Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

The email authentication challenge

960 640 Guest Post

Email is the #1 way attackers target an organisation’s customers and email ecosystem. DMARC (Domain-based Messaging, Reporting & Conformance) authentication, specifically with an enforcement policy of Reject, is the single most effective way to close this vulnerability inherent to email.

While the premise of authentication is straightforward, organisations can encounter roadblocks and challenges along the way to an enforcement policy. These include:

  • The “many sender” problem
  • Ongoing configuration and record maintenance in DNS.
  • The cost of “doing it wrong”.

Managing this kind of complexity requires powerful, smart tools that organise the various sender, brand, and infrastructure relationships for you. Whether you are creating your own SPF, DKIM and DMARC records, or having Agari host them, Agari’s automation features will get you to enforcement quickly.

According to a study from Forrester Research, DMARC deployments using automated implementation tools like Agari have been shown to drive phishing-based brand impersonation scams to near zero almost instantly. Today, customers in numerous categories use Agari Brand Protection to manage nearly 257,000 domains with 81% at p=reject—far outperforming their industry peers.

Global adoption of DMARC topped 10.7 million email domains worldwide in 2020—reflecting a 32% increase in just six months as per H1 2021 Email Fraud and Identity Trends Report.

Agari Brand Protection™ solves these challenges.

WEBINAR: Ransomware Has Evolved, And So Should Your Company

960 640 Guest Post

By Veriato

2021 Has been an interesting year for Ransomware attacks so far. After plaguing countless victims with dreaded ransom notes and bringing the US Colonial Pipeline and other large corporations to their knees, the Ransomware attack method has built a strong reputation for inflicting cyber terror on consumers and businesses alike.

As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with potentially more lucrative payouts. Furthermore, criminals saw the growing demands for these attacks on the Dark Web as a business opportunity to make attack kits more easily accessible. This new realm of service would essentially remove the burden of coding and crafting attacks from the criminals, thus reducing the difficulty of launching these types of attacks. What once required tons of planning and preparation could now be purchased as a subscription or service.

What is Ransomware?

Also termed digital extortionRansomware is a form of cyberattack in which criminals block access to prized digital possessions or resources and demand payment for their release. There are many variations of ransomware attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up being crippled.

One of the biggest trends in technology over the last decade has been the growth of subscription-based service models and products. Examples include Software as a Service (SaaS), Platform as a Service (PaaS, Infrastructure as a Service (IaaS), and more. Instead of building software or installing software directly in corporate environments, these companies are providing customers with the ability to effectively rent access to the services they need without dealing with development, maintenance, and additional back-end work. Given the high demand for Ransomware in this day and age, creative cyber-criminal entrepreneurs followed this tech industry trend and created Ransomware as a service (RaaS) to ease the burden of cyber attackers having to develop their own attacks.

Using these services, cybercriminals can launch advanced Ransomware attacks using RaaS providers from the Dark Web. 

Sign up for our latest webinar to learn moreRansomware Has Evolved, And So Should Your Company.

Cybersecurity in Financial Services: Remaining compliant and reducing risk with automation

960 640 Guest Post

By LogRhythm

Businesses in the financial services sector have to manage enormous risk, wealth and personally identifiable information (PII), all while meeting strict regulatory requirements.  

As the proliferation of financial data continues to grow, organizations face the task of continuously protecting that information and keeping it secure, while maintaining a reputation in the financial sector. Despite this, many security teams lack the resources and funding to keep up with the evolving threat landscape and ecosystem of regulatory compliance rules.

The Complexity of Complying

For financial services organizations, cybersecurity is about minimising risk for both the customers and the business. This includes compliance, it is vital organizations reduce the possibility of further fines or other penalties by implementing security measures. 

On top of this, security teams are often attempting to mitigate threats manually, increasing effort and stress. Analysts need to eliminate the time spent writing scripts, building rules and creating reports to allow focus on evolving attacks.

Automating Processes for Financial Security

Implementing prebuilt content which is specifically mapped to the individual controls of each regulation enables instant results that do the heavy lifting for you. Combining compliance automation software with Security Information and Event Management (SIEM) gives analysts the resources to comply with necessary mandates more efficiently and effectively than previous manual processes. A SIEM platform can facilitate security teams to improve detection, mitigation and response capabilities.

