Category Archives: Cybersecurity

Cybersecurity, News, Tech

Steph Charbonneau: Why Public Sector Organizations Should Adopt a Zero-compromise Approach

Written by Steph Charbonneau, Senior Director of Product Strategy, HelpSystems 

No organization is immune from the risk of supply chain cyber-attacks and data breaches, but those with especially large and complex supplier ecosystems are much more vulnerable. This is particularly true of public sector organizations and even more so in the light of the challenges these organizations have faced during the last 12 months as a result of the pandemic. As society has adjusted to the ongoing COVID-19 environment, public sector entities have had no option but to provide the majority of their services online. Whether it is local government, social services, law enforcement or emergency services, organizations across all disciplines that depended on in-person processes have been forced to pivot to digital alternatives at an uncomfortable speed.  

In the space of a year society has transformed beyond recognition, and digital-first is now an imperative. However, not only do public sector organizations handle a wealth of sensitive personally identifiable information (PII) which makes them a target, but they typically have large, complex supplier ecosystems and, in the rush to pivot to deliver online services that have traditionally been human-activated, this has left a window of opportunity for hackers. 

Increased Threat Caused by an Expanded Attack Surface 

Likewisethe extended attack surface as a result of the new remote workforce is also creating opportunities for cyber-criminals. Although the public sector has made great advances in cybersecurity over the past four or five years, in May 2020 we undertook research with public sector cybersecurity workers and the findings from this were concerning. 

In general, we found a widespread lack of awareness around cybersecurity, with almost half of respondents having either not heard of, or not knowing what ransomware is. Outdated operating systems are a common point of entry for cyber-criminals, and our research found that 11% of public sector employees were still using Windows 7 – which has not been supported by Microsoft since January 2020. 

This all makes very clear the requirement for training and best practice guidance for public sector employees, especially when dealing with the extended ecosystem of suppliers and parties that are deemed a trusted source. If an employee can at least recogniza malicious email, then they will be far less likely to click on a link or open a file or image containing ransomware. This is particularly important in the new work environment we now find ourselves in, as a distributed workforce lacks the usual corporate cybersecurity defenses and is perhaps even more vulnerable when juggling work with home-schooling and other distractions. 

The Move to Microsoft 365 

Additionally, COVID-19 has accelerated the trend to digitization and one such digital transformation trend particularly common in public sector organizations, is the move to Microsoft 365. The effectiveness of this collaboration suite is undeniable, with many public sector organizations benefitting from its cloud-based capabilities. But in the rush for cost-effective deployments, are organizations missing out on vital security for emails, for example, because the level they’ve bought into does not provide adequate protection for sensitive data or cyber-attacks? 

To avoid the risk of a data breach, public sector organizations need to fully secure their business communication channels to ensure that sensitive information is only shared between authorized parties and detect when malware exists in messages, documents, or image-based files. And while Microsoft 365 offers various levels of email security, it does not deliver the deep content inspection required to automatically detect and remove sensitive information (such as PII data or payment card information), especially within screen shots or scanned documents. Even with sandboxing, protection against ransomware is limited because the malware threats designed to evade these systems can be hidden within documents or image-based files.  

It is all too easy to see an email from a trusted supplier or partner and assume that it is safe to open, therefore, only a zero-compromise approach will provide the level of protection needed in today’s multi-vector environment.  

How to Neutralize Supply Chain Threats 

Public sector organizations need layered security defenses to neutralize any threats coming from a supplier. It is essential that organizations are adequately protected from incoming malware, embedded Advanced Persistent Threats, or any other threat that could pose a risk to the business. At HelpSystems, we offer a Secure Email Gatewaywhich works in conjunction with Microsoft 365, giving public sector organizations the missing element required for a robust, comprehensive security posture, one that takes into consideration the threat posed by the extended supplier ecosystem. 

Data classification tools are also critical to ensure that sensitive data is appropriately treated, stored, and disposed of during its lifetime in accordance with its importance to the organization. Through appropriate classification, using visual labelling and metadata application to emails and documents, this protects the organization from the risk of sensitive data being exposed to unauthorized organizations further down the line through the supply chain.  

Likewise, data that isn’t properly encrypted in transit can be at risk of compromise, so public sector organizations should use a secure and compliant mechanism for transferring data within the supply chain to reduce risks. Here Managed File Transfer (MFT) software can facilitate the automated sharing of data with suppliers and provide a central platform for information exchanges and other file transfer protections.  

An Unprecedented Year 

At the start of this year, the IT Governance blog logged 134 security incidents in December, which accounted for more than 148 million breached records. And according to IT Governance, this brings the total for 2020 to more than 20 billion breached data records, and unfortunately public sector organizations were in the top three industries most commonly breachedIn addition, last year we witnessed a record number of breaches via the supply chain, the most recent highprofile incident being the SolarWinds hack in December 2020.   

Most of these breaches are not sophisticated attacks but are because of either ransomware or internal human error, therefore it is imperative that public sector organizations have the right technologies, policies and training programs in place. If you are interested in finding out more about protecting your supply chain, why not download our eGuideManaging Cybersecurity Risk in the Supply Chain.” 

