Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Charlie Thomas of Deepwatch digs deep into cyber resiliency and why MDR is paving the way for the future of cybersecurity.

Is cybersecurity working?

The straight answer? Partially. It’s definitely helping, but it could be much better. The Splunk 2023 CISO Report released in October states that 96 percent of respondents experienced a ransomware attack, and 83 percent paid the attackers. I’m not an alarmist, but these numbers certainly grab your attention.

Having led a managed security provider for the last six years, providing cyber protection for hundreds of major enterprises across many industries, including finance, healthcare, manufacturing, retail, services, infrastructure, hospitality, and others, we have seen many approaches, including many successes and some shortcomings.

MDR: Paving the Way to Cyber Resiliency

Minding the Gaps

I continue to see gaps in the fundamentals of successful cybersecurity programs. These gaps include updating firewall configurations, auditing policies regularly, applying policies such as deep packet inspection, or updating firmware and system policies on edge devices.

As an industry, we’re good at protecting against older attack vectors, the known knowns. Still, as we advance and increasingly migrate to the cloud, where day-to-day maintenance is off-loaded to third parties, the industry is no longer as diligent about remaining legacy elements of its environment.

Here are some questions to consider with your existing cyber tools:

• Have you deployed the latest agent version available on your endpoint detection?
• Perhaps you intentionally delay installing the latest software version because you don’t want your business to be a beta customer. Understood. But how many revisions are you behind? Is this n-2 applicable across all of your agents for that endpoint?
• Same questions on your firewall – when did you last audit your existing firewall policies and active rules or cloud compliance policies?
• Do you have any vulnerability scanning gaps? Authentication issues for authenticated scans? Connectivity issues with network scans? Scanning external assets that aren’t part of your environment?

None of these are the interesting or innovative areas of cybersecurity, but in the same way we develop tech debt in the coding world, we also develop security debt.  As an industry, we look to cyber tools to solve the next big thing that drops. For example, generative AI and hyperautomation are changing how cybersecurity is managed and coordinated. However, these exciting new technologies cannot solve every issue, including the security tech debt mentioned above.

The new generation of cybersecurity will leverage language models to meld disparate systems to get more value out of the tools you have already acquired. Managed Detection and Response (MDR) has become the glue of advanced detection and response. Cybersecurity is working, but it could be more consistent and more effective. It requires discipline, rigor, automation, innovation, continuous learning, and inspection.  MDR will continue evolving and will soon become the platform and intelligence engine that can direct swift, accurate responses, verify capabilities, and communicate the tactical and strategic upgrades needed. The new generation of MDR will enable enterprises to become cyber resilient.

The Challenge of Defending Expanding Attack Surfaces

The transformation of corporate networks has ushered in a host of new vulnerabilities and complexities. The expansion of internal and external attack surfaces has been driven by the widespread adoption of cloud infrastructure, Software as a Service (SaaS) platforms, the exponential increase in endpoints, and the prevalence of remote work arrangements. IBM’s State of Attack Surface Management report highlights that a staggering 67 percent of organizations have witnessed the expansion of their attack surfaces in recent years, with 69% falling victim to compromises through internet-facing assets.

As if these challenges weren’t daunting enough, critical threats are multiplying, spurred by the surging ransomware industry. Ransomware attacks, in particular, have become more brazen and destructive. The persistent threat of information-stealing malware, the exploitation of internet-facing vulnerabilities, and the infiltration of open-source code demand ongoing vigilance from organizations.

Alarming statistics reveal that a staggering 26,447 software security flaws occurred in 2022, with the number of critical vulnerabilities (CVEs) rising by 59 percent compared to the previous year.

New threats continue to evolve at an alarming pace. The market has experienced significant surges in new malware designed to steal sensitive information and increased credential-harvesting websites. Notably, GitHub source code repositories have become increasingly attractive attack surfaces, while container files persist as common vectors for delivering malicious software through social engineering tactics.

We expect the exploitation of vulnerabilities to persist as the primary method for gaining initial access, closely followed by phishing and credential abuse.

Interestingly, the global cybersecurity community’s willingness to share security research and analysis inadvertently provides cybercriminals with insights into their adversaries’ tactics, techniques, and procedures.

The Pivotal Role of MDR

Modern MDR services have emerged as the linchpin in bolstering organizations’ resilience against these multifaceted threats. These services provide highly effective, efficient, remotely delivered, and human-led Security Operations Center (SOC) functions, seamlessly integrating with existing cyber tools, internal teams, and operations.

One of the primary advantages of MDR providers is their ability to deliver continuous 24/7/365 SOC coverage, eliminating the need for internal staff to work night and weekend shifts. This results in constant monitoring, proactive threat hunting, and swift detection and response capabilities. As a result, organizations can identify and remediate cyber threats before they inflict significant damage.

The growth of standalone security tools, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR), has placed a considerable burden on security teams. Managing an average of 76 cyber tools in an enterprise has become daunting. MDR services excel when operating in close partnership with a customer’s internal security operations team. This collaboration leads to a high level of automation, enabling faster detection and response actions through predefined and custom escalation workflows, thereby significantly reducing risk.

MDR providers offer expert guidance for prioritizing threats according to the appropriate response level. They have become experts in harnessing machine learning, artificial intelligence, and automated tools to detect and rank threats. MDR providers enhance threat hunting and enable real-time investigation and response coordination, ultimately elevating a company’s security posture.

One of MDR’s core strengths, distinguishing it from other solutions, is its turnkey Threat Detection, Investigation, and Response (TDIR) capability. If you had $100,000 to invest in protecting your company’s brand, data and reputation, how would you invest it?

• Defense (Identity, Endpoint, Cloud, SIEM, Vulnerability Management)
• Detection (Endpoint, XDR, MDR)
• Response (MDR, Incident Response)
• Backup (Storage)
• Recovery (MDR, Incident Response, Internal or External Cyber Team)
• Insurance (increasingly expensive and complicated to obtain)

All are important, and a compelling argument can be made for each. Most likely, you cannot support all of these within your budget. If you start with the assumption that a breach is inevitable, then your investment strategy might shift. Cyber resilience, the ability to respond, withstand, and recover from a cyber attack, rises to the top of any priority list.

Cyber Resilience in a Dangerous Digital World

As organizations grapple with the formidable challenges of recruiting, training, and retaining qualified security experts to confront the unprecedented spread of cybercrime, managed security services such as MDR have emerged as indispensable assets. They fill a critical need for cyber resilience in an increasingly risky digital world, helping organizations navigate cyber threats’ intricate and evolving landscape with confidence and effectiveness.

The post MDR: Paving the Way to Cyber Resiliency appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Steve Benton of Anomali takes a closer look at AI in the SOC and asks the burning question: “Should you hire a bot?”

The possibility of AI has been inspiring for everyone, and, as a result, we’ve seen a rush by both consumers and enterprises alike to adopt AI-powered tools and gadgets. CISOs have had little time to think about how to best use AI, educate their employees about its benefits and risks or create and implement the proper security guardrails and policies.

As a former CSO for a large global organization, I understand the enormity of the challenge. Yet implementing a complete company ban on the technology is not the answer. Instead of becoming the “Ministry of No”, CISOs need to be the “Ministry of How”, which begins by treating AI as a potential new hire to make sure it is the right fit for your organization.

AI in the SOC: Should You Hire a Bot?

Create a Job Description for Your AI-powered New Hire

Today we are seeing the rise of Hybrid SOCs, where AI-constructed analysts are working alongside human analysts. Unfortunately, we are seeing a lot of organizations create specifications for AI on the fly, which increases the risk and reduces the value of their investment. Instead, think of that AI-powered tool as a new person joining the team and first put together a job description that answers the following questions:

• What do you expect AI to do?
• How will it operate?
• How will AI work with other human analysts and/or other technology?
• What will it allow my analysts to do better?
• What skills and experience does it need to have to be effective in the organization?
• How do you plan to handle privacy?
• How are you going to train it?
• How are you going to look after it?
• If something goes wrong, how will you rebuild it?

Now that you understand the role the technology will play in your SOC, test it. Whenever CISOs recruit human analysts into their SOCs, they often will give them actual technical exercises to perform to prove that they’re going to be an asset in the security operation for that business. Why wouldn’t you do that before adopting AI into your SOC? Once the AI technology is adopted, just like an employee, gather feedback on its performance and identify other training needs they might have. Be sure to put in place an effective feedback loop.

AI Will Not Replace Humans

While AI can help analysts manage and prioritize the alert “merry-go-round” and other tedious tasks, it doesn’t mean you should replace human analysts with racks of machines. AI is just freeing up the human analysts to deal with bigger problems and actually get out ahead of the security threats and make the security posture more dynamic so it can flex based upon the threats that are coming towards the organization. AI has the ability to process vast amounts of information beyond human capacity.

There is no doubt that every SOC is constrained by the limitations of data they can humanly process – the rest – the ‘Dark Data’ – holds the full picture of threats, which means that SOCs are only ‘solving what they can see’. But with advances in big data and AI, actionable visibility into this Dark Data bonded with the latest threat intelligence is possible at machine speed. The insight from this is a game-changer!

Yet no matter how good we may think AI is, it is not a replacement for a human being. A human has the ability to think outside of a box that’s been defined for it, to intuit, and to make a leap that an AI-powered analyst might not make. Keep in mind that the bad guys will continue to be bad guys, i.e. bad humans, and they will be using AI, of course, to assist them in flexing, morphing, and modifying their attacks. Yet our adversaries will always have humans involved in part of their offense, so we should not disadvantage ourselves by taking humans out of the equation on the defensive team.

AI should never be in a position to unilaterally affect operations, especially those that involve other human beings, and potentially their safety. It needs to be used alongside humans, and humans need to be involved in what’s happening, including any key decisions that it is proposing, unless you have completely satisfied yourselves that there is no threat to the organization or any of its employees or customers.

The Future of AI in the SOC 

It is still early days for completely understanding all the possible use cases of AI in the SOC. I expect we will learn more as we continue to see greater collaboration among AI technology providers, security practitioners, and customers, who are using the tools to defend against persistent, fast-changing adversaries. I’m optimistic – I already see a lot of positivity in how AI is earning its place in the SOC and becoming more applicable and trustable.

The post AI in the SOC: Should You Hire a Bot? appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Zibby Kwecka of Quorum Cyber examines the current and future states of quantum computing, and the inevitable threat of a quantum attack.

The threat of quantum computing is very real, today. As of July 2022, 25 percent of Bitcoin and 66 percent of Ether are vulnerable to quantum attacks (Deloitte, 2023). These can be secured with action, however, even if a small number of these currencies are stolen, the market disruption may significantly devalue assets. Quantum computers have the potential to solve certain complex mathematical problems significantly faster than classical computers. One of the most notable implications is their ability to break encryption algorithms that rely on the difficulty of factoring large numbers or solving logarithm problems. There are theoretical methods to crack our current encryption methods that would be possible on a conventional computer, however widely inefficient. Quantum will allow the cracking of keys thousands of times more efficiently, making it possible to break today’s encryption in just a few cycles. Thankfully, for now, scale remains a problem for quantum computing.

