Veriato Archives - Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts Tagged :

Veriato

WEBINAR: Ransomware Has Evolved, And So Should Your Company

960 640 Guest Post

By Veriato

2021 Has been an interesting year for Ransomware attacks so far. After plaguing countless victims with dreaded ransom notes and bringing the US Colonial Pipeline and other large corporations to their knees, the Ransomware attack method has built a strong reputation for inflicting cyber terror on consumers and businesses alike.

As cyber criminals noticed increasing success from this method, the trends shifted towards more targeted enterprise attacks with potentially more lucrative payouts. Furthermore, criminals saw the growing demands for these attacks on the Dark Web as a business opportunity to make attack kits more easily accessible. This new realm of service would essentially remove the burden of coding and crafting attacks from the criminals, thus reducing the difficulty of launching these types of attacks. What once required tons of planning and preparation could now be purchased as a subscription or service.

What is Ransomware?

Also termed digital extortionRansomware is a form of cyberattack in which criminals block access to prized digital possessions or resources and demand payment for their release. There are many variations of ransomware attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up being crippled.

One of the biggest trends in technology over the last decade has been the growth of subscription-based service models and products. Examples include Software as a Service (SaaS), Platform as a Service (PaaS, Infrastructure as a Service (IaaS), and more. Instead of building software or installing software directly in corporate environments, these companies are providing customers with the ability to effectively rent access to the services they need without dealing with development, maintenance, and additional back-end work. Given the high demand for Ransomware in this day and age, creative cyber-criminal entrepreneurs followed this tech industry trend and created Ransomware as a service (RaaS) to ease the burden of cyber attackers having to develop their own attacks.

Using these services, cybercriminals can launch advanced Ransomware attacks using RaaS providers from the Dark Web. 

Sign up for our latest webinar to learn moreRansomware Has Evolved, And So Should Your Company.

WEBINAR REWIND: Overcoming The Challenges Of Selecting An Insider Threat Detection Tool

960 640 Stuart O'Brien

Don’t worry if you missed last week’s insider threat webinar from Veriato – You can now re-watch the entire session online!

In a crowded market with so many new products being released, it can often be hard to make sure you’re getting the right tool for your organization’s security needs. Purchasing an Insider Threat Detection tool for your organization requires extensive research, which can be very time-consuming.

In the webinar, Veriato cleans up some of the noise in the industry together with experts Jim Henderson from the Insider Threat Defense Group and Dr. Christine Izuakor from CyberPopUp. In the webinar, they discuss:

  • Cutting through the hype to see what a product can really do – is it all just marketing fluff?
  • To AI or not to AI – Machine Learning Vs Statistical Analysis
  • Core requirements for Insider Threat Detection solutions – Private Sector Vs Government considerations

Click Here To Watch Again Now

WEBINAR: Overcoming The Challenges Of Selecting An Insider Threat Detection Tool

960 640 Guest Post

By Veriato

In a crowded market with so many new products being released, it can often be hard to make sure you’re getting the right tool for your organization’s security needs. Purchasing an Insider Threat Detection tool for your organization requires extensive research, which can be very time-consuming.

In our latest webinar, we try and clean up some of the noise in the industry together with experts Jim Henderson from the Insider Threat Defense Group and Dr. Christine Izuakor from CyberPopUp. In this webinar, we’ll discuss:

  • Cutting through the hype to see what a product can really do – is it all just marketing fluff?
  • To AI or not to AI – Machine Learning Vs Statistical Analysis
  • Core requirements for Insider Threat Detection solutions – Private Sector Vs Government considerations

Sign up now to learn more!

How insider threats and the dark web increase remote work risks for organizations

960 640 Guest Post

By Veriato

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today. Without awareness and understanding of these concepts, it’s impossible to prepare for the looming threats that this obscure area of the net introduces to enterprises.

Level setting on the current remote work landscape

The global pandemic has changed the way organizations and businesses once operated. The rapid shift to remote work brought on tons of security challenges for all types of businesses. Due to the overwhelming increase in remote work, many organizations were not equipped with the right tools and security measures leaving them entirely helpless and at the mercy of the threat actors.

According to a survey conducted by Owl Labs, when the Covid-19 pandemic was at its peak, more than 70% of employees were working from home. Another survey by OpenVPN found that 90% of remote workers were not secure. As per keeper.io “Cybersecurity in the Remote Work era Global risk report”, organizational security postures saw a drastic decline during the pandemic due to remote work.

The most common cybersecurity risks associated with remote work environments include but are not limited to malware & phishing attacks, Virtual Private Networks (VPN) attacks, Insider Threats, shadow IT device threats, home Wi-Fi security, lack of visibility, accidental data exposure, and more.

