Category Archives: Cybersecurity

PureCyber Pledges to Strengthen Security of Welsh SMEs

Cyber security consultancy PureCyber has teamed up with FSB Wales, Swansea University and Thomas Carroll Group to run free roadshows to raise cyber awareness across Wales with the first events planned in Cardiff and Wrexham.

The events at Cardiff City Stadium on Wednesday (June 29th) and Wrexham FC on September 15th are funded by Higher Education Funding Council Wales and focus on making Wales’ many successful and growing SMEs cyber aware and cyber secure.

The team from PureCyber, which recently rebranded from Wolfberry, will be on hand to talk to SMEs about the growing concerns around cyber safety and the simple steps they can take to improve their cyber security posture.

Last year the NSCS (National Cyber Security Centre) reported that cybercrime is the most likely crime to impact on any business, with more than four million cyber-attacks on small businesses in the UK ever year, with more than 50% of these come from phishing. 1

Welsh Government’s aim is to build Wales to become a global hub of excellence in cyber security, with plans to employ thousands of cyber professionals across the country. PureCyber’s mission is to work alongside Welsh Government and stakeholders to develop skilled cyber professionals but also to help create a nation of cyber savvy SMEs, confident in their cyber security capabilities and resilience.

 

Damon Rands, CEO of PureCyber, said:

‘We are passionate about making cyber security accessible, affordable and understandable for all businesses regardless of size, sector or location. As we’re headquartered in Wales, we are also committed to raising the awareness of cyber security across the nation, working closely with businesses of one person all the way up to thousands of staff to ensure they all have the relevant levels of cyber security layers in place to protect their processes and data from attack.’

‘To support our goal, we have launched a Micro and SME subscription service that is available alongside PureCyber’s Cyber Essentials service clients, which offers the opportunity to spread the cost across 12 months, making adopting the best cyber security practices more manageable for businesses looking to strengthen their awareness and understanding of cyber security and to become secure from attack.’

Businesses are very welcome to contact us for more details and attend both free roadshows. For further information please contact info@purecyber.com

 

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users[1].

Click here to read the full report: https://pages.egress.com/Whitepaper-EmailRisksInMS365-06-22_2021-Landing-PAGE-eBook.html

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers.

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 – CISO Security Recommendations

To CISO’s responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question – how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO’s who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

[1] Statista: Number of Office 365 company users worldwide as of June 2022, by leading country

For more information and interview requests, contact Jordan Brackenbury at PR@Egress.com

Device Authority and Intercede distribute SBOMs using RKVST SBOM Hub

RKVST SBOM Hub makes it easy to build supply chain transparency with zero trust fabric

Infosecurity Europe, London and Cambridge UK – June 21, 2022: Zero Trust fabric provider, RKVST announces that its SBOM Hub is being used by Device Authority and Intercede to list and distribute their Software Bills of Materials (SBOMs) meeting the foundational requirements of the US cybersecurity Executive Order 14028, improving the security of software cyber supply chains with zero trust.

An SBOM provides an inventory of all the software components in a particular application, creating essential visibility into the software supply chain. Yet this information also needs to be easily discovered and accessible to authorized security and compliance stakeholders. RKVST SBOM Hub is a free cloud service that makes it easy to discover, store and distribute SBOMs and allows suppliers and consumers alike to search for publicly discoverable SBOMs and find privately shared SBOMs.

SBOMs matter because they help organizations ensure that the software and applications they use are auditable, up-to-date and patched against known security vulnerabilities. Beyond complying with the recent Executive Order related to cybersecurity, actively using an auditable SBOM is an essential pillar of zero trust in the software supply chain. The success of SBOMs, however, rests on enabling software suppliers and consumers to each use their preferred tools and to distribute and share their SBOMs through APIs. RKVST SBOM Hub makes it easy to deliver verifiable trust in data exchanges while enabling business users with no-code controls to govern data privacy, distribution and transparency.

Robert Dobson, VP Technology Partners at Device Authority said:

As a provider of critical software, suppling identity lifecycle management and zero trust capabilities for IoT, we must comply with the SBOM mandate and distribute or make available our SBOM. Our KeyScaler™ IoT Security Platform can be used to enhance the consumption of SBOMs, enforcing a zero trust and remediation model to manage and mitigate risk into critical supply chains. RKVST delivers both use cases with a simple API integration.