Cybersecurity, Data, News

HelpSystems’ 2021 State of IBM i Security Study Reveals Lax Security Controls Continue to Expose Vulnerabilities

Study highlights how many organisations rely on system settings that leave data at risk, while user privileges and access permissions typically far exceed necessary levels

HelpSystems recently released the findings from the 18th edition of its State of IBM i Security Study. Based on insights collated from 247 IBM i servers and partitions that were audited in 2020, the report helps readers understand common IBM i security risks and provides a go-to resource for how to correct them, quickly and effectively. With organisations around the globe waking up to the business impacts of lax cybersecurity, and 75% of IBM i pros ranking cybersecurity as a top concern, this year’s study reveals concrete, impartial data showing the security gaps which remain in IBM i systems.

Cyberthreats grow more sophisticated every year, especially in the newly distributed remote work environment. The weaknesses identified and documented in this study are often caused by poor or missing configurations that can— and should—be corrected.

The 2021 State of IBM i Security Study provides data from seven critical areas of IBM i security:

  • Security Enforcement Level
  • Users with Powerful Authorities
  • Password and Profile Security
  • Access to Data
  • Network Access
  • Detecting Security Violations
  • Malware Protection

“Our study shows that some common, longstanding and dangerous IBM i security exposures still remain,” said Robin Tatam, Director of Security Technologies, HelpSystems. “But in recent years HelpSystems has observed an encouraging trend showing organisations large and small are increasingly prioritising IBM i security. So, while we still have a long way to go, a deeper understanding of the risks and the security controls built into the OS is definitely driving a wave of interest in prioritising these issues.”

The 2021 State of IBM i Security Study offers exclusive insight into the tools and strategies organisations are using to secure IBM i—and where systems are often left vulnerable. For access to the full results, download the report here or watch the recorded webinar here.

HelpSystems State of IBM i Security Study Methodology

The data shared in this study is collected by HelpSystems security experts auditing IBM i systems using the HelpSystems Security Scan. This free software runs directly from any network-attached PC without modifying systems settings, interrogating Power Systems running IBM i (System i, iSeries, AS/400) across seven critical audit areas.

About HelpSystems

HelpSystems is a software company focused on helping exceptional organisations Build a Better IT™. Our cybersecurity and automation software simplifies critical IT processes to give our customers peace of mind. We know IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.helpsystems.com.

Cybersecurity, News, Tech Thought Leadership

Women in Security: Meet Jan Lawford, Senior Director of EMEA Security Sales at VMware Security Business Unit

Written by Samantha Mayowa, Head of Global Communications at VMware Security Business Unit

We meet a real team player at VMware, Jan Lawford Senior Director of EMEA Security Sales, who addresses why it is so important for women to overcome self-doubt, why passion drives success and why it is key to have a growth mindset to succeed.

Jan has international tenure at brands such as Dell EMC, RSA Security, Avaya and more, Jan has extensive technical, sales, and channel experience. She also dedicates her time to help drive diversity and inclusion for the benefit of all employees and business performance internally.

By shedding light on the women of VMware Security Business Unit and their incredible successes, we hope to inspire other talented women to make their mark in the industry. Follow the VMware Women in Security Series, here.

Tell us what excites you about your new role at VMware?
One of my big passions is helping individuals develop their careers and accelerate their success. As the new leader of the talented EMEA security sales team, I am excited about the opportunity to work with each member of the team to help them define how they can be even more successful, deliver more value to our customers and accelerate the success of the security business for VMware. At the end of 2021, I want the team to look back at the success they have achieved and how as individuals they have positively contributed to the overall performance of the team.

How did you land a career in security and what led you to the VMware Security Business Unit?
I didn’t start out in tech; in fact, my first job was in the toy industry. One of the managers that I worked with left the business, entered a tech company, and asked me to join him. We are going back more than 25 years and at the time I realised that the tech industry was a great place to be.

Prior to joining VMware, I was at Dell for seven years and responsible for a sales team focused on converged infrastructure solutions, which meant I was working closely with VMware. This gave me the opportunity to really gain a good understanding of the technology, culture, and values of the organisation, all of which were a big part of the attraction. The other compelling draw was the opportunity to step back into a role in cybersecurity – which has never been more important to customers than it is today.

Who is your role model in tech or security?
I wouldn’t say I have a particular role model per se; however, I have really benefited from more informal mentoring from various individuals over the years. At the time, I didn’t always identify or recognise it as being mentored, but looking back, there are several key individuals that really helped me develop my career.

I know this might sound a bit of a cliché, but my husband has been and continues to be a huge support and influence on me. We met in the IT industry many years ago and I always get very honest and constructive feedback from him, which I admit at times, I don’t always want to hear, but this has been hugely beneficial.

What excites you most about security and the future of security at VMware?
What really attracted me to security in the first place is that the industry is so fast-paced and dynamic, with innovation happening every day. Looking back there has been a huge evolution in the industry from when I first joined and the technical capabilities that are accessible to businesses today are unrecognisable.

Security has never been as critical as it is today. The pivot to remote working has further accentuated the importance of a robust security strategy and capability, with our workplaces morphing into our living rooms, our home offices, and our spare rooms. Additionally, it’s not just about organisations losing money or brand reputation anymore; cyberattacks are causing real-world problems, putting lives at risk, in the case of the healthcare industry.

At VMware, we can not only deliver business value through technical innovation, but from a broader perspective we can have a real impact on the quality of people’s everyday lives and the challenges we face in the world today.

What advice do you have for women looking to get into the security industry?

To be successful in any industry women must first manage their own self-doubt. There is a lot of research and commentary around self-doubt being the real glass ceiling for women. Therefore, it is important for women to make sure that they are dealing with this. And when that internal voice questions whether we can rise to the challenge and whether we can succeed, we must address that nagging doubt, otherwise it can become a real limiting factor.

