“Raising awareness in the C-suite and connecting cybersecurity with business outcome has never been more critical. No matter the size of the organisation or what industry, every board and C-level discussion of security initiatives is driven by business impact. We’ve developed Outpost24 CORE to provide unified asset inventory and exposure insights, so that CISOs and executive leaders can be confident they are deploying security resources in the best possible way to protect their organisation from the biggest risks,” said Brendan Hogan, Chief Strategy Officer, Outpost24.

With actionable insight provided by Outpost24 CORE, a business will have information on its asset exposure, comprising not only infrastructure but application and user risk. The solution consolidates siloed vulnerability and threat intelligence data from different assessment tools into a single view, with a quantitative risk grading to help security teams understand, monitor and report on the progress and efficacy of their risk mitigation activities based on the likelihood of exploitation and business criticality.

Outpost24 CORE also allows organisations to group their IT assets and focus on how risks are controlled and mitigated across different technologies and business units to inform security resource and investment decisions.

Outpost24 CORE combines five important features that are fundamental to a successful Continuous Threat Exposure Management (CTEM) program, identified by Gartner as a top cybersecurity trend for 2023:

• Unified asset inventory for complete visibility
• Consolidated vulnerability data and their threat exposure
• Threat intelligence powered vulnerability prioritisation engine
• Business impact analysis and logic mapping
• External Attack Surface Management, following the recent acquisition of Sweepatic, for control and visibility over all assets exposed on the Internet

Outpost24 CORE is available now. For more information, please visit https://outpost24.com/

The post New Outpost24 CORE Solution Announced Bringing Visibility, Cyber Resilience & Threat Mitigation appeared first on IT Security Guru.

Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organizations around the globe. Cybercriminals are always refining their strategies to stay one step ahead of end users and organizations by changing phishing email subjects to be more believable. They prey on emotions and aim to cause distress or confusion in order to entice someone to click. Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

Holiday phishing email subjects were also utilized this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.

“Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical. Building up an organization’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”

To download a copy of the Q1 2023 KnowBe4 Phishing Report infographic, visit here.

The post KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend appeared first on IT Security Guru.

Sometimes, cyber threats are closer to home, making them all the more surprising (and frustrating) for many organizations. They’re called insider threats, and you need to pay special attention to ensure you – and your data – don’t fall victim.

The threat landscape

Organizations are wise to prioritize cybersecurity strategy and adequate budgeting to protect their networks and valuable private data. Cybercrime is predicted to reach an alarming $10.5 trillion by 2025, making it a lucrative business venture for opportunistic criminals worldwide.

DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. But your strategy is incomplete if you only secure the perimeter and do not address internal risks.

Insider threats are on the rise, and they’re particularly risky as they’re less often reported. Estimates state that over 70% of insider attacks never reach the headlines. As such, organizations cannot learn from their peers’ mistakes or oversights.

What is an insider threat?

Indisputably one of the most underestimated risks to organizations, insider threats are defined by CISA as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.”

Insider threats are, at their most basic, those that come from within your organization. End users with privileged access present unique risks to your network and data. Insider threats are particularly challenging to protect against as users may have access controls and particular familiarity with internal processes and procedures that enable them to navigate without raising suspicions. As such, insider attacks often go undetected until long after the breach.

Types of insider threats to look out for

Insider threats amount to attacks via employee user accounts. But that doesn’t always mean that a disgruntled employee or opportunistic bad seed is infiltrating the system and reaping the rewards. Sometimes, even the employee may not realize they’ve been a pawn in someone’s scheme until it’s too late.

Remember that insiders include third-party vendors, consultants, business partners, and others outside the organization with access to systems and networks.

Here are the two types of insider threats to be aware of:

Acts of negligence

Insider threats as a result of negligence are incidental. Naive or careless employees pose a significant threat to security, as it only takes one wrong decision to deliver information into the wrong hands.

Particular attacks include:

Phishing and spear phishing attacks, in which criminals purport to be a trusted source and solicit information from their target. Spear phishing attacks are particularly hazardous as attackers take time, do their research, and approach employees with a particularly well-informed demand under the guise of an official request.

CEO fraud is similar to spear phishing but takes things one step further by first gaining control of an email account of a c-suite employee. These requests are typically directed toward accounting departments to make sizeable financial transfers or payments.

Negligent behavior may not begin as an attack from an outsider. Instead, this can include taking physical devices to insecure places where they could fall into the wrong hands. In 2022, burglars stole a hard drive from a US Military analyst, exposing the personal details of more than 26 million veterans.

Acts of malicious intent

Unfortunately, sometimes the attacks originate on the inside. Disgruntled employees or contractors have been known to take advantage of their privileged access to reap personal rewards.