Allen Storey, Chief Product Officer at Intercede said:

“Our customers are asking for the SBOM of MyID to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.”

Our customers are asking for SBOMs to comply with the US Executive Order. Emailing ZIP files of SBOMs is a job neither we nor our customers want, especially considering we’re one of many critical software suppliers. RKVST is the trustworthy scalable platform that enables our customers to integrate with whichever tools they prefer and is open to all other software suppliers who need to distribute their SBOMs.

Rob Brown, vice president business development at RKVST said:

“The Executive Order calls for Zero Trust and SBOMs bring the vital transparency needed to verify trustworthiness in the cyber supply chain. Continuous automated transfer of SBOMs within producers’ and consumers’ preferred tools such as Software Composition Analysis (SCA) and Security Orchestration and Automated Response (SOAR) is an approach that scales successfully. RKVST SBOM Hub has the APIs that deliver the right data to the right place to drive the right decisions, so all can verify then bridge the trust gap.”

For more information, please visit RKVST SBOM Hub

If you’re visiting Infosecurity Europe 2022, ExCel, London 21-23 June, you can see RKVST SBOM Hub in use on the RKVST stand L115.

Taking a Data-Driven Approach to SOC Operations

Written by Cyrille Badeau, Vice President of International Sales, ThreatQuotient

Today’s escalating threat landscape means that security operations teams face a multitude of challenges.  This can make it challenging for them to keep pace with the sheer scale of threats, tactics, and techniques that bad actors frequently use.  When you consider recent ransomware attack statistics, it is easy to see that cybercrime has intensified, with a record-breaking number of threats of increasing severity taking place year-on-year. In fact, according to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by  2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in 2021 to $265 billion by 2031.

SOC teams are drowning in data

SOC teams are under pressure to detect security events and rapidly respond, this is hard to do when they are drowning in data. As the number of devices, elements, and sources of data increase, so does the number of tasks associated with processing that data into anything useful that the teams can utilise. Add to this the introduction of many new cloud environments, especially with the ‘new normal’ hybrid and remote workforce and this also generates a staggering array of event data.

Inevitably, security analysts can find themselves becoming fatigued with the volume of alerts as they face a growing backlog of investigation tickets that need to be resolved. Consequently, it is easy for ‘real’ alerts to get missed.

Furthermore, a lack of strong technology integration tools used for detection and investigation of incidents can also impede security analysts.  Many security technologies simply don’t interoperate and integrate well or easily, and sometimes they don’t have the ability to integrate at all. This can lead to SOC teams struggling to align data sets and coordinate detection and response across disparate technologies.

A lack of resources is compounding the issue

SOC teams often face a lack of resources and skilled experienced analysts capable of understanding how to detect and respond to security incidents.  To this point in the 2021 SANS SOC survey, lack of skilled staff was cited as the greatest barrier to full SOC utilisation.[1]   Add to this a real lack of unification in teams, whereas most SOC teams rely on a partnership with IT operations and other developer teams across the business.  However, often these teams work in silos with little integration and cooperation between them which means that detection and response to incidents can be hindered or limited at best.

As a result of the key challenges outlined above i.e. a lack of resources, limited cooperation and integration with other IT teams, a lack of technology integration and the sheer data overload of alerts and other notifications, the job of the security operations and threat intelligence teams is becoming increasingly difficult.

On the one hand they need all this data to understand more clearly what to look for and how best to prioritise.  On the other hand, the sheer quantity of data, many tools and processes are now ingesting and producing is overwhelming for teams already taxed with many other security operations tasks.

A more unified and centralised approach

This is where our extended detection and response (XDR) solution helps because it aggregates data between disparate security technologies to provide a more unified, centralised, and consolidated system. Our ThreatQ Platform ingests data from a wide variety of sources, normalising all this data (including removing any duplicate data) and correlates this to inform security narratives.  This then helps to facilitate and prioritise threats for investigation and focused detection, integration, and response.  It translates data for both investigation and responses and also exports to other tools and services for remediation.  For example, it also integrates with SIEM, NDR, EDR, SOAR and sandbox tools and many others.  This enables organisations to undertake customised risk scoring and reporting so that the business can accurately highlight the areas that they are most interested in analysing.

