research Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

research

Cyberattacks surge by 33% in a year

960 640 Stuart O'Brien

According to the data presented by Atlas VPN, cyberattacks have increased by 33% since last year – The total amount of malicious attacks in Q1 rose from 538 in 2020 to 713 in 2021.

In January 2020, there were a total of 160 cyberattacks. Meanwhile, January 2021 saw 183 malicious attacks — 14% more than the same month last year.

Looking at February’s numbers, we can see a tremendous increase in cyberattacks in 2021 compared to 2020. Malicious attacks jumped by 33% from 191 in 2020 to 254 in 2021.

In March 2021, cyberattacks grew more than 50% compared to March 2020. The total number of attacks went up from 187 to 276.

Cybersecurity writer and researcher at Atlas VPN, William Sword, said: “A significant increase in cyberattacks has shown that many companies or government administrations are not prepared to handle cybersecurity threats. With more and more people becoming victims of hackers, responsible institutions should step up their efforts in the cybersecurity field.”

Cybercriminals employ various techniques to penetrate vulnerable systems. Malware continues to be one of the most used techniques for cyberattacks. In Q1 2021 it was employed in 32% of all cyberattack cases. Hackers use malware to trick a victim into providing personal data for identity theft.

Unknown attacks were the second most-used in the first quarter of this year at 22%. The unknown threat is classified as such when a security product cannot recognize its code, which is why it is tough to stop such attacks.

Next up is account takeover (ATO). This type of cyberattack technique was used in 14% of all cyberattacks in Q1 2021.

Click here to read the full report.

How insider threats and the dark web increase remote work risks for organizations

960 640 Guest Post

By Veriato

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today. Without awareness and understanding of these concepts, it’s impossible to prepare for the looming threats that this obscure area of the net introduces to enterprises.

Level setting on the current remote work landscape

The global pandemic has changed the way organizations and businesses once operated. The rapid shift to remote work brought on tons of security challenges for all types of businesses. Due to the overwhelming increase in remote work, many organizations were not equipped with the right tools and security measures leaving them entirely helpless and at the mercy of the threat actors.

According to a survey conducted by Owl Labs, when the Covid-19 pandemic was at its peak, more than 70% of employees were working from home. Another survey by OpenVPN found that 90% of remote workers were not secure. As per keeper.io “Cybersecurity in the Remote Work era Global risk report”, organizational security postures saw a drastic decline during the pandemic due to remote work.

The most common cybersecurity risks associated with remote work environments include but are not limited to malware & phishing attacks, Virtual Private Networks (VPN) attacks, Insider Threats, shadow IT device threats, home Wi-Fi security, lack of visibility, accidental data exposure, and more.

The sudden rise in remote work since 2020 has overwhelmed the IT teams responsible for cybersecurity. Now, in addition to regular technical infrastructure support for the organization, they also need to support remote work-related issues. The rise of remote work coupled with overwhelmed IT teams increases the human error factor.  Adversaries leverage such situations to exploit vulnerabilities at large.

Scott Ikeda quotes in the CPO Magazine, “71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber-attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.”

Level setting on the current Insider Threat landscape

An Insider Threat is a security risk that originates from within the organization. It includes employees, third-party contractors, former employees, and consultants who have access to the company’s resources, network infrastructure, and IT practices. An insider threat is capable of compromising an organization’s confidential data, information systems, networks, critical assets by using different attack vectors.

The intent of an insider threat is not always malicious. In fact, insider threat incidents are more likely to happen due to the carelessness of employees. According to a Forrester research report, in 2021, 33% of cybersecurity incidents will happen due to insider threats. In addition, according to the 2020 Cost of Insider Threat report by the Ponemon Institute, 62% of the incidents are due to negligent insiders, 23% due to criminal insiders, and 14% due to credential insiders. Similarly, the cost incurred by an organization due to a negligent insider is 4.58 million, more than other insiders on the category list. The world has seen a 47% increase in cybersecurity incidents caused by the insider threat.