Once quantum computers become a tool that’s commercially available and matured, it’s expected attackers will take advantage of this to break current encryption methods, creating a significant risk to the security of our sensitive data. Using this technology as a platform for an attack is a concern for organizations, not just on the cryptography front. The threat of quantum computing becoming part of an actor’s offensive toolbox is likely. Taking advantage of decryption techniques, forging certificates, or its potential ability of rapid machine learning, could vastly speed up network recon and eavesdropping, and forging identities.

The Threat of Quantum Computing

The Development State of Quantum Computing

Just because quantum computing isn’t here yet doesn’t mean we shouldn’t be aware of the risk. Data may already have been stolen, or ‘harvested’, for later yield. While it may not be currently feasible to decrypt your data yet, once it becomes a viable and affordable measure through quantum computing, harvested data and communication traffic could be decrypted. This may be assisted by projects from Microsoft and IBM aiming to offer cloud-based multi-quantum computing facilities on a consumption model.

The National Institute of Standards and Technology (NIST) has been calling for the development of encryption methods that would remain resistant to the advantages of quantum computing, with the first four quantum-resistant cryptographic algorithms announced back in 2022 (NIST, 2022). There is a future of using quantum computers to vastly improve our digital security, but there’s a risk of being in a very dangerous limbo between the threats posed and the future of greater security. Currently, there are several limitations preventing development at scale, which may take years to overcome.

The Inevitable Threat of a Quantum Attack

The most likely quantum attack would involve breaking cryptographic systems of communication methods we use today. This isn’t just a future problem; however, it’s happening already. The widely known ‘Harvest Now, Decrypt Later’ operations store stolen information that will later be decrypted using advanced technology. This might be years away, but depending on the sensitive information, it could still enable extortion against organizations or individuals. It’s a compelling argument to encourage businesses to purge old data that’s no longer required.

Future cyber-attacks will involve hybrid approaches that combine classical and quantum computing techniques. Quantum computers are great at operating in parallel states, and thus, it would be natural to apply them to fuzzing systems and finding vulnerabilities. The added fuzzing ability of quantum computers could drastically speed up attacks aiming to penetrate a system. Fuzzing tests programs by using numerous randomized inputs, and could be a perfect use for quantum machines.

The AI-Assisted Evolution of Post-Quantum Cryptography

Current RSA encryption relies on 2048-bit numbers. In 2019, quantum computers were only able to factor a 6-bit number. In 2022, that number only increased to 48-bits under a highly specialized environment (Swayne, 2022). There is the expectation within the next 10 years we could be at a point where current encryption methods are at risk. The current development is exponential (Deloitte, 2023). A recent mandate from the US Congress declares a 2035 deadline for quantum-resistant cryptography to be implemented (Executive Office of The President, 2022), but it could be sooner.

The exponential development of artificial intelligence (AI) underway may, at some stage, support scientists in solving some of the challenges currently faced. For a quantum computer to undertake a task the problem statement must be translated into a format a quantum computer can actually work with first. This is a laborious task, and hence apart from the high cost of entry to the quantum computing attacks because of the hardware costs, there is an even higher ongoing cost associated with translating targeted problem statements into something that can be tested. This is why cryptographic use cases are currently prevalent when quantum is discussed. They are repetitive, as we only use a handful of cryptographic algorithms to secure the digital world. However, AI will one day enable us to rapidly create translations of human-readable problem statements, and software to be tested, into the code that can be processed by a quantum computer, and this is when the full capabilities of this technology will be reached.

Preparing Yourself for the Quantum Future

There are several actions that should be considered:

• Stay aware of those impending cryptography-related risks and actively monitor quantum developments
• Review cryptographic management processes
• Maintain and update cryptographic algorithms
• Develop a roadmap for changes to cryptographic mechanisms required to keep organizational data safe
• Consider purging or taking off-line historical data where its main protection relies on encryption
• Consider user and machine authentications in the space where quantum computing is available on-demand.

Final Thoughts

To start using quantum machines to solve real-world problems, we feasibly need a machine capable of at least 1 million stable qubits (Microsoft, 2023). Currently, the qubits in existence suffer at scale for several reasons, one of which is quantum decoherence making each qubit only available for a short period of time. As far as research goes, we’ve only just reached over 100 qubits (Ball, 2021). Until these challenges are overcome the use of quantum computing is limited.

The post The Threat of Quantum Computing appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Dave Stuart of Laminar Security, a Rubrik Company, shines a light on the importance of increased visibility in the cloud-first era.

Many businesses today are stranded in a perilous transition phase. They’ve invested heavily in a “cloud first” approach — dispersing their data across multi-cloud, SaaS, and on-premise elements — and have reaped the benefits that that model affords in terms of flexibility and analytical firepower. But this dispersal, coupled with the sheer scale of data most businesses are dealing with today, has come at the expense of visibility and security. As data proliferates at an unprecedented rate, businesses are struggling to get a handle on precisely where — or what — that data is and how they can protect it.

Put simply: you cannot protect or manage data that you don’t know exists. And staying in the dark about that data isn’t an option—not when regulations are tightening on what feels like a daily basis, and the costs of a data breach continue to soar. Like termites or black mold, data blind spots can wreck your operations from the inside before you’ve even become aware of the problem.

Accordingly, in 2023, discovery and classification processes are non-negotiable for cloud-first or hybrid businesses. These processes allow for the kind of comprehensive, 360-degree visibility into sensitive data risks, without which businesses will always be vulnerable.

The Importance of Increased Visibility in the Cloud-First Era

Data Discovery and Data Classification: A Quick Definition

Data discovery and data classification boil down, respectively, to the “where” and the “what” of a business’ far-flung data arrangements. Together, they yield the kinds of crucial contextual information that keeps data safe.

Again — and this cannot be overstated — it is the data you don’t know about that should concern you most. A proper data discovery process shines a light on every corner of your cloud operation, illuminating your public clouds, your warehouses, your SaaS applications, your cloud file shares, and your on-prem storage. This light reveals not just where the data is — important enough in and of itself — but, crucially, who has access to it and who is using it.

Once all of that data is identified, the classification process begins. This process goes deeper: now you will be determining what all this data is and generating judgments as to its sensitivity.

The insights that can be gleaned from this two-pronged process are manifold. For one thing, businesses can locate and tag their most sensitive data — like credit card numbers, social security numbers, and PII — while keeping careful track of how often it’s accessed and by whom. Most importantly, it can provide a desperately needed sense of the risk posture of your most sensitive data, allowing businesses to make security decisions that are both better controlled and more precisely targeted.

Why Data Discovery and Classification Matter

The damage — reputational, financial, and regulatory — that follows from improperly leaked data can be disastrous for a business. At the same time, no business can afford to spend all of its time on defense, and overzealous security measures can have the counterintuitive effect of slowing internal operations down and frustrating employees.

This is part of why data discovery and classification are so important— they allow businesses to set strict policies and erect guardrails around that data that needs to be protected. The contextual insights generated by data discovery and classification ensure a stronger security posture, better regulatory compliance, and enhanced privacy for both your business and its customers. And it’s important to note that this isn’t an abstract concern: in fact, 68 percent of security professionals say shadow data represents the biggest security risk facing businesses today.

Why Current Approaches Fail Businesses

Before detailing the benefits of automated data discovery and classification, it is worth outlining the shortcomings of some of the approaches currently in use to achieve the same ends.

There is, most commonly, the manual approach, in which security professionals are required to liaise across teams and departments to get up-to-date information on data usage. Twenty years ago, this approach might have been feasible. In today’s complex cloud environments — in which data proliferates exponentially, minute by minute — such an approach is completely untenable: it simply cannot scale at the pace required. In 2023, data classification and discovery are processes that far exceed the abilities of even a large, well-resourced IT team.

Homegrown data mapping tools have also proven popular to date, but these present their own problems, not the least of which are the valuable engineering resources squandered on building (not to mention maintaining) these tools. Time that could be better spent handling mission-critical tasks is instead wasted on configuring APIs. And cloud-provider options are generally no better, with their usefulness extending only to the borders of their own cloud: lacking passports into the clouds of other providers, they can only see part of the overall picture.

The Importance of Cloud-native Data Discovery and Classification Tools

Cloud-native data discovery and classification tools function much differently. The full, continual visibility they provide matches the dynamic nature of the cloud— and serves as an essential foundation for all cloud data security, governance, and privacy efforts.

On every front we’ve discussed so far—from heightened security posture to stricter regulatory compliance—cloud-native data discovery and classification technology provide superior functionality. Through autonomous and continuous scanning and fine-grained, AI-enhanced categorization, it allows businesses to proactively monitor the highest-risk data and do so at scale. It can seamlessly guide hardening or remediation efforts, thus drastically reducing the risk of breach or data exfiltration.

And that’s not to mention the fact that shadow data, more often than not, contains redundant, obsolete, and trivial (ROT) data, such as abandoned backups of discontinued applications. Cloud-native data discovery and classification technology automatically flags this ROT data and streamlines the disposal process. While this might seem less urgent than security or governance, it can actually be just as significant for your bottom line, with storage costs becoming an increasingly major expense for most businesses.

If data discovery and classification were once something “nice to have,” they have since firmly transitioned to the realm of must-haves. Businesses cannot afford to dwell in darkness, given that just a single blind spot can now wreak incalculable damage on a business’s bottom line, public reputation, and long-term prospects.

In the cloud era, full illumination is the only way forward— and automated data discovery and classification tools are the only way to get there.

The post The Importance of Increased Visibility in the Cloud-First Era appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Vaidotas Šedys of Oxylabs walks us through open-source intelligence: the essentials, monitoring threats from the dark web, and supplementing cybersecurity.

Interconnected digital technology advances at a rapid pace, and so do the tactics and strategies employed by malicious individuals, criminal groups, and even nation-states. The World Economic Forum predicts global cyber-crime will reach $10.5 trillion by 2025, forcing businesses and governments to look for next-generation solutions against emerging digital threats.

Unfortunately, deliberate criminal activity is only part of the challenge in this data-driven era. Costly leaks of sensitive data might happen due to simple human errors— in September, Microsoft’s data was leaked two times, not only disclosing the company’s plans for the next-gen Xbox but also exposing private employee data. As we already know, at least one of these events happened due to an accidentally misconfigured URL link.

Raising public awareness, educating employees, and implementing standard security measures (such as data encryption, multi-factor authentication, or routing traffic through VPNs) are good recommendations for increased organizational security. However, they are hardly enough today if one does not employ open-source intelligence.

Microsoft Data Leaks and the Importance of Open-Source Intelligence

What is Open-Source Intelligence?

Open-source intelligence, or OSINT, defines the efforts of collecting, analyzing, and utilizing information from publicly available web sources, including forums, libraries, open databases, and even the dark web. Though OSINT can be used to gather commercially important business information and perform market analysis, at Oxylabs, we usually use it in the context of cyber threat intelligence.

Cybersecurity companies that employ open-source intelligence crawl through thousands of sites, forum messages, and dark web marketplaces, looking for stolen personal credentials and other confidential information, such as source code or trade secrets. Monitoring these sources also helps identify insecure databases and domain squatting.