The sudden rise in remote work since 2020 has overwhelmed the IT teams responsible for cybersecurity. Now, in addition to regular technical infrastructure support for the organization, they also need to support remote work-related issues. The rise of remote work coupled with overwhelmed IT teams increases the human error factor.  Adversaries leverage such situations to exploit vulnerabilities at large.

Scott Ikeda quotes in the CPO Magazine, “71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber-attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.”

Level setting on the current Insider Threat landscape

An Insider Threat is a security risk that originates from within the organization. It includes employees, third-party contractors, former employees, and consultants who have access to the company’s resources, network infrastructure, and IT practices. An insider threat is capable of compromising an organization’s confidential data, information systems, networks, critical assets by using different attack vectors.

The intent of an insider threat is not always malicious. In fact, insider threat incidents are more likely to happen due to the carelessness of employees. According to a Forrester research report, in 2021, 33% of cybersecurity incidents will happen due to insider threats. In addition, according to the 2020 Cost of Insider Threat report by the Ponemon Institute, 62% of the incidents are due to negligent insiders, 23% due to criminal insiders, and 14% due to credential insiders. Similarly, the cost incurred by an organization due to a negligent insider is 4.58 million, more than other insiders on the category list. The world has seen a 47% increase in cybersecurity incidents caused by the insider threat.

Example insider cybersecurity incidents

Some notable cybersecurity incidents which were caused due to insider threats:

  1. Gregory Chung, a former Chinese-born engineer at Boeing was charged with economic espionage. He used his security clearance to smuggle Boeing trade secrets to China. He was sentenced to 15 years of imprisonment.
  2. Twitter faced an insider attack in 2020, where attackers used social engineering and spear-phishing attacks to compromise high-profile Twitter accounts. Scammers used their profile to promote bitcoin scams. Twitter’s forensic investigations revealed one of their admin team member accounts was compromised exposing access to admin account tools. The adversaries were able to use spear-phishing techniques to get hold of the account, which later used tactics that enabled them to take over high profile users’ accounts such as those of Bill Gates, Barack Obama, etc. and run the bitcoin scam.

Level setting on the current state of the dark web

In simple terms, the dark web is a part of the internet that is not indexed by search engines. The dark web also cannot be accessed by a normal browser. It requires the use of a special browser, for example, the Tor browser (The Onion Router).

Using the dark web, users can get access to information that is not publicly available on the surface web – the part of the internet that is used by people daily. This provides users with anonymity and privacy as it’s difficult to trace someone’s digital footprint once they are on the dark web.

Image Source: Neteffect

Though the Dark Web provides extreme privacy and protection against surveillance from various governments, it is also known as the cyber “black market”. Sophisticated criminals and malicious threat actors use this marketplace to traffic illicit drugs, child pornography, counterfeit bills, stolen credit card numbers, weapons, stolen Netflix subscriptions, and even an organization’s sensitive/critical data. People can also hire a hitman for assassination or recruit skilled hackers to hack systems or networks. The bottom line is that it can get pretty dark in there, hence the name.

Image Source: Techjury

According to a survey conducted by Precise Security, in 2019, more than 30% of North Americans used the dark web regularly. 

Where remote workers exist, insider threats and the dark web intersect

Growing insider threat trends in the remote era reveal the high-risk organizations now face. The dark web has played a crucial part in this evolution both in providing attackers with access to recruit insiders, as well as, empowering them to run lucrative garage sales with stolen data. 

External attackers breach companies and sell data on the dark web, commit fraud, and more

It’s not uncommon to learn of an organization’s critical data which includes confidential data, financial data, and trade secrets being sold on the dark web marketplace. During the global pandemic, adversaries have exploited vulnerabilities in remote working environments by using techniques such as phishing, clickjacking, ransomware attacks, malware/virus injections, social engineering attacks, and more to gain access to this data for sale. They also use this data for organizational identify theft and fraud.

Malicious insiders auction off data on the dark web

Poor working culture and employee morale in organizations may lead a disgruntled employee to sell company data or even hire a skilled hacker to break into the company’s private network and cause severe disruptions. 

Malicious actors are hiring your employees through the dark web

Attackers need a way into your organization. What better way to do that than to make a friend on the inside? Cybercriminals have turned to the dark web to recruit employees within organizations they are targeting. Conversely, malicious employees are offering to sell out their employers to attackers on the dark web as well.

Curious, non-malicious insiders expose organizations to dark web vulnerabilities 

Many people also use the dark web for anonymity and privacy and do not know the potential negative implications of doing so carelessly. While connected to the enterprise network remotely they might access the dark web and unwillingly expose the organization’s sensitive data. 