Example insider cybersecurity incidents

Some notable cybersecurity incidents which were caused due to insider threats:

  1. Gregory Chung, a former Chinese-born engineer at Boeing was charged with economic espionage. He used his security clearance to smuggle Boeing trade secrets to China. He was sentenced to 15 years of imprisonment.
  2. Twitter faced an insider attack in 2020, where attackers used social engineering and spear-phishing attacks to compromise high-profile Twitter accounts. Scammers used their profile to promote bitcoin scams. Twitter’s forensic investigations revealed one of their admin team member accounts was compromised exposing access to admin account tools. The adversaries were able to use spear-phishing techniques to get hold of the account, which later used tactics that enabled them to take over high profile users’ accounts such as those of Bill Gates, Barack Obama, etc. and run the bitcoin scam.

Level setting on the current state of the dark web

In simple terms, the dark web is a part of the internet that is not indexed by search engines. The dark web also cannot be accessed by a normal browser. It requires the use of a special browser, for example, the Tor browser (The Onion Router).

Using the dark web, users can get access to information that is not publicly available on the surface web – the part of the internet that is used by people daily. This provides users with anonymity and privacy as it’s difficult to trace someone’s digital footprint once they are on the dark web.

Image Source: Neteffect

Though the Dark Web provides extreme privacy and protection against surveillance from various governments, it is also known as the cyber “black market”. Sophisticated criminals and malicious threat actors use this marketplace to traffic illicit drugs, child pornography, counterfeit bills, stolen credit card numbers, weapons, stolen Netflix subscriptions, and even an organization’s sensitive/critical data. People can also hire a hitman for assassination or recruit skilled hackers to hack systems or networks. The bottom line is that it can get pretty dark in there, hence the name.

Image Source: Techjury

According to a survey conducted by Precise Security, in 2019, more than 30% of North Americans used the dark web regularly. 

Where remote workers exist, insider threats and the dark web intersect

Growing insider threat trends in the remote era reveal the high-risk organizations now face. The dark web has played a crucial part in this evolution both in providing attackers with access to recruit insiders, as well as, empowering them to run lucrative garage sales with stolen data. 

External attackers breach companies and sell data on the dark web, commit fraud, and more

It’s not uncommon to learn of an organization’s critical data which includes confidential data, financial data, and trade secrets being sold on the dark web marketplace. During the global pandemic, adversaries have exploited vulnerabilities in remote working environments by using techniques such as phishing, clickjacking, ransomware attacks, malware/virus injections, social engineering attacks, and more to gain access to this data for sale. They also use this data for organizational identify theft and fraud.

Malicious insiders auction off data on the dark web

Poor working culture and employee morale in organizations may lead a disgruntled employee to sell company data or even hire a skilled hacker to break into the company’s private network and cause severe disruptions. 

Malicious actors are hiring your employees through the dark web

Attackers need a way into your organization. What better way to do that than to make a friend on the inside? Cybercriminals have turned to the dark web to recruit employees within organizations they are targeting. Conversely, malicious employees are offering to sell out their employers to attackers on the dark web as well.

Curious, non-malicious insiders expose organizations to dark web vulnerabilities 

Many people also use the dark web for anonymity and privacy and do not know the potential negative implications of doing so carelessly. While connected to the enterprise network remotely they might access the dark web and unwillingly expose the organization’s sensitive data. 

Remote workers may use their home network Wi-Fi to connect the company’s internal network via a VPN. A remote worker may visit malicious websites or download shady tools and software that can lead to severe data breaches. The malicious site or tools may contain links to a command and control center or even a dark web community forum from which a threat actor could pivot into the corporate network via the remote worker’s laptop. Once pivoted into the corporate network the adversary can launch all sorts of attacks such as ransomware, Denial of Service (DDoS), phishing attacks, and more. When employee activity is not monitored over remote work environments it becomes very difficult for organizations to take control over what they can’t see. 

