• Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Posts Tagged :

cybersecurity

Cybersecurity Awareness Month 2021 – Learn from the experts…

960 640 Stuart O'Brien

This October, we celebrate European Cybersecurity Awareness Month – an annual campaign dedicated to promoting cybersecurity among European citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices. This year’s event has never been more important, with ransomware and securing a hybrid workspace dominating the headlines. With this in mind, we spoke to some experts to get their take:

John Smith, CTO, EMEA, Veracode

“As digital transformation accelerates, so does the attack surface. Recent research by Veracode found that three out of every four software applications contain at least one vulnerability. As data flows between enterprise applications, cloud-connected software, and IoT devices, cyber risk is also growing exponentially, and fixing defects in software needs to keep pace with this reality.

“This Cybersecurity Awareness Month is an important reminder for businesses of three key trends for which to be prepared:

  • ubiquitous connectivity: a world where everyone and everything is connected
  • abstraction and componentisation: breaking down what used to be comprehensive applications into the smallest possible reusable blocks
  • and the hyper-automation of software delivery: automating all processes that interact with software development and delivery”

Rory Duncan, Security Go-to-Market Leader, NTT

“Demonstrating effective cyber-resiliency has become more crucial than ever, even as we start to recover from the pandemic. Organisations have adapted to new hybrid ways of working, and we’re seeing a continued spike in remote devices and users connecting to corporate networks, posing an increased potential risk to overall network security. That’s why this Cybersecurity Awareness Month, it’s important that we reinforce the need for strengthened network security across the enterprise.

“To tackle the rise in threats across the network, we’re encouraging businesses to adopt a Zero Trust framework. Taking a practical Zero Trust approach to security builds on segmentation and visibility, by including identity with the network resource or application access controls. A user or device is identified and allowed access, this access is then continually verified – ultimately this means that enterprises should not automatically trust anything outside or inside the network’s perimeters.” 

Ramses Gallego, International CTO, CyberRes, a Micro Focus line of Business

“For me, Cyber Awareness Month needs to focus on resilience, not just security. Everything has become more complex over the last year-and-a-half. More vulnerable. We’ve seen the attacks, we know they happen. So the real question is not just, ‘how do we secure our organisation?’, it’s ‘how do we make it resilient? How can we engineer it so as we can carry on, even in the face of an attack?’

“If there are three things to remember, they are: Protect. Detect. Evolve. Protect your business with best in class, make sure you’re able to detect changing or new risk surfaces, and keep evolving competencies in line with these changes. Make cyber resilience an integral part of the entire enterprise’s life cycle. This way, even if we’re having to adapt to changes in working environments, new software deployments or processes, all the bases are covered.”

Pritesh Parekh, Chief Trust & Security Officer, VP of Engineering, Delphix  

“There’s no doubt that ransomware has been taking over the news agenda in recent months. In fact, recent research discovered that the number of global ransomware attacks surged by 288% between the first and second quarters of this year. No organisation is immune to the threat.

“When it comes to protecting against the latest threats, an effective recovery plan is essential. In order to truly safeguard backup data, organisations should isolate the backup network and remove system-level access to backups, creating a type of “air gap” between the two systems. This way, the backup system remains connected to the rest of the system, but even a hacker who has access to production data will be locked out of the backup files. This methodology provides a viable alternative to paying a ransom should a business be hit with an attack, as it increases the frequency of backups to minutes or even real-time, minimising the data loss during the restore process.

Adam Philpott, EMEA President, McAfee Enterprise

“With many of us now splitting our professional lives between our homes and the office, cybercriminals have been quick to adapt their techniques– creating a whole host of new tactics which businesses must be aware of. This is why Cybersecurity Awareness Month is now more important than ever. The shift to hybrid working is here to stay, and the initiative serves as a crucial reminder to remain vigilant against increasingly sophisticated threats.

“One way to improve protection against cyber threats is to adopt a SASE architecture model. A SASE model identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data, allowing organisations to apply secure access no matter where the users, applications or devices are located. By taking these measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from cyber attacks.”

Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior

“EU cybersecurity month has never been more important for raising awareness within organisations that security is everyone’s responsibility, and role-specific training is needed to truly bolster cybersecurity practices. To build better defences against cyberattacks, developers need to be given ownership of their vital role in cybersecurity, in order for them to step in and become the new frontline defenders. It’s up to smart businesses to provide the relevant upskilling, resources and contextual knowledge about the importance of secure coding, and understanding cyber threats they can control in their day jobs.

