However, in cybersecurity, it seems as though the industry is a step or two behind, instead of being ahead of the curve in how it is handling this problem.  

Looking at the stats alone, research has shown that from 1000 security professionals, 51% had been prescribed medication for their mental health. In addition to that, almost a third of CISOs have considered quitting their organisation sighting ‘burnout’ as a significant factor for wanting out.  

It is a clear and present issue.  

With the sector already suffering from a global skills shortage, ensuring those working or seeking employment in cybersecurity are looked after is imperative for its survival. Without these individuals, no one would be safe in the digital world we live in. 

Well, how have we got to this stage and how can we, as an industry, address mental health before more damage is done? At the IT Security Analyst & CISO Forum 2022, questions were posed to both leading CISOs and analysts on how big of a problem stress and burnout was, whether is it was negatively impacting the workforce’s productivity to deliver its objectives and, what can be done to solve it.  

The consensus from the room was that the industry is suffering badly from stress, fatigue and burnout, which is filtering from the senior security positions down through the chain of command to the general workforce.  

One CISO believed stress came with the territory of the positions and responsibilities they handled daily. Of course, stress is found in every profession but when reality involves existing on coffee and a lack of sleep, this is a recipe for disaster.  

This has become the norm for many unfortunately, but they wanted this to be reversed as it was not conducive to their overall mental health. There was a perception that CISOs and security professionals have this “macho” or “heroic” exterior, yet there is underlying damage being done to their wellbeing due to their profession.  

Fortunately, as senior security leaders, they all understood change was necessary. They did believe this was more management than a sole information security issue which needed to be fixed. 

Each provided ways in which a change in working culture could be achieved. For instance, beginning with words of encouragement such as saying thank you, congratulating a team member on an achievement or recognising good work. These small gestures matter and can go a long way toward changing a person’s attitude, reducing anxiety levels and even de-stressing them.  

Furthermore, communication is key and advocating regular check-ins with colleagues can build a strong support base for everyone which in turn will benefit the team and overall productivity.  

Of course, there will be stressful moments which everyone will come across, but they don’t need to occur every day.  

The world has gone through some dramatic shifts during and since the pandemic, with many people experiencing strains and difficulties on their mental and physical health. What we want to avoid is our peers being drawn towards unhealthy coping mechanisms that will impact their psychological and physical health.  

Here are a few recommendations to try and avoid such a situation happening: 

• Use words of encouragement  
• Set clear achievable goals and celebrate the successes 
• Have healthy amounts of sleep and exercise  
• Have dedicated well-being programs that focus on mental health and neurodiversity 

• Have a culture that normalises and advocates for mental health 
• Seek out applications that can help improve wellbeing and productivity I.e. The Zensory 

Regardless of our profession, industry or role, we all have a duty to help support an individual in need. Thankfully, there are many resources available online to point you in the right direction. Just know, you are not alone and there will always be someone willing to listen and help.  

The post Is there a problem with stress and burnout in cybersecurity? appeared first on IT Security Guru.

For Roberts, automation has helped the cybersecurity industry immensely, both in terms of the technology and solutions that have spawned from its arrival but also in alleviating some of the strain placed on organisations. 

With the lack of skilled people within our industry, with automation, you can address issues 24/7. Automation is helping the cyber industry enhance and distribute threat intelligence quicker than ever before. 

When speaking with customers, the need for better and quicker intelligence to lower their time to detect a threat is key and we want to get this as low as possible. This will in turn reduce their time to remediate metrics. We are seeing the productivity of threat actors rapidly increasing – for instance we are seeing double the number of ransomware attacks, so we want customers to protect their data and improve their detection and response times and automation is helping us achieve that.  

There is a lot of value in automation, and I think organisations are starting to realise that across all verticals. We will see a large increase in automation as we progress through the next 12 to 24 months. 

With that said, Roberts believes automation is only part of the answer when tackling modern threats seen today and explains how Fortinet has been harnessing its capabilities to remove mundane tasks. 

We [Fortinet] have automated the distribution of the latest indicators of compromise (IOCs) and saved a load of time for the SOC analysts to ultimately allow them to do more interesting threat hunting activities. So, they get less bored. They don’t wake up getting excited about firewalls etc.  