Malicious insiders may steal financial information, intellectual property (IP), or personally identifiable information (PII) they intend to trade for their financial benefit or use for competitive advantage. For example, after leaving the company in 2020, a former Google employee was jailed for taking trade secrets to Uber, his new employer. In 2019, an engineer breached Capital One’s systems and stole 100 million customer records and hundreds of thousands of social security numbers and bank details.

Keys to prevention

As leading data protection vendor Cyberhaven states, “Organizations must be able to address the risks from malicious insiders who intentionally steal sensitive data for personal reasons as well as users who can accidentally expose information due to negligence or simple mistakes.”

The key to mitigating risk is a proactive approach and a risk-aware culture. Consider these elements when designing your security strategy:

• Implement threat detection tools to detect non-standard behavior or access and risk assessments to identify areas of concern.
• Threat detection can also come via peer reports and employee diligence. Your organization should have a straightforward procedure for whistleblowing if employees are concerned about their peers’ behavior.
• User account administration is the best chance you stand against insider threats. Less privilege ensures employees have only the access required to perform their functions. Separation of duties guarantees no single user has access to all aspects of a system or process.
• Designing a risk-aware culture, including user training and education, is a first line of defense for preventing threats. Ensure cybersecurity is part of your organization’s day-to-day lexicon so that users know what to look out for and where to report risks when they arise.

Should an insider threat arise, ensure you do more than address the end user themselves. Insider threats point to where you can strengthen your systems or policies, regardless of whether the attack succeeds. Truly secure organizations regularly update their security approach to stay ahead of risks.

—

About the Author: Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves. Stefanie is also a writer for Bora.

The post Should Your Organization Be Worried About Insider Threats? appeared first on IT Security Guru.

The research commissioned by IT infrastructure solutions provider CAE Technology Services Ltd (CAE) of 200 IT leaders and professionals working in the UK showed that just 7% of IT professionals believe that security is at the forefront of their organisation’s strategic thinking.

While 92% agreed that security risks have increased in the last five years, two-thirds (62%) of respondents have seen increased security risks and pressures from their employers.

Almost half (48%) feel that rapid/forced deployment of new tools as a result of hybrid working has caused them challenges around security.

With flexible and remote working becoming more prevalent, there is now a higher risk of security breaches and cyber-attacks than ever before, with 39% of UK businesses identifying a cyber attack within the past 12 months.

Dene Lewis, Head of Technical Strategy and Direction at CAE, said, “These statistics reflect a concerning trend within UK organisations. The threat of cyber attacks is a reality that many UK organisations are facing, so needs strategic focus from leaders.

Although there are many different factors at play, UK organisations must take preventative measures to protect themselves against outside threats.”

Lewis concludes, “To address these issues, businesses must invest in the necessary tools and resources to protect their IT systems.

This includes implementing zero trust architecture and processes, regular security assessments, and employee training programmes to raise awareness of security risks and best practices.”

The post Almost half of IT leaders consider security as an afterthought, research reveals appeared first on IT Security Guru.

The study questioned senior decision makers across a range of UK small and medium-sized enterprises (SMEs), finding that more than half (57%) had suffered an online attack.

However, firms with an annual turnover in excess of £5 million were far more likely to experience cyber-crimes against their company (88%).

These attacks have led to serious consequences in many cases, with more than a fifth of cyber security breaches leading to businesses being forced to pay a ransom (22%).

Personal details are also under threat as these attacks compromised client and staff information in 26% and 23% of cases respectively.

Of those admitting to using company devices to spend time on inappropriate sites, common destinations include the dark web and sites containing pornographic material (both 17%).

Kevin Pratt, financial expert at Forbes Advisor, says: “The nature of the modern workplace means more online devices are being used than ever. This inevitably means that there are more ways that a business could suffer a digital attack. Our research shows that cyber security issues are incredibly common in this country, particularly among firms with a turnover of £5 million or more.

“We’ve also found that a significant proportion of British businesses are without any form of protection against online assaults, and it’s important to address this shortfall by highlighting the consequences of a cyber attack, such as financial losses and breaches of sensitive information.

“Companies can take a number of measures to protect against cyber-attacks, including anti-virus software, firewalls and VPNs. Prevention really is better than cure”

The post Nine In 10 £5m+ Businesses Hit By Cyber Attacks appeared first on IT Security Guru.

In fact, 75% of these credentials were stolen through data breaches and 25% were unknowingly obtained via malware infection/stealer.

Of this number, over 60% of the stolen user logins and passwords came from three of the highest regulated industries – IT/Telecom (23%), Energy and Utility (22%) and Finance (21%) amongst the world’s biggest companies.