“A study conducted by the IBM System Science Institute, found that it’s 100 times more expensive to fix a vulnerability once a programme is placed in the production environment. Given that a data breach can be the difference between a business staying afloat or going under, business leaders need to realise that investment in developers is well worth the expense and in doing so, champion these new approaches to security from the top down.”

Michael Kaczmarek, Vice President, Product Management, Neustar

“What is often overlooked is the maturity of cybercrime ‘business’ as a whole. Where there was once a list of known bad actors working directly for their own interests, like any other mature industry we have seen the emergence of as-a-service business models. This idea of malware or attacks-as-a-service have become so commoditised that you can now rent malware like BloodyStealer for $10 a month, or even purchase ‘lifetime subscriptions’ for $40.

“The point to all of this is, organisations need to respond in kind and in a mature manner to what the market provides. You have to understand your risk exposure. Do you have the right controls in place to manage it? Is your security always-on and multi-layered? Does senior-leadership appreciate the risk? We know 60% of organisations consider paying-up in cases of extortion attacks – if that’s the case, surely it’s vital that your security operations are up to snuff.”

Keith Glancey, Systems Engineering Manager, Infoblox

“The shift to hybrid work is forcing the corporate network perimeter to expand, as it accommodates the explosion of remote devices connecting in. With this comes significant security issues, from shadow IT to workers using vulnerable home Wi-Fi networks. The attack surface is expanding like never before, leaving the drawbridge wide open for attackers looking to cause harm, whether it’s stealing personal data or taking down hospital networks.

“All organisations, regardless of industry, need to be considering how they can leverage their existing technology to increase their security posture. For example, companies can use DDI (DNS, DHCP and IPAM) – which they already use to manage network connectivity – to glean insight into network activities and ultimately provide a much stronger security offering.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications 

“Cybersecurity Awareness Month is a reminder that PINs and passwords are an archaic tool, no longer fit for their original purpose. In fact, global research from Nuance has found that 50% of consumers feel more comfortable using biometrics to authenticate themselves when accessing accounts than prior to the pandemic, while two in five (38%) now identify biometric solutions as their authentication method of choice.”

“As we transition into a post-pandemic world of remote working, shopping and socialising, it has never been more important for businesses to ensure that users are provided with a more sophisticated and secure experience. Now is the time to confine PINs and passwords to the history books, so that modern technologies – such as biometrics – can be more widely deployed in order to robustly safeguard customers. By layering it into a data protection strategy, businesses are able to identify whether a person really is who they say they are in less than a second, often without the customer even aware the check is happening.”

Cybersecurity is not a one-stop-shop 

918 612 Guest Blog

Since the start of the pandemic, the way business is conducted has changed permanently, with many workforces continuing to work remotely as restrictions have eased. As companies relax and rules have eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working. 

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Rob Hancock, Head of Platform at Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable. 

The Risk Grows

Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 continues to change the working landscape. With indoor spaces back open, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats.

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday, deploying fake travel websites, for example.

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution.

The Importance of a Layered Approach 

Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce.

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material.

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence.

This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role 

Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Conclusion 

Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it’s essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

Keeping cybersecurity initiatives on track

960 640 Guest Blog

The West Midlands Train service has come under fire after workers discovered that an email promising them a bonus payment after running trains during the pandemic was actually a phishing simulation test.

Around 2,500 employees received a message which appeared to come from Julian Edwards, Managing Director of West Midlands Trains, thanking them for their hard work over the past year under COVID-19, and that they would get a one-off payment as a thank you.

However, those who clicked through on the link were then emailed back with a message telling them it was a company-designed ‘phishing simulation test’ and there was to be no bonus. The email warned: “This was a test designed by our IT team to entice you to click the link and used both the promise of thanks and financial reward.”

Since the test has been revealed, the train service has received media backlash for promising a fake financial reward to well-deserved teams. However, the modern threat landscape is constantly evolving, and it’s vital that businesses prepare their workforces against any type of threat. So was this a good test of resilience? Andrea Babbs, UK General Manager, VIPRE, explains...

Fight Fire with Fire

In order to be successful in the fight against cybercrime and protect the network, businesses should not be afraid to fight fire with fire and sometimes stoop as low as the phishers themselves – who have no morals. By using a powerful message and incentive such as the suggestion of a bonus provided by West Midlands Train Service, businesses can gain valuable insight into how their employees could be tricked into clicking on a phishing link, and why they need to ensure their staff are trained for any type of attack.

