Category Archives: Cybersecurity

Cyber Attack, Cybersecurity, News, Technology

Cybersecurity firm launches simulated phishing-attack training

~ New managed service lets businesses use fake phishing attacks to increase staff awareness ~

London-based managed IT services provider OryxAlign has announced the launch of its new managed cybersecurity awareness training service in partnership with training specialist KnowBe4. The service will allow businesses, especially SMEs, to periodically test their employees’ awareness and preparedness against phishing attacks. Based on their responses, staff will receive a customised training programme and access to a library of thousands of resources, including webinars, quizzes and games to develop their cybersecurity awareness.

Phishing is a type of cyberattack where an attacker sends a fraudulent email, message or website that appears to be legitimate, to trick the recipient into sharing sensitive information, such as login credentials or financial information.

According to the Information Commissioner’s Office (ICO) phishing attacks accounted for 31 per cent of all cyber related incidents. It was superseded only by ransomware attacks at 34 per cent.

The phishing security test from OryxAlign provides businesses with the ability to simulate a phishing attack by sending randomised fake phishing emails to their employees every quarter. The emails are designed to look like real phishing emails that employees may receive. The tool allows organisations to track who clicked on the links in the email or provided sensitive information in response to the email.

Based on their responses, users are given a cybersecurity awareness score, which is used to provide them with an ongoing programme of cybersecurity training, via an online library of webinars, quizzes, games and even a Netflix-style TV series.

“Employees across a business can vary significantly in their cybersecurity skills, so there’s no such thing as a one-size-fits-all training programme to improve awareness and preparedness,” explained Nathan Charles, Head of Customer Experience at OryxAlign. “This is why we’ve partnered with KnowBe4 to offer a simulated phishing attack and training service for SMEs.

“By using this tool, organisations can assess their employees’ ability to identify and avoid phishing attacks. The results of the test can help businesses identify areas of weakness in their security, from shop-floor workers to the CEO.”

The training is delivered virtually at the user’s own pace and organisations can integrate their corporate IT policies into the platform. As well as scoring individual users, the results of the simulated attacks can be used to benchmark the overall score for the company against similar businesses in the same sector.

The cybersecurity awareness training is offered as a managed service, but interested users can carry out a free phishing test for up to 100 employees by filling out the online form on OryxAlign’s website.

Cybersecurity, News, Tech, Technology

Crossword Cybersecurity Launches Trillion HarVista

Crossword Cybersecurity Plc, the cybersecurity solutions company focused on cyber strategy and risk, has launched Trillion HarVista, a new product in its Trillion Threat Intelligence platform that for the first time allows enterprise security teams to safely gather threat intelligence from multiple dark web forums, discussion channels, ransomware sites and messaging platforms, without leaving a trail of activity or risking malware infection.

As a groundbreaking threat intelligence tool, Trillion HarVista works by constantly scraping new posts, chats and replies, creating keyword searchable indexes and screenshots with automated alerts based on the terms defined by an enterprise, such as a company name, or a known exploit. It does this by creating ‘offline’ copies of forums and chats, stripping them of harmful content and attachments, before storing them on secure servers for a safe browsing experience.  This data can then be tagged, searched, and analysed.

Keeping safely ahead of the threat actors

Security defenders know that monitoring the dark web can provide insights that could make the difference between being in front of an attack or being a victim, but accessing and tracking this underground information can be challenging, and the locals hostile. It requires time and deft skill to avoid detection, which can place a company at higher risk of attack.

Stuart Jubb, Group Managing Director from Crossword Cybersecurity Plc said, “For the first time, Trillion HarVista gives enterprise security professionals a new level of proactive threat intelligence, and a safe way to secretly monitor the channels used by criminal communities and stay one step ahead in the race to keep organisations safer from attacks and data breaches.  Trillion HarVista takes the pain, risk, and endless hours out of monitoring the dark web, allowing security professionals to focus on analysis and action.”

 

Key features of Trillion HarVista

  • Safe access to a wide range of sources – Immediate, anonymous, and safe access to closed and difficult to access forums.  Hacker chat channels from popular messaging apps like Telegram can also be searched.
  • Data pivoting – Search results within Trillion HarVista are parsed and presented in a meaningful data model, making the information easy to navigate and drill through.  With a single click analysts can jump from a high level search into detailed discussion threads or even alternative topics posted by a specific threat actor.
  • Keyword searches and alerts – Allow security professionals to easily search topics, as well as be alerted to topics of interest when they are being discussed.
  • Original screenshots – Get complete context by seeing what was being said and by who through stored screenshots.
  • Private tags – Easily make other members of an enterprise security team aware of key discoveries by applying private tags.