Bringing light to the dark web in the remote world through advanced insider threat detection 

Artificial Intelligence plays a critical role in combatting insider threats, and thus dark web risks

The risks and threats associated with insiders are difficult to detect as they tend to have legitimate access to many important resources of the organization, and this risk increases when employees work remotely. The remote work environments and practices have increased the attack surface and level of opportunity available to cybercriminals. It is now increasingly difficult for organizations to keep pace with the sheer volume of threats, and the corresponding resources required to manually detect and respond to those threats. Threat mitigation techniques using artificial intelligence (AI) and automation have become very necessary to effectively monitor, detect, control, and mitigate insider threats. 

David Mytton, CTO Seedcamp nicely summarizes the situation as follows:

“The volume of data being generated is perhaps the largest challenge in cybersecurity. As more and more systems become instrumented — who has logged in and when what was downloaded and when what was accessed and when — the problem shifts from knowing that ‘something has happened to highlight that ‘something unusual has happened.” 

That “something unusual” might be an irregular user or system behavior, or simply false alarms.

AI and automation help in correlating threat responses and mitigation faster than any human being can. With these advancements, organizations are able to process large volumes of data, analyze logs, and perform behavioral analysis, threat detection, and mitigation with little to no human intervention.

The response time of AI is phenomenal as it can learn, act and hack in a more efficient and effective manner than the current penetration and vulnerability assessment tools. As such, AI will play a very important role in cybersecurity threat detection. AI can help data protection solutions to rectify, support, and prevent end-user threats such as data leakage, manage unauthorized access, and more. In addition, AI will continue to make threat detection and response solutions to be more efficient and effective in the near future.

Basic cyber hygiene will continue to be paramount in combatting dark web risks

Organizations need to spread awareness among their employees regarding remote work cybersecurity threats and dark web challenges. To do this, establish security awareness programs. Passwords used to log in or access the corporate networks need to be strong and complex. VPN should be properly configured and should be employed with the latest encryption technologies and protocols. Access controls should be implemented to properly limit unauthorized access to critical resources, especially for remote workers.

Visibility for overall user activity is crucial, especially in remote work environments. Organizations need to see what their employees are up to when they are accessing corporate networks for interacting with enterprise resources, sharing files, uploading or downloading files, accessing the central repository or database, using remote desktop services, and more. Close monitoring of such activities ensures organizations take appropriate steps to minimize insider threats and deploy the required countermeasures to prevent malicious activity in remote work environments.

Next-generation insider threat detection technology provides visibility and monitoring needed to shed light on dark web risks

Next-generation insider threat detection and employee monitoring solutions, like Veriato Cerebral, can be used to track down one of the key sources to dark web issues – insider threats. By integrating user behavioral analytics (UEBA), user activity monitoring (UAM), and data breach response (DBR) into a single solution, the organization’s security teams are empowered to identify and minimize insider threats. Powered by artificial intelligence and machine learning, these solutions create a unique digital fingerprint of every user on different platforms, be it a virtual or a physical endpoint. 

In the remote era, the keywords to addressing dark web risks are visibility and insight. Using next-gen technology, organizations can get the level of insight into user activity that is necessary to understand if and when your employees are engaging in sketchy activity on the dark web such as selling their corporate login credentials and more. 

Examples of the level of visibility that can help includes insight into:

  • Web activity monitoring  
  • Network activity monitoring
  • Email Activity 
  • IM & Chat Activity 
  • File and Document Tracking 
  • Keystroke logging 
  • User status 
  • Geolocation 
  • Anomaly Detection
  • Risk scoring etc.

In addition to insider threat detection solutions, organizations can also leverage remote employee monitoring and employee investigations solutions to secure the organization from rising insider threats in remote work environments.

Conclusion

Risks and threats related to remote work will continue to rise. Adversaries will continue using complex and sophisticated attack and compromise techniques to harm enterprise networks and systems via remote working environments. Veriato’s AI-based, advanced threat mitigation solutions ensure that your remote working environment is fully protected and your visibility over IT operations is also increased. These solutions proactively detect and prevent dark web threats and insider threats to secure your organization and remote work environments.

Agari Report: New BEC scam 7X more costly than average, bigger phish start angling in

960 640 Stuart O'Brien

Sophisticated threat actors, evolving phishing tactics, and a $800,000 business email compromise (BEC) scam in the second half of 2020 all signal trouble ahead, according to analysis from the Agari Cyber Intelligence Division (ACID).

