than four million cyber-attacks on small businesses in the UK ever year, with more than 50% of these come from phishing. 1

Welsh Government’s aim is to build Wales to become a global hub of excellence in cyber security, with plans to employ thousands of cyber professionals across the country. PureCyber’s mission is to work alongside Welsh Government and stakeholders to develop skilled cyber professionals but also to help create a nation of cyber savvy SMEs, confident in their cyber security capabilities and resilience.

 

Damon Rands, CEO of PureCyber, said:

‘We are passionate about making cyber security accessible, affordable and understandable for all businesses regardless of size, sector or location. As we’re headquartered in Wales, we are also committed to raising the awareness of cyber security across the nation, working closely with businesses of one person all the way up to thousands of staff to ensure they all have the relevant levels of cyber security layers in place to protect their processes and data from attack.’

‘To support our goal, we have launched a Micro and SME subscription service that is available alongside PureCyber’s Cyber Essentials service clients, which offers the opportunity to spread the cost across 12 months, making adopting the best cyber security practices more manageable for businesses looking to strengthen their awareness and understanding of cyber security and to become secure from attack.’

Businesses are very welcome to contact us for more details and attend both free roadshows. For further information please contact info@purecyber.com

 

Cybersecurity, News

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users[1].

Click here to read the full report: https://pages.egress.com/Whitepaper-EmailRisksInMS365-06-22_2021-Landing-PAGE-eBook.html

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers.

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 – CISO Security Recommendations

To CISO’s responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question – how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO’s who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

[1] Statista: Number of Office 365 company users worldwide as of June 2022, by leading country

For more information and interview requests, contact Jordan Brackenbury at PR@Egress.com

Cybersecurity, News

Device Authority and Intercede distribute SBOMs using RKVST SBOM Hub

RKVST SBOM Hub makes it easy to build supply chain transparency with zero trust fabric

Infosecurity Europe, London and Cambridge UK – June 21, 2022: Zero Trust fabric provider, RKVST announces that its SBOM Hub is being used by Device Authority and Intercede to list and distribute their Software Bills of Materials (SBOMs) meeting the foundational requirements of the US cybersecurity Executive Order 14028, improving the security of software cyber supply chains with zero trust.

An SBOM provides an inventory of all the software components in a particular application, creating essential visibility into the software supply chain. Yet this information also needs to be easily discovered and accessible to authorized security and compliance stakeholders. RKVST SBOM Hub is a free cloud service that makes it easy to discover, store and distribute SBOMs and allows suppliers and consumers alike to search for publicly discoverable SBOMs and find privately shared SBOMs.

SBOMs matter because they help organizations ensure that the software and applications they use are auditable, up-to-date and patched against known security vulnerabilities. Beyond complying with the recent Executive Order related to cybersecurity, actively using an auditable SBOM is an essential pillar of zero trust in the software supply chain. The success of SBOMs, however, rests on enabling software suppliers and consumers to each use their preferred tools and to distribute and share their SBOMs through APIs. RKVST SBOM Hub makes it easy to deliver verifiable trust in data exchanges while enabling business users with no-code controls to govern data privacy, distribution and transparency.

Robert Dobson, VP Technology Partners at Device Authority said:

As a provider of critical software, suppling identity lifecycle management and zero trust capabilities for IoT, we must comply with the SBOM mandate and distribute or make available our SBOM. Our KeyScaler™ IoT Security Platform can be used to enhance the consumption of SBOMs, enforcing a zero trust and remediation model to manage and mitigate risk into critical supply chains. RKVST delivers both use cases with a simple API integration.

Allen Storey, Chief Product Officer at Intercede said:

“Our customers are asking for the SBOM of MyID to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.”

Our customers are asking for SBOMs to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.

Rob Brown, vice president business development at RKVST said:

“The Executive Order calls for Zero Trust and SBOMs bring the vital transparency needed to verify trustworthiness in the cyber supply chain. Continuous automated transfer of SBOMs within producers’ and consumers’ preferred tools such as Software Composition Analysis (SCA) and Security Orchestration and Automated Response (SOAR) is an approach that scales successfully. RKVST SBOM Hub has the APIs that deliver the right data to the right place to drive the right decisions, so all can verify then bridge the trust gap.”