 

Trillion HarVista is part of the Trillion platform, Crossword’s dark web credential monitoring service, which monitors the billions of account credentials passing through dark markets and criminal forums, and alerting customers when leaked credentials are discovered.

 

Cybersecurity, News, Technology

Gcore Radar Report Reveals DDoS Peak Attack Volumes Doubled in H2 of 2023

Surge in volume sees cybersecurity industry measuring DDoS attacks in a new unit, Terabits. 

Gcore, an international cloud and edge solutions provider, has today revealed the findings of its Q3-Q4 2023 Gcore Radar report that provides insights into the current state of the DDoS protection market and cybersecurity trends. The report finds that there were a number of significant developments in the scale and sophistication of cyberthreats in 2H 2023.

Key Highlights from Q3–Q4

  • The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps.
  • UDP floods constitute 62% of DDoS attacks. TCP floods and ICMP attacks remain popular at 16% and 12% respectively and SYN, SYN+ACK flood, and RST Flood, account for just 10% combined.
  • The most-attacked business sectors were gaming (46%), financial (including banks and gambling services) (22%) and telecom (18%).
  • USA (24%), Indonesia (17%) and The Netherlands (12%) list as the top three attack source countries.
  • In Q3/Q4, the longest attack duration lasted 9 hours.
  • The average length of attack was approximately an hour.

High-Volume Attacks: A Surging Threat

The past three years have brought about a >100% annual increase in DDoS peak (registered maximum) attack volume:

  • In 2022, the peak capacity of DDoS attacks increased from 300Gbps (2021) to 650 Gbps
  • In Q1–Q2 of 2023, it increased again to 800 Gbps
  • In Q3–Q4 of 2023, it rocketed to 1600 Gbps (1.6 Tbps)

The jump in H2 of 2023 has resulted in the cybersecurity industry now measuring DDoS attacks in a new unit, Terabits. This escalation illustrates a significant and ongoing rise in the potential damage of DDoS attacks which, according to Gcore, is a trend that it expects to see continue in 2024.

Maximum attack power in 2021–2023 in Gbps

DDoS Attack Techniques

According to Gcore’s statistics, in Q3-Q4 of 2023:

  • UDP floods continue to dominate having become more popular amongst attackers in H1 of 2023.
  • TCP floods and ICMP attacks have jumped into second and third place respectively.
  • There was a decrease in the number of SYN flood attacks from 24% in H1 of 2023, seeing SYN, SYN+ACK floods, and RST Floods making up the remaining types of attack in Q3/Q4.
Dominant attack types in H2 of 2023

 

Commenting on these findings, Andrey Slastenov, Head of Security Department at Gcore, said: “The exponential surge in attack power and variation in attack methods that we saw in the second half of 2023 illustrates how sophisticated cyber attackers are becoming. It’s more essential than ever for organisations to adopt a multifaceted defence strategy that can protect against a range of DDoS techniques. Failure to address these evolving threats can result in costly disruptions, reputational damage, loss of customer trust, and security breaches.”

 

DDoS Attacks by Geography

Gcore’s findings in the latter half of 2023 illustrate a widespread global threat as it identified attack sources ranging from the US, Indonesia and The Netherlands as the top three countries respectively, and Mexico, Germany and Brazil coming in as the bottom three attack source countries.

Geographical attack source spread

 

DDoS Attacks by Business Sector

According to Gcore’s report, the gaming, financial and telecom were the most attacked sectors in Q3–Q4 of 2023 which is likely to be due to their financial gains and the potential impact on users. These findings underscore the need for targeted cybersecurity strategies like countermeasures for specific gaming servers.

 

DDoS attacks by affected industry

 

Slastenov concluded: “The increase in attack power to 1.6 Tbps is particularly alarming, signalling a new level of threat for which organisations must prepare. Paired with the geographical distribution of attack sources, it’s clear that DDoS threats are a serious and global issue, necessitating international cooperation and intelligence sharing to mitigate potentially devastating attacks effectively.”

Cybersecurity, News, Tech

Connectus Group Launches New Cybersecurity Package to Further Safeguard Clients

A LEADING tech firm has launched a new Cyber Essentials Package to further help safeguard clients in 2024.

The Connectus Group’s all-in-one offering covers cyber security audits, training, accreditations and a fully managed multilayer defence system.