Furthermore, automation systems allow workflows to be more streamlined to help analysts combat evolving threats by removing manual tasks and enriching data with contextual details consistently.

An Expanding Compliance Environment

Looking forward, the financial sector is expected to face continued vulnerabilities in its technological offerings, both online and traditional brick and mortar. With compliance automation systems at the forefront, patterns of fraudulent activity will be detected at a greater rate, increasing the likelihood of mitigation before impact. 

The compliance environment can only extend further, with more regulatory requirements coming into play. Financial organizations should be prepared for stricter security rules becoming a necessity to protecting both customer and business data.

LogRhythm’s offerings provide financial services organizations with industry-leading automation, compliance and auditing support, comprehensive reporting and protection against advanced cyberthreatsLearn more >

Normalising data leaks: A dangerous step in the wrong direction

960 640 Guest Post

It was only recently, in early April, when it came to light that the personal data from over 500 million Facebook profiles had been compromised by a data leak in 2019. And since then, an internal Facebook email has been exposed, which was accidentally sent to a Belgian journalist, revealing the social media giant’s intended strategy for dealing with the leaking of account details from millions of users. Worryingly, Facebook believes the best approach is to ‘normalise the fact that this activity happens regularly,’ and to frame such data leaks as a ‘broad industry issue’. 

It’s true that data breaches occur everyday, and are increasingly on the rise – new research predicts there will be a cyber attack every 11 seconds in 2021, nearly twice what it was in 2019. However, this doesn’t mean that it should be normalised. Quite the opposite in fact, explains Andrea Babbs, UK General Manager, VIPRE SafeSend...

Dangerously dismissive

The statement from Facebook is a very worrying strategy to come from a business which holds the personal and business data of millions across its platforms. Particularly in the wake of increasingly stringent regulations appearing globally, it is startling for such a large organisation to casually dismiss data leaks. To give businesses an excuse to no longer invest time, money and effort in data security is a dangerous step in the wrong direction.

Personal data is a valuable currency for cyber hackers, and individuals want to ensure it is protected. Leaking this confidential data, such as medical information, credit card numbers or personally identifiable information (PII) can have far-reaching consequences for both individuals and businesses. Keeping this data safe should be businesses’ number one priority. However, data is only as safe as the strength of an organisation’s IT security infrastructure and its users’ attention to detail.

A defence on multiple fronts

If you do not have the right technology in place to keep your data safe, then you will face problems – but the same goes for having the right tools and training available to your users. Data security is a difficult and never-ending task, one which requires ongoing investments on multiple fronts by every organisation in the world.

Particularly in the wake of COVID-19, businesses have had to transition to remote working and accelerate their processes to the cloud. Moving to cloud based security which moves with your users is key. And investment in user training will become more normalised because an uneducated workforce is a big risk to an organisation’s data security efforts. 

To combat such threats, deploying a layered security approach is necessary for both small and large businesses. In today’s modern threat landscape, a data protection plan needs to include cover for both people and technology at its core. There are innovative tools available, such as VIPRE’s SafeSend, which supports busy, distracted users to double check their attachments or recipient list before sending an email to help them make more informed decisions around the security of their data. Additionally, companies need to invest in thorough and more frequent security awareness training programmes, which include phishing simulations as a key component.

We will also see a bigger move towards Zero Trust Network Access (ZTNA) tools – which only allow people to access the data they need, not the entire network. There will be an evolution in this area, and protection for a workforce ‘on the go’ will become the standard, but with the same foundational principles of investing in the right technology, and the users themselves. 

Reputation and responsibility

No matter where users are or what they are doing, keeping security front of mind will be one way to ensure good IT security hygiene for businesses. Those who have already made significant progress in this area will reap the rewards in terms of safe data and reassured customers, clients and prospects. 

Businesses that get out in front of all areas of data loss, not just attacks from bad actors, are the ones that will do well in the long term. The ability to reassure customers and prospects of the safety of their data will become the new marketing message in the coming years, which is why attempting to normalise data loss could be so damaging to Facebook’s reputation.