Once data has been ingested into ThreatQ, the platform compiles a threat library that includes a wide variety of threat details, including adversaries, indicators of compromise (IoCs), attack patterns, malware, vulnerabilities, documented incidents, campaigns and more. Additionally, a separate module – ThreatQ Investigations – can be used alongside the core platform which allows organisations to create collaborative visual models of threat data in order to explore all facets of threats and attack scenarios.  Tasks can also be created for threat hunting and other investigation functions.  And finally, we also have another module, our ThreatQ Data Exchange, which allows the SOC team to create dedicated threat intelligence sharing relationships with a variety of parties. What is great about this is that they can specify what data to send with a high degree of granularity and they can also obscure the source of data.

Taking a data-driven approach

In today’s escalating threat environment, security is high on the C-suite agenda where directors are demanding that SOC teams rapidly respond and neutralise threats to the business.  The only way to deal with this is through automation so that the SOC team can more easily aggregate a wide variety of data into a single location for analysis and correlation.  Therefore, for those businesses that want to organise security threat data and become more productive with better and more efficient insights across the SOC teams, they should look at using a solution like our ThreatQ platform.

Cybersecurity Experts Share Signs Which Might Indicate a Phishing Attack on Your Business

According to recent studies, 4 out of 10 UK businesses reported suffering a cybersecurity breach in 2021, and the average (mean) cost of each attack is estimated at £13,400. With these stats in mind, Gildas Jones, founder of Dial A Geek, discusses the most common cybersecurity threats to businesses, as well as highlighting the scams that are rising in prevalence.

The most common cybersecurity breaches include password breaches as phishing attempts (including use of malware). Phishing is social engineering that manipulates users into revealing personal and confidential information, and recently there have been huge increases in these attacks (now the most “effective” threat). A few examples of phishing red flags include:

  • Random emails from people you don’t know
  • Emails asking you to send payments to a new bank account
  • Emails asking you to change your password without you resetting it
  • Emails asking you to sign in to profiles

The use of malware – an umbrella term including viruses, trojans, worms, ransomware, and spyware – is also an issue within phishing. An example of a malware red flag includes receiving suspicious emails with email attachments – this can also be an issue when downloading files from suspicious websites, or when using outdated computer systems.

With these threats in mind, Gildas also shared 10 key tips on keeping your business’ online profiles safe from predators. These include:

  1. Setting robust passwords
  2. Using password managers
  3. Using multifactor authentication (MFA)
  4. Using antivirus software
  5. Staff training
  6. Using firewalls
  7. Having access control (and conditional access control)
  8. Limiting the number of Administrator-level accounts
  9. Implementing single sign on (SSO)
  10. Running necessary updates

Gildas Jones, founder of Dial A Geek, commented:

Recent years have started, or accelerated, some key trends in business world-wide, and there are five trends we’re seeing now that we believe will be ongoing features of the workplace of the future… These include digital transformation, social and environmental responsibility, cyber security, remote working, and productivity.

According to recent studies, only 15% of users know how to protect themselves from cybercrime. With this shocking stat in mind, we wanted to give some actionable advice to businesses on how to keep their online profiles safe from predators.

At Dial A Geek our mission is to help businesses grow with our Managed Services – if you have 10 or more employees and need a trusted partner to manage your IT systems, protect your data, assist you in compliance, and help you grow your business, contact us today”.

For more information on the full advice, visit: https://www.dialageek.co.uk/blog/common-cybersecurity-scams-the-red-flags-to-look-out-for/

Leading Managed Service Provider recognised by cybersecurity vendor for continued growth and commitment to deliver the full portfolio of WatchGuard’s products and services

London – 20 June 2022 – Redinet is pleased to announce the company has been recognised by leading cybersecurity vendor WatchGuard Technologies as a new Platinum Partner in the WatchGuardONE partner program. As a long-standing partner, Redinet has been promoted to Platinum due to its many years of dedication to the WatchGuard business as well as the company’s continued efforts in driving WatchGuard’s product adoption across the full portfolio. To achieve Platinum status, companies must be nominated and invited by the WatchGuard executive team.

“Over the years, we have worked to build a great relationship with WatchGuard which has helped us and our customers continue to grow and stay ahead of the increasing threat landscape. Dedicated access to product and technical teams within WatchGuard means we are always up-to-date and ready to introduce new technologies as they become available,” said James McMillan, CTO at Redinet Limited.