 

In a further move to ensure their clients are better protected from cyber attacks, the tech-firm has taken the step of updating the mandated services it provides to customers.

This will see Connectus offer best in class services which offer cost effective protection at a “vital time”.

 

Explaining the motivation behind the move, Roy Shelton, the CEO of the Connectus Group said: “These changes come at a vital time because the risk of cyber-attacks is growing. Cybersecurity is no longer an office hours only requirement. With the rise of hybrid working and devices seemingly being “always on”, the biggest threats are happening during the night.

“We have partnered with Heimdal for a comprehensive 24/7/365 managed alerting service where your network will constantly have eyes on to make sure you are protected around the clock.”

 

Connectus’ Cyber Essentials package is a suite of technical controls that organisations should have in place to protect themselves against common online security threats.

It is a fully managed cyber security solution so that you can focus on running your business, safe in the knowledge that it is protected from the latest security threats.

Those who sign up will be secure in the face of common threats such as phishing attacks, malware, ransomware, password guessing, and network intrusion.

The package includes guidance to set scope, covering firewall and network controls, secure configuration, access controls, malware protection and patch management.

 

Also included is a review before submission for assessment, cyber insurance, free assessment and audit method.

Email support, certification, and a half-day of support are covered to ensure a smooth transition to a new secure future.

 

Data on the current threat landscape shows that 31% of all UK SMEs are attacked every week, and 65% of successful breaches result in a £10,000 cost to pay ransoms or fines and/or litigation or business disruption.

An astonishing 90% of SMEs receive phishing emails every week and human error means that 89% are successful.

 

The Connectus Cyber Essentials package is suitable for businesses of all sizes and demonstrates to your customers and suppliers your commitment to cyber security, as well as safeguarding against cyber attacks.

A Cyber Essentials certificate is required by all suppliers bidding for government contracts which involve handling of certain sensitive and personal information.

Connectus has introduced a limited offer of £675 to gain certification and, once obtained, customers can apply to upgrade to Cyber Essentials Plus and maintain their defences for just £99 per month.

 

Mr Shelton added: “This new 360 package is designed to provide the very best services to businesses of all sizes. Having proper cyber security measures in place is growing more important with each passing year. At Connectus our expert team is constantly updating the services we offer to meet the modern-day needs businesses require.”

For further details, visit www.connectus.org.uk, email info@connectus.org.uk, or telephone 0330 440 4848

Cybersecurity, News, Technology

Keysight 400GE Network Cybersecurity Test Platform Validates Fortinet’s Hyperscale DDoS Defence Capabilities

  • Scalable test platform generates both legitimate and malicious traffic at multi-terabit, hyperscale volumes, realistically emulating DDoS attack mitigation of carrier-grade network loads
  • Facilitates the transition to 400GE and reduces costs by offering compatibility with existing infrastructure using 8x400GE test ports with fanout support to 200/100/50/40/25/10GE
  • Single pane of glass management simplifies test configuration and system upgrades, reducing overall test time and system maintenance

December 13, 2023

SANTA ROSA, Calif., – Keysight Technologies, Inc. (NYSE: KEYS) announces that Fortinet chose the Keysight APS-M8400 network cybersecurity test platform to validate the hyperscale distributed denial of service (DDoS) defence capabilities and carrier-grade performance of its FortiGate 4800F next generation firewall (NGFW). The APS-M8400 is the industry’s first and highest density 8-port 400GE Quad Small Form Factor Pluggable Double Density (QSFP-DD) network security test platform.

Carrier networks, data centre operators and service providers are facing exponential growth in cyber-attacks, including DDoS attacks, which have increased by 40% in the last 6 months. The scope and scale of these DDoS attacks are also increasing, as evidenced by the recent, record-breaking Rapid Reset attack which peaked at 398 million requests per second (RPS).

Fortinet developed the powerful FortiGate 4800F NGFW to help carriers, data centre operators, and service providers protect their critical network infrastructure and services from hyperscale DDoS attacks and other cybersecurity threats while continuing to process multi-terabit volumes of legitimate customer traffic driven by the growing adoption of 400GE. Needing an application and security test solution powerful enough to validate the carrier-grade performance and security capabilities of the FortiGate 4800F NGFW prior to deploying in a live customer network, Fortinet turned to Keysight’s APS-M8400.