Cyber threats are only going to increase in sophistication and become more personalised to the individual by using social engineering attacks or fileless based attacks. Attackers are going to continue to take advantage of current events, such as COVID-19, to trick users into clicking a link, downloading an attachment or signing into a phishing website etc.

Businesses of all sizes have a responsibility to keep data secure – and users must be a part of the solution, rather than the problem. In order to do this, businesses need to place cybersecurity as a priority throughout their processes and invest in the right tools and training to make this more of a business-critical solution, and less of an ‘emerging necessity’ as it is now.

GDPR

The data dichotomy and the vital importance of effective self-regulation

960 640 Guest Post

The data privacy debate that has raged for the past decade has patently failed to meet the needs of either industry or consumers. Legislative change continues to challenge digital marketing models – and has had little impact on consumer trust: Edelman’s 2021 Trust Barometer cites an era of “information bankruptcy”, with global trust levels at an all-time low. What has to change? John Story Vice President, Deputy General Counsel Global GTM, Acoustic, EMEA, explains why effective self-regulation is a vital step in rebuilding consumer trust...

Ethical Challenge

Data privacy is once again, front and centre of the advertising and marketing debate. From the imminent demise of third-party cookies, to ever-increasing privacy regulations including GDPR, UK DPA 2018 (essentially the post-Brexit version of GDPR), and the Privacy and Electronic Communication Regulations (PECR)—as well as the latest Apple / Facebook ad tracking row–it’s easy to see how consumers and marketers alike might be scratching their heads over where, how and why data can be used.

Marketers are justified in bemoaning the impossibility of doing an effective job or meeting customers’ desires for better, more relevant and personalised messaging given the increasing constraints placed by legislative change. But the industry needs to face facts: it has been too slow and too reactive. 

Just consider the inadequate industry response to scandals such as Cambridge Analytica’s data misuse. Effective self-regulation should have become an absolute priority, yet little happened. When the industry fails to step in and address its problems, when companies sit and wait for a major issue to emerge and only then attempt to address the fall out, legislators feel they have little option but to intervene. The results are more often than not to the detriment of everyone in the ecosystem.

Effective Self-Regulation 

For marketers, consumer trust is essential to survival – and the onus is on the industry to rebuild and sustain that trust. Which is why, however the motives are perceived, Apple’s recent move is a positive step in reinvigorating the debate and, hopefully, accelerating the adoption of the effective self-regulation that will rebuild consumer trust and confidence.

Improving the way companies – of every size – notify consumers, then request and honour consent is an indispensable step in the creation of an industry that truly recognises the importance of ethical behaviour. By finding a way to convey a commitment to data privacy without confusing or overwhelming the end customer, the industry can avoid the risk of further inappropriate or clumsy legislation – legislation that is both implemented inconsistently and fails to improve consumer confidence.  

Legislation takes too long to devise and ratify – making it technologically out-of-date by the time it is enforced. Even worse, once in place, it’s incredibly hard to change. It also rarely achieves the essential change in attitude to data ethics and data privacy that’s required. Legislators may hope fines encourage organisations throughout the data ecosystem to modify behaviour, but when the culture is one of enforcement the modification in behaviour is often the minimum required to avoid future sanction.  

Take Ownership of Data Ethics

Public trust can be rebuilt and maintained if the industry takes appropriate, ethically sound, self-regulatory steps that evolve with technology and public perception. There should then be little call for regulators and governments to step in and impose stifling legislation.

However, it’s important to recognise that this affects every company, every marketer, and every MarTech provider. This is not just an issue for the large technology companies. Indeed, given the fact that Apple remains a lone voice and there has been little sign from Google or Facebook of a willingness to put effective self-regulation ahead of revenue generation goals, unless marketers and MarTech companies highlight the ethical data privacy debate and take action, change won’t occur.

This is nothing new: the marketing and advertising industry has always worked together on self-regulation – from the development of advertising standards onwards. The only change is the technological context. Abdicating responsibility for data privacy and a commitment to data ethics will only erode public trust further and lead to the imposition of additional legislation.