Throughout my own career I have always believed in being passionate about what you are doing. Passion drives success. So, try to choose a career path that you believe in and are incredibly passionate about.

It is also imperative to have a growth mindset, to always be open to learning. If you are progressing you will be facing challenges as you move to the next stage in your career, therefore it is important to invest time in developing the skills you may not possess and to believe in your ability to constantly develop and grow to meet the next challenge and the next opportunity.

Follow your instinct. I think women have natural skills and attributes that make them a great fit for security. Women can gauge risk very differently to men and they are good at identifying changing patterns of behaviour naturally so that is a great skill for identifying threat actors.

Finally, how can we create an inclusive and supportive environment for women in the workplace?

A flexible working environment will always be important. Women often have significant demands on them outside of the workplace therefore, where possible, employers should try and accommodate these demands and support a flexible work schedule. This will ensure that a work-life balance is maintained.

A transparent culture is also critical. Organisations need to have an honest and respectful dialogue internally to make sure that there is no negative bias, conscious or unconscious.

Finally, sponsorship opportunities are vital. It is important that as women start to progress through their career, that they are given the opportunity and access to sponsorship, to support them on their journey to success.

 

Cybersecurity, Networks, News

The quantity and power of DDoS attacks in 2021 will increase significantly

According to StormWall experts, in 2021 the global quantity of DDoS attacks on companies’ online resources will increase by at least 20% compared to last year. DDoS attacks have shown steady growth for several years in a row, and will increase even more in 2021 due to a number of new factors: the emergence of a large number of emerging cyber criminals among students and schoolchildren in connection with the transition to distance learning, an increase in the criticality of Internet services due to that many employees work remotely, while most companies continue to actively develop online businesses.

In addition, the Internet has become a more “DDoS-aggressive” environment: in the beginning of 2021, new powerful tools for organizing DDoS attacks appeared on the Internet, available to a wide range of consumers, for example, the ability to access 400 Gbps attack launched from real devices for only $500 per week via Telegram. It is often possible to organize such a powerful attack for free – by introducing yourself as a potential buyer and requesting a test for a few minutes, while the attack will most likely affect not only the victim itself, but also several Internet providers on the way to it, leaving no access to the Internet for thousands of users and online resources.

Experts warn that the power of DDoS attacks will also increase in 2021 due to the development of 5G networks. Using this technology, it will be possible to launch a DDoS attack with a capacity of more than 1 Gbps from each mobile device. If an attacker possesses tens or hundreds of thousands of infected smartphones, tablets and IoT devices, then the attack volume can reach several Tbps and it will be incredibly difficult to repel it.

Experts note that recently hackers have begun to act more intelligently, they increasingly launch attacks using bots that can automatically bypass common protection methods. New types of DDoS attacks are expected to emerge, presumably targeting UDP, as protection of UDP applications is often not as effective as for ones using TCP protocol. This is primarily online games, VoIP services and the QUIC protocol, which Google and Facebook use to speed up their web resources.

In connection with the new threats, various types of perimeter security solutions (AntiDDoS, WAF, anti-bot, IDS/IPS) will tend to be integrated into a single complex that will be able to ensure the security of customers’ Internet perimeter. Also, AI technologies will be used more and more to protect online resources since it is becoming increasingly difficult to distinguish an attacking bot from a real user.

Cyber Attack, Cybersecurity, News

Fighting Back in 2021: VMWare’s ‘Howlers’ share 4 Best Practices for Security Teams

“Attacks these days don’t have a natural beginning or ending. For an adversary, every attack is an opportunity to learn something that can then be used against additional organisations.” — Greg Foss, Senior Cybersecurity Strategist, VMware Security Business Unit.

Attackers versus defenders will always be an ongoing battle. In our 2021 Cybersecurity Outlook, we found attacker behaviour drastically evolved over the past year from the rise in e-crime to ransomware-as-a-Service (RaaS), double-extortion ransomware and counter incident response (IR) and more. For many security teams, the threat landscape was refigured by the pandemic.

There is a new level of sophistication in attacks as cybercriminals and nation-state actors continue to exploit and profit from the ongoing disruption of the pandemic. The clandestine nature of the SolarWinds breach and the mass intrusion into vendor networks seemed like the pinnacle of cybercrime in 2020. However, Tom Kellermann, Head of Cybersecurity Strategy, VMware Security Business Unit, noted that “SolarWinds is not an isolated event. With COVID-19 catalysing digital transformation and a shift to cloud services, these sorts of attacks will only increase in frequency.”

Already this year, we’ve seen the massive attack on Microsoft Exchange servers by a state-sponsored Chinese hacking group, Hafnium, which has affected more than 30,000 organisations. As Foss notes, “attacks these days don’t have a natural beginning or ending.” In the case of the Microsoft zero-day vulnerabilities, once security patches were issued hackers began trying to reverse engineer their own exploits, opening the door for escalated attacks like ransomware. Alongside large-scale breaches, it has also been open season for attacks on the industry’s most vulnerable during the pandemic including healthcare, power and utility, and financial services.

The past year has served as a security wake-up call for all organisations in both the private and public sectors. We are now at an inflexion point, where defenders must rethink their security stacks to ensure their organisations have the mindset, investment, and platforms to stay one step ahead of attackers.