Using the Keysight APS-M8400, Fortinet validated the cybersecurity capabilities of the FortiGate 4800F NGFW using:

  • Carrier-Grade Traffic Generation – The APS-M8400 platform generated 3 Tbps of legitimate and malicious traffic in a single test, validating the hyperscale firewall protection offered by the Fortigate 4800F, which successfully defended against an 800 Gbps layer 2-3 DDoS attack while continuing to deliver 2.2 Tbps of legitimate layer 4-7 traffic, without taxing CPU, memory usage, or system responsiveness.
  • Port Density and Flexibility – Fortinet used all of the APS-M8400’s 8x400GE QSFD-DD interfaces to send traffic across all available 400GE test ports on the FortiGate 4800F. Each of the APS-M8400’s 8x400GE QSFD-DD interfaces can fan out to 200/100/50/40/25/10GE, offering Fortinet the flexibility to test multiple port configurations like the 12x200GE/100GE/40GE and up to 12x50GE/25GE/10GE test ports supported by the Fortigate 4800F.
  • Hyperscale Throughput and Scalability – The APS-M8400’s extensible aggregation of compute node resources and Field-Programmable Gate Array (FPGA) resources allowed Fortinet to scale up the test bed to generate the 3 Tbps of traffic needed to effectively test the Fortigate 4800F. The APS-M8400 features a pay-as-you-grow model, enabling users to scale in multi-chassis mode to generate more than 12 Tbps of layer 4-7 traffic, 3.2 Tbps of layer 2-3 traffic, 9.6 Tbps of Transport Layer Security (TLS) traffic, 20 billion concurrent connections, and 220 million connections per second of legitimate and malicious test traffic in a single test.
  • Ease of Management – APS-M8400’s intuitive, single pane of glass management allowed Fortinet to simply and easily configure the multiple compute node and FPGA resources required to run a hyperscale, multi terabit test. This reduced their overall test time and system maintenance, freeing up users to focus on other critical efforts.

John Maddison, Executive Vice President of Products and Chief Marketing Officer, Fortinet, said: “The FortiGate 4800F is the industry’s fastest compact hyperscale firewall, offering carrier-grade performance and scalability to safeguard data centre and service providers as cyber-attacks continue to accelerate at an unprecedented pace. With Keysight’s innovative APS-M8400 8x400GE cybersecurity test platform, Fortinet has the necessary 400GE port density, multi-terabit application throughput, and session scalability to easily generate cyber-attacks and legitimate traffic at scale to validate that the FortiGate 4800F can deliver the hyperscale performance and real-time threat protection our customers expect.”

 

Ram Periakaruppan, Vice President and General Manager, Keysight Network Test and Security Solutions, said: “Cybersecurity threats like DDoS attacks are continually increasing in scope, scale, and impact on their potential victims. It is vital that carriers, service providers and data centres protect their critical infrastructure from these attacks to continue serving the hyperscale volumes of legitime traffic that continue to grow at a rapid pace. Keysight’s APS-8400 helps network equipment manufacturers like Fortinet validate that their solutions are up to the task, delivering carrier-grade application and cybersecurity test loads in a flexible, 8x400GE solution that can grow with their changing needs.

Resources

Cybersecurity, News

Biggest Cybersecurity Threats In 2024 And How To Best Deal With Them

CYBER CRIMINALS will become more sophisticated next year – creating a wave of new threats for businesses, a leading expert has warned.

Roy Shelton, the CEO of the Connectus Group, said “businesses of all sizes” need to take steps to boost their defences.

Mr Shelton said:  “As attacks become more sophisticated, organisations need to evolve their approach to security to stay ahead of the game.”

Outlining the biggest threats which are set to emerge are predicted to include, Mr Shelton, said:

  • A rise of AI-directed cyberattacks: Artificial intelligence and machine learning have dominated the conversation in cybersecurity. Next year will see more threat actors adopt AI to accelerate and expand every aspect of their toolkit. Whether that is for more cost-efficient rapid development of new malware and ransomware variants or using deepfake technologies to take phishing and impersonation attacks to the next level.
  • Impact of regulation: There have been significant steps in Europe and the US in regulating the use of AI. As these plans develop, we will see changes in the way these technologies are used, both for offensive and defensive activities.
  • Hackers will Target the Cloud to Access AI Resources. As the popularity of generative AI continues to soar, the cost of running these massive models is rapidly increasing, potentially reaching tens of millions of dollars. Hackers will see cloud-based AI resources as a lucrative opportunity. They will focus their efforts on establishing GPU farms in the cloud to fund their AI activities.
  • Supply chain and critical infrastructure attacks: The increase in cyberattacks on critical infrastructure, particularly those with nation-state involvement, will lead to a shift towards “zero trust” models that require verification from anyone attempting to connect to a system, regardless of whether they are inside or outside the network. With governments introducing stricter cybersecurity regulations to protect personal information, it will be essential for organizations to stay ahead of these new legal frameworks.
  • The staying power of cyber warfare: The Russo-Ukraine conflict was a significant milestone in the case of cyber warfare carried out by nation-state groups. Geo-political instability will continue into next year, and hacktivist activities will make up a larger proportion of cyberattacks.
  • Deep fake technology advances: Deepfakes are often weaponised to create content that will sway opinions, alter stock prices or worse. These tools are readily available online, and threat actors will continue to use deepf fake social engineering attacks to gain permissions and access sensitive data.
  • Phishing attacks will continue to plague businesses. Software will always be exploitable. However, it has become far easier for threat actors to “log in” instead of “break in”. Over the years, the industry has built up layers of defense to detect and prevent intrusion attempts against software exploits. With the relative success and ease of phishing campaigns, next year will bring more attacks that originate from credential theft and not vulnerability exploitation.
  • Advanced phishing tactics: AI-enhanced phishing tactics might become more personalised and effective, making it even harder for individuals to identify malicious intent, leading to increased phishing-related breaches.

How to best mitigate the risks:

*Restricting what data can be accessed through software controls is important, as is what can be copied from business systems and saved on storage devices. Certain types of email attachments should also be restricted as they can spread malware, which would often include executable files with .exe extensions.

*Firewalls are another standard protection, as they act as gatekeepers between company systems and the internet.  They act as a barrier to prevent the spread of malware and viruses, though it is important that physical firewall devices have their firmware updated regularly to be fully effective.

*Security software such as anti-virus, anti-malware and anti-spyware software should be deployed on corporate systems to prevent the spread of malicious programs. It is also crucial to keep software and devices updated to prevent hackers and criminals from exploiting bugs and vulnerabilities.

*Intrusion monitoring adds another important layer of security. Detection systems can send out email alerts to administrators if suspicious activity is spotted, allowing potential attacks to be stopped at an early stage.

*Good network security involves monitoring traffic and identifying potentially malicious traffic, enabling an organisation to block or filter connections to mitigate threats. Protection against denial-of-service (DoS) attacks against servers is also a consideration, as hackers can disrupt normal operations and cause website outages.

Security of IoT (Internet of Things) devices, sensors or machines that are designed for certain applications need consideration, as they are often insecure by design with simple default password. Security of cloud applications also need considering by, for example, detecting security misconfigurations.

Mr Shelton added: “Raising awareness among staff is another strategy to employ, to make sure that they understand the relevant policies and procedures and to make sure that they are provided with regular cyber-security training.

Some 3.4 billion phishing emails are sent annually and it can take just one careless click on a link in an email to allow hackers access to company systems if adequate protections are not in place.

Creating a secure cyber-security policy document will ensure that all users are aware of the risks but it can also specify how often IT teams conduct risk assessments and penetration testing. A disaster recovery plan can also ensure users know what to do in the event of a breach.”

Cybersecurity, News, Tech, Technology

Crossword Cybersecurity Plc Reveals 5 Cyber Admin Fails Still Happening in 2023

Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today announced the 5 cybersecurity areas that its global consulting team has consistently seen fall short in 2023, and which are placing companies at higher risk in 2024.

Crossword’s cybersecurity consultants work with enterprises, SMEs and public sector organisations across the globe.  Whilst every sector and business has unique technology challenges, Crossword has identified the following areas that every IT and cybersecurity team should check to immediately improve their cybersecurity posture in 2024.