Remote workers may use their home network Wi-Fi to connect the company’s internal network via a VPN. A remote worker may visit malicious websites or download shady tools and software that can lead to severe data breaches. The malicious site or tools may contain links to a command and control center or even a dark web community forum from which a threat actor could pivot into the corporate network via the remote worker’s laptop. Once pivoted into the corporate network the adversary can launch all sorts of attacks such as ransomware, Denial of Service (DDoS), phishing attacks, and more. When employee activity is not monitored over remote work environments it becomes very difficult for organizations to take control over what they can’t see. 

Bringing light to the dark web in the remote world through advanced insider threat detection 

Artificial Intelligence plays a critical role in combatting insider threats, and thus dark web risks

The risks and threats associated with insiders are difficult to detect as they tend to have legitimate access to many important resources of the organization, and this risk increases when employees work remotely. The remote work environments and practices have increased the attack surface and level of opportunity available to cybercriminals. It is now increasingly difficult for organizations to keep pace with the sheer volume of threats, and the corresponding resources required to manually detect and respond to those threats. Threat mitigation techniques using artificial intelligence (AI) and automation have become very necessary to effectively monitor, detect, control, and mitigate insider threats. 

David Mytton, CTO Seedcamp nicely summarizes the situation as follows:

“The volume of data being generated is perhaps the largest challenge in cybersecurity. As more and more systems become instrumented — who has logged in and when what was downloaded and when what was accessed and when — the problem shifts from knowing that ‘something has happened to highlight that ‘something unusual has happened.” 

That “something unusual” might be an irregular user or system behavior, or simply false alarms.

AI and automation help in correlating threat responses and mitigation faster than any human being can. With these advancements, organizations are able to process large volumes of data, analyze logs, and perform behavioral analysis, threat detection, and mitigation with little to no human intervention.

The response time of AI is phenomenal as it can learn, act and hack in a more efficient and effective manner than the current penetration and vulnerability assessment tools. As such, AI will play a very important role in cybersecurity threat detection. AI can help data protection solutions to rectify, support, and prevent end-user threats such as data leakage, manage unauthorized access, and more. In addition, AI will continue to make threat detection and response solutions to be more efficient and effective in the near future.

Basic cyber hygiene will continue to be paramount in combatting dark web risks

Organizations need to spread awareness among their employees regarding remote work cybersecurity threats and dark web challenges. To do this, establish security awareness programs. Passwords used to log in or access the corporate networks need to be strong and complex. VPN should be properly configured and should be employed with the latest encryption technologies and protocols. Access controls should be implemented to properly limit unauthorized access to critical resources, especially for remote workers.

Visibility for overall user activity is crucial, especially in remote work environments. Organizations need to see what their employees are up to when they are accessing corporate networks for interacting with enterprise resources, sharing files, uploading or downloading files, accessing the central repository or database, using remote desktop services, and more. Close monitoring of such activities ensures organizations take appropriate steps to minimize insider threats and deploy the required countermeasures to prevent malicious activity in remote work environments.

Next-generation insider threat detection technology provides visibility and monitoring needed to shed light on dark web risks

Next-generation insider threat detection and employee monitoring solutions, like Veriato Cerebral, can be used to track down one of the key sources to dark web issues – insider threats. By integrating user behavioral analytics (UEBA), user activity monitoring (UAM), and data breach response (DBR) into a single solution, the organization’s security teams are empowered to identify and minimize insider threats. Powered by artificial intelligence and machine learning, these solutions create a unique digital fingerprint of every user on different platforms, be it a virtual or a physical endpoint. 

In the remote era, the keywords to addressing dark web risks are visibility and insight. Using next-gen technology, organizations can get the level of insight into user activity that is necessary to understand if and when your employees are engaging in sketchy activity on the dark web such as selling their corporate login credentials and more. 

Examples of the level of visibility that can help includes insight into:

  • Web activity monitoring  
  • Network activity monitoring
  • Email Activity 
  • IM & Chat Activity 
  • File and Document Tracking 
  • Keystroke logging 
  • User status 
  • Geolocation 
  • Anomaly Detection
  • Risk scoring etc.

In addition to insider threat detection solutions, organizations can also leverage remote employee monitoring and employee investigations solutions to secure the organization from rising insider threats in remote work environments.

Conclusion

Risks and threats related to remote work will continue to rise. Adversaries will continue using complex and sophisticated attack and compromise techniques to harm enterprise networks and systems via remote working environments. Veriato’s AI-based, advanced threat mitigation solutions ensure that your remote working environment is fully protected and your visibility over IT operations is also increased. These solutions proactively detect and prevent dark web threats and insider threats to secure your organization and remote work environments.