Conclusion

We have seen the changes that can be achieved as a result of high-profile debate. With recent concerns about hateful content and misinformation online, for example, social media providers took positive steps to self-regulate;  they recognised that working effectively together was important to create a long-term future for their platforms. The next step must be to encourage the same levels of effective self-regulation around data usage and advertising.

Apple has nudged open the debate on data privacy and data ethics. The onus is now on players throughout the industry to push that door wide. Public trust is imperative – and that means effective self-regulation and the creation of a data ecosystem built on transparency and informed consent.

A new chapter in remote IoT security

960 640 Guest Post

By Keith Glancey, Systems Engineering Manager at Infoblox   

When the COVID-19 pandemic struck, businesses around the world found themselves forced to adapt quickly in order to survive. IT and security teams took centre stage, and were tasked with supporting a newly-remote network of employees and maintaining business continuity. Many companies emphasised ‘connectivity first,’ relegating security to an afterthought. However, as the dust starts to settle, remote work seems here to stay in some form. This has opened up a new threat for many businesses.    

Just as the pandemic has blurred the line between our professional and personal environments, it has also blurred the line between our professional and personal IoT devices– whether it’s a connected television, smart thermostat or a tablet connected to a work application. The increased use of personal devices is making the professional network vulnerable to attack, and so is the proliferation of IoT devices. With many employees yet to return to the office, it’s never been more important for businesses to assess and address the IoT security risks posed by our new reality.  

The remote rise of Shadow IoT 

Even before the pandemic struck, IoT security was a challenge. In fact, research discovered that one third (33%) of UK businesses believed there were around 1,000 unauthorised or non-business related IoT devices – also known as Shadow IoT devices – connected to their enterprise networks. These devices can open the wider business up to attack and also enable unsanctioned ‘lurkers’ to access any given network. One of the consequences of the rise of shadow IoT was the surge of 17 million cases ofdistributed denial-of-service (DDoS) attacks across the globe in 2020 alone, with reports highlighting a 250% increase of frequency over the last 3 years. 

As remote working has transformed the way that individuals are using their IoT devices, this threat has only increased. The average home today has 11 IoT devices connected to its network. And since IoT devices are notoriously insecure, this presents a serious headache for IT and security teams. Each of these devices provides a vector through which malware can enter an employee’s home network and then move laterally to infect the corporate network as well. Given that IT teams can’t easily enforce corporate security policies on devices that sit outside of their infrastructure, this is opening up the floodgates and putting businesses at increased risk from attacks such as phishing and malware.  

To add to this, many individuals are naturally less risk-averse at home. For some, using a work device to browse social media, shop or stream entertainment services has become the norm. Yet, combined with the threats posed by unsanctioned IoT devices, this use of unsecured Wi-Fi connections, unsanctioned applications, and browsers with insecure plug-ins has the potential to compromise the entire corporate network.   

Future-proofing 

Organisations must take this time to embrace a more strategic approach to security, rather than hanging onto a model that isn’t compatible with the cloud-first networks that remote work requires. Network architecture is no longer centralised on a physical campus, with a core data center into which users connect, and security practices need to reflect this. 

One effective way that IT teams can protect their network against shadow IoT threats is by increasing visibility. This is where DNS (Domain Name System) tracking comes in. DNS is a core network service, which means that it touches every device that connects to a company’s network and the wider internet. Because of this, it doesn’t rely on a device being authorised or known to the IT team. As a result, DNS has the power to see every connection point in the network, enabling IT and security teams to know exactly what each IoT device is doing at all times.  

To take it to the next level, businesses can merge DNS with DHCP (Dynamic Host Configuration Protocol), and IPAM (IP Address Management). This combination of modern technologies – known as DDI – can pinpoint threats at the earliest stages, identifying compromised machines and correlating disparate events related to the same device. DDI can also help teams automate the provisioning of security services to remote endpoints, removing the need to ship devices back and forth for on-site patching.   

As enterprises become more distributed and borderless, they need security to stretch across their entire infrastructure and protect users wherever they are located. Defending from the network edge will be critical in combating shadow IoT threats brought about by remote work and using modern technologies such as cloud-first DDI will enable organisations to stop and remediate attacks before they cross over from the home to the corporate network. 