  1. Patch your patching processes – Patches missed on certain devices, or missed entirely remains a common problem.  Whilst patching desktop machines is relatively easy, we see that critical servers are often left unpatched due to the services that run on them, and scheduling downtime. Even more of a culprit are network devices and external facing services such as those used for remote access. Whilst these are harder or more inconvenient to patch they are more important, as when compromised, the implications can be far reaching. Make sure systems are being monitored for missed patches and devices, and ensure you know your estate well with consistent and audited asset management processes.
  2. Weak encryption mechanisms – Due to software backward compatibility, operating systems tend to have legacy encryption turned on by default. Even though these encryption protocols have been superseded by far stronger options, the weaker ones are rarely fully turned off. Companies should make the change, using the opportunity to check all sensitive data and traffic is strongly encrypted.
  3. Generic admin accounts – These accounts pose significant risk to organisations and can be exploited by hackers – particularly if they have weak passwords.  All admin activities that take place across an organisation need to be attributed to a specific person, the use of generic accounts does not provide this. Passwords on generic accounts are often left unchanged due to the inconvenience of changing a password shared by all. An even bigger issue is when a user with knowledge of these accounts leaves the organisation, as the passwords are rarely changed. Start by conducting an audit of admin accounts and then review your offboarding processes.  Remember admin account passwords should be changed regularly too.
  4. Excessive back-up account privileges – Often admin accounts for back-up services are discovered with domain wide privileges.  These accounts are sometimes left with the same passwords for a long time, and given that they typically access many systems, this password is often left cached on them. This cached password can be leveraged to grant an attacker domain wide access to a company’s systems. Check your accounts to ensure that privileges are limited to the resources they need to access and with their own admin group, prevent the use of cached passwords.
  5. Change management documentation failures – Documentation may be one of the less exciting jobs in the IT department, but many of the problems Crossword consultants find are the result of poorly change management processes across the IT estate. Often, not going through a formal change process can result in failing to fully consider the wider security impacts a change might have, leading to hidden vulnerabilities that a hacker will find and exploit.  Make sure your processes are understood by all staff, not just in terms of how to record changes, but where to find information they may need.

 

Phil Ashley, Managing Director – Managed Services at Crossword Cybersecurity, said: “Whilst it is hard to accept, the reality is that many of the basics are hard to get right.  Investments in software to bolster the cyber security posture can often create a false sense of security.  Good cyber hygiene and processes are needed alongside great services and software to ensure a strong cyber security posture.  Every company should check the ‘repeat offenders’ we have highlighted.”

 

Cybersecurity, News, Technology

BlueVoyant Acquires Conquest Cyber to Meet Market Need for Comprehensive Managed Detection and Response and Cyber Risk Posture Solutions

The acquisition unites Conquest Cyber’s advanced SaaS technologies with BlueVoyant’s premier internal and external cyber defence solutions, creating a comprehensive cyber risk management platform tailored for both enterprise and highly-regulated environments

BlueVoyant, a cybersecurity company that illuminates, validates, and mitigates internal and external risks, today announced the acquisition of Conquest Cyber, a cyber defence company renowned for its innovative SaaS technology that streamlines risk management across an organisation’s entire cyber program. Conquest Cyber has proven successful within high-security environments, including the U.S. Defence Industrial Base (DIB) and Government organisations.

BlueVoyant raised more than $140 million in Series E funding to accompany the acquisition of Conquest Cyber. The additional funding was led by existing investors, Liberty Strategic Capital, a private equity firm, and ISTARI, a cybersecurity investor and advisor founded by Temasek. Eden Global Capital Partners, an affiliate of Eden Global Partners, served as a strategic advisor.

Many cybersecurity vendors offer point solutions but often fail to provide comprehensive solutions that address assessing, operationalising, verifying, and remediating risk. Combining BlueVoyant and Conquest Cyber’s capabilities fills this critical void.

Conquest Cyber’s SaaS technology modernises risk management with a platform that unifies an organisation’s entire cyber risk management program. This innovative approach integrates security posture, compliance, detection, and response, offering an unmatched level of insight and control through a unique risk maturity, visibility, and mitigation lens. This enables the visualisation and mitigation of risks across regulatory frameworks such as CMMC, while also emphasising the importance of active security posture management, detection, and response operations. BlueVoyant will integrate Conquest Cyber’s technology into its existing products and services to create the first solution to deliver comprehensive internal and external cyber defence mapped to risk maturity.

 

“Despite the extensive range of cybersecurity vendors, a significant gap persists in the market concerning comprehensive solutions that empower clients to assess, operationalise, validate, and mitigate risks,” said James Rosenthal, CEO and co-founder of BlueVoyant. “The integration of BlueVoyant’s and Conquest Cyber’s capabilities addresses this shortfall, bolstering our ability to protect clients’ internal and external digital ecosystems in a more comprehensive manner.”

 

The acquisition and enhanced capabilities come at a critical time for high-security areas such as the Defense Industrial Base and Government sector. The U.S. Department of Defense is set to enforce new cybersecurity rules, CMMC 2.0, while State and Local Governments face a surge in cyber incidents. The integrated BlueVoyant solutions, enhanced by Conquest Cyber’s expertise, will help clients mitigate risks while meeting new requirements.