It might sound counterintuitive, but organizations often do not suspect that some of their sensitive data is lurking somewhere in the open cyberspace. As such, OSINT helps organizations find both unintentional data leaks and criminal data breaches. It can also aid in identifying insecure devices and outdated applications.

The breakthrough that OSINT brings to the cybersecurity landscape mostly comes from the fact it uses publicly available information, releasing cybersecurity organizations of a legally troubling necessity to scour through classified or restricted sources looking for criminal evidence. Moreover, modern data scraping solutions, combined with artificial intelligence (AI) and machine learning (ML), allow them to pull and analyze raw cyber intelligence in real time.

OSINT “Starter” Pack

To gather cyber threat intelligence, cybersecurity providers must scan thousands of URLs looking for specific client data— it can be corporate email addresses or phone numbers, company names, employee information, and technical details, such as access tokens or IP addresses. The company can be instantly alerted whenever compromised data becomes available in the public domain or the dark web.

It is important to note that companies might monitor not only data directly related to their business and employees but also their client data, alerting them in case their passwords or other sensitive information has been breached.

The biggest challenges here are those of scale and anti-scraping measures. First of all, the global “surface” web hosts about 6 billion websites, which is only the tip of the iceberg. The deep web, which isn’t indexed by search engines, is estimated to be 400 to 550 times as large. Scraping at such a scale requires powerful automation and ML-driven solutions to structure otherwise a massive mess of unstructured data that comes in various formats and languages.

Furthermore, threat actors today are technically advanced professionals, employing anti-bot measures that can include anything from honey-pots serving erroneous data to IP blocking that compromises real-time data flow. It means that cybersecurity companies have to employ resilient proxy networks together with adaptive scraping solutions to circumvent the blocks. With this in mind, it is well worth leaving OSINT efforts for cybersecurity professionals, especially if it involves monitoring the dark web.

Diving into the Dark

The dark web is a part of the deep web that is inaccessible to ordinary browsers and hidden by multiple proxy layers. Although there are legitimate actors that use this part of the internet, e.g., investigative journalists, law enforcement actors, and intelligence agencies, the dark web is mostly employed by criminals. This is where stolen private data, intellectual property, confidential information, drugs, and illegal weapons are sold.

As in the case of the surface web, dark web monitoring is performed with the help of custom crawlers and scraper bots. Surveilling the dark web is a valuable source of information about fresh data breaches and new cyber attack methods and vectors. It enables a faster incident response, closing the time gap between the data breach and the moment an organization becomes aware of it. For cybersecurity researchers, dark web monitoring also allows deep-diving into the newest cybercrime strategies.

However, even if your organization suffered a breach, it is definitely not recommended to scour the dark web looking for that data yourself — firstly, the dark web is difficult to navigate without prior experience. Secondly, even if you’re armed with proxy servers and VPNs, the risk of exposing your organization to malware and cyber attacks is still high. Therefore, it is always recommended to use “burner computers” for such tasks instead of devices connected to your corporate network.

Final Recommendations

Powered with modern scraping solutions and ML technology, open-source intelligence today allows cybersecurity companies to take a proactive approach to incident management and prevention. OSINT speeds up the detection of data leaks, cyberthreat hunt, and research on the newest criminal strategies.

However, it is important to stress that, although becoming an imperative for cybersecurity, OSINT cannot and shouldn’t replace standard security measures. Businesses should first of all ensure their sensitive data is actually safe. Removing unused access, updating passwords, using multi-factor authentication, working with reliable proxy and VPN providers, and periodically educating employees is the best way to make sure that your business data doesn’t end up as a Black Friday deal on some dark web marketplace.

The same applies to the recent hype around monitoring the dark web. Without denying the opportunities, the dark web surveillance opens up for professional cybersecurity researchers and threat hunters, for ordinary businesses out there, pulling valuable information from the surface web and integrating digital security best practices and standards into daily operations might be a more rewarding path to follow.

The post Microsoft Data Leaks and the Importance of Open-Source Intelligence appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. William Agadzi, advisor to Noname Security, serves as our guide through the digital storm with best practices for cybersecurity training in the new era.

Imagine the shockwaves reverberating through Retool, a developer platform, when they discovered a few weeks ago that they had been breached through an SMS-based phishing attack, impacting 27 of their cloud customers. The operational impact was significant; the reputational, financial, and legal impacts loom. Another recent example is the breach at Okta, where cyber-criminals used a stolen credential to access their support case management system, impacting some customers.

These incidents, amidst the turbulent waves of the shifting cybersecurity landscape, are far from isolated. Many organizations, relying on vendor-provided training modules, find themselves grappling with real threats that evolve faster than their defenses – and their training – can keep pace.

Navigating the Storm: A New Era of Cybersecurity Training and Defense

Email Threats in the Workforce

While the dangers of email phishing are well-acknowledged, the speed and sophistication of current threats can surpass the training content supplied by vendors. Only organizations that make it a priority to consistently update and adapt their training programs, using in-house or vendor-provided materials, have a shot at keeping abreast of the persistent threats. Such efforts often focus on the rank-and-file, teaching them how to be resistant to social engineering.  But that misses a key area: the need for specialized cybersecurity training for company software developers and engineers who run and maintain the company’s infrastructure. Their coding expertise may be superb but their security awareness and ability to avoid introducing security vulnerabilities, can be uncertain.  It is essential to ensure they are armed with the latest cybersecurity best practices, and that their own performance in adhering to those practices is monitored, measured, and fed back to them to achieve a cycle of continuous improvement. Thus, security training must include their supervisors if the full benefits are to be realized.

Let’s focus for a moment on email as a mechanism for social engineering attacks.  Owing to the pervasive nature of phishing, leading email service providers have bolstered their defenses with tools to detect and quarantine malicious content. Implementations like Domain-based Message Authentication, Reporting, and Conformance (DMARC) have become key in authenticating email sources, presenting hurdles for attackers attempting to spoof addresses. But to work, DMARC requires careful configuration and ongoing management.  How well are e-mail administrators trained and managed to do this?

Mobile Threats in the Workforce

Our digitally connected world, spanning desktops, mobile phones, and the cloud, has given threat actors the opportunity to diversify their phishing methods, leveraging past successes while also innovating new approaches. A recent IBM Data Breach Report illuminates this concern, revealing that phishing was the initial vector in 16 percent of breaches. Given its ease to execute and high-reward nature, phishing remains a key option for cybercriminals. The advent of tactics such as SMS phishing (or ‘smishing’), direct messaging via social platforms, and man-in-the-middle attacks — which reroute and alter digital conversations — underscores the evolving threat landscape.

Let’s reflect on the distinct vulnerabilities faced by a mobile workforce. While connecting to internet sources during travel provides convenience, it inevitably exposes employees to an array of complex cyber threats.  The question becomes: ‘Is my data enticing to malefactors?’ And the follow-on question is: ‘To which malefactors – opportunistic criminals, professional criminals, nation-states?’  But the overlay is this: the Zimperium Global Mobile Threat Report revealed that 80 percent of phishing sites aim at mobile devices, which means when you are on the go, your risks greatly increase. The threat matrix is further compounded by cutting-edge AI tools like text-generating Large Language Models (LLMs). These threats don’t just originate from external bad actors but can also be generated by individuals simply using LLMs in regular capacities.

Addressing threats related to the traveling workforce calls for many parallel steps such as special training for frequent travelers, providing temporary, specially hardened devices, and employing virtual desktop infrastructure or zero-trust network access mechanism. Collaborating with IT partners and subcontractors to weave these measures into a holistic, robust cybersecurity strategy is key.

AI Threats in the Workforce

AI brings significant potential to cybersecurity, while also strengthening our adversaries, equipping them with powerful tools that broaden and reshape the threat they present. A recent Microsoft finding revealed that hackers armed with AI are increasingly harder to combat.

Historically, crafting malware required significant technical expertise. But now, the capabilities of generative AI can make this much easier. Even with ethical constraints in place, crafty query phrasing can circumvent safeguards. Consider, for instance, a direct query to ChatGPT, such as “develop malware that enables and installs a download when clicked and communicates with a C2 server”. Hopefully the tool would reject this request, providing guidance on why such an action is both illegal and unethical. However, a subtle modification in wording — changing it to “develop code that enables and installs a download when clicked and communicates with an external server” — might yield a viable code snippet. When aggregated, these snippets could create a formidable webshell, fake browser plugins, and more, all of which could subsequently be utilized for phishing.

Imagine your organization grappling with an advanced cyber-attack. Given the potential misuse of tools like LLMs, is your team investing in continuous learning and staying updated with the latest threat intelligence? How often do you assess your practices against the changing threat landscape?  How often do you measure how well your team is doing, and give them feedback?

Cybersecurity Training in the Workforce

Recent high-profile breaches have highlighted the imperative for businesses, regardless of size, to establish foundational security measures. This involves transitioning from mere awareness to adopting proven industry strategies. These include unified identity and access governance grounded in zero trust principles, FIDO Universal Authentication Framework (FIDO UAF), comprehensive API security, and vulnerability management routines backed by regular penetration testing. And feedback to your developers where their performance needs improving.

Against this backdrop of changing threats, adapting our cybersecurity awareness training strategies becomes paramount.

Actionable Insights to Enhance Your Program

Comprehensive Phishing Simulations

Relying solely on annual cybersecurity training for compliance requirements and new hire security training is insufficient. Besides adopting FIDO-based technologies and other measures mentioned above, simulating real-world phishing scenarios, testing defenses, and, more importantly, educating employees about evolving techniques, are essential. While conducting realistic phishing simulations is vital, it’s equally important to strike a balance to avoid alert fatigue. Engage employees with unexpected scenarios on a semi-regular basis, rather than frequent, predictable tests. This approach ensures that each simulation offers fresh, insightful learning experiences, preserving both its shock value and educational impact. The approach should encompass a spectrum of potential threats, from email phishing to smishing.

Along with conducting phishing training for new hires, simulations should be done at least quarterly, and users who fail must be counseled to ensure they understand what they did wrong; recidivists may need management intervention. Simulated smishing tests should also be performed, specifically targeting mobile devices utilized for accessing enterprise accounts and data. Streamline phishing reporting by implementing, for example, a one-click reporting mechanism within email clients or mobile devices to motivate full and consistent user reporting.

Motivating User Engagement

Security training can be dull for employees– an unfortunate fact of life. It’s essential to adopt a user-centric approach, blending crucial security protocols with engaging usability. Fortunately, numerous vendors offer a range of training modules, all emphasizing brevity and engagement. Opt for training sessions that employ game-playing techniques, ensuring that each session doesn’t exceed a comfortable interval (usually around a half an hour).

From the author’s firsthand experience through years of implementing security awareness training, a clear trend has emerged. Participation in the training more than doubles during the first week of its rollout when attendees are given a chance to win incentives, such as gift cards or gadgets if they complete the training early or get especially high marks. However, in the absence of tangible rewards or a system that ties training completion to annual reviews, the burden of ensuring compliance can come to rest on the security team when it should reside on the supervisors of the employees, who are accountable for subordinate compliance in all areas of corporate policy. Why should information security be treated any differently?