After attacks on Magellan Health, GoDaddy, and the SolarWinds “hack of the decade,” one thing is distressingly clear. Phishing, BEC, and other advanced email threats continue to be one of the most effective attack vectors into organisations. And it’s getting worse.

Throughout the second half of 2020, ACID uncovered a troubling rise in eastern European crime syndicates piloting inventive forms of BEC. Indeed, the state-sponsored operatives launching attacks from pirated accounts in the SolarWinds attack were just a few of the sophisticated threat actors moving into vendor email compromise and other forms of BEC.

But in November, a sudden surge in the amount of money targeted in BEC scams could be tracked back to the resurgence of one particular source—the threat group we’ve dubbed Cosmic Lynx.

After sewing chaos with COVID 19-themed scams earlier in the year, the group’s tactics shifted toward vaccine ruses. More alarmingly, the group’s emails also started requesting recipients’ phone numbers in order to redirect the conversation. It’s unclear if the request is designed to disarm recipients or if actual phone messages or conversations are now part of the con.

The second biggest driver behind the late-year increase in the amount sought in BEC scams is a potent new pretext—capital call investment payments. Capital calls are transactions that occur when an investment or insurance firm seeks a portion of money promised by an investor for a specific investment vehicle.

In emails to targets, BEC actors masquerade as a firm requesting funds to be transferred in accordance to an investment. Because of the nature of such transactions, the payments requested are significantly higher than the average $72,044 sought in wire transfer scams during 2020. The average payout targeted in these capital call cons: $809,000.

To learn more about the latest trends in phishing, BEC scams and advanced email threats and how to stop them, request information at https://www.handd.co.uk/agari-secure-email-cloud/.

What’s the average time to identify a security breach? 280 days, according to IBM’s 2020 Cost of a Data Breach report

960 640 Guest Post

By Accedian

Today, it’s not a matter of “if”, but “when”, organizations operating in today’s digital world will be breached. But, once cyber criminals manage to get past the network perimeter, do you have the visibility to detect them and see what the bad actors are doing?

In this guide, find out how next-generation Intrusion Detection Systems (IDS) can help you solidify your security posture, responding faster to intruders and minimizing the impact to your organization’s business continuity.

Download Next-Generation Intrusion Detection: A new security approach to unlock value and drive down risk, and you’ll learn:

·        Why next-generation, behavior-based IDS solutions are critical to complement your existing perimeter and endpoint security solutions

·        How IDS uses intelligent data and machine learning to implement Network Traffic Analysis for end-to-end protection

·        How IDS solutions protect all elements of your infrastructure: the cloud, the edge, on-premises data centers

·        How easily data can be exfiltrated if your perimeter protection is breached

Fortify your security posture. Click here to get a copy of the guide.

Zero Trust: The practical way to look at cybersecurity

960 640 Guest Post

By LogRhythm

Zero Trust is quickly becoming the security model of choice for enterprises and governments alike. The need to protect, defend and respond to threats is more apparent than ever as we continue to work from remote locations.

Where to start

Zero Trust is more than implementing a new software, it is a change in architecture and in corporate culture. The pandemic has increased interest in this working practice, with a recent survey finding 40 per cent of organisations around the world working on Zero Trust projects.

The first aspect of any project is identifying key data and where it sits in your organisation, and then documenting who needs access to it. This will allow you to begin dividing up your network keeping users and their data in appropriate areas.

The main challenges

The key principle to a Zero Trust model is rock-solid identity management. All users, devices and applications must all be correctly identified to ensure everyone is granted the right level of access.

The data identification process described above is one of the main challenges, understanding where your data is stored and who should have access to it can be tricky with legacy applications and weak identity management.

Then there is the question of culture, will employees be resistant to the change? Managing the amount of friction caused by the process is key to success.

The benefits

Some sort of security compromise is inevitable, Zero Trust mitigates the damage by restricting the intruder to one small part of your network.

It will allow simpler provisioning and deprovisioning of staff as they join or leave, with corresponding cost benefits as IT teams spend less time onboarding and offboarding staff.