 

“Conquest Cyber has built its powerful reputation from building technology that helps secure the sectors critical to our ways of life,” said Jeffrey J. Engle, chairman and president of Conquest Cyber. “We pride ourselves on providing radical transparency to key decision-makers within high-security organisations to enhance their cybersecurity posture and digital resiliency through risk informed protection, detection, and response at machine speeds. We are excited to join forces with BlueVoyant and combine our expertise to continue to ensure customers have modern solutions for their unique cybersecurity needs.”

 

Both companies have earned recognition from Microsoft for their expertise and collaborative efforts in protecting shared clients. Conquest Cyber was named the Microsoft Partner of the Year for U.S. Defense and Intelligence in 2022. BlueVoyant received the title of Microsoft Security U.S. Partner of the Year in both 2023 and 2022, was named the Security MSSP (Managed Security Service Provider) of the Year in the Microsoft Security Excellence Awards 2023, and Top MDR (Managed Detection and Response) Team in 2021. Both companies have achieved Microsoft Verified Managed XDR Solution Status. Furthermore, Conquest enhances BlueVoyant’s already extensive Microsoft security capabilities, including Defender for Cloud, Purview for Compliance, Defender for Vulnerability Management, and more.

Conquest Cyber and BlueVoyant both hold CMMC Registered Provider Organisation (RPO) accreditation. Conquest Cyber’s ARMED ATK solution is on the FedRAMP marketplace.

 

About Conquest Cyber

Conquest is an elite cybersecurity company that protects our nation’s critical infrastructure sectors with a focus on the Defense Industrial Base, State and Local Government, and Federal Government. Conquest helps companies achieve cyber resilience through adaptive risk management. The company’s cutting-edge SaaS platform and world-class customer service provide transparency, precision control, and 24/7 protection through their flagship product ARMED ATK™ – creating a competitive advantage for their customers on the new frontline for freedom that Conquest has deemed The Thin Digital Line (TDL).

 

About BlueVoyant

BlueVoyant combines internal and external cyber defense capabilities into outcomes-based, cloud-native cybersecurity solution by continuously monitoring your network, endpoints, attack surface, and supply chain, as well as the clear, deep, and dark web for threats. The full-spectrum cyber defence products and services illuminate, validate, and quickly remediate threats to protect your enterprise. BlueVoyant leverages both machine-learning-driven automation and human-led expertise to deliver industry-leading cybersecurity to more than 900 clients across the globe.

AI, Cybersecurity, HR, HR News, HRDs and Technology

Beyond phishing: The Top Employee Security Risks You’re Probably Not Measuring

Written by Frederick Coulton, Head of Product at CultureAI

While we all know email is a big target for attackers, it’s important to remember that email is not the only risk vector. As companies use more tools and features, the risks grow too. Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviours to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Human Risk Management (HRM) is a vital part of cyber security. Even if you have technological safeguards in place, HRM plays a substantial role in your overall security stance. Here I highlight some of the employee cyber risks that often get overlooked and how we can better keep an eye on them in real time.

 

Password reuse across SaaS apps

Out of the millions of logins to shadow Software as a Service (SaaS) applications analysed by the CultureAI Platform over the last two months, it found that 38% of employees were logging in using a password they already use on other apps. Amazon, Google, and Microsoft were among the most impacted apps, all of which store highly sensitive data.

When an employee uses the same password across multiple places, it means that if one of those sites experiences a security breach, there is a significant risk of unauthorised access to other applications – an attack known as ‘credential stuffing’. The more the password is reused, the more opportunities there are for that password to be compromised or stolen.

You can address the risk of password reuse with continuous, targeted coaching that helps improve employee password habits. People are human though and will make mistakes or take shortcuts. So new technologies like automated interventions can act as a safety net.

By utilising real-time data from browser extensions, you can get visibility into the SaaS platforms used by your workforce. This enables you to identify risky behaviours in real time, such as re-using credentials or not using multifactor authentication (MFA) or single sign-on (SSO).

 

Shadow SaaS and unapproved software

Keeping your data safe and secure can be a challenge at times, and one of the reasons for that is the presence of shadow SaaS and unapproved software. These unauthorised applications can pose a significant risk to your organisation, leading to data breaches, compliance issues, and increasing vulnerability to cyberattacks. However, effectively identifying and managing such unauthorised usage can be a daunting task.

By monitoring app usage, you can gain visibility and insight into what apps and software are being used, helping to identify instances of unapproved software and understand where action needs to be taken.

Instead of just focusing on restricting shadow IT, I’d suggest a more proactive and understanding approach. If an employee is using a certain app, it’s probably because it serves a specific business need. Instead of reprimanding them, you can guide and coach them towards an authorised software solution when unauthorised usage is detected.