The culture of cybersecurity is also molded by leadership actions, especially at the C-level. Consider the widespread impact of a CEO saying that he is holding his own subordinates accountable for ensuring compliance with the upcoming annual cybersecurity awareness training. When the head of the organization says that this topic is on his or her radar, that should send a powerful message.

Promoting Ethical AI Usage

AI technologies, while promising transformative benefits, also introduce serious ethical challenges, and especially regarding cybersecurity. In this domain, AI can, for example, craft highly believable phishing emails or other social engineering strategies. Addressing these concerns demands a clear understanding of AI ethics among employees. This includes direct education about AI’s responsible use and the potential repercussions of misuse. To champion ethical AI practices, organizations might consider establishing AI ethics committees. Comprising members from various departments, these committees would oversee adherence to ethical standards and facilitate regular workshops.

Moreover, implementing a robust AI use policy, similar to acceptable use policies for other IT resources, provides a foundational guideline for ethical conduct. Within a comprehensive cybersecurity awareness strategy, conducting regular audits on how AI tools are used can help ensure their ethical and secure application. Such checks can highlight areas where training modules might need enhancement, guaranteeing a workforce adept at using AI both safely and ethically. It’s imperative to cultivate an organizational culture that not only recognizes AI’s potential and associated risks but also promotes its secure and ethical utilization.

Looking Ahead

The evolving threat landscape is rife with challenges, but it also brings with it advanced tools and strategies for better defenses. As threat vectors diversify and strengthen, the importance of cultivating a security-first mindset becomes paramount. This mindset is not just about erecting barriers; it’s about ensuring our training and awareness strategies adapt to shield and provide real security benefits to businesses.

Building a cyber-aware culture is not a destination; it’s an ongoing journey that demands the right tools, commitment, and agility. By adopting techniques like continuous phishing simulation, user incentives, and ethical use of AI tools, organizations can not only protect their assets and reputation but also ensure that their security strategy seamlessly integrates with their overarching business vision.

In this fast-paced digital era, we must ask: Is your organization simply reacting to cybersecurity threats and incidents, or proactively fortifying its defenses? In cybersecurity, mere defense isn’t enough; we must stay steps ahead. By adopting the strategies outlined here, you can elevate your organization from secure to cyber-resilient.

The post Navigating the Storm: A New Era of Cybersecurity Training and Defense appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

We’ve all seen it: a company experiencing a major IT incident (like an outage) and going radio silent, leaving their customers to wonder, “Are they doing something about this?!” If you’ve ever been on the inside of something like this, you know the answer is most likely yes – there are people working hard to put out the fire as quickly as possible. But when it comes to incidents, perception is reality for customers.

It’s important to demonstrate visible progress to people outside of the incident, from the time you become aware of the problem until it is fully resolved. What you say is important, and where you say it makes a huge difference. As a product manager for Instacart, I was involved in incident management communications on a regular basis (think: site outages during the pandemic, when everyone was ordering groceries online). Here’s what I learned through that experience, and in my current role helping companies manage incidents daily.

Communicating with Customers During an IT Incident

Your Status Page is Your Source of Truth for Customers When Incidents Happen

If you don’t have a customer-facing status page, you’re missing out on one of the easiest and most effective ways to keep your customers updated during incidents. A user-friendly and consistently updated status page removes a ton of burden from your customer support team and customers by providing a source of truth for problems that might be impacting their experience with your product.

Updates on your status page should be brief but frequent during an incident. Consider setting a timer to automatically remind you to update it every 30 minutes—even if the update is just “We’re continuing to investigate the problem.” Stale status pages for ongoing issues leave customers to wonder if there’s been any progress, or if the team has simply forgotten to update the page.

When writing status updates—or any customer-facing communication for that matter— remember to focus your message on the impact of the issue to your customers, rather than technical details that might confuse them.

For example:

Instead of: Our CDN is experiencing elevated 5xx rates.
Say: Some users are experiencing issues loading images and other content on our website and mobile app. We’ve identified the cause as an issue with our Content Delivery Network and we’re working on a fix.

Social Media is Where You Demonstrate Your Responsiveness to Impacted Customers

Using social media for incident communication comes with its own set of risks and rewards. It can be a great place to acknowledge the issue, amplify your messages from your owned communication channels (e.g. your status page), and to engage with your customers directly during an incident. It can also draw unwanted attention and attract trolls.

If customers are reaching out to you via social media already, you should handle these messages reactively by responding and redirecting the conversations to your support team as needed. But what about using social media proactively in an incident? In other words, broadly tweeting or posting that an incident is taking place, instead of replying to customers on a 1:1 basis.

If you choose to use social media like X/Twitter proactively during an incident, you should know what you’re getting yourself into. Because of this channel’s wide reach, you should only use it proactively for incidents that are also widely scoped to most or all of your customers. Consider setting a tripwire for how many inbound messages you need to receive before you move from a reactive 1:1 strategy to posting more broadly.

If you do choose to post, be prepared to receive an influx of responses. Your social media team should have clear guidance on how and when to respond to customers during an incident. Depending on the size of your user base and social media following, you may even want to consider having a separate account dedicated to customer support to keep these conversations contained so you can focus your main account on building awareness for your brand.

Using social media to increase the reach of your customer-facing messaging, and to direct customers to the best place to continue to receive updates is a good way to demonstrate that you’re being communicative during an incident. However, keep in mind that many of your users may not be on social media at all, so it shouldn’t be your primary channel for communication.

Customer Emails are Useful to Formally Acknowledge High/Critical Severity Issues

There are times when you should absolutely email your customers about incidents. In most cases, your status page should be your go-to place to keep your customers informed on incidents that affect your product. But if an incident is of critical severity and goes on for a long time (an hour or more) and/or requires action from your customers, you should directly contact your customers to address the situation. Email is typically the most reliable way to do this.

However, how you deliver the news is critical. Here’s how to write an incident email that doesn’t make a bad situation even worse.

• Cut to the Chase. What is the most important thing the customers reading your email need to know? It’s likely an action they need to take, or information about how an ongoing incident is impacting them as a user. Whatever it is, put it as close to the beginning of your message as possible.
• Remove the Fluff. Think of every word you write as time you are asking your customers to give you (because that’s what it is). Remove unnecessary information that distracts from your main point or doesn’t bring them value.
• Put Yourself in the Customer’s Shoes. When writing and reviewing your email, think like a customer. What questions would you have? Where might you get confused or frustrated? If you’re telling them they should do something, are you also providing clear instructions on how to do it? You might be tempted to overdo it when it comes to showing empathy in your communication. There’s a difference between recognizing the impact of an issue and assuming or projecting emotions onto people.

Here’s an example of how to strike the right balance:

Instead of: We know you are deeply upset about this issue and we’re sincerely sorry to have let you down.
Say: We take downtime extremely seriously and we apologize for any negative impact this has had on you as a customer.

• Set Clear Expectations. By the end of your email, your customers should know exactly what to expect next. Setting a clear expectation around what will happen next and following through with it (that part is really important, so don’t over promise) demonstrates you have control of the situation and builds trust with your customers.
• Anticipate Responses. When sending customer emails, make sure you have a plan in place for how you’ll handle replies. If you’re not equipped to handle a large influx of replies, you may want to send a non-transactional email that doesn’t allow for direct replies. If that’s the case, the previous section on setting clear expectations is even more important.

Final Thoughts

Whatever your medium, what matters most is that you are communicating with clarity and confidence, and with your customers’ needs top of mind. Every company has incidents – how and where you respond can make a big difference when it comes to earning and keeping customers’ trust.

The post Communicating with Customers During an IT Incident appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Don Arden of Fasoo examines how the popularity of Generative AI has pushed for a crucial shift in data security.

When OpenAI introduced ChatGPT, the world of content creation shifted dramatically.  Amazon, Google, Microsoft, and many other companies launched generative AI tools based on large language models (LLM) to create various types of content, including images, designs, code, emails, movie scripts, and marketing materials.

Artificial intelligence has the potential to revolutionize business, but it poses significant risks to your data.  Two main risk categories are content anomaly detection and data protection.  They include loss of intellectual property, privacy concerns, lack of transparency, bias, discrimination, and inaccurate or unwanted responses to inputs.

Sometimes, the AI produces completely false information.  This is known as AI hallucination.  The dangers of AI hallucinations include legal liability, compliance risks, and real-world consequences.  In one case, an AI fabricated case law that attorneys presented in court.  Most of us have experiences where the answers to our prompts aren’t quite what we expected.  In some cases, it’s inconvenient.  In other cases, it’s catastrophic to your business.

Misuse of AI can lead to major privacy and security issues since the models collect and process vast amounts of data.  As users access these tools to generate content, they enter data so the AI can learn and provide better responses in the future.  This process is prone to data leakage and compromising confidentiality since you have little to no control over these hosted environments.  Users could mishandle information by adding proprietary or regulated data to the prompts, resulting in a data breach, intellectual property theft, and other forms of abuse.

Enhancing Data Security: A Crucial Shift in the Generative AI Era

Enhancing Data Security to Minimize Risks

Your inability to conduct a privacy impact assessment or implement your own data protection policies on these systems may lead you to block access to all AI services.  There are many legitimate uses for generative AI to improve revenue and grow your business, so you must take advantage of them.  Your competitors already are, so you can’t be left behind.  Also, it’s not feasible to stop users from accessing these tools anyway.  People will always find a way to access something of value.

Using AI will help increase your competitive advantage, but you also need to mitigate risks from misinformation, sharing personal and proprietary data, and other vulnerabilities on employees and contractors.  If sensitive third-party or internal company information is entered into a public service, like ChatGPT or Bard, that information will become part of the chatbot’s data model and can be shared with others who ask relevant questions, resulting in data leakage.  Any unauthorized disclosure of confidential information may violate your organization’s security policies or privacy laws like GDPR, HIPAA, or CCPA.

Anyone using these services should treat the information they input as if they were posting it on a public site, like Instagram or LinkedIn.  They should not post personally identifiable information (PII)– company or client information that is not generally available to the public.  There are currently no clear assurances of privacy or confidentiality in these systems, so you need to guard against someone inadvertently copying and pasting customer or proprietary data into the prompt.  The information you post will be used to train the model further and will become the answer to someone else’s question.

Context-based Discovery

Data submitted to generative AI models can result in data compromise if sent to environments that are not adequately secured and protected.  The first step to improved security is to discover sensitive data in existing files on servers, in the cloud, or endpoint devices using machine learning to understand the content and context of the information.  If an employee or contractor generates a document utilizing an LLM that contains sensitive data, you can automatically identify it.

After identifying sensitive data, you should immediately classify and add a label to files, quarantine, or assign adaptive access control to authorized users.  Once identified, it’s easy to categorize obsolete, redundant, and sensitive data.  Remediation should be automatic based on configurable rules which prevent violating privacy or other security standards.

Advanced Data Protection

By automatically encrypting and assigning dynamic access control to sensitive files, you can limit editing, copying, printing, screenshots, and general sharing of sensitive content with unauthorized users and systems both inside and outside your organization.  You ensure that only authorized users can access your sensitive data based on security policies that validate user access continuously.