As the threat landscape evolves, what are some of the best practices for CISOs and security teams looking to fight back in 2021? The Howlers weigh in.

Workload Security:

To defend against cloud jacking, organisations using private and public clouds need to focus on protection — not only at the endpoint level but across workloads. Cloud workload security is particularly complex, as workloads pass through multiple vendors and hosts; thus, the responsibility for protecting them must be shared and prioritised. With the proliferation of apps and data, organisations must ensure they are protecting them wherever they are. As we navigate a cloud-first world, security for the cloud that extends across workloads and Kubernetes protection will be critical for all organisations.

According to Foss, we’re seeing an increase in malicious actors targeting workloads because it is harder for organisations to monitor them. Workloads are getting hit by adware and cryptominers as adversaries are focused on profit because workloads are temporary services, making it easier to take advantage of these services quickly. With this approach, adversaries are able to break out of the sandbox setting within the workload, and actually target the servers and encrypt virtual machines that are held within. With this in mind, organisations need to look at both the host and the workload to ensure both are protected. With the distributed workforce and rapid move to the cloud, this type of attack has become more attractive than ever to the adversary.

 

Identity Management and Continual Authentication: 

Identity management is key. Security teams today should have the mindset that attacks do not have a discrete beginning or end — rather, adversaries are continually accruing intelligence and harvesting data about the organisation suppliers and customers that they leverage in attack or profit from. Security teams must be able to track identities as they move throughout systems and workloads. This requires visibility into a lateral movement beyond PowerShell, as well as the integration of network detection response and endpoint detection response capabilities.

So, while multi-factor authentication is important, continual authentication is the next evolution – ensuring users do not have perpetual administrative rights rather access for a purposeful window of time. Continually reviewing who has access is also critical in preventing supply chain compromise. The central vulnerability in supply chain compromise stems from networks granting administrative access to outside parties. The larger the window of time that an outside user is granted access, the greater the opportunity for an attacker to get in.

“Credential Harvesting is a significant threat every organisation should worry about. Identity is the new perimeter and teams are driving toward a continual authentication and authorisation model. A focus on what the identity is doing is needed to help thwart current and future attacks,” said Rick McElroy, Principal Cybersecurity Strategist, VMware Security Business Unit.

 

Threat Hunting: 

Assume attackers have multiple avenues into your organisation. Given the nature of C2 on a sleep cycle, steganography, and other methods, adversaries can maintain clandestine persistence in your systems. Threat hunting on all devices can help security teams detect behavioural anomalies. Once identified, organisations can then reimage devices, eliminating the bad actor.

81% of organisations have a threat hunting program now, and we’re thrilled to see the recent progress made in this area,” said Foss. “Many organisations today are realising that threat hunting is an integral part of any security program. It’s about understanding that a proactive approach is required alongside the contextual insights. Security teams are combing through massive amounts of data and are able to understand the context behind the attacks and trends they’re seeing in the data. Purple teaming is also becoming a more common approach to test threat hunting capabilities and identify gaps in visibility to prevent future vulnerabilities.”

 

Maturing Detection. Organisations should be constantly evaluating the effectiveness of their security posture. Doing so requires the vigilance of system users, the right tools, and platforms as well as qualified cybersecurity professionals to ensure their infrastructure is resilient and protected from ongoing threats and attacks. No matter what size or industry, businesses must approach security proactively and comprehensively. As organisations scale, security also must grow and mature to avoid new gaps and vulnerabilities or risk exploitation by attackers.

Organisations need to understand how the larger cybercrime ecosystem plays into the attacks that they are most likely to be confronted with. While the focus has long been on “advanced nation-state adversaries,” the reality is that cybercrime groups are just as capable, if not more so in many cases. According to Foss, “These capabilities, combined with financial fallout from the pandemic and an ever-burgeoning cybercrime ecosystem, in which stolen data, exploitation and access as a service and more are traded at an incredible rate results in a significant likelihood of catastrophic impact.” Similar to how we have seen ransomware evolve to encompass double-extortion, RaaS, and now affiliate programs, we must remain vigilant in the protection of our corporate and personal assets.

 

2021: Putting the power in the hands of defenders  

The global cybercrime market totals an astounding $1.5 trillion in revenue today. For many years, security teams focused on nation-state actors, allowing cybercrime to fly under the radar until recently when RaaS started grabbing headlines. According to Foss, “Three years ago we didn’t see much from e-crime groups, but now organisations are facing a surge of threats from both nation-state groups and e-crime groups. Adversaries are shifting to target organisations specifically with the goal of gaining initial access to then resell valuable data on the internet. Combined with the cheap barrier to entry, cybercrime groups have gotten more sophisticated and are moving laterally through organisations in more creative ways.” In the end, it’s critical for organisations to patch vulnerabilities immediately and proactively respond to these threats and better prepare for future attacks. As CISOs and security leaders navigate the evolving threat landscape in 2021 and beyond, it’s time to rethink security strategies and take the necessary steps to put the power back in the hands of defenders.

 

Additional Resources: 

 

VMware January Survey Methodology:

VMware conducted an online survey in January 2021 about evolving cybersecurity threats and trends ahead in 2021. 180 IR, cybersecurity, and IT professionals (including CTOs, CIOs and CISOs) from around the world participated. Respondents were asked to select only one response per question. Due to rounding, the percentages used in all questions may not add up to 100%.