However, the test has clearly upset West Midlands’ employees, and could have been done in a less dramatic way so that it wasn’t either ethically or morally questionable. Particularly during a pandemic where our frontline workers, like those in the transport industry, have continued to put themselves at risk over the last year. The idea of a bonus in the current challenging environment seems deserving as an act of recognition for their above and beyond service – but for this to be a test, rather than the promised reward, is particularly hard-hitting for those involved.

Finding the Balance

It is vital that organisations take the time to train and educate their staff so that they become an additional line of defence in an organisation’s cybersecurity strategy. However, IT teams also need to rely on users’ goodwill to encourage them along the cybersecurity journey. This test by West Midlands Train service may have damaged that goodwill, and could disillusion some members of staff.

Rather than mentioning a bonus, the train service could have mentioned a change to pay, or date of payroll. Both of these statements would have had the same instinctual reaction in employees, without having heightened emotions surrounding the letdown of a non-existent bonus.

Importance of Education 

Regardless of the incentive behind the West Midlands phishing test, the fact that employees clicked on the link highlights the need for businesses to perform these types of tests in the first place.

Cybercriminals will stop at nothing to get users to click on a phishing link, download a malicious attachment or fill in their details on a forged website, and will use personal or professional information to lure them into doing this.

Therefore, employees need continuous training to identify and avoid these attacks. Going forward, businesses who are looking to deploy such phishing tests should try using less exciting topics to trick their users in order to avoid any bad will or backlash from their employees, and the media.

One way to achieve this is to implement Security Awareness Training programmes which incorporate real-life situations, including phishing simulations – that are less emotive. This educational material will help organisations to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves.

The Key to Cybersecurity is an Educated Workforce

960 640 Guest Blog

The United Kingdom’s National Cyber Security Centre (NCSC) handled a record number of cybersecurity incidents over the last year, a 20% increase in cases handled the year before. With the increasing number and more innovative nature of cyber attacks, businesses of all sizes must prioritise cybersecurity. However, the fundamental starting point of any organisation’s security infrastructure must be a trained and aware workforce, who understand their responsibility in keeping business data safe. Oliver Paterson, Product Expert, VIPRE Security Awareness Training and Safesend, explains…

Business Size Doesn’t Matter

Whether a business is a start-up or a larger corporate organisation, all companies are at risk of a cyber-attack. We often see million-pound enterprises on the news when they suffer from a data breach, such as Estée Lauder, Microsoft and Broadvoice. But, no organisation is too small to target, including small and medium-sized businesses (SMBs), who are the target for an estimated 65,000 attempted cyber attacks every day, according to new figures. Unfortunately, these types of businesses may not have the same infrastructure and resources in place to survive such attacks, as it is found 60% of small companies go out of business within six months of falling victim to a data breach or cyber attack.

No matter the size of an organisation, the effects of a cyber attack can be devastating financially, as well as having longer-term damage to business reputation. Small businesses remain at the same level of security risks as those which are larger, for example, Volunteer Voyages, a small single-owned organisation, did not deploy the right level of security and fell victim to $14,000 in fraudulent charges using its payment information. Similarly, the entrepreneur who owns Maine Indoor Karting accidentally clicked on a malicious email pretending to be from his bank warning him of unfamiliar activity, resulting in clearing out his account. Nevertheless, SMEs can safeguard their data and themselves from these types of attacks by investing in their cybersecurity and being conscious and informed of the threats they face. 

Human Error

As the year-on-year number of cyber attacks continues to accelerate, hackers are also becoming more advanced and innovative in their tactics. They are able to spot weaknesses in workforces, particularly preying on those who are working from home as a result of the ongoing pandemic, away from their trusted IT teams. In fact, a recent survey found that 90% of companies faced an increase in cyber attacks during COVID-19.

It is no surprise that hackers use humans to their advantage, as according to data from the UK Information Commissioner’s Office (ICO), human error is the cause of 90% of cyber data breaches. Humans make mistakes – stressed, tired employees who are distracted at home will make even more mistakes. Whether it’s sending a confidential document to the wrong person or clicking on a phishing email, no organisation is immune to human error and the damaging consequences this can have on the business. 

Yet, these risks can be mitigated by educating workforces on the modern threat landscape and the existing risks. Teamed with anti-malware solutions and technology, such as VIPRE’s SafeSend, employees can be alerted to double-check their email attachments and recipients, as well as any potentially malicious incoming emails.

Cybersecurity Training 

Businesses cannot solely rely on digital tools to protect their operations, information and people. However, they cannot expect workforces to understand and identify existing threats, as well as avert them from taking place, without education. Particularly, small and micro-businesses lack the resources and knowledge to defend against an attack, with a concerning 81% of organisations not receiving any training on cybersecurity. 