This prevents users from copying and uploading sensitive data to ChatGPT and other generative AI models and protects your organization from insider threats and external attacks.  If you train an internal LLM by crawling your data stores, it won’t ingest any encrypted files, since it can’t read them.  By default, that eliminates sensitive data from compromising your model.

Intelligent Monitoring

Tracking file access and the usage of sensitive data prevents information leaks by protecting and controlling the data before it gets into the wrong hands.  You can easily monitor usage patterns to understand who is accessing IP, regulated data, and other proprietary information, regardless of location.

Implementing dynamic file usage policies through centralized policy management can accommodate changing business requirements.  Requiring user validation each time they access a file, ensures that changed policies are implemented in real-time.  This allows you to grant file access to those who need it when they need it.  You can also remove access privileges immediately to address any potential data compromise.

Redefining Your Data Security Strategy

Discovering sensitive data, encrypting it, assigning explicit access controls, and using intelligent monitoring to prevent information leaks, helps protect your sensitive IP and regulated data.  Identifying and protecting your sensitive data as you create it is the best approach to control its access.  This helps restrict what users upload to public or private generative AI services to minimize your risk of violating privacy regulations or compromising your business.  If you download something sensitive as a result of using AI, the same approach flags it as sensitive so you can mitigate privacy and security violations.

These initiatives empower you to enhance your data security by identifying potential risks and vulnerabilities, implementing robust security controls, and ensuring continuous data visibility throughout its entire lifecycle.  These elements are essential pillars of a robust data security strategy, providing invaluable support as you navigate the evolving landscape of AI.

The post Enhancing Data Security: A Crucial Shift in the Generative AI Era appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Karthik Krishnan of Concentric AI drums up a 5-step action plan to establish strong data security posture management (DSPM).

October is Cybersecurity Awareness Month, and every year, most tips for security hygiene and staying safe have not changed. We’ve seen them all – use strong passwords, deploy multi-factor authentication (MFA), be vigilant to spot phishing attacks, regularly update software and patch your systems. These are great recommended ongoing tips and are as relevant today as they’ve ever been. But times have changed, and these best practices can no longer be the bare minimum.

The sheer number of threats to your data — both external and internal — is increasing exponentially, so maintaining a robust data security posture is paramount. From a data protection standpoint, perhaps the most difficult challenge to address is that business-critical data worth protecting now takes so many different forms. Intellectual property, financial data, business confidential information, PII, PCI data, and more create a very complex environment.

Traditional data protection methods, like writing a rule to determine what data is worth protecting, are not enough in today’s cloud-centric environment. And think about how easy it is for your employees to create, modify, and share sensitive content with anyone. Your sensitive data is constantly at risk from data loss, and relying on employees to ensure that data is shared with the right people at all times is ineffective.

In fact, according to the 2023 Verizon Data Breach Investigations Report, 74 percent of all breaches involve the human element — either via social engineering error, privilege misuse, or use of stolen credentials. Concentric AI’s own 2023 Data Risk Report research reports that, on average, each organization had 802,000 data files at risk due to oversharing — that’s 402 files per employee. The risk to data is enormous.

As Cybersecurity Awareness Month approaches, it’s a good reminder that data security posture management (DSPM) is critical for organizations to implement for visibility into actionable insights on how to mitigate data security risk. DSPM empowers organizations to:

• Identify all sensitive data
• Monitor and identify risks to business-critical data
• Remediate and protect that information

A 5-Step Action Plan for Data Security Posture Management

The following DPSM checklist combined with new initiatives for Cybersecurity Awareness Month can help you create a comprehensive five-step guide through Awareness, Action, and What You Need to Know:

1. Data Sensitivity: The Foundation of Security

• Awareness: It is critical to be able to discover and identify your at-risk data. Knowing where your sensitive data resides is the first step in securing it.
• Action: Host workshops and webinars to educate employees about the types of sensitive data (PII, IP, etc.) in your organization, and why it’s crucial to protect them.
• What You Need to Know: Understanding the types of data you’re handling can make a huge impact. Employees should be aware of what constitutes sensitive data and the risks associated with mishandling it. Workshops can cover topics like data classification, secure handling of PII, and the importance of data encryption.

2. Contextual Awareness: More Than Just Data Types

• Awareness: Organizations must be able to understand the context of their data. Data is not just about types but also about the context around it.
• Action: Use real-world examples to show how data can be misused if taken out of context. Encourage employees to think before they share.
• What You Need to Know: Context matters. Data that seems harmless can become a security risk when placed in a different context. Employees need to be aware of and trained to consider the broader implications of the data they handle, including how it interacts with other data and systems. For example, consider an employee’s first name. On its own, a first name like “John” seems harmless. But combined with other pieces of data such as a last name, email address, or office location, it can be used to craft a convincing phishing email. Imagine if you receive an email that addresses you by your full name and references your specific office location or recent company activities. It would appear legitimate and could trick an unsuspecting employee into revealing sensitive information or clicking on a malicious link.

3. Risk Assessment Drills: Preparing for the Worst

• Awareness: Organizations need to understand where there is risk to sensitive data in order to protect it. Knowing the vulnerabilities can help in crafting better security policies.
• Action: Conduct mock drills to simulate scenarios where sensitive data might be at risk due to inappropriate permissions or risky sharing. This happens far more often than you think.
• What You Need to Know: Mock drills can help employees understand the real-world implications of data breaches. These drills can simulate phishing attacks, unauthorized data sharing, and even insider threats. The key is to help employees understand the importance of following data security protocols. Hint: while employees need to know these implications, your organization should be leveraging solutions that reduce the burden on employees.

4. Permission Audits: Who Has Access?

• Awareness: Organizations need to be able to track and understand data lineage and permissions. Knowing who has access to what data is crucial.
• Action: Dedicate a week to auditing and correcting data permissions across all platforms. Make it a company-wide initiative.
• What You Need to Know: Regular audits of data permissions can prevent unauthorized or risky access to sensitive information. During Cybersecurity Awareness Month, make it a point to review and update permissions, ensuring that employees have access to only the data necessary to do their jobs. The principles of least privilege and zero trust are applicable here.

5. Actionable Insights: The Path Forward

• Awareness: Finally, organizations need to be able to take action and remediate any risk. Proactive measures can significantly reduce the risk of a data breach.
• Action: Share weekly insights on the company’s data risk posture. Highlight any successful remediations as well as areas that need attention.
• What You Need to Know: Transparency is critical. Sharing insights about the company’s data risk posture can empower employees to take individual actions that contribute to the organization’s overall security. Celebrate the wins, but also highlight any underlying risks that need to be mitigated.

Cybersecurity Awareness Success: Combining Security Awareness with Robust DSPM

Cybersecurity is a shared responsibility, and Cybersecurity Awareness Month is the perfect time to reinforce this message. Combining data security awareness with robust DSPM is key for keeping data secure. All organizations can achieve a strong level of data security via a solid cybersecurity awareness program, and by following tips and best practices in order to minimize the impact of a data breach. Having the best of both worlds is achievable with a security-aware workforce and a robust DSPM solution.

The post A 5-Step Action Plan for DSPM appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.

For Cybersecurity Awareness Month, the editors at Solutions Review have compiled a list of comments from some of the top leading industry experts.

As part of Cybersecurity Awareness Month, we called for the industry’s best and brightest to share their comments. The experts featured represent some of the top Cybersecurity solution providers with experience in these marketplaces, and each projection has been vetted for relevance and ability to add business value.

A number of thought leaders were presented with this prompt: What are some overlooked cybersecurity best practices people take for granted/easily forget? Things that might be obvious to experts but not to the average enterprise user. Or best practices that are so obvious when you say them out loud, but are often forgotten.

Here’s how they responded, along with some general responses from other experts and thought leaders, for Cybersecurity Awareness Month.

37 Cybersecurity Awareness Month Quotes from Industry Experts in 2023

Éric Leblond, Co-Founder and Chief Technology Officer at Stamus Networks

A frequently underestimated and sometimes undervalued component of enterprise security is the pivotal role of network detection and response (NDR) systems. Frequently, security teams opt to implement an endpoint detection and response (EDR) system as their initial enterprise-wide threat detection technology and later introduce (NDR) if and when budget allows. And while EDR can play a crucial role in detecting and responding to specific threats within an organization, it comes with some limitations including the inability to install EDR on every single endpoint, the ability for threat actors to evade endpoint agents, and the ability for mechanisms like DNS tunneling to remain concealed from endpoint detection systems.

Organizations should consider these limitations when implementing EDR solutions and should consider integrating EDR with NDR to unite endpoint-level data with network-level data to enhance the overall threat detection capabilities of both systems.

By combining endpoint telemetry with network traffic analysis, organizations can detect advanced threats that span across multiple devices and network segments. Additionally, the contextual information provided by both EDR and NDR enhances incident response capabilities, enabling faster and more accurate response to security incidents.

Sanjay Bhakta, VP of Solutions at Centific

One of the most often overlooked cybersecurity best practices is software updates and upgrades to IT systems, devices, and browsers. Consumers and businesses alike may benefit by updating and upgrading their browsers, system patches, operating systems, and applications. The infamous WannaCry ransomware is an example of the ramifications that could have been prevented with the software update made available weeks prior to the exploitation from the malware attack. Caveat emptor, regarding emails indicating compromised security vulnerability or URLs that automatically update their software across their devices by providing a simple login and password. Obviously, the latter is more of a phishing attack.

There’s an opportunity cost of updating software immediately or delaying the decision. Unfortunately, the average person deprioritizes updates, attributing a lower probability of occurrence for an attack. Updates are perceived as disruptive to the fabric of our daily routines, equating it to time, effort, and/or money involved. From experimentations, it appears only 17 percent of users on average install updates on the day they’re available, 53.2 percent install within one week, with the rate significantly declining after 102 days, while 35 percent of experts consider updates as one of the top three actions performed to stay safe.

Consumers and businesses may opt-in for automated updates, more importantly digital citizens should be educated on the sources and rational of updates, such as visiting CISA, MITRE ATT&CK, NCA, Norton, NSA, as well as subscribing to notifications or alerts from the state government(s), financial services provider, network provider, retailer, and/or telecom or mobile provider. Businesses should further institutionalize a rigorous SecOps practice, interleaving proactive tactics using AI and Gen AI for predicting security vulnerabilities, ethical hacking, and social engineering measures, solidifying their effectiveness.

Dan Draper, Founder and CEO of CipherStash

Very few companies actually protect data– they only protect the systems, such as databases and warehouses, where data is stored. The problem is that data never stays in one place for very long. Data science teams run reports, DevOps teams export and load data into multiple different systems, and eventually sensitive data ends up in a spreadsheet on an executive’s laptop. Because 82 percent of data breaches start with an attack on an individual, applying protections at the system level is quite simply not sufficient to prevent breaches. Protecting data directly using encryption-in-use technology ensures that access controls remain in place, even as data moves across the organization. It hasn’t been practical in the past but technology is now at the point where there are really no excuses for implementing data-level protections.