 

 

Cybersecurity, News

Steph Charbonneau: Why Supply Chains Are Today’s Fastest Growing Cybersecurity Threat

Written by Steph Charbonneau, Senior Director of Product Strategy, HelpSystems

Business ecosystems have expanded over the years owing to the many benefits of diverse, interconnected supply chains, prompting organizations to pursue close, collaborative relationships with their suppliers. However, this has led to increased cyber threats when organizations expose their networks to their supply chain and it only takes one supplier to have cybersecurity vulnerabilities to bring a business to its knees. To this point governments around the world have highlighted supply chains as an area for urgent attention in tackling cyber risk in the coming years.

Looking beyond your own perimeter

Over the last few years, many organizations have worked hard to improve their cyber defenses and are increasingly “harder targets”.  However, for these well-defended organizations, now the greatest weaknesses in their defenses are their suppliers, who are typically less well defended but with whom they are highly interconnected.

At the same time, the cyber threat landscape has intensified, and events of the past year have meant that security professionals are not only having to manage security in a remote working set up and ensure employees have good accessibility, they are also having to handle a multitude of issues from a distance whilst defending a much broader attack surface.  As a result, points of vulnerability have become even more numerous, providing an attractive space for bad actors to disrupt and extort enterprises.  Threats have escalated, including phishing and new variants of known threats, such as ransomware and Denial of Service (DDoS) attacks, as well as increases in supply chain attacks.

But where supply chains are concerned, it is nearly impossible to effectively manage this risk unless you know the state of your suppliers’ defenses and continually ensure that they are comparable to your own.  Organizations must deeply understand the cyber risks associated with the relationship and try to mitigate those risks to the degree possible.

However, that’s easier said than done. With the sending and receiving of information essential for the supply chain to function, the only option is to better identify and manage the risks presented.  This requires organizations to overhaul existing risk monitoring programs, technology investments and also to prioritize cyber and data security governance.

Ensuring the basics are in place

At the very least organizations should ensure that both they and their suppliers have the basic controls in place such as Cyber Essentials, NIST and ISO 27001, coupled with good data management controls. They should thoroughly vet and continuously monitor supply chain partners. They need to understand what data partners will need access to and why, and ultimately what level of risk this poses. Likewise, they need to understand what controls suppliers have in place to safeguard data and protect against incoming and outgoing cyber threats. This needs to be monitored, logged, and regularly reviewed and a baseline of normal activities between the organization and the supplier should be established.

As well as effective processes, people play a key role in helping to minimize risk. Cybersecurity training should be given so that employees are aware of the dangers and know how to spot suspicious activity. They should be aware of data regulation requirements and understand what data can be shared with whom. And they should also know exactly what to do in the event of a breach, so a detailed incident response plan should be shared and regularly reviewed.

IT best practices should be applied to minimize these risks. IT used effectively can automatically protect sensitive data so that when employees inevitably make mistakes, technology is there to safeguard the organization.

Securely transferring information between suppliers

So how do organizations transfer information between suppliers securely and how do they ensure that only authorized suppliers receive sensitive data? Here data classification tools are critical to ensure that sensitive data is appropriately treated, stored, and disposed of during its lifetime in accordance with its importance to the organization. Through appropriate classification, using visual labelling and metadata application to emails and documents, this protects the organization from the risk of sensitive data being exposed to unauthorized organizations further down the line through the supply chain.

Likewise, data that isn’t properly encrypted in transit can be at risk of compromise, so using a secure and compliant mechanism for transferring data within the supply chain will significantly reduce risks. Managed File Transfer (MFT) software facilitates the automated sharing of data with suppliers. This secure channel provides a central platform for information exchanges and offers audit trails, user access controls, and other file transfer protections.

Layering security defenses

Organizations should also layer security defenses to neutralize any threats coming from a supplier.  Due to its ubiquity, email is a particularly vulnerable channel and one that’s often exploited by cyber criminals posing as a trusted partner. Therefore, it is essential that organizations are adequately protected from incoming malware, embedded Advanced Persistent Threats, or any other threat that could pose a risk to the business.

And finally, organizations need to ensure that documents uploaded and downloaded from the web are thoroughly analyzed, even if they are coming from a trusted source. To do this effectively, they need a solution that can remove risks from email, web and endpoints, yet still allows the transfer of information to occur. Adaptive DLP allows the flow of information to continue while removing threats, protecting critical data, and ensuring compliance. It doesn’t become a barrier to business or impose a heavy management burden. This is important because traditional DLP ‘stop and block’ approaches have often resulted in too many delays to legitimate business communications and high management overheads associated with false positives.

Cyber criminal attacks set to rise

Many of the recent well publicized attacks have been nation state orchestrated. Going forward this is going to turn into criminal syndicate attacks. Cyber criminals already have the ransomware capabilities and now all they need to do is tie this up with targeting the supply chain.  Therefore, making sure you have the right technologies, policies and training programs in place should be a top priority for organizations in 2021. If you are interested in finding out more about protecting your supply chain, why not download our eGuide: Managing Cybersecurity Risk in the Supply Chain.”

Cybersecurity, Diversity in Tech, News

Women’s History Month- The Challenges and Opportunities for Women in Cybersecurity

Written by Gigi Schumm, SVP World Wide Sales, ThreatQuotient

March is Women’s History Month with this year’s theme being “choose to challenge.” From a cybersecurity perspective, the number of women in this sector is increasing rapidly and it’s an exciting time to be part of this industry. However, that doesn’t take away from the challenges as studies show the number of women currently working in cybersecurity is only between 20% and 25%.