Without this cognisance, workforces cannot stay ahead of the persistently evolving threat landscape. It is therefore essential that businesses choose the correct training programmes to get the most value and retention out of this learning. While deploying an annual security awareness training programme may satisfy instant requirements, it does not equate to a continuous defence strategy for ever-changing threats.

The key considerations include the length of the programme, the level of engagement, having a variety of multimedia content and ensuring it is relevant and relatable to a global audience. Adding in real-life situations and intriguing employees with diverse content, including virtual reality and phishing simulations, helps to fortify crucial cyber threat prevention messaging and educates workforces on how to protect both the business and themselves. This, in turn, strengthens the workforce security culture, ensuring employees know what to do when faced with a cyber threat.

By working with a successful vendor, such as VIPRE, that has access to the appropriate security solutions and expertise, they can help CISOs create and foster a good security culture, making security part of the vision and values of everyone in the organisation. 

A Responsible Workforce 

Once workforces are trained and educated on the existing security risks, it is vital that they also understand their responsibilities when securing an organisation’s IT infrastructure. Traditionally, IT teams are often perceived to have a key role in ensuring the right security measures are in place, and it’s up to them to defend the business against hackers. However, this is not the case, particularly for SMBs who may not have a committed IT unit to rely on. 

Especially now with dispersed workforces and social distancing restrictions in place, the help and support from those in IT is not so immediate. Now more than ever, the responsibility must be reinforced throughout the entire business. In order to combat imminent threats, employees who are on the front lines of the business’ cyber defence must understand that they have a key role to play in keeping data safe. After all, the final choice in sending sensitive information via email or downloading an external attachment is with them. 

Forrester’s latest report re-iterates this, as it states that “Organisations with strong security cultures have employees who are educated, enabled, and enthusiastic about their personal cyber safety and that of their employer.” The combination of having a vigilant and empowered workforce, supported with regular training and innovative tools, allows businesses to benefit from a security-first initiative with an educated and responsible culture long-term. 

It’s Back to Basics During Cybersecurity Awareness Month

960 640 Stuart O'Brien

By Jonathan Couch, SVP of Strategy at ThreatQuotient

This month marks the 17th year of Cyber Security Awareness Month, which focuses on helping provide individuals with resources they need to stay safer and more secure online. The COVID crisis brings added cybersecurity challenges, particularly on the “home front,” but also more opportunities for those of us who are security professionals to help raise awareness and share our expertise. 

With more people working and learning online, the attack surface for threat actors has grown significantly. Not only can they compromise systems at home, but they can use these devices to infiltrate the networks of organisations and school districts to commit cybercrime and wreak havoc. What’s more, everyone is using new applications on their laptops and phones – many of which haven’t been vetted and sanctioned by IT departments.

Organisations can’t protect individuals working “off platform” (i.e., using personal systems not provided by work). And although some students are working on laptops provided by school districts, others access school tools using family members’ devices. Because everything is virtual, they’re using learning and collaboration tools, like Canvas and Zoom, for the first time and engaging with teachers in new ways – over email and text. Clearly, the opportunities for threat actors to cause disruptions and profit have never been greater.

Most of you reading this blog are cybersecurity practitioners. Over the last few months, you’ve quickly pivoted to support your organisation’s move to a distributed work environment, and you’ve gained even more valuable knowledge in the process. You can help bridge the securitygap we’re facing between professional and personal since public resources are stretched thin to focus on productivity and learning. Let’s extend the knowledge we take for granted to family and friends and help empower them to do their part to stay more secure in this unprecedented time.

I’ve been doing this at home and with others close to me, and here are five “back to basics” security tips I’ve found especially useful to share.