It can provide a solution to the registration of trusted devices onto your network and cut spending on managing active directory.

Moving the ‘perimeter’ to the user and their device provides a way to extend the security we take for granted in the office to staff, wherever they might be working.

Learn more about a Zero Trust implementation in the latest Forrester Report.

Security software revenue to hit $45.5B in 2021

960 640 Stuart O'Brien

The digital transformation accelerated by the pandemic and the growing number of data breaches and cyberattacks has forced online users, companies, and organizations to increase their spending on security software solutions.

According to data presented by StockApps.com, global security software revenues are expected to hit $45.5bn in 2021, a 20% increase in two years.

For the purposes of the study, it says the security software market includes all software solutions that aim to protect individual computing devices, networks, or any other computing-enabled device. It includes antivirus software, management of access, data protection and security against intrusions, and any other system-level security risks, both in local installation and cloud service.

StockApps says recent years have witnessed a massive adoption of these solutions, driven by the surge of eCommerce, huge technology developments including AI and IoT, and the rising number of connected devices.

In 2016, the entire market was worth $27bn, revealed the Statista survey. In the next two years, revenues surged by more than 40% to $38.1bn.

The entire market maintained its steady growth amid the COVID-19 pandemic, with millions of people working and educating from home. The TrustRadius 2020 survey of software buyers and users revealed that 41% of organizations increased their security software spending amid pandemic. 

Statistics show the market revenue jumped by 7% year-over-year to $41bn in 2020. This figure is expected to rise by $4bn in 2021. However, the following years are set to witness a surge in the adoption of software security solutions, with revenues jumping to more than $61bn by 2025.

In global comparison, the United States represents the leading security software market expected to generate $22.8bn, or 50% of revenues this year. Statista data indicate the US security software revenues jumped by 20% in the last two years, while the unified market is set to reach $30.5bn value by 2025.

With $2.3bn in revenue or almost ten times less than the leading United States, Germany ranked as the second-largest security software market globally. The United Kingdom, Japan, and China follow with $2.2bn, $2.1bn, and $1.9bn in revenue, respectively.

Hold tight for 2021: A volatile global outlook will continue to fuel fraud and cyber-threats

960 640 Guest Post

By Ian Newns, Fraud Specialist at RSA Security

2020 was full of surprises. But one thing that didn’t come as a revelation was the speed and agility with which the criminal community reacted to unfolding global events. We’ve often witnessed groups behind phishing attacks, for example, capitalise on breaking news stories and consumer behavioural change to improve click-through rates. Well, news events don’t come much bigger than a global healthcare and financial crisis, and 2020 has been the year we’ve all had to embrace online working, shopping and socialising. 

UK consumers are predicted to have spent more than £141 billion on internet shopping last year, up nearly 35% from 2019. The bad news for 2021 is that cyber-criminals and fraudsters will continue to exploit our rapidly changing world to monetise their campaigns. On the other hand, following some simple best practices still offers a highly effective way for businesses to mitigate escalating online fraud risk. With that, here are five fraud and cyber-threat predictions for the coming year:

  1. Loyalty points become a valuable commodity

From frequent flyer miles to retailer loyalty schemes, the pandemic and subsequent lockdowns mean there’s a lot of loyalty points that weren’t used in 2020 and may have been forgotten about. That hasn’t been lost on the cybercrime community though, who have been observed by RSA’s FraudAction team to be discussing in online forums how to conduct loyalty scams on a range of companies – from fast food restaurants and retailers to hotel companies and gaming websites. These fraudsters will increasingly look to target the growing trove of points accruing in consumers’ online accounts this year.

Tried-and-tested methods for account takeover, including phishing or credential stuffing, will be among the tactics of choice here. That makes it even more important that every retailer or business with a loyalty scheme communicates the dangers of password reuse, and offers multi-factor authentication (MFA) options for customers. Monitoring for suspected botnet activity with behavioural tools can also help.