This article features the thoughts of three female leaders at ThreatQuotient, Celine Gajnik, Head of International Marketing, Chantelle Dembowski, Senior Director of Human Resources and Liz Bush, Director of Product and Partner Marketing. All three are at the top of their game and have been ‘choosing to challenge’ the status quo for years. Here they discuss their female role models and mentors, the future of cybersecurity, the advice they would give to women looking for a career in cybersecurity and how they are making a difference and driving change.

The importance of female mentors

For any job, having a mentor throughout your career to guide and advise you is important. However, in many industries, especially cybersecurity, it would seem that there is a lack of female mentors. This in turn presents a challenge for women in this sector as they have an absence of other women in leadership roles, who they can identify with.

But, Dembowski interestingly stated that she has been fortunate enough to have a female mentor in her previous job who helped her gain a good understanding of her professional strengths and weaknesses and who she still is in touch with today. She said “I’ve had more female mentors in the past and I would say now I have more male mentors. This is primarily because there are fewer females in senior positions at organisations to provide that mentorship, hence I’m definitely connecting with more males at a higher level.”

Likewise, Bush’s first mentor in her career was female, and was a great mentor and example to learn from. She comments: “The company I started out at was very male-dominated and my first mentor was the only woman I had any interaction with. She taught me ‘How to be the only woman in a very male-dominated area’. Going forward, in many of my jobs, I was in groups where I was the only woman, so her advice has really helped.”

Gajnik mirrored this notion, adding “ I think it does highlight that unfortunately today you still have more males at the executive and senior leadership level than females. Even at this point of my career, I have never had a woman as my boss.”

This highlights how the cybersecurity and tech sector is still very male-dominated and that having a female mentor can benefit women in their careers in terms of building confidence, enhancing skills, and setting achievable career goals.

The future of cybersecurity 

More of our personal lives and business activities are being conducted online than ever, making cybersecurity a key issue of our time. Statistics such as the number of global ransomware hacks show increases of nearly 25% between 2018 and 2019 and 68% of business leaders feel their cybersecurity risks are increasing.

Hopefully, this increase in demand for cybersecurity globally will be reflected in an uptick in female employees and leaders within this exciting and innovative sector.

All three of our interviewees agreed that they love working in the cybersecurity space and find it a dynamic and exciting industry to be working in. Gajnik said, “ I find cybersecurity interesting and love that we are making a real impact. I feel there are no limitations when it comes to cybersecurity.”

Dembowski has worked across many other industries and thinks that cybersecurity is an ‘’innovative and groundbreaking place to be”. She continues by saying she doesn’t see herself changing industry anytime soon as “there’s so much opportunity in this particular industry and there’s an acceptance and a desire to have more diversity and an openness to different perspectives.”

Advice to women in the tech and cybersecurity space

As mentioned above, women working in cybersecurity still only make up between 20% and 25% of the workforce. However, this is a significant increase from previous years, for example, women only made up 11% of the cybersecurity workforce in 2017, showing that there is a drive for and an uptake in women moving into the industry.

Gajnik stated that women shouldn’t rule out the tech sector because they think it is ‘too tough’ or ‘male-dominated’ as women shouldn’t put barriers on their careers due to fear of  embracing the unknown and any self-doubt. She highlights that, “you can have your place in different roles, you don’t have to be a developer or a threat intelligence analyst if that is not your aspiration, you can be part of this industry doing other roles.”

Dembowski advises women to “take risks and chances when you are young”. She believes that doing what makes you happy and not being afraid to follow your passion, even if this wasn’t part of your original plan, helps women to evolve, she adds: “We learn much more from our failures than our successes.”

Bush adds that women shouldn’t be afraid to take on new challenges and responsibilities as this is how we learn and grow professionally. Additionally, she advises that women “should not be afraid to give their opinions, as their point of view is just as valuable”.

Even though currently men outnumber women significantly in cybersecurity, we are seeing an increase in women joining the industry and asserting themselves within the profession. Going forward, as more women continue to succeed in this space they will undoubtedly serve as role models and mentors for other women. In turn, this will enable the workforce to become more diverse and help address the cybersecurity skills gap. In order to attract more women into the industry, organisations need to make sure this sector is rewarding and a welcoming career for anyone, whilst also understanding and addressing the workforce challenges this sector faces.

 

Cybersecurity, News

Penetration Testing Still a Vital Part of Organisational Security Based on Annual Core Security Survey

Core Security, a HelpSystems Company, today announced the results of its annual penetration testing survey, with 85 per cent of cybersecurity respondents reporting they pen test at least once per year. This finding is part of the more extensive 2021 Penetration Testing Report, which reveals that pen testing plays an essential role within organisations as part of a robust security strategy. Building on last year’s inaugural survey, the findings show how and why organisations depend on penetration testing.

“Core Security has dedicated two decades toward the advancement of penetration testing,” said Brian Wenngatz, General Manager, Core Security, a HelpSystems Company. “Our annual survey gives actionable insights for the cybersecurity community.

Organisations rely on pen testing to reveal security weaknesses and comply with regulations including PCI DSS, SOX, NERC, HIPAA, CMMC, and GDPR. Based on this year’s findings, 99 per cent of respondents said pen testing was key to compliance initiatives.

The shift to remote work in response to COVID-19 also showed the vital role pen testing plays in new security challenges. Of those surveyed, 28 per cent reported increasing pen tests, and 45 per cent reported greater emphasis on network security tests.