These individuals get excited about examining the latest behavioral movements of an ATP or malware. We are seeing huge rises in Ransomware as a Service where for less than a couple hundred dollars threat actors can get their own customisable malware service kit. Also, bug bounties are happening in this underworld whereby ransomware groups are offering bug bounties for their ransomware threats. It has become a fully-fledged industry now.  

So yes, automation is great in helping to tackle the difficult fight against the latest security threats.  

Yet, with this new reliance on Automation, is there a real risk that human intervention could be replaced entirely, and jobs being lost? Industry professionals surveyed felt that by 2030, AI would replace humans in cybersecurity… 

At the moment, no, but who can predict the future. Right now, automation is there to add value. Whenever I talk to customers the first thing, I say is we are not talking about automation to replace people. We are talking about utilising automation to remove boring mundane tasks. By taking these away, we enable your employees to have more time to train and elevate themselves by allowing them to concentrate on threat hunting or project related work. This ultimately creates more value to the organisation by removing the incredibly boring work that no one wants to do.  

There will always be a critical place for a human within cybersecurity and to be part of the process. 

The conversation then steered to how the industry can close the skills gap and how everyday people can play their part in improving cyber hygiene. Robert’s claimed that it is everybody’s responsibility whether they like it or not to participate in cyber hygiene.  

Everyone has an opportunity to improve their own understanding. As a result, it will make their use of technology more enjoyable, pleasurable and will probably have a lower level of fear when using these devices because of the raised cyber hygiene knowledge. This will then have a positive knock-on effect on industry as there should be less devices in use that are at risk of compromise – whether that be botnets, RATs etc. 

During the pandemic, Fortinet announced that our training material would be made free of charge allowing members of the public the opportunity to improve their cybersecurity awareness. Signing up was free and it was great for families to give them a level of understanding that would benefit them now and in the future. 

Bringing an end to the discussion, Robert’s has no doubt that automation is here to stay with its impact on the cybersecurity industry being more than noticeable in helping in the fight against cybercrime. Roberts believes more can be done, especially by the everyday person, to take responsibility upon themselves to improve their own cyber hygiene. However, to say that cybersecurity can totally depend on technology without human intervention is too bold to say. Instead, striking a balance between human expertise and automation will be the desired combination in years to come for successful cybersecurity. 

The post In conversation with Chris Roberts, Business Development Manager at Fortinet appeared first on IT Security Guru.

Hermit is likely developed by Italian spyware vendor RCS Lab S.p.A. and Tykelab Srl, a telecommunications solutions company that may be operating as a front company. RCS Lab, a known developer that has past dealings with countries such as Syria, operates in the same market as Pegasus developer NSO Group Technologies and Gamma Group, which created FinFisher. This discovery appears to mark the first time that a current client of RCS Lab’s mobile spyware has been publicly identified. 

Hermit is a modular surveillanceware that hides its malicious capabilities in packages downloaded after it has been deployed. Researchers were able to obtain and analyze 16 of the 25 known modules. The modules, along with the core malware’s permissions, enable Hermit to exploit a rooted device, record audio and make and redirect phone calls, as well as collect data such as call logs, contacts, photos, device location and SMS messages. 

“This discovery gives us an in-depth look into a spyware vendor’s activities and how sophisticated app-based spyware operates,” said Justin Albrecht, Threat Intelligence researcher at Lookout. “Based on how customizable Hermit is, including its anti-analysis capabilities and even the way it carefully handles data, it’s clear that this is well-developed tooling designed to provide surveillance capabilities to nation-state customers. What’s also interesting is that we were able to confirm Kazakhstan as a probable current customer of RCS Lab. It’s not often that you are able to identify a spyware vendor’s clientele.” 

Lookout researchers theorize that the spyware is distributed via SMS messages pretending to come from a legitimate source. The malware samples analyzed impersonated the applications of telecommunications companies or smartphone manufacturers. Hermit tricks users by serving up the legitimate webpages of the brands it impersonates as it kickstarts malicious activities in the background. 

The post Lookout Discovers Android Spyware Deployed in Kazakhstan appeared first on IT Security Guru.

The results revealed that some departing employees present disproportionately significant cloud security risks. In their last 30 days of employment, workers have been proven to be uploading three times more data than usual to personal cloud apps.