“We are delighted to recognise Redinet for their continued growth and commitment to delivering WatchGuard products and services to their customers. For over two decades we have worked collaboratively with Redinet and with this close working relationship, Redinet offers the entire WatchGuard portfolio of products and services that make up WatchGuard’s Unified Security Platform,” said Jon-Marc Wilkinson, Sales Director UK & Ireland at WatchGuard.

“Redinet continually works with our own internal teams to provide valuable insight into the requirements from their customers to assist our go-to-market strategy. Their knowledge and technical expertise of the WatchGuard portfolio ensures they are perfectly positioned to continue to deliver service excellence to their growing number of customers throughout the UK. Redinet’s loyalty and dedication to WatchGuard has helped to deliver continued growth and we are proud to promote Redinet to Platinum Partner status.”

To learn more about WatchGuard’s Unified Security Platform, visit: https://www.watchguard.com/wgrd-solutions/unified-security-platform.

To learn more about WatchGuardONE, visit: https://www.watchguard.com/wgrd-partners.

Safeguarding Your Business in The Digital Age

Written by Brian Knudtson, Director of Cloud Market Intelligence, iland, part of 11:11 Systems

Data is often referred to as ‘the new oil’ that is now playing a major part in shaping economies the world over. In today’s digital world, around 85% of organisations see data as one of their most valuable assets.

Back in 2010, IDC calculated that the world had created around 64.2 zettabytes (ZB) of digital information and Seed Scientific estimates that by 2025, the amount of data generated each day is expected to reach 463 exabytes globally, with a total of 175 zettabytes!

However, while leveraging the power of data has become recognised as one of the biggest opportunities for any organisation, it also presents one of the biggest business challenges when it comes to security.

Dramatic cybercrime surge under Covid-19
Since 2020, with the fast-tracked digitalisation efforts resulting from the pandemic, the digital security landscape has become hugely complex. With the rapid shift to cloud and remote workforces, 2021 was a record year in terms of cyberattacks. Records indicate that there were more pervasive and hostile threats than ever before. The FBI recorded a 300% increase in reported cybercrimes last year and businesses witnessed 50% more attacks per week in 2021 compared to 2020.

In 2021, 36% of data breaches involved phishing, up significantly from 22% in 2020. The FBI calculates this trend as a 400% year-over-year increase in phishing attacks since 2019.. It is also estimated that 30,000 websites on average are hacked every day, that a company falls victim to a cyberattack every 39 seconds and that 64% of organisations globally have experienced at least one form of cyberattack.

With cyberattacks and data breaches set to persist in coming years, deciding how best to manage data security is now at the forefront of board-level discussions. According to Cybersecurity Ventures, global spending on cybersecurity products and services will reach $1.75 trillion cumulatively for the five-year period from 2021 to 2025, as businesses build an armoury of tools, people and infrastructure to collect, protect and analyse data. But Big Data analytics soon becomes a drain on resources, with increasing amounts of data collection and processing putting further pressure on cybersecurity teams and the systems they use.

Rapid growth in managed security services

All of this leads to a potent mixture of security needs and challenges that requires highly trained security professionals with a constant focus to ensure proper protection of business-critical data. Fortunately, Cloud services are uniquely positioned to handle the challenges of technical scope and scalability, but a severe shortage of security-focused professionals makes staffing security teams far less accessible.

In fact, the demand for managed security services is on the rise and the global market is forecast to reach $46.4 billion by 2025. As companies seek to ease the burden on internal IT teams and redouble their focus on strategic business initiatives, having access to an expert external support infrastructure can build solid foundations in total data security, whilst side-stepping the expense and risk of building in-house solutions.

Four critical aspects of managed security services
24/7 access to highly experienced certified security engineers, customisable solutions and enterprise-class security services can protect all elements of an organisation’s data. It can deliver water-tight data security to enterprise business, across the following four core mission-critical capabilities:

house security

1. Continuous Risk Scanning
Continuous Risk Scanning provides deep, contextual risk analysis to prioritise vulnerabilities and minimise an organisation’s “attack surface”. Tracking vulnerabilities and assessing their relative risk as part of an organisation’s security strategy is critical to identifying, remediating and reporting on security vulnerabilities in systems and networks.

2. Managed Firewall
The rapid growth of disruptive cyberattacks and highly distributed workforces have organisations reconsidering the tools they use to monitor and control the data flowing in and out of their infrastructure.