“This survey and report have shown that the need for pen testing resources is in high demand and will likely remain so in the coming years,” said Wenngatz. “Core Security remains dedicated to providing pen testing resources for every type of organisation through a tiered offering of Core Impact, our powerful pen testing tool, and services from a best-in-class pen testing team.”

About HelpSystems 

HelpSystems is a software company focused on helping exceptional organisations Build a Better IT™. Our cybersecurity and automation software simplifies critical IT processes to give our customers peace of mind. We know IT transformation is a journey, not a destination. Let’s move forward. Learn more at www.helpsystems.com.

Cybersecurity

2021 Cybersecurity Outlook: Attackers vs. Defenders

COVID-19, one year later

2020 was undoubtedly a defining year for cybersecurity – a year that ended with the SolarWinds breach, which infiltrated US government agencies and organisations at a scale not seen in recent history.

For cybersecurity professionals, the nature of this attack – a sophisticated, clandestine intrusion into vendors’ networks that was then used to “island hop” onto others along their supply chains – embodied today’s threat landscape as refigured by the pandemic.

“This is not an isolated event,” notes Tom Kellermann, Head of Cybersecurity Strategy, VMware Security Business Unit. “With COVID-19 catalysing digital transformation and a shift to cloud services, these sorts of attacks will only increase in frequency. Organisations have to realise that it’s no longer simply about whether breaches along their supply chains can be leveraged to attack them, but whether they themselves can be used to attack their customers.”

The pandemic did more than broaden the attack surface: it provided the time, capital, and opportunity for cybercrime to industrialise. E-crime groups have collaborated to form advanced enterprises, providing ransomware-as-a-Service (RaaS), selling network access points on the dark web, and executing destructive cyberattacks.

As Greg Foss, Senior Cybersecurity Strategist, VMware Security Business Unit, puts it, “Since 2019, we’ve seen e-crime shift from covert shadow groups into these pseudo-legitimate businesses, replete with customer service channels, clear business sites, and increasingly sophisticated attack methods.”

Still, 2020 was not all bad news. With new attack methods on the rise, organisations have been forced to shift their mindset and rethink their approach to security across applications, clouds, and devices.

“Cybersecurity is adapting to changing conditions,” observes Rick McElroy, Principal Cybersecurity Strategist, VMware Security Business Unit. “The old school mentality is gone. Security teams realise they must change their architectures, adopt a cloud-first mindset, and work together to meet today’s challenges. The path they’re charting is a good one.”

Here’s a look at what organisations saw during an unprecedented year from evolving attacker behaviours to the rise in e-crime – and most importantly what defenders can be doing to prepare in 2021 and beyond.

 

Key Findings

  • Ransomware attacks are getting increasingly sophisticated: nearly 40% of respondents said double-extortion ransomware was the most observed new ransomware attack technique in 2020.
  • A growing number of attackers are fighting back: 63% of respondents witnessed counter incident response (IR) since the start of the pandemic. Security tooling disablement was the most observed technique.
  • Attackers are leveraging a number of counter IR techniques, the top techniques observed included: security tool disablement (33%); DDoS (Denial-of-service) attacks (26%); Security tool bypass (15%); Destruction of logs (11%).
  • Security teams now know it’s not a matter of if they’ll get attacked, but when – and have adopted a proactive mindset: 81% of organisations reported having a threat hunting program.
  • Island hopping is increasingly prevalent, as attackers “hop” from one network to another along its supply chain: Nearly half (44%) of respondents said they witnessed island hopping in more than 25% of all IR engagements; 13% witnessed it in over 50% of engagements.
  • This year, the top security priorities for organisations include: security for trusted third parties/supply chain (24%); remote access security (24%); network and endpoint security (22%); identity and access controls (21%); hardware/physical device security (9%).

 

Attacker Behaviour: Amid COVID-19, the surge of sophisticated attacks and rise of ransomware-as-a-service

In response to the pandemic, organisations have accelerated the adoption of cloud technology – which in turn has created new security threats that sophisticated cybercriminals have seized the opportunity to exploit. The speed to innovation comes with broader issues such as supply chain compromise. In such instances like the SolarWinds breach – the adversary will use one organisation’s network (or cloud) to island hop to others along their supply chain. Recognising this growing threat, “security for trusted third parties/supply chains” was the top priority security area for organisations in 2021.

“In today’s threat landscape, organisations must assume that cybercriminals will also target their constituency,” said Kellermann. “The burglary has turned into a home invasion – and not just one house, but the neighbourhood.”

When it comes to the most observed supply chain compromise techniques, nearly half of respondents (46%) selected attackers abusing trusted relationships by leveraging accounts belonging to legitimate suppliers and other trusted third parties. Attackers leveraging connectivity/networks between third party suppliers and enterprises (22%) and loopholes in software updates (21%) also garnered a significant proportion of responses.

“Too often organisations offload security issues around third-party vendors, which include time-consuming paperwork to properly vet upfront,” Foss adds. “Organisations say, ‘they’ve filled out the questionnaire, passed our barometer.’ And even if they do put all the right checks in place, bad actors can still take advantage.”

 

Increasingly destructive counter IR

A significant majority (63%) of respondents witnessed incidents of counter IR since the start of the pandemic – many of which reflect the increasingly destructive nature of cybercrime today.

For instance, the types of counter IR most observed included: security tooling disablement (33%), Denial-of-Service attacks (26%), security tooling bypass (15%), destruction of logs (11%), email monitoring (9%), and destructive attacks (7%).