Commenting on the news, Robert Golladay, an EMEA and APAC director at Illusive,  offered the following insight: 

“Netskope’s finding that employees are adding 3X more data to personal applications in the last month of their employment should be a wake-up call for any companies that aren’t prioritizing insider threats. Companies need specific policies outlining the process for ‘logging off’ from their networks as employees leave and need to establish methods for managing risk of outgoing workers. Conducting red team exercises to help trace the paths back to critical assets can help security teams identify the holes in their systems and vulnerabilities ex-employees can take advantage of. 

In addition to data theft on departure, there’s other exposure and risk that an insider’s knowledge creates for an organisation. An insider’s credentials and environment information represent an attractive alternative route to create a beachhead for threat actors looking to get their hands on the crown jewels. It’s important for organisations to have a strategy to detect insider threat indicators that often manifest as “crimes of opportunity.”

The post Departing employees pose significant cloud security risks, report finds appeared first on IT Security Guru.

This combination will create one of the largest cybersecurity providers in Europe and provide the most advanced threat landscape monitoring solution. The objective: to help businesses identify threats targeting their organizations and dramatically reduce risk exposure.

“It has been a difficult 18 months as many organizations struggled to mitigate the growing number of vulnerabilities and attacks coming from all directions, along with a lack of context about risk in relation to the external threat environment,” said Karl Thedéen, CEO of Outpost24. “Because of this, automated and continuous threat intelligence has become critical. The combined solution will empower our customers to accelerate risk reduction by giving them the threat context to prioritize remediation efforts and increase security efficiency like never before”.

Widely regarded as one of Europe’s leading cyber threat intelligence providers, Blueliv has built a trusted name within the security industry. Its pay-as-you-need modular architecture provides customers with streamlined, cost-effective intelligence delivered in real-time. Blueliv’s flagship product, the Threat Compass, is built from a customizable group of targeted intelligence modules which radically reduces attack success rates and improves incident response performance. The intelligence gathered from open, deep and dark web also helps power the Blueliv Threat Exchange Network, which is designed to encourage members to share news and indicators of compromise, and offer a live cyber threat map for tracking crimeservers and malicious IPs.

“As we both continue on our mission to help businesses and security teams become more efficient and secure, there are many similarities between Outpost24 and Blueliv which will make this acquisition ideal to provide our joint customers with a unique security offering,” said Daniel Solis, CEO & Founder of Blueliv. “By sharing our knowledge and combining our best-in-class threat intelligence with Outpost24’s full stack security assessment platform, we look forward to setting a new standard for threat landscape monitoring together.”

According to Gartner, “threat intelligence is evidence-based knowledge about existing or emerging menaces or hazards to assets. CISOs should plan for current threats, as well as those that could emerge in the long term.” With cybercriminals continually evolving their methods to exploit valuable and sensitive information from businesses, cyber threat intelligence has become an important pillar within an organization’s defense to help security teams protect against sophisticated attacks.

With the recent news of Microsoft acquiring RiskIQ, the demand for increased cybersecurity services is growing, especially with the rise of ransomware.

The post Outpost24 acquires threat intelligence provider Blueliv appeared first on IT Security Guru.

While there is not enough evidence to ratify the claim, it does not seem too far-fetched considering the circumstantial evidence at hand. There has been a significant influx of reports by PS3 users in PSN forums recently, regarding them being banned for no apparent reason.

Hackers are suggesting this might be the result of a data breach that left a list with all the serial ID numbers of all Sony’s PS3 consoles. Sony allegedly didn’t have stringent security measures in place to prevent a breach like this.

“This attack doesn’t appear to be particularly sophisticated,” said Michael Barragry, operations lead at Edgescan. “However, the impact on users looks to be significant“, Barragry added.

According to Barragry, even though it was only a list of Serial IDs of consoles that was leaked, a malicious user could easily automate a script to simulate these consoles being jailbroken, which results in a user ban.

“It’s an example of a breach of data which is effectively anonymised, but can still be abused to effect users indiscriminately,” he concluded.

The post PS3 users reportedly banned from their accounts as a result of possible data breach appeared first on IT Security Guru.

• IT security professionals noted a near-universal shift to work from home; only a third said it was “smooth”
• Cloud infrastructure investments, access request, identity/access lifecycle management, identity process and workflow, and role management technologies all saw increased priority among at least half of security teams
• Thirty-one percent said COVID caused the increased priority for cloud infrastructure investments and access request technologies

A newly released global survey reveals IT and security team attitudes regarding their responses to COVID-19-driven work environment changes. The One Identity-commissioned research, which surveyed 1216 IT security stakeholders between August 20 and September 3, 2020, shed insight into IT best practices that have emerged in recent months, and how organisations rushed to adopt them to maintain a secure and efficient virtual workplace.