WEBINAR: Overcoming The Challenges Of Selecting An Insider Threat Detection Tool

960 640 Guest Post

By Veriato

In a crowded market with so many new products being released, it can often be hard to make sure you’re getting the right tool for your organization’s security needs. Purchasing an Insider Threat Detection tool for your organization requires extensive research, which can be very time-consuming.

In our latest webinar, we try and clean up some of the noise in the industry together with experts Jim Henderson from the Insider Threat Defense Group and Dr. Christine Izuakor from CyberPopUp. In this webinar, we’ll discuss:

  • Cutting through the hype to see what a product can really do – is it all just marketing fluff?
  • To AI or not to AI – Machine Learning Vs Statistical Analysis
  • Core requirements for Insider Threat Detection solutions – Private Sector Vs Government considerations

Sign up now to learn more!

How insider threats and the dark web increase remote work risks for organizations

960 640 Guest Post

By Veriato

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today. Without awareness and understanding of these concepts, it’s impossible to prepare for the looming threats that this obscure area of the net introduces to enterprises.

Level setting on the current remote work landscape

The global pandemic has changed the way organizations and businesses once operated. The rapid shift to remote work brought on tons of security challenges for all types of businesses. Due to the overwhelming increase in remote work, many organizations were not equipped with the right tools and security measures leaving them entirely helpless and at the mercy of the threat actors.

According to a survey conducted by Owl Labs, when the Covid-19 pandemic was at its peak, more than 70% of employees were working from home. Another survey by OpenVPN found that 90% of remote workers were not secure. As per keeper.io “Cybersecurity in the Remote Work era Global risk report”, organizational security postures saw a drastic decline during the pandemic due to remote work.

The most common cybersecurity risks associated with remote work environments include but are not limited to malware & phishing attacks, Virtual Private Networks (VPN) attacks, Insider Threats, shadow IT device threats, home Wi-Fi security, lack of visibility, accidental data exposure, and more.

The sudden rise in remote work since 2020 has overwhelmed the IT teams responsible for cybersecurity. Now, in addition to regular technical infrastructure support for the organization, they also need to support remote work-related issues. The rise of remote work coupled with overwhelmed IT teams increases the human error factor.  Adversaries leverage such situations to exploit vulnerabilities at large.

Scott Ikeda quotes in the CPO Magazine, “71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber-attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.”

Level setting on the current Insider Threat landscape

An Insider Threat is a security risk that originates from within the organization. It includes employees, third-party contractors, former employees, and consultants who have access to the company’s resources, network infrastructure, and IT practices. An insider threat is capable of compromising an organization’s confidential data, information systems, networks, critical assets by using different attack vectors.

The intent of an insider threat is not always malicious. In fact, insider threat incidents are more likely to happen due to the carelessness of employees. According to a Forrester research report, in 2021, 33% of cybersecurity incidents will happen due to insider threats. In addition, according to the 2020 Cost of Insider Threat report by the Ponemon Institute, 62% of the incidents are due to negligent insiders, 23% due to criminal insiders, and 14% due to credential insiders. Similarly, the cost incurred by an organization due to a negligent insider is 4.58 million, more than other insiders on the category list. The world has seen a 47% increase in cybersecurity incidents caused by the insider threat.

Example insider cybersecurity incidents

Some notable cybersecurity incidents which were caused due to insider threats:

  1. Gregory Chung, a former Chinese-born engineer at Boeing was charged with economic espionage. He used his security clearance to smuggle Boeing trade secrets to China. He was sentenced to 15 years of imprisonment.
  2. Twitter faced an insider attack in 2020, where attackers used social engineering and spear-phishing attacks to compromise high-profile Twitter accounts. Scammers used their profile to promote bitcoin scams. Twitter’s forensic investigations revealed one of their admin team member accounts was compromised exposing access to admin account tools. The adversaries were able to use spear-phishing techniques to get hold of the account, which later used tactics that enabled them to take over high profile users’ accounts such as those of Bill Gates, Barack Obama, etc. and run the bitcoin scam.

Level setting on the current state of the dark web

In simple terms, the dark web is a part of the internet that is not indexed by search engines. The dark web also cannot be accessed by a normal browser. It requires the use of a special browser, for example, the Tor browser (The Onion Router).