Igor Volovich, VP of Compliance Strategy at Qmulos

Compliance, often relegated to a retrospective check-box exercise, actually holds untapped potential as a real-time risk intelligence source. In the rush to adopt the latest cybersecurity tools, many organizations overlook the strategic advantage of leveraging the consistency and breadth of compliance frameworks. By embracing compliance automation, we can operationalize this function, bringing it in sync with real-time security operations and threat intelligence. This not only provides a holistic view of the organization’s security posture but also eliminates the subjectivity that often clouds security strategy decisions. It’s a simple truth: When we align compliance with our real-time cybersecurity efforts, we transform it from a mere regulatory obligation to a proactive, strategic powerhouse.

The cyber landscape is vast, intricate, and constantly evolving. CISOs today face an overwhelming challenge: they’re expected to balance priorities across business objectives, risk management, security imperatives, compliance demands, and regulatory mandates, all while contending with adversaries wielding asymmetric threats of escalating scale and complexity. In this high-wire act, consistency in executive decision-making often falls by the wayside, leading to reactive strategies and misaligned resource allocations. The prevailing focus on the latest security trends and the reactive nature of many strategies only adds to the quandary. However, what’s frequently overlooked is the comprehensive nature of compliance frameworks. These frameworks, if leveraged correctly, can cut through the chaos and provide a grounded, consistent lens to view and manage cyber risks. Transitioning from viewing compliance as just a historical reporting obligation to using it as a real-time enterprise risk posture analytics tool can be transformative. With compliance automation at the helm, CISOs can gain the clarity and insight they need for data-driven, proactive decision-making, and strategic alignment, easing their monumental balancing act.

Greg Ellis, General Manager, Application Security at Digital.ai

We are trained at work on phishing awareness, password hygiene, and other general security measures but then we fail to take similar measures in our home environments. Often these home environments, and sometimes even the home devices are being used to connect to enterprise networks when things come up quickly late at night or on the weekend. It is equally important to take good cybersecurity measure at home including such items as:

• using a password manager to regularly update and use unique passwords
• update firmware regularly on routers and WiFi devices
• partition a guest network separately from your home network on your WiFi
• think about whether smart devices (such as TVs) should be on your home network or a guest network
• regularly check for and apply firmware updates on smart devices
• regularly check for and apply updates to operating systems and applications (on both desktop and mobile) devices
• regularly back up your desktop and mobile devices to a separate drive or cloud system that is not connected all the time to your network (this helps reduce likelihood of random ware propagating to other drives)
• teach your family about phishing awareness and any children about internet safety

Again, many of us are exposed to this mindset in our enterprise environment but quite often fail to bring these best practices home.

Andre Slonopas, Cybersecurity Department Chair at American Public University System

Strong Passwords: Despite a simple rule, many users use weak or repeated passwords across platforms. If credentials are overused, this makes brute-force password decryption simpler for criminals and facilitates platform infiltration. For security purposes, users should use password management tools to generate and store complex passwords. Changing passwords frequently and employing a combination of letters, numbers, and special characters can protect data.

Multi-factor Authentication (MFA): MFA makes unauthorized access difficult by requiring two verifications. A malicious party could acquire the password, but verification would require a fingerprint, mobile device, or hardware token. MFA prevents fraudsters from targeting vulnerable accounts, thereby enhancing the security of the internet.

Patch regularly: People delay enhancements because they are unaware that they resolve security issues. Malware and other hazards can penetrate vulnerabilities that are not addressed. Installing updates promptly may prevent vendor-resolved software issues. Regular updates enhance the user experience and system security by enhancing system functionality and performance. Whenever possible, configure software to update automatically to avoid delays.

Hanan Hibishi, Assistant Teaching Professor at the Information Networking Institute at Carnegie Mellon University

Reusing passwords: People continue to reuse/recycle their old passwords, which is an intuitive practice if one relies on memorizing passwords. Many recent attacks take advantage of users reusing the same password for multiple systems (Colonial Pipeline is a good example). On the other hand, telling users not to reuse passwords seems to be impractical because there is a limit to how many passwords a human can recall from memory, and users typically have accounts on numerous systems (beyond a handful).

For a more practical approach, I recommend that users use password managers, software that organizes user accounts and passwords and generates stronger passwords for users. Filling out account credentials is now easier (with a click instead of typing long strings of text), and it is a more secure approach than memorizing passwords. In addition, users can leverage single sign-on when possible. Instead of creating profiles and accounts on many systems, choose to log in with existing credentials if that is an option when creating an account.

Kayne McGladrey, IEEE Senior Member

When CISOs work with go-to-market teams, cybersecurity transforms from a mere cost center into a valuable business function. This change is crucial in B2B interactions where robust cybersecurity controls offer a competitive advantage. A centralized inventory of cybersecurity controls, grounded in current and past contracts, helps businesses gauge the financial impact of these partnerships. This inventory also identifies unnecessary or redundant controls, offering an opportunity for cost reduction and operational streamlining. By updating this centralized list after the termination of contracts, the business can further optimize both its security posture and operational costs. This integrated strategy empowers the business to make well-informed, data-driven decisions that enhance profitability while maintaining robust security controls.

Max Shier, CISO at Optiv

Because we all have a lot on our plate are moving fast to get everything done, it’s worth reminding employees they need to slow down when reading emails and text messages and when listening to voicemails. The social engineers who craft phishing, smishing and vishing attacks are banking on the fact people are busy and likely going to overlook red flags. Employees should be reminded if an attempted social engineering attack is received, they need to report the suspected attack to security as there may be others receiving the same messages.

Along the same lines, even though software and device updates always seem to come at the worst times, the importance of updating immediately cannot be overstated. Updates not only enhance features, but they also provide security patches to address known vulnerabilities. Every minute those vulnerabilities are left unpatched is another minute that threat actors have an open door onto the network.

Jerome Becquart, Chief Operating Officer at Axiad

One area security teams can overlook or tend to put less emphasis on is account recovery. When deploying MFA, organizations tend to focus their time and efforts mainly on the authentication experience. However, they do not spend enough time defining secure, user friendly account recovery workflows such as when a MFA method is not available or does not work for an end user. This typically results in not only a bad user experience, but also weaker security overall for the company.

Scott Gerlach, CSO and Co-Founder of StackHawk

With new technology, comes new attack vectors, new attack types, and new problems for security teams to learn, understand, and keep up with. With the speed and deployment of APIs growing insanely fast, and the historically unbalanced ratio of AppSec teams to Developers (1:100), to say it’s a challenge for security teams to keep pace with development is an understatement. Utilizing a developer-first philosophy that acknowledges the pivotal role software creators have with cybersecurity efforts, and bridging that gap between AppSec and engineering is critical to ensure the safe and secure delivery of APIs and applications to production. Bring the right information to the right people at the right time to help them make decisions!

Joni Klippert, CEO and Founder of StackHawk

Viewing security as either a hindrance or a reactive measure doesn’t promote the timely delivery of secure software. With organizations relying heavily on APIs to power their applications, recent research from ESG underscores how this dependency can exacerbate security risks. As development and release cycles for APIs continue to accelerate, we’ll see more challenges as feedback loops for fixes overload developers, and AppSec teams are unable to scale. Organizations need to focus on adopting the right security testing mechanisms and empower the teams that develop code to help prioritize the finding and fixing of security bugs before moving to production.

Manu Singh, VP of Risk Engineering at Cowbell

Bad actors are becoming more sophisticated and clever with their approach to using emerging technologies to launch cyberattacks. The evolving cyber threat landscape is making it more difficult for organizations to defend themselves against convincing phishing emails and malicious code generated by AI.

The most important thing that organizations can learn from Cybersecurity Awareness Month is to take a proactive approach to protecting their information assets and IT infrastructure. To do this, organizations should consistently educate and promote awareness of the latest threats and risks they may face. From there, this education should transform to best practices each employee can adopt to reduce exposure to a cyber event. This promotes a culture of security rather than placing the responsibility on IT or security personnel. Organizations as a whole have the responsibility to secure and protect against the cyberthreats they face.

Dan Benjamin, Co-Founder and CEO at Dig Security

Cloud data assets are a prime target for cyberattacks, but the legacy solutions can no longer cope with the variety and volume of fragmented data held by organizations on multiple cloud environments. Organizations need data security solutions that fit the speed of innovation in the cloud without impacting their business, to address time to detect and respond to an incident; reduce the amount of shadow data; and minimize the growing attack surface. To avoid data exfiltration and data exposure, today’s organizations must take a data first approach to cloud data security. This Cybersecurity Awareness Month, enterprises should prioritize adopting solutions that deliver real-time data protection across any cloud and any data store, in order to reduce data misuse, achieve compliance, and prevent ransomware attacks or data breaches.

Randy Watkins, CTO of Critical Start

Cybersecurity Awareness Month has traditionally focused on educating consumers, who are often susceptible as targets of opportunity, where there is a high likelihood of success, but a low yield. While some of the typical security reminders and best practices can transcend the workplace to create a culture of security, we should also use this opportunity to highlight additional areas of education:

• Board Level – A litany of cyber regulations has been proposed or approved on everything from breach disclosure to board membership. Educating the board on the organizations current cyber posture, impact on risk, coming regulations, along with the plans team to accommodate the regulation can help get buy-in early and show the value of security to the organization.
• End Users – Go beyond phishing education and inform your users of the people, procedures, and products that are being used to protect them. With the understanding of the investment made by the organization, others may look to see how they could be good stewards of cyber posture.
• The Security Team – It’s time for the teachers to become the students. While cybersecurity education programs target the “riskiest attack surface of the organization” (end users), it is important to obtain feedback from those end users on how security practices and technology could be more effective.

Darren Guccione, CEO and Co-Founder of Keeper Security

Let’s face it– it may be time to change the name of Cybersecurity Awareness Month to Cybersecurity Action Month. Sadly, individuals and businesses around the globe are already all too aware of the pain and damage that cyberattacks can inflict.

This October, organizations should take action by prioritizing adoption of solutions that prevent the most prevalent cyberattacks, including password and Privileged Access Management (PAM) solutions. These highly effective tools offer robust cybersecurity protections, and next-gen, cloud-based versions of these solutions are accessible to any-size organization, regardless of their budget or available resources. According to recent research, PAM products give 91 percent of IT leaders more control over privileged user activity, decreasing the risk of insider and external breaches.

In addition to prevention, organizations must prepare and secure their systems to mitigate threats and minimize the impact on systems, data and operations. The most effective method for minimizing sprawl if an attack does occur is investing in prevention with a zero-trust and zero-knowledge cybersecurity architecture that will limit, if not altogether prevent, a bad actor’s access.

John Gallagher, Vice President of Viakoo Labs

CISA chose a great theme with “Secure Our World”. The focus for anyone with network-connected IoT devices is on “Our” – meaning that IoT cybersecurity is a shared responsibility. Organizations can embrace the “Secure Our World” theme by creating an ongoing dialogue between the operators of IoT devices (the lines of business within a company) and organizations like procurement and IT who can help source IoT devices that are cyber secure and help maintain them.

It’s not “Secure Our Datacenter” or “Secure Our Computers” – it’s “Secure Our World”, which means organizations should be looking beyond computers and core applications to every network-connected device, such as IoT, and asking if that device has a plan and means to become and remain secure with the least human effort needed.