5 Minutes With… Veriato’s Chris Gilkes

960 640 Stuart O'Brien

In the latest instalment of our IT security industry executive interview series we spoke to Chris Gilkes (pictured), Director EMEA at Veriato, about the company and its solutions, key challenges posed by a remote workforce, the importance of innovation and why you should never stop listening to customers…

Tell us about your company, products and services.

Veriato was founded as a software company in Florida in 1998. We have roughly 40,000 customers in over 100 countries worldwide. Our primary focus is Insider Threat Detection, Employee Monitoring and compliance solutions.

What have been the biggest challenges the IT security industry has faced over the past 12 months?

The new remote world has ushered in new security problems, with teams across the globe scrambling to find solutions that extend the corporate security framework beyond just the office. A key success factor in going remote is maintaining visibility into your workforce. 

Often, visibility is achieved by extracting information from disparate data sources like network and log data in the hopes of compiling a digital landscape of your remote workforce. The problem with many of these solutions is that they don’t offer granular visibility into the endpoint and Network analysis is not enough. This is where our flagship product, Cerebral can help.

How does Veriato help companies adapt to the new challenges inherent with a remote workforce? 

From a security perspective, Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring, and recording all user activity. Veriato proactively watches for signs of insider threat. The platform will send immediate alerts as well as provide risk scoring for the entire workforce. Because Veriato I son the endpoint and is not network-dependent it maintains visibility, and records all actions, to maintain compliance standards. Additionally, it can provide productivity reporting critical for managing remote employees.

What is the biggest priority for the IT security industry in 2021?

Maintaining corporate security, productivity and compliance while workers are remote.

What are the main trends you are expecting to see in the market in 2021?

Companies will continue a hybrid work model and continue to scale down their physical operations leading to a higher reliance on monitoring and analytics technology like Veriato.

What technology is going to have the biggest impact on the market this coming year?

Any type of technology that improves how employees work remotely.

Which person in, or associated with, the IT security industry would you most like to meet?

Brian Krebs, I’ve heard him speak at multiple events and he’s an interesting person with a great perspective on IT security.

What’s the most surprising thing you’ve learned about the IT security sector?

That the average number of tools an IT Security teams uses is 75, that’s absurd.

What’s the best piece of advice you’ve ever been given?

Never stop innovating and listen to your customers.

WEBINAR REWIND: Managing The Compliance & Security Nightmares Caused By A Remote Workforce

960 640 Stuart O'Brien

Don’t worry if you missed last week’s brilliant webinar from Veriato – You can now watch the entire session again online!

In an in-depth and wide ranging talk, Veriato’s Director of EMEA Sales Director Chris Gilkes takes us through how your organisation can maintain compliance while employees are working remotely.

Why is this important? Put simply, as employees connect to servers each morning through VPN, to download corporate data that they need, compliance and security can easily be compromised. As soon as the employee disconnects from the VPN, corporate visibility is lost and compliance can’t be maintained.

There are precautions and best practices that are being employed by many organizations and should be part of the security and compliance infrastructure as companies adapt to the new norm of both people and sensitive data residing in remote locations.

Chris addresses how companies can protect themselves with the right tools to mitigate compliance and security concerns, encompassing:-

  • Maintaining compliance while employees work remotely
  • Maintaining Compliance when employees go offline
  • VPN vulnerabilities as a result of a remote workforce
  • The increased threat posed by remote employees

Click here or scroll down to watch the session in full!

Want to know more about Veriato’s Insider Threat Detection solutions? Click here for a free trial!

WEBINAR: Managing the Compliance & Security Nightmares Caused By A Remote Workforce

960 640 Guest Post

Webinar – March 11th, 12pm GMT 

How do companies protect themselves with the right tools to mitigate compliance and security concerns?

There are precautions and best practices that are being employed by many companies, and should be part of the security and compliance infrastructure as companies adapt to the new norm of both people and sensitive data residing in remote locations.

In this Webinar we’ll discuss:

  • Maintaining compliance while employees work remotely
  • Maintaining Compliance when employees go offline
  • Monitoring the activity of employees working from home
  • The increased threat posed by remote employees?

Sign up for our latest Webinar on March 11th at 12pm GMT!

Sign Up Now!

Remote Workforces Create New Security & Compliance Headaches

960 640 Guest Post

The new remote world has ushered in a host of security issues. Sensitive data now sits in laptops in employees’ houses and if an employee disconnects from the corporate VPN, the company goes blind. This massively increases the risk footprint and leaves the company out of compliance.

Veriato utilizes AI-driven micro-agents that sit on the endpoint, monitoring and recording all user activity. Veriato watches for signs of insider threat and because it’s not network-dependent it maintains visibility to meet compliance standards.

Additionally, it can provide productivity reporting critical for managing remote employees. Veriato is the multitool you’ve been missing.

Click here to find out more.