Redscan Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

Redscan

Responding to the rising ransomware threat

 960 640 Guest Post
By:
0
0

By Redscan, a Kroll Business

In October 2021, Sir Jeremy Fleming, the head of GCHQ, disclosed that the number of ransomware attacks in the UK has doubled in just one year. Recently described as “the most immediate danger to UK businesses,” by Lindy Cameron, the CEO of the UK’s National Cyber Security Centre, ransomware continues be a dominant factor in the threat landscape.

It has grown increasingly sophisticated, as have the cybercrime gangs behind it. Over the past two years, they have even evolved ransomware-as-a-service as a new business model to enable lower-skilled threat actors to disrupt businesses.

With many people continuing to work from home, attackers are actively taking advantage of known software vulnerabilities in technologies relating to remote working, including exploiting Remote Desktop Protocol (RDP) or Virtual Private Network (VPN) vulnerabilities.

Cybercriminals also continue to use phishing as a reliable method of initial access, alongside evolving their techniques to launch more sophisticated infections.

With more and more organisations falling victim to ransomware, it is imperative that companies are aware of the techniques used by attackers, as well as the opportunities for detecting it. While much of the advice around ransomware focuses on backing up files and systems, it’s important to remember that precursors to ransomware can be identified and attacks disrupted. Having the appropriate controls in place to detect and respond to attacks is essential.

The most vital step for security teams is to ensure that they have visibility of all their environments – not always easy to achieve in the era of remote working, multiple devices and cloud computing. They should also explore technologies, like SIEM and EDR solutions, that are needed to monitor for ransomware precursors and enable them to disrupt attacks.

As key vulnerable points of entry to networks, endpoints represent a significant security risk for organisations. Redscan’s Managed Endpoint Detection and Response (EDR) service significantly enhances visibility of attacks targeting endpoint devices, supplying an experienced team of threat hunters, the latest EDR technology and up-to-the-minute threat intelligence to identify threats that other controls can miss.

https://www.redscan.com/services/managed-edr/

How much does penetration testing cost?

 960 640 Guest Post
By:
0
2

By Redscan

Making sense of pen test pricing

Commissioning a penetration test is an important step in helping to enhance your organisation’s cyber security resilience. Pen testing costs vary from a few thousand to several thousand more, so it’s essential to ensure that the pen testing you select enables you to achieve the best security outcomes from your budget.

Every organisation has its own testing requirements and penetration testing pricing varies according to the type of test performed as well as its overall objectives and duration. Penetration testing costs ultimately depend on the issues and requirements identified during the initial scoping phase.

The importance of pen test scoping

Most penetration testing companies charge for pen testing on the basis of a day rate. As a result, it’s important that scoping stage of an assessment is conducted effectively to ensure that a quotation is as accurate as possible and that you don’t end up paying extra for unwanted elements.

At Redscan, we focus on ensuring that our clients gain the maximum value from their investment in a pen test. The scoping process allows us to identify the type of assessment best suited to your needs. It is the point when we work with you to define the full remit and goals of the pen test, including itemising the systems, assets and applications to be assessed.

Factors that affect pen testing costs

The number of days required to perform a pen test depends on factors including:

  • Type of test
  • Automated vs manual testing
  • Testing methodology
  • Remote or on-site testing
  • Experience of tester
  • When the test is conducted
  • Level of reporting
  • If retesting is included

Maximising the value of pen testing

Pen test pricing can vary significantly, but identifying the right provider to help accurately scope requirements makes assessing pen test quotations much more straightforward. As a CREST-certified company, Redscan performs testing to the highest technical, legal and ethical standards.

To learn more about how to achieve the best outcomes from penetration testing read the full article here.

Why endpoint security matters more than ever

 960 640 Guest Post
By:
0
0

The swiftly evolving threat landscape, combined with the huge increase in remote working, means that securing your organisation’s endpoints has never been more critical.

Here, George Glass, Head of Threat Intelligence at Redscan, explains the importance of endpoint security and why detecting and responding to the latest threats demands greater endpoint visibility and specialist expertise...

Next-generation endpoint protection is a must

As cyber threats continue to evolve, it’s increasingly clear that organisations must look beyond traditional endpoint security solutions.

Antivirus software remains essential, but relying on traditional AV tools, which are largely signature-based, can leave organisations vulnerable to more sophisticated threats. Most traditional AV solutions are estimated to block just 40% of attacks.

Detecting the latest advanced threats requires next-generation capabilities, such as those provided by Endpoint Detection and Response (EDR) and Next-Gen AV (NGAV) platforms. 

EDR and NGAV technologies provide deep visibility across devices by collecting raw telemetry relating to processes, file modifications and registry changes, and using behavioural analytics to examine events in near real-time. 

Fileless malware is a serious risk to organisations and the top critical threat to endpoints in 2020. However, without more advanced endpoint detection there is a real danger that these and other sophisticated attack vectors can be missed.

The increasing risks of remote working

Providing employees with seamless access to the corporate network is essential to ensure that they can fulfil their roles effectively, but every device that connects to the network carries an inherent risk.

When employees work from home, they are located outside the protection of the corporate firewall, which can monitor and block incoming and outgoing communications to endpoint devices. Many organisations insist that employees connect to a Virtual Private Network (VPN) and while this can offer some security, ensuring all employees do so with regularity can be a challenge.

Employee devices are at greater risk for a number of other reasons too. Many often have unpatched software vulnerabilities and are operated by people susceptible to phishing, the most common attack vector used to target endpoints.

Malware threats such as Emotet are primarily delivered via emails. Emotet is equipped with wormable features, making it highly effective at triggering ransomware. 