If I was to add one more word to this year’s theme it would be “Automatically”. “Secure Our World Automatically” challenges organizations to improve the speed of security operations and relieve humans of tedious tasks like patching, rotating passwords, and screening for phishing attempts. Rapidly closing the window of opportunity that a threat actor can operate in is key to securing our scaled out, geographically sprawled attack surfaces of IT, IoT, OT, and ICS.

Kris Lahiri, Co-Founder and Chief Security Officer of Egnyte

In today’s hybrid work environment, prioritizing cybersecurity is critical. Cyber threats are intensifying, with severe and long-lasting impacts on businesses. Yet, many organizational leaders still remain in the dark when it comes to protecting and managing their content. As we observe Cybersecurity Awareness Month, it’s important to remember that cybersecurity is not just about checking boxes. The frequency and scale of cyber attacks have continued to skyrocket, along with the financial toll and damage to brand reputation. Unfortunately, many organizations lack the proper tools to detect these attacks. Business leaders must also understand that the threat landscape is rapidly changing. Companies can improve their cybersecurity posture by combining foundational practices with cutting-edge technologies. Leveraging secure solutions doesn’t have to be complicated or robust to ensure safer data transactions and achieve unparalleled insights into content usage and access. Overall, businesses can avoid becoming a statistic and refine their data management strategies by making cybersecurity a team sport so that it is an integral part of their employees’ daily lives through education and prevention.

Paul Rohmeyer, Adjunct Professor of Information Systems at Stevens Institute of Technology

One of the challenges in maintaining cybersecurity awareness is that message repeated too frequently tend to have less and less impact, so we need to anticipate some of the most important messages will in fact be forgotten. We constantly hear about the importance of changing passwords and using complex passwords, but password audits routinely show continued use of weak passwords, and use of the identical password across multiple systems leading to a cascading effect if there is a breach. Another concern is clicking on links in emails, and falling victim to phishing and spearphishing. Phishing scams are based on the knowledge that, if sent to a large enough population, some number of recipients will in fact click on malicious links. This is often due to simply a moment of inattention by otherwise cyber-aware users, but even unsophisticated attackers can now leverage inexpensive but effective phishing platforms for low cost repetition of attacks that will unfortunately claims some victims. A third item is system updates. Despite the convenience of automated updates to Windows and Macs, users may postpone running the updates, leaving themselves vulnerable to known attacks. Change your passwords, use strong and unique passwords, don’t click on unknown links and apply system updates to all your devices– these are basics we’ve all heard but may not act upon as swiftly as we should.

Joe Regensburger, Vice President of Research Engineering at Immuta

AI and large language models (LLMs) have the potential to significantly impact data security initiatives. Already organizations are leveraging it to build advanced solutions for fraud detection, sentiment analysis, next-best-offer, predictive maintenance, and more. At the same time, although AI offers many benefits, 71 percent of IT leaders feel generative AI will also introduce new data security risks. To fully realize the benefits of AI, it’s vital that organizations must consider data security as a foundational component of any AI implementation. This means ensuring data is protected and in compliance with usage requirements. To do this, they need to consider four things: (1) “What” data gets used to train the AI model? (2) “How” does the AI model get trained? (3) “What” controls exist on deployed AI? and (4) “How” can we assess the accuracy of outputs? By prioritizing data security and access control, organizations can safely harness the power of AI and LLMs while safeguarding against potential risks and ensuring responsible usage.

David Divitt, Senior Director, Fraud Prevention & Experience at Veriff

We’ve all been taught to be on our guard about “suspicious” characters as a means to avoid getting scammed. But what if the criminal behind the scam looks, and sounds, exactly like someone you trust? Deepfakes, or lifelike manipulations of an assumed likeness or voice, have exploded in accessibility and sophistication, with deepfakes-as-a-service now allowing even less-advanced fraud actors to near-flawlessly impersonate a target. This progression makes all kinds of fraud, from individual blackmail to defrauding entire corporations, significantly harder to detect and defend against. With the help of General Adversarial Networks (GANs), even a single image of an individual can be enough for fraudsters to produce a convincing deepfake of them.

Certain forms of user authentication can be fooled by a competent deepfake fraudster, necessitating the use of specialized AI tools to identify the subtle but telltale signs of a manipulated image or voice. AI models can also be trained to identify patterns of fraud, enabling businesses to get ahead of an attack before it hits.

AI is now at the forefront of fraud threats, and organizations that fail to use AI tech to defend themselves will likely find themselves the victim of it.

James Hadley, CEO and Founder of Immersive Labs

Cybersecurity awareness month has good intentions. But, if organizations are focused on awareness alone, they’re losing. Awareness is not enough for organizations to achieve true cyber resilience. Resilience means knowing that your entire organization has the knowledge, skills, and judgment to respond to emerging threats, backed by data. Businesses need proof of these cyber capabilities to ensure that when an attack inevitably happens, their organization is prepared to respond.

Outdated training models and industry certifications that organizations have traditionally relied on have failed to make them safer and instead have created a false sense of security — which is why nearly two-thirds of security leaders now agree that they are ineffective in ensuring cyber resilience.

Continuous, measurable exercising across your entire workforce — from the store room to the board room — provides businesses with the insights they need to understand the current state of their cyber resilience and where their weak points lie. It also creates a more positive cybersecurity culture that encourages reporting rather than punishing employees when a breach does happen. With top-to-bottom cybersecurity education, organizations are moving beyond awareness and can ensure that their data is secure.

Yariv Fishman, Chief Product Officer at Deep Instinct

This Cybersecurity Awareness Month is unlike previous years, due to the rise of generative AI within enterprises. Recent research found that 75 percent of security professionals witnessed an increase in attacks over the past 12 months, with 85 percent attributing this rise to bad actors using generative AI.

The weaponization of AI is happening rapidly, with attackers using it to create new malware variants at an unprecedented pace. Current security mechanisms rooted in machine learning (ML) are ineffective against never-before-seen, unknown malware; they will break down in the face of AI-powered threats.

The only way to protect yourself is with a more advanced form of AI. Specifically, Deep Learning. Any other NL-based, legacy security solution is too reactive and latent to adequately fight back. This is where EDR and NGAV fall short. What’s missing is a layer of Deep Learning-powered data security, sitting in front of your existing security controls, to predict and prevent threats before they cause damage. This Cybersecurity Awareness Month, organizations should know that prevention against cyber attacks is possible– but it requires a change to the “assume breach” status quo, especially in this new era of AI.

Nick Carroll, Cyber Incident Response Manager at Raytheon, an RTX Business

As cyber threats continue to quickly evolve, organizations are being challenged to act just as fast in counter defense. This rush to keep up can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business. Without a solid security culture at the foundation, security tools, such as expensive firewalls or endpoint detection and response (EDR), will ultimately become ineffective in the long term. It’s imperative to build cybersecurity awareness among employees and third parties that work with the business, as well as determine the ways in which security will be integrated into the organization’s culture and operations. Once these steps are taken, organizations will be better positioned to build off of a solid organizational footing that will be most effective for cyber defense initiatives in the long run.

Olivier Gaudin, Co-CEO & Founder of Sonar

This Cybersecurity Awareness Month (CAM), a message to business leaders and technical folks alike: Software is immensely pervasive and foundational to innovation and market leadership. And if software starts with code, then secure or insecure code starts in development, which means organizations should be looking critically at how their code is developed. Only when code is clean (i.e. consistent, intentional, adaptable, responsible) can security, reliability, and maintainability of software be ensured.

Yes, there has been increased attention to AppSec/software security and impressive developments in this arena. But still, these effort are being done after the fact, i.e. after the code is produced. Failing to do this as part of the coding phase will not produce the radical change that our industry needs. Bad code is the biggest business liability that organizations face, whether they know it or not. And chances are they don’t know it. Under their noses, there is technical debt accumulating, leading to developers wasting time on remediation, paying some small interest for any change they make, and applications being largely insecure and unreliable, making them a liability to the business. With AI-generated code increasing the volume and speed of output without an eye toward code quality, this problem will only worsen. The world needs Clean Code.

During CAM, we urge organizations to take the time to understand and adopt a ‘Clean as You Code’ approach. In turn, this will stop the technical debt leak, but also remediate existing debt whenever changing code, reducing drastically the cybersecurity risks, which is absolutely necessary for businesses to compete and win– especially in the age of AI.

Doug Kersten, CISO at Appfire

First and foremost, whether an employee has been at an organization for 20 days or 20 years, they should have a common understanding of how their company approaches cybersecurity; and be able to report common threats to security.

It’s been refreshing to see security come to the forefront of conversation for most organizations. It was rare 20 years ago that cybersecurity awareness was even a training concern unless you were at a bank or regulated institution. Today, it is incredibly important that this heightened interest and attention to security best practices continues. With advancements in technology like AI, employees across industries will face threats they’ve never encountered before – and their foundational knowledge of cybersecurity will be vital.

Employees today should be well-trained on security standards and feel comfortable communicating honestly with their security teams. Even more important, security leaders should ensure their organizations have anonymous alternatives for employees to report their concerns without fear of retaliation or consequence. By combining education and awareness into the foundation of your organization’s security framework, and empowering employees, the odds of the realization of a threat decrease exponentially.

James Lapalme, Vice President & GM for Identity at Entrust

While we can recognize Cybersecurity Awareness Month, it’s important that we prioritize cybersecurity all year round. Threat actors are constantly threatening organizations in unique and rapidly evolving ways, and business leaders need to remain nimble to ensure that their systems and teams are prepared for these evolving risks.

As we’ve seen in the news in recent weeks, spear phishing and social engineering attacks have become a common way for bad actors to create realistic scams that can slip by even the most knowledgeable employee. And, with the advancements in generative AI, adversaries can accelerate the potential impact of these attacks to gain access to sensitive data. The reputational and monetary losses these organizations and their customers experience can be felt for years to come.

Organizations have become so reliant on credentials that they have stopped verifying identity, so to get access or reset access, all you have to do is to give a code or answer a secret question. While that is convenient from a productivity perspective, it leaves the door open to cyber-attacks, which is why we’ve seen these spates of compromises.

Rather than rely on individuals who are frequently too caught up in day-to-day tasks to notice the subtle nuances of these scams, organizations need to evolve their technology response and look to phishing-resistant identities. Methodologies to achieve a high assurance level of Identity verification are Certificate-based authentication for both user and device verification, risk-based adaptive set-up authentication, and implementing ID verification as part of authentication process (or as a high assurance authentication strategy) for high value transactions and privileged users are all ways for businesses to build out their Zero Trust, explicitly Identity verified strategies and ensure the security of users even as new threats continue to emerge.

It’s important to understand that cybersecurity awareness is never really over. Good enough is not good enough. With the ever-evolving threat landscape, it’s essential for organizations to stay ahead of the curve and continue to keep evolving their technology to protect and future-proof their businesses against the ever changing threat landscape.

Steve Stone, Head of Rubrik Zero Labs

Artificial Intelligence, in particular generative AI (GAI), has dominated cybersecurity discussions in 2023.  As we look at how we can think of this technology in the context of Cybersecurity Awareness Month, there’s three topics worth our time.