Next-generation firewall services feature advanced threat protection, network anti-virus/anti-malware, intrusion detection and prevention, web/content filtering and secure remote access. Additionally, managed firewall services include monitoring and alerting, support and maintenance and reporting and metrics.

3. Managed SIEM (Security Information and Event Management)
While some security solutions monitor certain systems or applications; “security information and event management” (SIEM) solutions provide visibility across heterogeneous and distributed infrastructure components and endpoints for real-time monitoring to reduce the mean time to respond (MTTR). This includes:

• Real-Time Monitoring: Seconds matter when you’re detecting threats
• Correlation: Actionable insights from advanced analytics
• Log Management: Millions of logs are created, only a few matter
• SIEM for Compliance: SIEM solutions can be critical — sometimes they can be event mandated to meet regulatory compliance

4. Managed EDR (Endpoint Detection and Response)
Managed endpoint detection and response (EDR) enables organisations to get ahead of cybercrime by reducing the time gap between threat detection and response. This not only improves a company’s security posture by preventing and detecting threats on endpoints, but also minimises the impact of such incidents.

Managed security services can significantly simplify an organisation’s approach to cloud, security and connectivity. At the same time, they can vastly improve a company’s security posture by mitigating threats, preventing data breaches and ransomware damage in real time and minimizing the time gap between detection and response. This drives greater visibility, innovation and responsiveness across the entire business and network.

That said, IT leaders must look to the right partner who can incorporate their organisation’s specific customisable security policies and deliver water-tight 24/7 monitoring to truly unlock the power of connectivity, cloud and security to boost enterprise adaptability, performance and innovation.

With the escalating threat landscape, ongoing stringent government regulations and the lack of in-house skilled resources, not to mention the cost of developing an infrastructure that is future proofed and highly secure, many organisations are now turning to managed security services to provide the environment they need in order to continue to grow and thrive.

The Current State of Intelligent Automation Adoption in Cybersecurity

Written by Cyrille Badeau, Vice President of International Sales, ThreatQuotient

In the past year, research indicates that nearly a third of organisations have accelerated their plans to automate key security and IR processes, whilst another 85% plan on automating them in the next 12 months.

Despite the positivity of these statistics, many organisations struggle to change to a more automated process. This was highlighted at a recent webinar we held with a panel of senior cybersecurity experts from a multitude of sectors.

The discussion revealed that, while most organisations are exploring automation, few have made significant progress and they attributed this to a combination of factors including needing an improved understanding of automation, increased help from vendors and a lack of good IT foundations.

The current experience of cybersecurity automation

All attendees agreed that automation is the future of cybersecurity and that it was in their interest to explore the process. Interestingly, most speakers said they used automated intrusion detection systems (IDS) but had found that there is resistance to adding an intrusion prevention system (IPS) in case false positives cause systems to shut down unnecessarily, as one delegate said, “They are afraid that automating blocking will break their world”.

During the event, the current experience of automation was described as frustrating. While an automated engine can successfully detect a problem, it fails to outline what the problem is.

In this case, the detection system can feel like a problem rather than a solution: “The noisy child in the corner”, as one attendee put it. One delegate mentioned that his platform raises six billion data points every month. Of those, 1,000 need to be manually investigated and from those only two are likely genuine threats, but someone still needs to be tasked with investigating those 1000 threats regardless. The human component still exists despite automated intrusion detection processes.

How do companies measure successful automation?

Attendees agreed on some of the main ways that they measured successful automation with time and expense viewed as vital success measures. Some “measure success by finding out the attack has happened and how soon they can prevent that attack, as well as ensuring that it doesn’t spread”. Automated responses to threats have saved money and, just as importantly, time. Consequently, a quicker reaction response than the attacker was established as an essential measure of success.

Others pointed out that success is simply based on whether the company’s system was still working in the morning – this is not about defeating every challenge but ensuring that the threat to the business was greatly reduced. One indication of this is a lack of false positives, which was viewed as another success measure.

However, as Leon Ward of ThreatQuotient outlined, automating cybersecurity is particularly challenging due to the widely varying measures of success. Automating an industrial process can be simpler because it can be measured by an improvement in speed, output, or some other metric. Overall, in his opinion, the ultimate measure of success must be seen as when nothing bad occurs.

What foundations do businesses need to have to successfully build an environment for automation?