Corporate credential theft is usually a targeted effort and make FTSE 100 companies especially vulnerable because many see them as “big game hunting”. “Once an unauthorised third party or initial access broker get hold of user logins and passwords, they can sell the credentials on the dark web to an aspiring hacker, or use them to compromise an organization’s network by bypassing security measures and moving laterally within to steal critical data and cause disruption,” said Victor Acin, Labs Manager at Blueliv, an Outpost24 company.

“Stolen credentials are dangerous because there is very little that can be done to identify and detect once an intruder is inside your system. Therefore, it’s important to proactively monitor stolen credentials and alert security to reset passwords upon discovery to reduce risk.”

The Financial Times Stock Exchange (FTSE) 100 Index is made up of the 100 biggest companies by market capitalisation on the London Stock Exchange. These companies represent some of the most influential and profitable enterprises on the market across various industry verticals. Within the FTSE 100 list, Outpost24 isolated the companies into eight key industries: Finance, IT/Telecom, Energy and Utilities, Healthcare, Transport, Retail, Construction, and Hospitality.

Ransomware groups from Conti to REvil are known to use stolen credentials to gain initial access, and the Colonial Pipeline take down was a prime example of the danger of even a single compromised password. Compromised credentials offer threat actors the fastest path into a company’s network and is a common issue that can go undetected if left un-monitored.

Further details of the study highlights:

• The majority (81%) of the companies within the FTSE 100 had at least one credential compromised and exposed on the dark web
• Nearly half (42%) of FTSE 100 companies have more than 500 unique, compromised user logins exposed on the dark web, putting them at risk of credential-based attacks
• Up to 20% of the stolen credentials for FTSE 100 companies were stolen via malware infection and stealers
• 11% of the breached credentials was disclosed in the last three months (21% in the last 6 month and over 68% has been exposed for over 12 month)
• Industry breakdown
  • IT/Telecom is the most at risk. The sector has the highest amount (7303) and average stolen credential per company (730). They are also most affected by malware infection
  • On average, healthcare has the highest number of stolen credentials per company (485) from data breach as they have found themselves increasingly in the cybercriminals’ crosshairs since the pandemic.

The full Outpost24 2022 FTSE 100 Stolen and Leaked Credentials report can be accessed here.

The post Research finds over 31,000 stolen credentials from the FTSE 100 on the Dark Web appeared first on IT Security Guru.

1. Establish how your organisation deals with data

The GDPR framework aims to make data controllers and processors accountable for data privacy beaches; one of the larger changes to regulations in the UK.
It is therefore crucial to find out whether your business is a data processor or a data controller, as not all organisations involved in the processing of personal data have the same degree of responsibility. Data controllers are liable when it comes to data protection and are held responsible for protecting it.

2. Prepare your staff for changes

It is important for businesses to prepare staff on how GDPR will impact them, from day-to-day running to the severity of penalties received due to security breaches.
Carrying out regular training, both in the lead up to May 2018, and at routine intervals thereafter, will increase staff awareness of their responsibility within the legislation and encourage proactivity in safeguarding against potential cyber attacks.
For many companies, ensuring compliance once the regulation has gone into effect will be too little, too late. Proactive preparation is key to ensuring your business is not fined under the GDPR; it is vital that businesses keep staff up to date with any changes expected of them in job activity, before they occur.

3. Update processes and procedures:

The biggest change that GDPR will bring to businesses is the level of accountability they have for security breaches. The legislation increases the pressure for businesses to understand the risks which poor security measures create and take steps to reducing those risks.
In order to protect data, companies will be required to implement ‘a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing’ (Regulation (EU) 2016/679).
Under the GDPR, businesses will need to create a framework in which privacy at the forefront of all processes and procedures

The post Three ways to prepare your business for GDPR appeared first on IT Security Guru.

Cyberattacks and data breaches are two of the greatest concerns for modern businesses – but making sure your business has access to greater security needn’t cost the earth, according to one expert.

The WannaCry ransomware cyberattacks that affected the NHS and other organisations across the world shows that it’s not just SMEs which are under threat. What’s more, the very nature of cybercrime means safeguarding against attack is incredibly hard to plan for.

However, says David Hubbard, deputy managing director of ValueLicensing, which specialises in the identification and resale of Pre-owned Microsoft Volume Licences, upgrading security doesn’t have to be as costly as the media has portrayed it this weekend.He said: “The recent WannaCry ransomware attack on businesses follows reports that online incidents now report for half of all reported crime.