  1. Strengthen passwords.Simple passwords are easy for hackers to crack, and password reuse opens the door for them to compromise additional accounts and access your confidential information. Create long and unique passphrases for each account and use multifactor authentication (MFA) wherever possible. If this starts to get cumbersome and hard to keep track of, use password managers to generate and remember different, complex passwords for each of your accounts.
  2. Update applications and systems.Technology vendors are doing their best to keep users safe, issuing patches and updates regularly. Stay current with these securitysettings by turning on automatic application updates when available. For example, with Apple, Microsoft, and Google Chrome, shutdown systems every night and enable updates when prompted. For other applications, like Zoom, which identified security problems early on and issued fixes quickly, be sure to update the client version to take advantage of the latest security updates. 
  3. Update phones and download apps from official stores.Accept the automatic system updates when prompted and keep phones plugged in and turned on at night to process updates during less busy times. Be savvy about sources that provide apps for download. Google and Apple vet applications and ensure they meet privacy and securityrequirements, so stick to apps and games available in these stores instead of downloading them from sites you don’t know, trust or haven’t interacted with before. 
  4. Use hotspots with caution. Be wary of and ask questions about hot spots, even on school property. Most attacks that use hot spots take advantage of their misconfigurations. How well are these hot spots configured and managed? Are they monitored? Are they tied into the backend school network, making them even more attractive targets for hackers? To reduce your exposure, limit the activities you engage in while using a hotspot, and completely log out when you’re done.
  5. Be alert to phishing and ransomware. Adversaries have not shown any kind of sympathy to school districts or kids. In fact, the FBI released a security alertwarning K-12 schools about the increased risk of ransomware attacks during the COVID crisis. Remind family and friends to think before they click. Hover over links to see if they resemble legitimate addresses and watch for spelling and grammatical errors and generic greetings, indicating the email is malicious. If in doubt as to the legitimacy of an email, delete it. 

A final word of advice as you help to raise awareness. Although these tips are simple and second nature to cybersecurity practitioners, trying to explain them all at once and get a family member or friend to absorb and adopt them is far from simple. I’ve found it can be more effective to share one tip at a time, keep communication lines open, and have constant conversations. And if you have kids, check in with them frequently, monitor any changes to their systems and train them to protect themselves better – don’t just do it for them. 

Take this opportunity to help family and friends become more security savvy. Believe me, you’ll be glad you did! #BeCyberSmart

GUEST BLOG: Avoiding downtime in the throes of digital transformation

960 640 Guest Blog

Adopting new technologies can certainly bring about an exciting transformation for any business. As well as streamlining operations, business can be rewarded with an elevation in productivity and uplift in bottom lines.

But did you know that upgrading your business technologies runs the risk of increasing your cyber-attack surface? Bearing in mind that cyber-attacks against UK organisations increased in 2019, you can’t afford to put your business at this type of risk. Worst case scenario, a successful attack could lead to a lengthy downtime and spell financial disaster for your organisation.

You may be more familiar with business downtime coming about through system failures. There’s less awareness of the fact that the activities of hackers and their malicious malware can cripple businesses through long periods of downtime. Business productivity would certainly be hampered and, in severe cases, render your operations impossible. Take Merck for example, who lost $310 million as a result of the Petya ransomware attack due to the halting of its production line. 

Why not read our guide below and adopt new technologies with confidence, ensuring there is a reduced security threat posed to your business data?

  1. Anti-ransomware solutions can offer increased protection

With the introduction of GDPR legislation, hackers know that encrypted or stolen data could land a business in hot water with the Information Commissioner’s Office (ICO), which could lead to fines in the tens of millions. They’ll use this to their advantage to extort ransom payments out of you. It’s never advisable to pay the cybercriminals, as it’s rare you’ll get your data back. Additionally, hackers will identify your business as a guaranteed pay-out and will continue to target you.

With ransomware attacks increasing exponentially in recent years, security organisations have created solutions which specifically protect your systems and data from ransomware. Intelligent solutions like Intercept X will prevent ransomware at the point of infiltration. Or, if your business has already fallen victim to this file-encrypting malware, it’ll reverse the damage. You’ll also get access to features like root cause analysis, which identifies how the ransomware got into your business so you can bolster your systems going forward.

  • Implement a business continuity plan to back up your entire IT estate

If, like many businesses, you host all of your critical resources on one server, an attack or failure on this system could bring your business down. For years, organisations have been backing up their files and data either on physical devices or into the cloud. But now it’s not enough to simply back up data.

Forward-thinking business continuity and disaster recovery solutions will not only back up your data, but back up your entire IT estate, whether that’s physical, virtual or in the cloud. Say, for example, a key server in your business goes down – that could be due to a malicious attack, an electrical failure or a flood. You can use your business continuity solution to spin up your server virtually and be back up-and-running in no time. Working with a managed IT services partner can help you implement the most suitable solution.

  • Reduce your attack surface by educating your workforce on spotting suspicious content

Even with the advent of innovative technologies, your biggest attack surface is still your employees. Email is by far the most popular vector to launch a cyber-attack, with an estimated 91% of cyber-attacks starting with an email designed to harvest login credentials (PhishMe research).

The phishing emails of the 2010s are significantly more targeted and harder to spot than old-school email scams. Hackers are impersonating the business software you use (including purporting to be Microsoft to get your email credentials), your suppliers and even your colleagues, and they’re more convincing than ever.