According to the survey, IT security professionals universally (99%) said their organisations transitioned to remote work because of COVID-19, and only a third described that transition as “smooth.” Better than six in ten (62%) respondents indicated that cloud infrastructure is more important now than 12 months ago. Thirty-one percent attributed this shift directly to COVID-19. The cloud has become front and center to the new working reality, creating flexibility for employees. These results demonstrate that the previous level of attention to cloud deployments, while notable, does not appear to have been nearly enough to accommodate the dramatic computing shift across organisations.

“This research makes it clearly evident that cloud computing has been a lifesaver for many enterprises as IT teams pivoted and supported the massive shift to working away from offices,” said Darrell Long, president and general manager at One Identity. “While we knew the pandemic-driven changes were sudden, what was particularly notable was how strongly the results proved that organisations had to turn their focus on the immediate challenges presented by the aggressive move to cloud computing, chiefly finding solutions that streamlined administering and securing who has access to what and how.”

Shifts in priorities indicate organisations are turning their focus on tackling the security basics. When compared to 12 months ago, 50% of respondents are placing a higher priority on access request technologies, and 31% said this change in prioritization is because of COVID.

Identity/access lifecycle management, identity process and workflow, and role management all saw increased priority among at least half of those surveyed.

Perhaps shell shocked, only 45% of IT security professionals indicated they are prepared for the IT changes necessary when their employees move back to organisations’ offices, according to survey results. Yet, two thirds (66%) expressed increased confidence in the effectiveness of their identity management programs post COVID-based changes.

“We now know the truth: the COVID pandemic did not change the need to be productive, nor did it change the regulatory compliance requirements companies face, but clearly IT and security teams scrambled to shift their systems to accommodate work from home in a secure and controlled way,” said Long. “Companies and organisations were helped to an extent by cloud investments that prepared them pre-COVID. However, most of them are still dealing with new challenges as employees adapt, IT and security teams effectively respond to the challenge of providing effective processes for gaining access to the resources needed for the workforce to do their jobs and security challenges associated with this new working environment.”

An in-depth analysis of the survey study – “And the Survey Says: Insights gained from the annual One Identity Global Survey” presented by Todd Peterson, IAM Evangelist – will be presented during the live session of One Identity’s UNITE virtual user and partner conference, starting at 11 am EST/5 pm CET on November 10, 2020. Registration is free through the online site.

About the 2020 One Identity Global Survey: “Identity Governance and Administration for the New Computing Normal”

Conducted by Dimensional Research, One Identity’s 2020 Identity Management and Governance study surveyed IT security professionals from midsize and large enterprises on their current experiences, trends and approaches to Identity Governance and Administration (IGA) and Application Lifecycle Management attitudes – especially in regard to responding to COVID-19-driven work environment changes . The study consisted of an online survey of IT professionals in midsize or large organisations with responsibility for security and who are very knowledgeable about IAM and privileged accounts. A total of 1,216 individuals from the U.S., Canada, U.K., Germany, France, BeNeLux, Nordics, Australia, Singapore and Hong Kong completed the survey. Responses were captured between August 20, 2020 and September 3, 2020.

The post 45% of IT security professionals aren’t ready for their organisations to return to work from their offices appeared first on IT Security Guru.

It is believed only 0.02% of data was taken from the servers and in a statement the university said: “After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker.

The statement continues: “This was done as a proactive and preventive step to ensure information was not released on the internet.

“The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” University of Utah officials added.

The post Ransomware hit University of Utah pays up appeared first on IT Security Guru.

Furthermore, the Cybersecurity: Building Business Resilience report claims that business spending on cybersecurity will double to £136bn this year. Given the high demand for cybersecurity services, UK companies have been quick to match the needs of those looking to protect their systems.

The post Cybersecurity has become the fastest growing start-up sector in UK appeared first on IT Security Guru.

It’s unfortunate to hear Boyce Technologies, an FDA-approved ventilator manufacturer, has had critical information stolen given they produce low-cost ventilators in just 30 days. It is believed the data stolen includes sales, purchase orders, assignment forms and more.

The company is yet to release an official statement on the attack.

The post Hospitals impacted after hackers target ventilator manufacture during Covid-19 appeared first on IT Security Guru.