First, GAI can demonstrably increase the capability and bandwidth of defense teams which are typically operating at beyond capacity.  We should seek out the right types of automation and support GAI lends itself well to so we can then reinvest the precious few cycles we have in our defense experts.  Let’s provide those skilled practitioners the ability to leverage their capabilities in the most impactful ways and transition years of legacy workflow to increased automation delivered via GAI.

Second, what are the inevitable shifts in defense needed as threats pivot to using GAI as well.  Traditionally, cybersecurity has leaned on attacker bottlenecks in our defensive posture.  At a minimum, we used these bottlenecks to classify threat types based on resourcing and capability.  GAI is undoubtedly going to shift these years-long expectations.  If any attacker can quickly use GAI to overcome language limitations, coding gaps in knowledge, or quickly understand technical nuances in a victim environment, what do we need to do differently? We should work to be ahead of these pivots and find the new bottlenecks.

Third, GAI doesn’t come with a zero cost to cybersecurity.  Even if we move past using GAI, the presence of GAI leaves us with two new distinct data elements to secure.  The first is the GAI model itself, which is nothing more than data and code.  Second, the source material for a GAI model should be secured as well.  If the model and underlying data are left undefended, we could lose these tools or have them leveraged against us in different ways all without our knowledge.

Michael Mestrovich, CISO at Rubrik

Monetization of data theft drives the cyber crime business. Modern cybercrime revolves around stealing data from organizations or denying them access to critical data. It is imperative that we maintain a security-first corporate culture and that a security mindset permeates everything that we do.

So how do we achieve this? A culture change starts with simple behavior shifts. When you walk away from your computer, do you lock it? When you’re using your laptop in public, do you have a screen guard on? When entering corporate buildings do you badge in and make sure no one is tailgating you? These sound like small things, but they are the practical day-to-day activities that people need to understand that help cultivate a security-first culture.

Arvind Nithrakashyap. Co-Founder & CTO of Rubrik

On the occasion of the 20^th Cybersecurity Awareness Month in 2023, it’s interesting to reflect on all that has changed in cybersecurity over the last two decades, as well as the surprising number of things that haven’t changed.

Let’s start with three dramatic differences.

1. The mobile revolution. The iPhone wasn’t introduced until 2007. Today, there are more than 4.6 billion smartphones worldwide, according to Statista. Add the more than 14.4 billion Internet of Things devices – connected cars, smart appliances, smart city technologies, intelligent healthcare monitors, etc. – and you have a threat landscape that few could have imagined 20 years ago.
2. Digital payments. The growing popularity of digital payments over cash is not only changing how people interact with money, it has opened up new opportunities for phishing scams, card information theft, and payment fraud. And, cryptocurrency, which didn’t exist until the late 00s, accounts for the vast majority of payments to ransomware attackers.
3. AI. Everyone is talking about artificial intelligence in 2023, but that wasn’t the case two decades ago. Now, AI is giving cybercriminals a powerful new tool to execute attacks while also turning out to be an effective weapon against hackers.

 And yet the more things change, the more they remain the same. Three examples:

1. On prem data. Despite the rise of cloud computing, many companies continue to house critical data in their own private databases and servers. This means protecting on-prem data remains, then as now, a key part of the security equation.
2. Public infrastructure. “By exploiting vulnerabilities in our cyber systems, an organized attack may endanger the security of our nation’s critical infrastructures,” said the White House’s “National Strategy to Secure Cyberspace” in 2003. The nation still worries a great deal today about how to defend energy systems, dams, and other assets from cyberattack. 
3. Security infrastructure. The cybersecurity industry used to focus on infrastructure security solutions involving the network, the applications, the end points, the cloud, the logs, etc. It still does. Those solutions remain core to a solid security strategy, though there is growing awareness that newer data security frameworks like Zero Trust are needed for fully realized defenses.

Viewed another way, much of the language one hears to describe the importance of data — “crown jewels,” “an organization’s most precious resource,” and the like — has changed little over the last 20 years. That’s because it’s still so true. Data is everything.

Joe Hall, Head of Security Services at Nile

One commonly overlooked aspect of cybersecurity is getting back to the basics. Don’t know where to start? First– it’s crucial to identify and comprehend the assets you need to protect. As larger organizations transition into hybrid cloud environments, the scope of what needs safeguarding can grow rapidly, which can be challenging for organizations struggling to keep pace with this expanding ecosystem. It’s vital to ensure that systems are not only secured but also designed to trust traffic only as needed, as failing to do so can leave vulnerabilities in the security infrastructure. The market will shift to systems that are natively secure as the risk of a misconfiguration of complex systems becomes too great.

Eric Cohen, CEO of Merchant Advocate

Some businesses may not fully understand the importance of PCI compliance or may believe it only applies to large enterprises or e-commerce companies. In reality, any organization that handles card and payment data, regardless of its size or industry, is subject to PCI compliance requirements.

Overlooking PCI compliance can have serious consequences, including fines, legal liabilities, and reputational damage should a breach or fraud attack occur. Therefore, businesses should not neglect it as part of their overall cybersecurity strategy. Instead, they should consider it as an essential component of their efforts to protect customer data and maintain trust in their brand. One way to check compliance is by examining merchant statements for PCI-related charges, either a charge to access a processor’s PCI portal or for non-compliance. These may be charged monthly or quarterly, so it’s important to regularly check merchant statements to ensure compliance.

Kobi Kalif, CEO of ReasonLabs

Our recent research indicates that malware and phishing are the most prevalent threats facing both businesses and the general population. These dangers often remain unchecked due to limited awareness and poor cybersecurity education among professionals and everyday consumers alike.

Email is a prime vector for phishing attempts and malware; as such, people need to be extremely vigilant when interacting with suspicious emails. Some best practices include:

• Be wary of any urgent requests for personal information or threats if you don’t act.
• Check the sender’s address for spoofing and inconsistencies.
• Do not enable macros in downloaded documents sent over email.
• Verify requests by contacting the source directly, without replying to the suspicious email itself. Look for spelling errors, awkward grammar or formatting as red flags.
• Report phishing emails to your email provider, and avoid opening attachments from unknown senders without verifying them first.

Password security is another challenge. Multiple studies have shown that a majority of people use weak, easily guessable passwords like “123456” across all their online accounts and frequently share passwords with others. One successful phishing attack could easily compromise several accounts with this lax personal security. Instead, create long passphrases that are easy to remember but hard to guess. For example, users should mix upper and lower case letters with numbers and symbols for complexity, enable two-factor authentication as an added layer of security, and periodically change passwords, focusing on critical accounts like email, banking, and work logins. Most importantly, passwords should not be duplicated across multiple sites; if one site is breached, it can put other accounts in jeopardy and create further issues down the line.

Rocky Giglio, Director of Security GTM & Solutions at SADA

Hackers have become extremely adept at leveraging human emotions and behavior for phishing and other types of social engineering attacks. Humans often move fast when reading emails, clicking links, or downloading documents, which gives hackers a perfect opportunity to deceive and gain access to sensitive information. These links or emails can also disguise themselves better than ever; for example, and email from what appears to be a payroll provider or internal company system can really be a hacker that made the slightest, hard-to-notice change to their name, phone number, or email address. Cybersecurity leaders at any company need to ensure that they are training their employees to be extra cautious and deliberate in their day-to-day communications, which will in turn help raise awareness and create more proactive security postures.

Mike Laramie, Associate CTO for Security at SADA

The news of recent breaches will hopefully drive faster adoption of cybersecurity best practices at businesses of all sizes. For example, businesses should always encourage their workers to use the passkey authentication method, which is much stronger and much more streamlined than traditional authentication methods. At a minimum, enforcing two-step verification methods is a must-have for any company, whether that be via hardware tokens or push notifications that embrace the FIDO standards. Relying on traditional methods, such as SMS verification and other one-time passcodes, are now proven to be insecure.

Steve Yurko, CEO of apexanalytix

Businesses generally have strong internal cybersecurity practices in place but, despite what they might think, this isn’t enough to keep themselves safe from harm. Organizations are most vulnerable to threats when it comes to their suppliers. Attacks on suppliers can lead to major data breaches that wreak havoc on a company’s operations, finances, brand reputation and customer loyalty – regardless of the internal cybersecurity strategy they have in place. In order to protect themselves, businesses must monitor vulnerabilities throughout the entire supply chain and flag incidents across every supplier. Cybersecurity incidents cause half of all supply chain disruptions, but businesses can manage those risks by monitoring threats and mitigating risks in real-time.

Joshua Aaron, CEO of Aiden Technologies

This year marks the 20th anniversary of National Cybersecurity Awareness Month, which aims to educate people about the value of cybersecurity and encourage good cybersecurity practices among individuals, companies and organizations. Twenty years in, Artificial Intelligence (AI) is changing the way that many organizations operate, especially when it comes to cybersecurity. Because AI is a developing technology and we’re still understanding its capabilities, many IT organizations have hesitated to fully deploy it. However, AI has come a long way since its first incarnations. It now has the potential to offer incredible assistance to IT security teams by helping them reduce the risk of business-critical infrastructure getting compromised via misconfigured software and devices, a core focus of CISA’s cybersecurity framework.

Traditionally, managing the configuration of software and computers is very manual, prone to human error, and slow to execute, especially for overworked IT security teams. The increased use of AI and automation in cyberattacks from misconfigured environments and their improving success rates are proof that traditional methods aren’t working, and we must innovate. AI and automation solutions for keeping computers up to date and in compliance with an organization’s security policy have proven to be extremely effective. IT security teams are able to automatically maintain good cyber hygiene, thus freeing them up to concentrate on higher-visibility, more rewarding projects without fear of the next attack.

In honor of National Cybersecurity Awareness Month, I encourage all organizations to look into how AI can help keep their critical infrastructure more secure and their data safe from threat actors; the SAFETY of our country and our commerce depends on it.

Dylan Border, Director of Cybersecurity at Hyland

Reinforcing what may seem like obvious cybersecurity measures ensures a proactive strategy, but we still see companies ignoring these facts until it’s too late, only starting their commitment to security after a breach or ransomware event occurs.

Even with top talent and tools on hand, foundational processes must be considered to secure your environment, and security is employees’ responsibility. While some may see simple concepts, others may be unaware of often-overlooked security measures. It’s easier than ever to implement table-stakes items, such as monthly security training to ensure best security practices are enacted. Implementing core tactics constantly is a great way to ensure all employees are approaching these concepts from a level playing field.

Role-based training is a great way to ensure that specific training is tailored to employees’ individual roles and responsibilities. While general security awareness training, such as how to spot a phishing email, is relevant and crucial for all employees to complete, some individuals will have even greater access to sensitive data, or control of administrative tasks for critical systems.

This applies to security teams as well. Team members should be experts on the security tools they’re responsible for managing, and if there are gaps in their knowledge, they should undergo deeper training. Something as simple as regularly validating that your endpoint protection, or anti-virus, program is deployed throughout your entire environment can be what it takes to stop a ransomware attack. Build from the basics, and don’t assume you’re covered until you test each of your defenses.

The post 38 Cybersecurity Awareness Month Quotes from Industry Experts in 2023 appeared first on Best Information Security SIEM Tools, Software, Solutions & Vendors.