Ensuring your staff are not only educated, but continually upskilled in spotting suspicious content, is essential to keeping your business safe. Additionally, you can use tools which simulate phishing attacks to benchmark the existing knowledge amongst your employees and track progress against your training.

Author Bio:

Natasha Bougourd is a Lead Applications Writer at TSG, an IT managed services company covering the London area, offering expertise across a range of areas including Office 365, Dynamics 365, document management and business intelligence. 

Five steps to defending against and recovering from a cyber attack

960 640 Guest Blog

By Alan Calder, Chief Executive of GRC International plc, parent company of IT Governance

Given how commonplace cyber attacks have become on a global basis, the topic of cyber security is moving increasingly up the board agenda, and rightly so. 

72% of large businesses in the UK said they had identified at least one cybersecurity breach in 12 months and 40% experienced a breach or attack at least once a month. Clearly, businesses are aware of the prevalence and potential damage that attacks can cause.

But how can they be sure that their defence strategy is up to the task? 

How long would it take you to identify a security breach within your organisation? Hours? Days? Months? The average is 101 days – that’s three months that cyber criminals have to exploit the sensitive data that they have acquired due to a flaw in a company’s security systems or processes.

Simple security measures are clearly not enough. Organisations must be equipped and ready to respond to attacks, control the potential fallout and recover as quickly and easily as possible.

Alan Calder, Chief Executive of GRC International plc, parent company of IT Governance, explains that by following five key steps, organisations can deploy a comprehensive cyber resilience strategy. 

  1. Identify potential threats:

The first step should be to undertake a thorough risk assessment to highlight any threats that the organisation currently faces to its information assets. Any data that a company values, be that digital assets, offline content and employee knowledge, will also be valuable to a cyber criminal – they all require protection. 

There are a number of risks that could impact an organisation and its information assets, from cyber attacks to human error, theft or accidental loss and even natural disasters. This is where penetration testing can help to identify weaknesses in an organisation’s infrastructure and networks by highlighting vulnerabilities before cyber attackers are able to exploit them. These risks must then be fully evaluated to determine how significant the threat is – how likely is the threat to happen? What could be the resulting impact? 

2. Protect against attack:

The next step is to deploy tools to prevent the attacks, or at least reduce their likelihood or impact. These should take the form of technical controls, such as firewalls, as well as process controls, including policy changes. Detective controls can also be used to observe the environment to detect risk before it causes harm. This could include CCTV cameras or intrusion detection systems monitoring the network. Reactive controls can be deployed to take action in response to an event, such as locking down a particular area or encrypting data after a certain number of failed login attempts.

While technical functions are essential to keep information secure – it’s crucial to ensure any risks related to human error and process failures are not overlooked and a holistic approach is implemented to keep the organisation secure. Information security frameworks such as ISO 27001 consider the people and process aspects of keeping data secure, such as staff awareness, regular training and a culture of continual improvement. An ISO-27001-compliant information security management system is also a risk management approach, meaning that the security measures an organisation should implement are tailored to the specific threats it could face, as well as its risk appetite. By using this approach, organisations can be confident in the fact that they are addressing real threats to the business and not wasting time or resources protecting against threats that are unlikely to happen. 

3. Detect breaches:

It’s true that not all attacks can be prevented, which is exactly why it’s essential to have robust detection mechanisms, such as reviewing logs and constant network monitoring in place to detect unusual activity. This way, organisations can be in control of their defences and be in a position to identify threats and mitigate breaches before they cause damage. 

4. Respond to incidents:

Training is an important factor in an organisation’s cyber resilience strategy, so that in the event of a breach the right response can be followed to limit the potential fallout. Research suggests that over half of organisations do not have processes in place to appropriately train staff in this area. In the current compliance environment, where legislation such as GDPR requires all staff that handle personal data to receive appropriate training, and imposes strong penalties for organisations that don’t, this is a worrying statistic. 

A Business Continuity Management Strategy (BCMS) will include a comprehensive plan that will detail who to contact in the event of a breach, processes for containing the incident, as well as how to keep the situation stable. With a step by step approach, the fallout from a breach can be minimised as much as possible to keep assets protected, and the organisation running at an optimum level. 

It’s also important to record all available evidence and keep a log of response procedures to be reviewed at a later date. This is not only necessary to legally inform subjects that may have been affected by the breach, but also as an audit trail to improve the response process for future incidents. 