This not only enhances security but also encourages employees to make informed choices and actively contribute to a secure work environment. Such an approach promotes a security-conscious culture and empowers employees to play an active role in creating a safer workplace.

 

Multi-Factor Authentication (MFA) vulnerabilities

MFA is an essential layer of security that’s commonplace in enterprise deployments. Even if someone’s password is compromised, the extra authentication makes it much harder for unauthorised individuals to gain access. While it’s not a silver bullet, it often acts as the final defence in many cases, so its significance should not be underestimated.

That said, MFA can sometimes lead to security complacency among employees. They may develop a false sense of invincibility, assuming that with MFA enabled, they are completely protected. Attackers are sometimes taking advantage of this using MFA fatigue attacks.

By continuously mimicking legitimate MFA prompts, attackers can trick employees into providing login credentials or approving unsolicited authentication requests. Prominent cases of potential MFA fatigue attacks have involved companies like Uber, Microsoft, and Cisco.

In a recent MFA phishing simulation attack run using CultureAI, it was found that 31% of employees accepted an unsolicited MFA request. One of the main reasons for this is a lack of employee awareness. That’s why it’s crucial to provide targeted coaching and run MFA attack simulations. These simulations help you to proactively identify vulnerabilities and offer specific coaching to improve employee preparedness. This way, the risk of falling victim to real MFA attacks is minimised.

 

What’s Next

Phishing is a major security threat to employees as it exploits their vulnerabilities, using social engineering to deceive individuals into sharing sensitive information or installing malicious software. While it’s important to address phishing, it shouldn’t be at the expense of other risks. Focusing only on one risk can leave your organisation exposed, which is why a strong cyber security strategy requires the implementation effective HRM.

 

By opting for a HRM platform that seamlessly integrates with your tech stack and tracks employee security behaviours across email, instant messaging, SaaS apps, and file collaboration tools, you can get a complete picture of your most prominent human cyber risks. An effective HRM platform will also enable you to improve these behaviours and mitigate risks through targeted coaching, interventions, and nudges that actively promote and reinforce good security practices.

Cybersecurity, News, Tech, Technology

Egress enhances cloud email security offering with advanced graymail detection to improve employee productivity and reduce admin overhead

Leading cybersecurity provider Egress has launched a highly accurate graymail solution, with full end-user control, dedicated to improving employee productivity and reducing the time administrators spend reviewing incorrectly reported phishing emails.

The graymail feature is architected into Egress’ inbound threat detection product, Egress Defend, and integrates seamlessly into customers’ Microsoft 365 environments.

Graymail is bulk solicited emails which are generally low priority and not malicious phishing attacks or unsolicited spam. On average, 34% of a user’s inbox can be classified as graymail,* including newsletters, promotional materials, and notifications. This volume increases with seniority with an organization’s hierarchy: 54% of executives’ mail flow is graymail. Only 3% of these messages are ever opened. **

The high volume of graymail often means business-critical emails are buried within inboxes and employees’ time is spent on manually filtering less important messages. Additionally, graymail emails are 12 times more likely to be misreported as phishing emails versus other message categories, wasting Cybersecurity teams’ time on reviewing harmless emails and distracting them from live threats.**

To tackle this drain on organizational resources, Egress has developed an advanced graymail detection capability to remove these unnecessary distractions tailored to each individual’s preference. The technology leverages Egress’ patented AI-based phishing detection functionality, which uses zero trust models and neural networks to prevent behavioral-based threats. Applying this methodology, Egress surfaces priority messages within the inbox, while segmenting graymail into a separate folder.

Additionally, this productivity feature is easily customized by both individual users and administrators. An interactive banner is added to each message that is routed to the graymail folder, which provides a simple workflow for employees to re-categorize emails and divert them back into their mailbox. Users’ preferences are automatically learned by Defend, allowing users to customize their own experience without any management overhead.

Tony Pepper, CEO of Egress, comments:

“Graymail is an increasing drain on everyone’s time throughout an organization. From individual users through to IT and Cyber teams, who are often functioning with extremely tight resources. The launch of our advanced graymail detection within Egress Defend will boost productivity and free up valuable time across the business. While people are generally more cybersecurity-savvy than ever before, with this comes a high propensity for false alerts that take time to investigate. We’re excited to put this release in our customers’ hands and increase the value we can offer to them.”

Graymail filtering within Egress Defend is now available worldwide.

 

*Phishing Threat Trends Report 2023

**Egress Defend data between October 1st, 2023 – November 9th, 2023