For more information, please visit RKVST SBOM Hub

If you’re visiting Infosecurity Europe 2022, ExCel, London 21-23 June, you can see RKVST SBOM Hub in use on the RKVST stand L115.

Cybersecurity, News, Tech Thought Leadership

Taking a Data-Driven Approach to SOC Operations

Written by Cyrille Badeau, Vice President of International Sales, ThreatQuotient

Today’s escalating threat landscape means that security operations teams face a multitude of challenges.  This can make it challenging for them to keep pace with the sheer scale of threats, tactics, and techniques that bad actors frequently use.  When you consider recent ransomware attack statistics, it is easy to see that cybercrime has intensified, with a record-breaking number of threats of increasing severity taking place year-on-year. In fact, according to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by  2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in 2021 to $265 billion by 2031.

SOC teams are drowning in data

SOC teams are under pressure to detect security events and rapidly respond, this is hard to do when they are drowning in data. As the number of devices, elements, and sources of data increase, so does the number of tasks associated with processing that data into anything useful that the teams can utilise. Add to this the introduction of many new cloud environments, especially with the ‘new normal’ hybrid and remote workforce and this also generates a staggering array of event data.

Inevitably, security analysts can find themselves becoming fatigued with the volume of alerts as they face a growing backlog of investigation tickets that need to be resolved. Consequently, it is easy for ‘real’ alerts to get missed.

Furthermore, a lack of strong technology integration tools used for detection and investigation of incidents can also impede security analysts.  Many security technologies simply don’t interoperate and integrate well or easily, and sometimes they don’t have the ability to integrate at all. This can lead to SOC teams struggling to align data sets and coordinate detection and response across disparate technologies.

A lack of resources is compounding the issue

SOC teams often face a lack of resources and skilled experienced analysts capable of understanding how to detect and respond to security incidents.  To this point in the 2021 SANS SOC survey, lack of skilled staff was cited as the greatest barrier to full SOC utilisation.[1]   Add to this a real lack of unification in teams, whereas most SOC teams rely on a partnership with IT operations and other developer teams across the business.  However, often these teams work in silos with little integration and cooperation between them which means that detection and response to incidents can be hindered or limited at best.

As a result of the key challenges outlined above i.e. a lack of resources, limited cooperation and integration with other IT teams, a lack of technology integration and the sheer data overload of alerts and other notifications, the job of the security operations and threat intelligence teams is becoming increasingly difficult.

On the one hand they need all this data to understand more clearly what to look for and how best to prioritise.  On the other hand, the sheer quantity of data, many tools and processes are now ingesting and producing is overwhelming for teams already taxed with many other security operations tasks.

A more unified and centralised approach

This is where our extended detection and response (XDR) solution helps because it aggregates data between disparate security technologies to provide a more unified, centralised, and consolidated system. Our ThreatQ Platform ingests data from a wide variety of sources, normalising all this data (including removing any duplicate data) and correlates this to inform security narratives.  This then helps to facilitate and prioritise threats for investigation and focused detection, integration, and response.  It translates data for both investigation and responses and also exports to other tools and services for remediation.  For example, it also integrates with SIEM, NDR, EDR, SOAR and sandbox tools and many others.  This enables organisations to undertake customised risk scoring and reporting so that the business can accurately highlight the areas that they are most interested in analysing.

Once data has been ingested into ThreatQ, the platform compiles a threat library that includes a wide variety of threat details, including adversaries, indicators of compromise (IoCs), attack patterns, malware, vulnerabilities, documented incidents, campaigns and more. Additionally, a separate module – ThreatQ Investigations – can be used alongside the core platform which allows organisations to create collaborative visual models of threat data in order to explore all facets of threats and attack scenarios.  Tasks can also be created for threat hunting and other investigation functions.  And finally, we also have another module, our ThreatQ Data Exchange, which allows the SOC team to create dedicated threat intelligence sharing relationships with a variety of parties. What is great about this is that they can specify what data to send with a high degree of granularity and they can also obscure the source of data.

Taking a data-driven approach

In today’s escalating threat environment, security is high on the C-suite agenda where directors are demanding that SOC teams rapidly respond and neutralise threats to the business.  The only way to deal with this is through automation so that the SOC team can more easily aggregate a wide variety of data into a single location for analysis and correlation.  Therefore, for those businesses that want to organise security threat data and become more productive with better and more efficient insights across the SOC teams, they should look at using a solution like our ThreatQ platform.