5. Recover from attack:

Once the situation is stable following a breach, action should be taken to prevent similar incidents from happening again, or at least ensure that the incident will have a lesser impact in future. Of course, how an organisation recovers from an attack will vary depending on the nature of the incident and the company. For example, the Security of Network and Information Systems Regulations (NIS) dictates specific business continuity processes for certain essential services, such as transport, energy, health and cloud computing, to ensure the continuation of these systems in an effort to keep businesses, citizens and public services protected. 

The BCMS should be comprehensive enough to enable an organisation to operate as close to normal as possible, while it continues to fully recover from the incident. With an established cyber resilience strategy in place and following these five steps, an organisation will be able to detect and survive any incident – and quickly get back to business as usual. 

Image by Pete Linforth from Pixabay

Employees responsible for half of industrial networks cybersecurity incidents

960 640 Stuart O'Brien

52% of incidents affecting operational technology and industrial control system (OT/ICS) networks last year were caused by employee errors or unintentional actions.

A Kaspersky report, State of Industrial Cybersecurity 2019, found this issue to be the result of the growing complexity of industrial infrastructures and a shortage of professionals who understand how to detect new threats as well as low awareness among existing employees.

According to the survey, digitalization of industrial networks and adoption of Industry 4.0 standards are a priority for many industrial companies. Four out of five organizations (81%) consider operational network digitalization to be an important or very important task for this year.

A majority (87%) of respondents confirmed that OT/ICS cybersecurity is becoming a top priority for industrial companies. However, to achieve the necessary level of protection, they need to invest in dedicated measures and have highly qualified professionals to make them work effectively. Despite stating it as a priority, only just over half of companies (57%) have allocated budget for industrial cybersecurity.

In addition to budget constraints, there is also a question over skilled staff. Organizations are not only experiencing a lack of cybersecurity experts with the right skills to manage protection for industrial networks, but also are worried that their OT/ICS network operators are not fully aware of the behavior that can cause cybersecurity breaches.

These challenges make up the top two major concerns relating to cybersecurity management and directly correlates as to why employee errors cause half of all ICS incidents such as malware infections and more serious targeted attacks.

In almost half of the companies (45%) surveyed, the employees responsible for IT infrastructure security also oversee the security of OT/ ICS networks. Although operational and corporate networks are becoming increasingly connected, OT and ICS specialists can often have different approaches (37%) and goals (18%) when it comes to cybersecurity.

“This year’s study shows that companies are seeking to improve protection for industrial networks. However, this can only be achieved if they address the risks related to the lack of qualified staff and employee errors,” said Georgy Shebuldaev, brand manager for Kaspersky Industrial Cybersecurity. “Taking a comprehensive, multi-layered approach that combines technical protection with regular training of IT security specialists and industrial network operators will ensure networks remain protected from threats and skills stay up to date.”

In addition to a technical and awareness boost for industrial cybersecurity, organizations must consider specific protection for Industrial IoT which can become highly connected externally. Almost half of companies (41%) are ready to connect their OT/ICS network to the cloud using preventive maintenance or digital twins.

“As this ARC Advisory Group survey conducted on behalf of Kaspersky reflects, the growing interconnection between IIoT edge devices and cloud services continues to stand as a security challenge,” said Dr. Jesus Molina, chair, IIC Security Working Group and director of business development, Waterfall Security Solutions. “It was a major driver for the creation of the IIC Industrial Internet of Things Security Framework as well as the subsequent best practices documents and recent IoT Security Maturity Model.”

Image by Michael Gaida from Pixabay

Bullguard launches smart home cybersecurity solution

960 540 Stuart O'Brien

Consumer cybersecurity expert Bullguard has launched Dojo, a comprehensive smart home cybersecurity solution.

Dojo is the only consumer cybersecurity product built from the ground up as an enterprise-grade, network security service for the smart home. There are billions of connected Internet of Things devices on the market today – from smart alarms, thermostats, baby monitors, smart appliances, lighting, locks and more. Dojo by BullGuard is built to protect them all. Available exclusively in the United States at launch (with the UK launch to follow), Dojo by BullGuard retails for $199 USD, including the first 12-months of service, and is available for purchase online at amazon.com, BestBuy.com and on shelves in brick-and-mortar BestBuy stores nationwide.

“Dojo by BullGuard is the cornerstone of a smart, connected home. It safeguards consumers’ privacy and protects their entire home network, but is also delivered in a way that is extremely easy for them to set up and use,” said Paul Lipman, CEO of BullGuard. “A smart home can quickly become a fool’s paradise when IoT devices are not properly secured. Dojo seamlessly protects the privacy and security of a consumer’s data, devices, home and family by monitoring the home network 24/7 against cyber threats. No other product provides the unrivalled deep multi-layered levels of protection as Dojo.”