Research from ThreatQuotient found that 41% of businesses say a lack of trust in the outcomes of automation is preventing its deployment. Numerous attendees noted that further education within businesses was necessary to understand that to defend themselves there may have to be some impact on the day to day running of the business.

Speakers agreed that there is a belief that automation can add a bigger target to security teams’ backs as automation is viewed as an overhead. Unfortunately, as part of the nature of cybersecurity, problems are always noticeable when they arrive, which perhaps adds to the wariness around the automation offering, despite problem-spotting being a good thing.

Additionally, it was highlighted that many companies do not have the IT infrastructure to make a smooth automation transition; disjointed systems and legacy tools can lead to automation challenges. Some noted that their company’s systems cannot even automate password resets yet. Others indicated more of a cultural issue, with people often suspicious of new systems and, in some businesses, people get annoyed if security tools impede their workflow.

What needs to happen to improve automation efforts within the industry?

The metrics that are commonly used in cybersecurity were predominantly discussed. Mean time to detect (MTTD) and mean time to response (MTTR) metrics were viewed as not very helpful with there being no useful difference between the two. “If we’ve detected it, we’ve responded,” was the common opinion. Additionally, measuring either is difficult because it can be hard to know when to start measuring.

There was general agreement that poor quality metrics prompt the board to ask, “So what?” Attendees said they would favour a metric that tracks the extent of coverage and success, though they acknowledged that it is hard to know what data points could be used to measure those things.

The need for more help from vendors was raised as an action point, with the delegates agreeing it would be useful to know where vendors struggled with automation rather than finding this out for themselves. This kind of honesty and openness can help to build new fruitful partnerships between vendors and businesses.

The next step:

Overall, there is a lot of work that still needs to be done to improve the journey towards automation in cybersecurity. Despite ThreatQuotient’s research indicating positive steps, the roundtable event showed that a cultural change is needed for mass adoption to occur. Further education is required on the subject as well as a general understanding of what constitutes success.

Vendors can make strides to ensure that this happens and to help build the trust that enterprises need to make this journey as smooth as possible. Attendees were ultimately realistic, as one spokesperson said, “we’re not looking for a silver bullet”. Vendors must take this viewpoint into account and strive to build the necessary partnerships to learn, improve and seek demonstrated measures to help with automation.

Surfshark shuts down servers in India in response to data law

In response to the new Indian data regulation laws, cybersecurity company Surfshark is shutting down its servers in India. The new laws require VPN providers to record and keep customers’ logs for 180 days as well as collect and keep excessive customer data for five years.

“Surfshark proudly operates under a strict “no logs” policy, so such new requirements go against the core ethos of the company. A VPN is an online privacy tool, and Surfshark was founded to make it as easy to use for the common users as possible. The infrastructure that Surfshark runs on has been configured in a way that respects the privacy of our users, and we will not compromise our values – or our technical base”, says Gytis Malinauskas, Head of Legal at Surfshark.

Surfshark’s physical servers in India will be shut down before the new law comes into power. Up until then, users will be able to connect to servers in India as usual. After the new regulations come into effect, we’ll introduce our virtual Indian servers – which will be physically located in Singapore and London. Users will be able to find them in our regular list of servers.

Virtual servers are functionally identical to physical ones – the main difference is that they’re not located in the stated country. They still provide the same functionality – in this case, getting an Indian IP.

Users in India who don’t use Indian servers will not notice any differences – they will still be able to connect to whichever server outside the country they please. Meanwhile, Surfshark will continue to closely monitor the government’s attempts to limit internet freedom and encourage discussions intended to persuade the government to hear the arguments of the tech industry.

Notably, VPN suppliers leaving India isn’t good for its burgeoning IT sector. Surfshark’s data shows that since 2004, the year data breaches became widespread, 14.9B accounts have been leaked and a striking 254.9M of them belong to users from India.

To put in perspective, 18 out of every 100 Indians had their personal contact details breached. The situation is extremely worrying in terms of lost data points, considering that per every 10 leaked accounts in India, half are stolen together with a password.

Taking such radical action that highly impacts the privacy of millions of people living in India will most likely be counterproductive and strongly damage the sector’s growth in the country. Ultimately, collecting excessive amounts of data within Indian jurisdiction without robust protection mechanisms could lead to even more breaches nationwide.