2. Beware the rise of malicious QR codes 

The past year has seen an explosion in the use of QR codes. They’ve become especially common in hospitality settings where businesses want to promote hygienic access to menus and useful in facilitating the government’s Track & Trace scheme. However, whenever a new form of tech starts to become popular, there’s always the danger that it will be subverted by cyber-criminals.

QR codes are no exception – they are now being used in phishing emails and via social media to take users to fake websites designed to harvest their details or covertly download malware. Tackling the problem is more about user education than anything else. Just as recipients shouldn’t click on links in unsolicited communications, they need to be educated not to scan QR codes either. Organisations can also help by aligning any QR codes they use with MFA to mitigate the risk of account takeover.

3. Fraudsters will capitalise on COVID-19 vaccine hype

COVID-19 vaccines signal the beginning of the end of a traumatic period in recent history. But the media attention focused on the vaccine roll-out at the moment will also help cybercriminals hoping to make gains at the expense of others. Europol has already warned of counterfeit versions of the Pfizer/BioNTech vaccine appearing for sale on dark web sites, and warns that these types of forgeries will increase.

Online promotions and phishing emails are a perfect way to lure individuals desperate to jump the queue and get inoculated. Unfortunately, by paying the fraudsters up front, they not only have your money but potentially also your bank details. Governments and social media companies will need to step-up their efforts at taking down any signs of fake advertising related to COVID-19 vaccines and warn citizens of the dangers of engaging with them.

4. Buyer’s revenge as consumers dabble in first-party fraud

Historically, times of recession usually lead to an increase in fraud. According to Portsmouth University, there was an increase in fraud offences after both the 1990 recession (10%) and the financial crash of 2008 (7.3%). The coming economic crisis could be much deeper than these events, especially after the government furlough scheme ends. Cash-strapped individuals may be forced to try and see what they can get away with to make ends meet. A classic example is chargeback fraud, where a customer makes a legitimate purchase and then claims the product was never delivered, thereby generating a refund from their bank.

It’s suspected by some banks that as many as 35% of cases classified as third-party fraud could in fact be first-party scams. Many banks would prefer to write-off lower value transactions than go through the painful and awkward experience of accusing customers of lying, especially as figures showed a 36% rise in complaints last year about how banks deal with fraud and scams. If they’re going to try and tackle first-party fraud, banks need cast-iron proof. This is where more sophisticated data-centric fraud solutions can help. Such tools can crunch hundreds of data points – like age, buying habits, and previous fraud claims – to determine the likelihood of fraud having taken place.

5. Brexit: good news for scammers

There’s still some uncertainty for businesses surrounding Brexit, which opens the door for fraudsters to step in. Given the huge demand for information and advice on how to adapt, this is the perfect opportunity for cybercriminals to swoop in with some well-timed phishing emails spoofing government and other trusted institutions. Some may even request the recipient confirm bank details to continue trading in the EU.

Organisations should enhance their user awareness training simulations accordingly, and ensure they have the right email security tools to spot any phishing. Aside from URL and attachment scanning and IP reputation checks, they could invest in AI-powered tools that analyse writing style and other elements to say with more certainty whether inbound messages are to be trusted or not.

There’s plenty to look forward to this year, not least hopefully an end to social distancing, self-isolation and concerns over vulnerable friends and family. But consumers and organisations alike will need to retain their digital savvy and invest in new tools to ensure the next 12 months is a success.

53% of manufacturers say operational tech is vulnerable to cyber attack

960 640 Stuart O'Brien

Manufacturing industry security teams are seeing the information technology (IT) and operational technology (OT) environments converging at a rapid pace, but are struggling to safeguard OT assets as they are using the same tools to safeguard their IT infrastructure.

As a result, IT teams can’t keep up with growing volumes of security data or the increasing number of security alerts. They lack the right level of visibility and threat intelligence analysis and don’t have the right staff and skills to handle the cybersecurity workload.

Consequently, business operations are being disrupted and cyber-risk is increasing as more than half of the manufacturing organizations surveyed have experienced some type of cybersecurity incident on their OT systems in the last 12 months taking weeks or months to remediate. 

