IT News: Security (Vol 286 Issue 4)
John J. McLaughlin
Editor-In-Chief, Board Member, Professional Services Engineer, Community leader
Articles Posted Jan 24th, 2022 — Jan 30th, 2022,?Volume 286, Issue 4
I curate 100+ articles each week from many enterprise IT news sources and publish briefs on those articles, grouped in sections, in newsletters with 45,000+ subscribers including 4,700+ subscribers to this LinkedIn newsletter. Please share this newsletter with your IT friends and colleagues.
In this issue:
It looks likely that the UK will join a growing number of nations promoting cybersecurity's importance for businesses including the introduction of new laws.
Amongst the proposals being considered are adding new powers to the UK Cyber Security Council that could significantly change the reporting requirements associated with security incidents. From what has been shared to date, two points that stand out are as follows:
It's reassuring to hear these aspects being highlighted since they echo the sentiments of related topics including the depth and width of security reporting, investing in team members, and security defaults.?[tripwire, January 26th, 2022]
How can enterprise architecture (EA) help businesses defend against these cyber-attacks?
Over the past few years, it seems that all records have been broken when it comes to the quantity of data lost in breaches, alongside the sheer numbers of cyber-attacks on companies, governments, and individuals.
With the growing complexity of enterprise technologies, and indeed the size of overall global business operations, companies are more vulnerable than ever to the prospect of some of the largest cybersecurity attacks we have ever seen.
Interconnected global systems, software operations, and innovations that have sought to make the world 'smaller' have in turn accelerated the size and impact of the cybersecurity threats faced. How can enterprise architecture (EA) help businesses defend against these cyber-attacks??[ITProPortal, January 26th, 2022]
Organisations are struggling to fill both legal and technical privacy roles, with potentially damaging consequences, according to a report
Thousands of technical privacy roles are going unfilled all over the world, leaving organisations dangerously exposed to breaches of compliance laws and cyber security incidents, according to an ISACA study marking the annual Data Privacy Day cyber supplier marketing opportunity.
The technology association's latest Privacy in practice 2022 report draws together data gathered in a survey exercise undertaken towards the end of 2021. It found that 46% of organisations find themselves struggling to fill legal and compliance roles, and 55% technical privacy roles. Additionally, 41% reported that the biggest challenge in forming an organisational privacy plan was a lack of competent resources.?[ComputerWeekly, January 28th, 2022]
NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.
The U.S. federal government has been very active the past year, particularly with the cybersecurity executive order (EO) and associated tasks and goals that have come out of it. One framework and industry source that has been getting increased attention is the NIST Cybersecurity Framework (CSF).
The CSF came out of another EO, 13636, which is from 2013 and directed NIST to work with stakeholders to develop a voluntary framework for reducing risk to critical infrastructure. It was produced through coordinated efforts with industry and government, which have both widely adopted the framework.?[CSO Online, January 25th, 2022]
Research firm Gartner predicts a consolidation of security platforms as enterprise security and risk management (SRM) teams face a confluence of factors that make their jobs harder.
"Security and risk management leaders continue to be asked to do more with less -- facing more demand for service, fast-changing threat landscapes and insufficient technical talent," Gartner said in last month's report titled "Predicts 2022: Consolidated Security Platforms Are the Future." This research predicts that platform consolidation will help SRM leaders' organizations thrive in hostile environments."?[Virtualization & Cloud Review, January 26th, 2022]
Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an average of $15.4 million annually, up 34% from 2020
According to the 2022 Cost of Insider Threats Global Report from enterprise security provider Proofpoint, alongside Ponemon Institute, it took organisations an average of 85 days to contain each incident.
Over the last two years, frequency of insider threats has increased by 44%, according to Proofpoint, with three identified categories consisting of:
67% of surveyed companies experienced between 21 and more than 40 incidents per year, up from 60% in 2020.?[Information Age, January 25th, 2022]
Ancillary installations like the Internet of Things, operational technology, and industrial control systems enable lots of great functionality, and they face most of the same risks as IT infrastructure.
Cyber-physical security addresses security concerns for physical systems used to maintain and implement cybersecurity solutions, including Internet of Things, Industrial Internet of Things, operational technology, and industrial control systems. These technologies and their associated devices play an increasingly important role in critical infrastructure, government, businesses, cities, buildings, transportation, and ultimately our everyday lives.?[DARKReading, January 25th, 2022]
领英推荐
In the previous installment of our blog series on the modern threat landscape, we looked at how attackers can use credential stuffing attacks to break into valid user accounts.