The average cost per breach resulting from an attack on endpoints is over £7 million, more than twice the average cost of a general data breach 

(Ponemon Institute)

The significant damage and disruption that endpoint breaches can cause makes incident response critical. Securing endpoints is important because it helps organisations to reduce incident response times by disrupting and containing attacks earlier in the kill chain. Advanced tools like EDR can automate response actions, such as by terminating processes and isolating infected endpoints from a network, thereby ensuring infections are shut down as quickly as possible.

With threats deployed more quickly than ever, a swift response is vital to address critical vulnerabilities such as Zerologon and shutting down ransomware attacks, which can achieve full domain-wide encryption in just a matter of hours.

The challenges of endpoint security 

Early detection of endpoint attacks is imperative, but without a team of security experts to manage and monitor EDR and NGAV technologies around-the-clock, organisations will experience challenges with achieving the required security outcomes.

Next-generation endpoint solutions collect and analyse a huge volume of data, and the greater the number of devices and applications that are monitored, the more security alerts that can result. This causes growing complexity that can be difficult to manage for in-house teams, who may lack the specialist security training required to make sense of them.

Getting the best from the latest tools and reducing false positives requires security teams to draw upon a wide range of threat intelligence and develop custom rulesets that accurately identify the latest threat behaviours.

It is only by maximising the benefits of specialist technology that organisations will fully realise their endpoint security goals.

George Glass is Head of Threat Intelligence at Redscan, a leading UK-provider of Managed Detection and Response and security assessment services. 

To learn more, visit www.redscan.com/

50% of UK universities have reported data breaches in last 12 months

 960 640 Stuart O'Brien
By:
0
0

More than half of UK universities reported a data breach to the ICO in the last year, while 46% of all university staff received no security training and almost a quarter of institutions (24%) did not commission a penetration test from a third party. 

That’s according to research conducted by Redscan on the state of cyber security in the higher education sector, based on an analysis of Freedom of Information requests.

The National Cyber Security Centre (NCSC) itself says universities are targeted by criminals seeking financial gain, as well as by nation state attackers looking to steal intellectual property. The Redscan report underscores the degree to which universities are an attractive target. It also raises concerns that many may not be doing enough to defend against the latest threats, particularly at a time when institutions are embracing remote teaching en masse and conducting world-changing research in relation to COVID-19. 

Defending against an incessant stream of phishing attacks remains a challenge of all universities, says Redscan. Several institutions reported receiving millions of spam/phishing emails each year, with one reporting a high of 130 million. Phishing attempts were described as being “endless” and one university disclosed that attacks had increased by 50% since 2019. 

Other key findings from the report include:

  • 54% of universities reported a data breach to the ICO in the last 12 months
  • A quarter of universities haven’t commissioned a pen test from an external provider in the last year
  • 46% of all university staff in the UK received no security training in the last year. One top Russell Group university has trained only 12% of its staff
  • Universities spend an average of £7,529 per year on security training, with expenditure ranging from £0 to £49,000
  • Universities employ, on average, three qualified cyber security professionals
  • 51% of universities are proactive in providing security training and information to students
  • 12% of universities do not offer any kind of security guidance, support or training at all to students
  • 66 out of 134 universities have Cyber Essentials or Cyber Essential Plus certification

Redscan CTO, Mark Nicholls, said: “UK universities are among the most well-respected learning and research centres globally, yet our analysis highlights inconsistencies in the approach institutions are taking to protect their staff, students and intellectual property against the latest cyber threats. 

“The fact that such a large number of universities don’t deliver cyber security training to staff and students, nor commission independent penetration testing, is concerning. These are foundational elements of every security program and key to helping prevent data breaches. 

“Even at this time of intense budgetary pressure, institutions need to ensure that their cyber security teams receive the support they need to defend against sophisticated adversaries. Breaches have the potential to seriously impact organisations’ reputation and funding.” 

“The threat posed to universities by nation state attackers makes the need for improvements even more critical. The cost of failing to protect scientific research is immeasurable.” 

Redscan criticises new Government cybersecurity stats

 960 640 Stuart O'Brien
By:
0
0

Redscan has disputed the findings of the Department for Digital, Culture, Media and Sport’s latest Cyber Security Breaches Survey.

The firm has argued that response bias and the sample of participants makes it impossible to fully trust the data.

The DCMS report found that the cost of breaches has gone up for the third year in a row and suggests that fewer breaches are taking place (due to businesses being more secure).

Redscan has taken issue with that conclusion, with CTO Mark Nicholls stating that while the Government’s latest cybersecurity survey figures provide some interesting insights, response bias of the participants means we should avoid drawing any firm conclusions.

He said: “The finding that many businesses can identify a data breach instantly, for instance, just doesn’t ring true. Interpreting the results is also clouded by the fact that half of organisations surveyed were micro businesses with fewer than 9 employees. 

“While the report suggests that cyber security is becoming a higher priority among businesses, evidenced by more senior management buy in, businesses still struggle to properly assess the risks as well as identify and respond to breaches. 

“Despite an increase in the cost of breaches, the figures are still surprisingly low– likely due to businesses self-reporting, as well as the fact that these numbers don’t consider hidden costs such as reputational damage. 

“Nowhere near enough businesses have undertaken cyber risk assessments and less than a third made changes because of the GDPR’s introduction. These are very worrying statistics, no matter how you look at them. 

“The proportion of businesses identifying breaches or attacks (32%) is now lower than in 2018. The report suggests that this may be due to businesses being more secure, but many simply aren’t aware they’ve been breached. Attackers are getting stealthier and staying on the network undetected for longer. 

“As to the statistic that two third of business businesses can identify a breach instantly, this is patently false. Real-world data from the ICO suggests it takes closer to 60 days on average.”