Those are the conclusions of a report conducted by TrapX Security in partnership with the Enterprise Strategy Group (ESG), which asked 150 cyber and IT professionals directly involved in security strategy, control and operations within manufacturing organisations about their current and future concerns. 

Manufacturing organizations have large and growing investments in IT and OT technology, helping them achieve more agile business processes. As the research reveals, IT and OT integration is fast becoming a best practice. Nearly half (49%) of organisations say that IT and OT infrastructure are tightly integrated while another 45% claim that there is some integration. This integration will only increase as 77% of respondents expect further IT and OT infrastructure convergence in the future. 

However, only 41% percent of organizations employ an IT security team with dedicated OT specialists, while 32% rely on their IT security team alone to protect OT assets. 58% use network technology tactics like IP ranges, VLANs, or microsegmentation to segment IT and OT network traffic. Almost one-quarter (24%) of organizations simply use one common network for IT and OT communications, reducing the visibility and response required for OT-focused attacks.

Common tools and staff may make operational sense, but deploying a plethora of IT security technologies to prepare for the specific threats of OT leaves IT teams unprepared and vulnerable to attack. As illustrated in the research, IT teams are repeatedly overwhelmed by the growing volumes of security data, visibility gaps, and a lack of staff and skills.

Security teams are getting challenged by the growing volumes of security data, and the increasing number of security alerts. 53% believe that their security operations workload exceeds staff capacity. and 37% admitted they must improve their ability to adjust security controls. More than half of surveyed organizations (58%) agreed that threat detection and response has grown more difficult. When asked to provide additional detail on the specific nature of that growing complexity, nearly half (45%) say they are collecting and processing more security telemetry and 43% say that the volume of security alerts has increased.

Manufacturers are still working in the dark though with just under half (44%) citing evolving and changing threats as making threat detection and response more difficult, particularly true as threat actors take advantage of the “fog” of COVID-19.

“The research illustrates a potentially dangerous imbalance between existing security controls and staff capabilities, and a need for more specialized and effective safeguards,” said Jon Oltsik, ESG Senior Principal Analyst and Fellow. “Manufacturing organizations are consolidating their IT and OT environments to achieve economies of scale and enable new types of business processes. Unfortunately, this advancement carries the growing risk of disruptive cyber-attacks. While organizations have deployed numerous technologies for threat detection and response, the data indicates that they are overwhelmed by growing volumes of security data, visibility gaps, and a lack of staff and skills.  Since they can’t address these challenges with more tools or staff, CISOs really need to seek out more creative approaches for threat detection and response.”

As the IT/OT attack surface grows, security teams are spread thinner as they try to keep pace with operations tasks such as threat detection, investigation, incident response, and risk mitigation. 53% agreed that their organization’s OT infrastructure is vulnerable to some type of cyber-attack, while the same number stated that they had already suffered some type of cyber-attack or other security incident in the last 12-24 months that impacted their OT infrastructure. When asked how long it typically takes for their firm to recover from a cyber-attack, 47% of respondents said between one week and one month, resulting in significant and potentially costly downtime for critical systems.

Manufacturing organizations lack the visibility needed for effective threat detection and response – especially regarding OT assets. Consequently, additional security complexity is unacceptable – any new investments they make must help them simplify security processes and get more out of existing tools and staff. 37% said they must improve their ability to see malicious OT activity, 36% say they must improve their ability to understand OT-focused threat intelligence and 35% believe they must improve their ability to effectively patch vulnerable OT assets.

44% of respondents highlighted Deception technology’s invaluable role in helping with threat research (44%), and 56% said that Deception technology can be used for threat detection purposes. More than half of the manufacturing organizations (55%) surveyed use Deception technology today, yet 44% have not made the connection between Deception technology and increased attack visibility.

“This research shows that manufacturing organizations are experiencing real challenges when it comes to threat detection and response, particularly for specialized OT assets that are critical for business operations,” said Ori Bach, CEO of TrapX Security. “This data, and our own experience working with innovators in all sectors of manufacturing, demonstrate there is a clear need for solutions like Deception, which can improve cyber defenses and reduce downtime without the need to install agents or disrupt existing security systems and operations.”