Using the dark web, users can get access to information that is not publicly available on the surface web – the part of the internet that is used by people daily. This provides users with anonymity and privacy as it’s difficult to trace someone’s digital footprint once they are on the dark web.

Image Source: Neteffect

Though the Dark Web provides extreme privacy and protection against surveillance from various governments, it is also known as the cyber “black market”. Sophisticated criminals and malicious threat actors use this marketplace to traffic illicit drugs, child pornography, counterfeit bills, stolen credit card numbers, weapons, stolen Netflix subscriptions, and even an organization’s sensitive/critical data. People can also hire a hitman for assassination or recruit skilled hackers to hack systems or networks. The bottom line is that it can get pretty dark in there, hence the name.

Image Source: Techjury

According to a survey conducted by Precise Security, in 2019, more than 30% of North Americans used the dark web regularly. 

Where remote workers exist, insider threats and the dark web intersect

Growing insider threat trends in the remote era reveal the high-risk organizations now face. The dark web has played a crucial part in this evolution both in providing attackers with access to recruit insiders, as well as, empowering them to run lucrative garage sales with stolen data. 

External attackers breach companies and sell data on the dark web, commit fraud, and more

It’s not uncommon to learn of an organization’s critical data which includes confidential data, financial data, and trade secrets being sold on the dark web marketplace. During the global pandemic, adversaries have exploited vulnerabilities in remote working environments by using techniques such as phishing, clickjacking, ransomware attacks, malware/virus injections, social engineering attacks, and more to gain access to this data for sale. They also use this data for organizational identify theft and fraud.

Malicious insiders auction off data on the dark web

Poor working culture and employee morale in organizations may lead a disgruntled employee to sell company data or even hire a skilled hacker to break into the company’s private network and cause severe disruptions. 

Malicious actors are hiring your employees through the dark web

Attackers need a way into your organization. What better way to do that than to make a friend on the inside? Cybercriminals have turned to the dark web to recruit employees within organizations they are targeting. Conversely, malicious employees are offering to sell out their employers to attackers on the dark web as well.

Curious, non-malicious insiders expose organizations to dark web vulnerabilities 

Many people also use the dark web for anonymity and privacy and do not know the potential negative implications of doing so carelessly. While connected to the enterprise network remotely they might access the dark web and unwillingly expose the organization’s sensitive data. 

Remote workers may use their home network Wi-Fi to connect the company’s internal network via a VPN. A remote worker may visit malicious websites or download shady tools and software that can lead to severe data breaches. The malicious site or tools may contain links to a command and control center or even a dark web community forum from which a threat actor could pivot into the corporate network via the remote worker’s laptop. Once pivoted into the corporate network the adversary can launch all sorts of attacks such as ransomware, Denial of Service (DDoS), phishing attacks, and more. When employee activity is not monitored over remote work environments it becomes very difficult for organizations to take control over what they can’t see. 

Bringing light to the dark web in the remote world through advanced insider threat detection 

Artificial Intelligence plays a critical role in combatting insider threats, and thus dark web risks

The risks and threats associated with insiders are difficult to detect as they tend to have legitimate access to many important resources of the organization, and this risk increases when employees work remotely. The remote work environments and practices have increased the attack surface and level of opportunity available to cybercriminals. It is now increasingly difficult for organizations to keep pace with the sheer volume of threats, and the corresponding resources required to manually detect and respond to those threats. Threat mitigation techniques using artificial intelligence (AI) and automation have become very necessary to effectively monitor, detect, control, and mitigate insider threats. 

David Mytton, CTO Seedcamp nicely summarizes the situation as follows:

“The volume of data being generated is perhaps the largest challenge in cybersecurity. As more and more systems become instrumented — who has logged in and when what was downloaded and when what was accessed and when — the problem shifts from knowing that ‘something has happened to highlight that ‘something unusual has happened.” 

That “something unusual” might be an irregular user or system behavior, or simply false alarms.

AI and automation help in correlating threat responses and mitigation faster than any human being can. With these advancements, organizations are able to process large volumes of data, analyze logs, and perform behavioral analysis, threat detection, and mitigation with little to no human intervention.