“While cybercrime can be devastating for a business, it’s understandable given the media attention that some company owners delay their investment in securing their systems as they simply think it too expensive. This is the costly mistake the NHS – and so many organisations – have made.

“However, it doesn’t have to be that way. Windows 7/8.1/10 Enterprise Operating Systems and Windows server 2008/2012R2/2016 have additional security features and can keep your PCs and data safe by making them more resistant to all forms of malware, including those that use phishing attacks and rootkits.

Cybercrime cost UK businesses £29bn in 2016, with 2.9 million British businesses being affected in some way. ValueLicensing is urging companies of all sizes who don’t want to become part of this statistic to get in touch.

David added: “ValueLicensing can offer low-cost solutions for Systems still running Windows XP/Vista to Windows 7/8.1/10 and Windows Server 2003 to 2008/2012R2/2016. It is essential that companies have Operating Systems installed that continue to receive support from Microsoft, therefore reducing the risk of further attacks.

“What’s more, installing this software means that businesses won’t have to make costly investments in complementary hardware, which is what puts so many business owners off upgrading their security.Pre-owned licenses offer 35% to 70% savings as compared to buying new licences through traditional vendors.

“I’d urge any business owner who is worried about this weekend’s cyberattack to consider pre-owned licenses as a cost-efficient and secure solution.

ValueLicensing is a registered Microsoft Partner and Reseller.

The post ValueLicensing reduces the cost of the war on cybercrime appeared first on IT Security Guru.

1. Perfect the business vision

Businesses need to ensure they have an end goal and there is a clear vision for what needs to be achieved through IoT. This vision needs to be looked at on a larger scale, not just as creating ‘smart’ devices, but enlightening the business by providing customer behaviour intelligence and company activity for the purpose of improving business productivity and cutting costs. There is always room to go beyond the initial end goal as well, by speaking to partners about the future of IoT and the wider impact for industries and businesses.
 Create a clear strategy
Having established a vision, businesses must have a clear strategy for implementing the IoT estate. It is tempting to think everything that has the ability to connect should be connected, but it is essential companies decipher which devices need to be connected from a business sense, rather than connecting every device as soon as possible.
Within this strategy, businesses need to ensure there are key tools in place to troubleshoot and diagnose IoT problems, and have an experienced IT team to support the IoT infrastructure. A comprehensive strategy will empower workers and allow the company to transform the business, unleashing endless possibilities as a result and help to reach critical growth for their business.

3. Start with what you know

After establishing a clear IoT strategy, a good starting point for introducing IoT is to analyse the data the business obtains in order to make strategic decisions. Rather than rushing and connecting all of the devices, start with devices that are familiar to the business amongst employees using the technology they actively work with day to day, and then expand from there.
The first natural step is to analyse mobile devices. Most employees have the ability to access company data from wherever they are, therefore a robust mobile strategy can vastly improve customer service delivery, business productivity, but most importantly, secure mobile devices for the increasing mobile workforce.

4. ‘Dumb terminals’ and stationary objects

Once there is an established mobile strategy, you can look to the ‘dumb’ terminals within the company. These are the devices, such as routers or printers, that are consistent and do not move. A smart printer can collect data which can be analysed to alert employees to various issues, if the device is running low on supplies or if it needs servicing for example. This data will result in improved productivity and efficient cost savings within the office environment.
Companies can also look at connecting other stationary objects within their office space such as fridges, which can digitally track expiry dates as well as reorder food that is running low, resulting in less waste and thus promote efficient cost savings.
 What about the future?
Having established an IoT business critical vision for simple devices, companies can progress to looking at their workforce infrastructure as a whole. Devices that move frequently, for example office doors, all have the potential to become connected. Sensors connected to doors can feedback information on who is entering certain rooms and at what times. As well as this, some connected entrances have the ability to unlock with just a voice command.
With that said, businesses need to ensure that they are not connecting objects for the sake of it. For example, a simple chair does not need to be connected, just so it can feedback on when it has been pushed into a table. There needs to be a business critical focus in deciphering which devices become connected, and which need to be left alone.
Internet of ‘some’ things
By following these five golden rules, companies can adopt a strategic approach to IoT, by connecting some things rather than the internet of ‘every’ thing. Only devices that are critical to the business need to be connected. Unnecessary IoT adoption will result in time and resources being wasted and won’t provide any asset to the business. The possibilities for IoT are endless, but companies need to follow the structure of these golden rules to avoid becoming lost in the ever-growing IoT explosion.
By Jordan O’Connor, Technical Lead EMEA at SOTI

The post How to avoid being lost in the IoT explosion appeared first on IT Security Guru.

The post In the DDoS-for-hire business, customer service matters appeared first on IT Security Guru.