For further insights into the findings, download the full white paper, authored by Jon Oltsik, ESG Senior Principal Analyst and Fellow.

The state of the security team: Are executives the problem?

960 640 Guest Post

By LogRhythm

A global survey of security professionals and executives by LogRhythm

Amid a slew of statistics on how job stress is impacting security professionals, we sought to learn the causes of the tension and anxiety — as well understand potential ways teams might alleviate and remediate the potential of job burnout. 

We ran a global survey with security professionals and executives and investigated the tools those security professionals use to understand solution capabilities, deployment strategies, technology gaps, and the value of tool consolidation.

Key findings

“Now, more than ever, security teams are being expected to do more with less leading to increasing stress levels. With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern,” says James Carder, CSO and VP of LogRhythm Labs. “This is a call to action for executives to prioritise alleviating the stress and better support their teams with proper tools, processes, and strategic guidance.”

When asked what causes the most work-related stress, not having enough time is cited by 41 percent and working with executives by 18 percent. In fact, 57 percent of respondents think their security program lacks proper executive support — defined as providing strategic vision, buy-in and budget.

In addition, security professionals cite inadequate executive accountability for strategic security decisions as the top reason (42 percent) they want to leave their job. This is a worrying statistic, given that nearly half of companies (47 percent) are trying to fill three or more security positions.

If you are leading a security team or part of a SOC, hearing that stress is increasing in your space is likely no surprise. To keep up with the threats facing your organisation, it is clear there needs to be a cultural shift — and it must start at the top. It is no longer just the responsibility of a CISO or CSO. To ensure a company is secure, the board and executive team must supply their security team with the strategic guidance, a healthy budget, and the proper tools required to effectively do their jobs.

Further information is available in the full report, available from the LogRhythm website

STUDY: Covid-19 technologies must be regulated to stop ‘big brother’ society

960 640 Stuart O'Brien

Technologies, such as track and trace apps, used to halt the spread of covid-19 have to be thoroughly examined and regulated before they are rolled out for wider adoption, to ensure they do not normalise a big-brother-like society post-covid-19.

That’s according to research conducted by Jeremy Aroles, Assistant Professor in Organisation Studies at Durham University Business School, alongside Aurélie Leclercq-Vandelannoitte, Professor of Management of Information Systems at IÉSEG School of Management, which draws from the concept of ‘societies of control’, developed by the French philosopher Giles Deleuze, in order to analyse the technologies currently being used to tackle the covid-19 pandemic.

Whilst the study acknowledges the public health benefits of these technologies, the researchers state we must be wary of what technology is rolled out by governments and critically cross-examine these.

Dr. Aroles said: “Presented as ways to curb the immediate progression of the pandemic and improve safety, the acceptance and use of these technologies has become the new “normal” for many of us, therefore it is important that these systems of control are heavily vetted and cross-examined before being rolled out to the wider public.”

The researchers suggest three solutions regarding the development and use of covid-19-related technologies.

First, the public should question the locus of collective responsibility. Increasingly complex systems of control and surveillance have been fuelled by our reliance on technology which, the researchers say, has blurred our understanding of the boundary between “good and bad” or “right and wrong”.

Second, more must be done to raise people’s awareness of how digital technologies work, and the risks of adopting them across society. People are often, rightly, concerned over their privacy and the sharing of their data. It is therefore crucial that these technologies are transparent and actively help individuals fully understand the ramifications of the control systems they’re opting in to.

Third, given that covid-19 tracking technologies are developed by companies for the benefit of governments, it is vital that greater regulation of the partnerships between state authorities and companies is adopted. Alongside this, it is also important that counter-powers such as journalists and the public hold these partnerships to account, to ensure they do not violate the privacy of citizens for financial gain.

The researchers state that it is important the covid-19 pandemic is not utilised as an opportunity to enforce a society of control and to normalise greater surveillance. They suggest that researchers or bodies specialising in the management of information systems should be brought in to supervise the developments of digitally enabled control systems, such as covid-19 apps, and not to abandon them to companies that could violate the privacy of citizens.