The response time of AI is phenomenal as it can learn, act and hack in a more efficient and effective manner than the current penetration and vulnerability assessment tools. As such, AI will play a very important role in cybersecurity threat detection. AI can help data protection solutions to rectify, support, and prevent end-user threats such as data leakage, manage unauthorized access, and more. In addition, AI will continue to make threat detection and response solutions to be more efficient and effective in the near future.

Basic cyber hygiene will continue to be paramount in combatting dark web risks

Organizations need to spread awareness among their employees regarding remote work cybersecurity threats and dark web challenges. To do this, establish security awareness programs. Passwords used to log in or access the corporate networks need to be strong and complex. VPN should be properly configured and should be employed with the latest encryption technologies and protocols. Access controls should be implemented to properly limit unauthorized access to critical resources, especially for remote workers.

Visibility for overall user activity is crucial, especially in remote work environments. Organizations need to see what their employees are up to when they are accessing corporate networks for interacting with enterprise resources, sharing files, uploading or downloading files, accessing the central repository or database, using remote desktop services, and more. Close monitoring of such activities ensures organizations take appropriate steps to minimize insider threats and deploy the required countermeasures to prevent malicious activity in remote work environments.

Next-generation insider threat detection technology provides visibility and monitoring needed to shed light on dark web risks

Next-generation insider threat detection and employee monitoring solutions, like Veriato Cerebral, can be used to track down one of the key sources to dark web issues – insider threats. By integrating user behavioral analytics (UEBA), user activity monitoring (UAM), and data breach response (DBR) into a single solution, the organization’s security teams are empowered to identify and minimize insider threats. Powered by artificial intelligence and machine learning, these solutions create a unique digital fingerprint of every user on different platforms, be it a virtual or a physical endpoint. 

In the remote era, the keywords to addressing dark web risks are visibility and insight. Using next-gen technology, organizations can get the level of insight into user activity that is necessary to understand if and when your employees are engaging in sketchy activity on the dark web such as selling their corporate login credentials and more. 

Examples of the level of visibility that can help includes insight into:

  • Web activity monitoring  
  • Network activity monitoring
  • Email Activity 
  • IM & Chat Activity 
  • File and Document Tracking 
  • Keystroke logging 
  • User status 
  • Geolocation 
  • Anomaly Detection
  • Risk scoring etc.

In addition to insider threat detection solutions, organizations can also leverage remote employee monitoring and employee investigations solutions to secure the organization from rising insider threats in remote work environments.

Conclusion

Risks and threats related to remote work will continue to rise. Adversaries will continue using complex and sophisticated attack and compromise techniques to harm enterprise networks and systems via remote working environments. Veriato’s AI-based, advanced threat mitigation solutions ensure that your remote working environment is fully protected and your visibility over IT operations is also increased. These solutions proactively detect and prevent dark web threats and insider threats to secure your organization and remote work environments.

Cybersecurity is not a one-stop-shop

960 640 Guest Post

By Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot

Boris Johnson announced the Government’s roadmap to lift Coronavirus restrictions for both businesses and the general public earlier in February, and since then, this has provided a glimmer of hope for many across the country. However, since the start of the pandemic, the way business is conducted has changed permanently, with many workforces wanting to continue to work remotely as lockdowns and restrictions ease over time.

So, as companies relax and rules are eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working. 

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable. 

The Risk Grows

Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape. As indoor spaces begin to open in the next few months, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats. 

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday once the travel ban is lifted, deploying fake travel websites, for example. 

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution. 

The Importance of a Layered Approach 

Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce. 

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by

bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material. 

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence. This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role 

Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Conclusion 

Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it’s essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

The Complete Guide to Online Brand Protection

150 150 Guest Post

By Digital Shadows

Effective Online Brand Protection requires continual monitoring and remediation of threats to a company’s brands across social, mobile, websites, and other external sources. This approach often requires the involvement of the security, marketing, brand, and legal teams.

While approaches to Online Brand Protection once amounted to tracking negative sentiment on Twitter, this is no longer enough.

This guide outlines the top threats to brands online and some of the best practices for protecting them.

Click here to read the guide now.