“These responses underscore the importance of threat hunting,” says McElroy. “They demonstrate that there’s a human being on the other end of the system who wants to get visibility into the entire environment – while deploying increasingly destructive malware.”

Foss also notes: “Attackers are looking to get their foot in the door of your network, then unhook the latch once it’s safe – all very soft and silently at first – before loading more advanced tool kits. It’s becoming a significant part of e-crime.”

 

The rise of RaaS and double-extortion ransomware

In 2020, we saw ransomware go mainstream. Sixty-six per cent of respondents report being targeted by ransomware during the past year – much of which may have been sold by e-crime groups on the dark web as RaaS.

“Traditional ransomware isn’t going anywhere,” Foss says, “But it can be hard to tell nowadays whether you’ve been hit by RaaS or traditional methods, largely because ransomware groups themselves now leverage RaaS operations and affiliate programs.”

Worse, in a growing number of cases, these ransomware attacks have gotten more sophisticated. For instance, when asked which new ransomware attack techniques were most observed, nearly 40% of respondents selected double-extortion ransomware (e.g., encryption, data exfiltration, extortion). In other words, as organisations became more effective at recovering from ransomware attacks via backups, attackers changed their tactics to exfiltrate sensitive information and use it for blackmail to ensure a financial gain.

“If you’re hit by ransomware today, it’s safe to assume the attacker has a second command and control post inside your infrastructure,” says Kellermann. “And these methods will only expand in 2021 – we expect to see triple and quadruple extortion attacks this year.”

 

Defender Behaviour: How security teams have adapted – and what they need to know for 2021

 

Adapting to a new threat landscape

Forced to combat increasingly sophisticated attacks – in a remote-work environment, no less – defenders have stepped up their game. Eighty-one per cent of respondents now have a threat hunting program in place. This represents a vital mindset shift, wherein companies and security leaders aren’t merely defending potential breaches – but assuming there is already a breach to uncover.

“Organisations recognise security tools won’t tell them everything,” Foss explains. “You need human beings to manually go through the information being collected to proactively look for clues and anomalies.”

Now, it’s just a matter of what those threat hunts consist of and how often they’re conducted (VMware cybersecurity strategists recommend doing so on at least a weekly basis).

 

2021 security priorities and investments

In the wake of the SolarWinds breach and the move to cloud environments, it’s no surprise that security for trusted third parties/supply chain is the number one security priority for organisations in 2021. This was followed by remote access security (24%), network and endpoint security (22%), identity and access controls (21%), and hardware/physical devices security (9%).

This year, we will see security budgets activated to address these priorities. When asked which security solution their organisation planned to invest the most in for 2021, respondents shared network security (27%), cloud security (20%), endpoint security (17%), data protection (16%) and managed security services (12%).

 

Rethinking the security stack 

There’s no doubt about it: 2020 – and the vulnerabilities brought on by COVID-19 served as a catalyst for yet another evolution in the sophistication and severity of cyberattacks. As organisations continue to migrate to public and private cloud networks, support “work from anywhere” environments, and fast track digital transformation efforts, we shouldn’t expect the surge of attacks to slow down anytime soon.

On the bright side, the pandemic has served as a wakeup call for security leaders as an opportunity to rethink their full security stack. In 2021, organisations will need the right mindset, investment, and platforms to stay one step ahead of attackers.

So, what are some of the best practices for security teams to fight back in 2021? Stayed tuned for the next blog in this series with expert advice from The Howlers.

 

Cybersecurity, News

Listen to the new Cyber Hacks Podcast Series

#TheCyberHacks #CyberSecurity #SyntheticMedia #DeepFakes #Disinformation

Adam Harrison Cyber Security Business Partner EMEA, Gemserv and Natasha Singh Principal Data Protection Consultant, Gemserv, recently launched the new Cyber Hacks Podcast Series. The team set out to investigate the world of emerging cyber threats and new capabilities that are pushing the boundaries of cybersecurity. Their first episode is called ‘The Problem With Truth’ featuring acclaimed special guest Nina Schick.

This new cutting edge series will explore the cybersecurity challenges of tomorrow and how we must approach them today with a range of recognised experts, authors and thought leaders.

Episode One: The Problem With Truth: Deep Fakes, AI & Synthetic Media and Episode Two: The Problem With Truth: Privacy & Consent are available for download now. Episode three and four will be released in April.

 

About Episode One – ‘The Problem with truth’.

Special guest Nina Schick provides insight, analysis and opinion in the Cyber Hacks podcast first episode. Nina is a distinguished researcher, author and broadcaster with a specialism in deep fakes and disinformation. She has advised groups of global leaders, including Joe Biden, the President of the United States, and Anders Fogh Rasmussen, the former Secretary-General of NATO, on deep fakes.

Named ‘The Problem With Truth’ it highlights how AI is deliberately manipulated in a cynical attempt to change the collective perception of the truth of actual events and our understanding of them. It also discusses the malicious efforts of the highly motivated, capable bad actors attempting to erode further public confidence in our government, democratic institutions and public figures.

The discussion raises thought-provoking questions such as how this is being driven, by whom and for what malicious objective. It also discusses controversial topics such as disinformation and conspiracy groups, including their role in recent US events. Finally, they will ask what response and leadership have there been in this area, what can we expect from western democracies, and how do we protect the ‘Truth’ in the age of synthetic media.