 

Cohesity Research Uncovers A Gap That’s Ripe for Cyber Criminals to Exploit – a Lack of Collaboration Between IT and Security Operations Teams

New research commissioned by Cohesity reveals that while most IT and security operations (SecOps) decision-makers believe they should jointly share the responsibility for their organisations data security strategy, many of these teams are not collaborating as effectively as possible to address growing cyber threats. The survey also shows that of those respondents who believe collaboration is weak between IT and security, nearly half of respondents believe their organisation is more exposed to cyber threats as a result, the implications of which could have catastrophic consequences for businesses.

The research is based on an April 2022 survey* of more than 2,000 IT decision-makers and Security Operations (SecOps) professionals in the United States, the United Kingdom and Australia.

Nearly three-quarters of respondents (72%) in the UK believe the threat of ransomware in their industry has increased over the last year, with more than half of respondents (51%) saying their organisation has been the victim of a ransomware attack in the last six months. The survey uncovered the following results in the UK:

  • Security should be a shared responsibility: More than 4 in 5 (85%) of UK respondents agree that IT and SecOps should share the responsibility for their organisation’s data security strategy.
  • But, effective collaboration between IT and security teams is frequently not happening: Almost a third of SecOps respondents (19%) from the UK believe the collaboration is not strong with IT, with 5%  of those respondents going so far as to call it “weak.” Among IT decision-makers, more than a tenth of respondents (16%), believe the collaboration is not strong. In total, 1 in 5 (20%) IT and SecOps respondents believe the collaboration between the two groups is not strong.[1]
  • In many cases, even though the threat of cyberattacks has increased, the level of collaboration between IT and SecOps has remained stagnant or has declined:43% of respondents, overall, said collaboration between the two groups has remained the same even in light of increased cyberattacks. 8% of all respondents said collaboration has actually decreased. While only 55% of IT decision-makers said collaboration has decreased, nearly 11% of SecOps respondents believe that is the case, highlighting disparity between the two groups.
  • The on-going tech talent shortage is making matters worse:When asked if the talent shortage is impacting the collaboration between IT / security teams, 75% of respondents (69% of IT decision-makers and 82% of SecOps) said, yes, it is having an impact.
  • As a result of this lack of collaboration between IT and SecOps, many respondents believe their organisation is more exposed:Among the IT and SecOps respondents who believe the collaboration is weak between the two groups, 32% believe their organisation is either more exposed (18%), or much more exposed (14%) to cyber threats.
  • The consequences of that exposure could be devastating for businesses and for careers: When asked what would be their worst fear about a lack of collaboration between security and IT if an attack takes place, 37% of all IT and SecOps respondents are concerned about a loss of data, 39% fear business disruption, 39% are worried customers will take their business elsewhere, 40% fear finger pointing will take place and their team will be blamed should any mistakes occur, 33% are worried about paying ransomware, and 27% believe people from both teams (IT and SecOps) will be fired.

“This research pinpoints there is often a lack of collaboration between IT and security teams that we’re seeing across many organisations today. This communication gap must be closed if organisations want to win the battle against cyber threats and ransomware,” said Brian Spanswick, chief information and security officer, Cohesity. “For too long, many security teams focused primarily on preventing cyberattacks, while IT teams have focused on data protection, including backup and recovery. A complete data security strategy must bring these two worlds together, but in many cases they remain separate and this lack of collaboration gives cyber criminals the room they need to often deliver successful attacks and put companies at the mercy of bad actors.”

To further drive this point home, when respondents were asked how their company prioritised data backup and protection as part of their organisation’s security posture or response to a cyberattack, 51% of IT decision-makers said it was a top priority and a critical capability while only 36% of SecOps respondents said the same.

“If SecOps teams are not thinking about backup and recovery, and lack next-gen data management capabilities as part of an overall security strategy, that’s a problem,” said Spanswick. “IT and SecOps teams need to collaborate before an attack takes place, looking holistically across the NIST Cyber Security Framework which includes five core capabilities: identify, protect, detect, respond, and recover. If they wait to collaborate until their data is hijacked, that’s too late and the results could be catastrophic for businesses.”

83% of all respondents agree that if security and IT collaborated more closely, their organisation would be better prepared to recover from cyber threats including ransomware attacks. And, when respondents were asked what would give their organisation greater confidence that they could recover business systems quickly in the event of a ransomware attack, 44% of all respondents (45% of IT decision-makers and 43% of SecOps respondents) said greater communication and collaboration between IT and security is key.