Today, we will continue to follow that theme by diving into the world of account takeovers (ATOs) to see how attackers use compromised accounts to commit fraud.
Like other threats covered in this series, account takeovers are problematic for traditional OWASP-style WAF rules. While these rules look for overt malicious actions such as injections or XSS attempts, an account takeover involves an attacker who has already gained credentialed access to a user's account. At this point, there is typically no need for a traditional exploit as the attacker will perform various types of fraud with the compromised user's account.
Security teams will need new tools and perspectives that are designed for this growing class of threat. So let's dive in to better understand what ATOs are and what organizations can do to protect their applications and users.
Learn more about how cyberattacks are evolving in our new guide, What Lies Beneath: What You Need to Know About the Modern Threat Landscape.?[Security Boulevard, January 25th, 2022]
Two cybersecurity experts identified the top security threats for 2022 during an online Predict 2022 conference hosted by Techstrong Live, an arm of Techstrong Group, the parent company of Security Boulevard.
Both Mike Jones, host of the H4unt3d Hacker podcast and a former anonymous hacktivist, and Donovan Farrow, CEO of Alias Forensics, a cybersecurity forensics firm, agreed that ransomware will again be a dominant security issue in the coming year.
Ransomware attacks, however, will expand to include not just critical infrastructure like power grids and banking systems but also health care systems. There was already one death that directly resulted from a ransomware attack on a hospital, noted Jones.?[Security Boulevard, January 24th, 2022]
Zero Trust is a security framework that requires authentication, authorization, and validation from all users, whether inside or outside the organization's network
This is mandatory for security configuration and precedes granting privileged access to the organization's data or applications. The term Zero Trust means that the network doesn't trust anyone connected to a local network, cloud, or hybrid.
However, organizations started adopting Zero Trust more rapidly after the pandemic as employees began working remotely. Hastily adopted remote setups made the networks vulnerable, rendering them untrustworthy. Hence, implementing Zero Trust architectures has accelerated after the pandemic.?[Security Boulevard, January 24th, 2022]
Understanding how attackers get in is the critical first step to mounting an effective defense.
Cyberattacks in any industry cause multiple forms of damage. But attacks on public infrastructure-such as transportation systems and public utilities-can cause wholesale disruptions in daily life or threaten public safety. The U.S. Department of Homeland Security (DHS), and its subsidiary Cybersecurity and Infrastructure Security Agency (CISA), administer the National Infrastructure Protection Plan to protect all sectors of 'critical infrastructure' of fundamental concern for vulnerability and resiliency. See?https://www.cisa.gov/national-infrastructure-protection-plan?.?[Cyber Defense Magazine, January 24th, 2022]
Security teams trying to defend their organizations need to adapt quickly to new challenges. Yesterday's buzzwords and best practices have become today's myths.
The past few years have seen a dramatic shift in how organizations protect themselves against attackers. The hybrid working model, fast-paced digitalization, and increased number of ransomware incidents have changed the security landscape, making CISOs' jobs more complex than ever.
This convoluted environment requires a new mindset to defend, and things that might have held true in the past might no longer be useful. Can digital certificates' expiration dates still be managed in a spreadsheet? Is encryption 'magic dust'? And are humans actually the weakest link??[CSO Online, January 24th, 2022]
A recent survey of 100 large (over 5,000 employees) North American IT firms shows that ransomware actors are making greater effort to recruit insiders in targeted firms to aid in attacks.
The survey was conducted by Hitachi ID, which performed a similar study in November 2021. Compared to the previous survey, there has been a 17% rise in the number of employees offered money to aid in ransomware attacks against their employer.
Most specifically, 65% of the survey respondents say that they or their employees were approached between December 7, 2021, and January 4, 2022, to help hackers establish initial access.?[Bleeping Computer, January 24th, 2022]
As we look ahead to what is next for 5G deployments, the mass adoption of Virtual Reality, and the increasing digital transformation of all industries, new cybersecurity challenges are on the horizon.
With that, comes the opportunity to act now and build resiliency against cyber threats, so we can welcome the next chapter of our digital ecosystem with more trust than before.
Metaverse: is this really the centralized virtual world we like to bring in close connection with Fortnite? Is security really the issue or is it more a topic of Intellectual Property?
New technologies bring with it new lessons to learn to mitigate risks. Here are 5 of the most important teachings to listen to before it's too late.?[Security Boulevard, January 24th, 2022]