Dojo by BullGuard provides enterprise-grade, multi-layered security software capable of handling a wide range of cybersecurity threats, with a major focus on protecting smart home devices. The Dojo by BullGuard smart home cybersecurity solution includes:

  • Dojo (hardware): A sleekly designed ‘pebble’ that is easy to set up and free to move about the home while its dock remains connected to the Wi-Fi router. The Dojo pebble illuminates rings of light when suspicious or malicious activity is detected on the user’s Wi-Fi network. Yellow rings indicate that a risk has been detected and automatically mitigated, while red rings of light indicate that an action must be taken in the Dojo smartphone app. Green rings of light indicate that the user’s network is secured and their privacy is intact.
  • Dojo smartphone app (iOS and Android): Allows consumers to interact with the Dojo pebble via a simple, intuitive messaging interface, which grants them visibility and control of their Wi-Fi network and connected devices and informs them of potential cyber threats.
  • Dojo Intelligence: Dojo’s cybersecurity engine provides a tailored security policy for each device on the home Wi-Fi network. This policy is enforced by the Dojo device, which constantly monitors and mitigates both internal and external attacks. Dojo’s cloud-based platform utilises highly sophisticated artificial intelligence (AI) and machine learning, continuously analysing device and service patterns to protect a consumer’s privacy even better over time. The more Dojo familiarises itself with a home’s smart devices, the smarter it becomes in detecting and mitigating cyber attacks and privacy breaches.

“Many IoT devices are notoriously insecure and it is relatively easy for hackers to exploit their vulnerabilities,” added Yossi Atias, General Manager, IoT Security of BullGuard. “We’ve seen major privacy breaches in recent months caused by compromised devices, including Mirai, the largest ever DDOS attack launched from an IoT botnet, smart TVs hacked by the CIA, and even smart Teddy Bears go from cuddly to creepy.

“Device manufacturers often sacrifice security for speed to market and consumers are unwittingly paying the price. Dojo solves the IoT security conundrum and protects every smart home device to ensure security and privacy.”

www.bullguard.com

Human decision making still the most trusted method in cybersecurity

960 640 Stuart O'Brien

A report aggregating insight from more then 400 interviews with leading cybersecurity researchers and security experts on Artificial Intelligence (AI), Machine Learning (ML) and Non-Malware Attacks has found that 87 per cent of those polled still don’t trust AI or ML to replace human decision making in security.

Commissioned by endpoint security specialists Carbon Black, the report also revealed the following trends:

  • 93 per cent of cybersecurity researchers said non-malware attacks pose more of a business risk than commodity malware attacks.
  • 64 per cent of cybersecurity researchers said they’ve seen an increase in non-malware attacks since the beginning of 2016. There non-malware attacks are increasingly leveraging native system tools, such as WMI and PowerShell, to conduct nefarious actions, researchers reported.
  •  AI is considered by most cybersecurity researchers to be in its nascent stages and not yet able to replace human decision making in cybersecurity. 87 per cent of the researchers said it will be longer than three years before they trust AI to lead cybersecurity decisions.
  •  74 per cent of researchers said AI-driven cybersecurity solutions are still flawed.
  •  70 per cent of cybersecurity researchers said ML-driven security solutions can be bypassed by attackers. 30 per cent said attackers could “easily” bypass ML-driven security.
  •  Cybersecurity talent, resourcing and trust in executives continue to be top challenges plaguing many businesses.

“Based on how cybersecurity researchers perceive current AI-driven security solutions, cybersecurity is still very much a ‘human vs. human’ battle, even with the increased levels of automation seen on both the offensive and defensive sides of the battlefield,” said Carbon Black Co-founder and Chief Technology Officer, Michael Viscuso. “And, the fault with machine learning exists in how much emphasis organisations may be placing on it and how they are using it. Static, analysis-based approaches relying exclusively on files have historically been popular, but they have not proven sufficient for reliably detecting new attacks. Rather, the most resilient ML approaches involve dynamic analysis – evaluating programmes based on the actions they take.”

In addition to key statistics from the research, the report also includes a timeline of notable non-malware attacks, recommendations for incorporating AI and ML into cybersecurity programs and an ‘In Their Own Words’ section, which includes direct quotes from cybersecurity researchers and unique perspectives on the evolution of non-malware attacks.

“Non-malware attacks will become so widespread and target even the smallest business that users will become familiar with them,” said one cybersecurity researcher. “Most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, but rarely consider a person who is actually attacking them in a more proactive and targeted manner.”

www.carbonblack.com