Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Security. Show all posts
Threat actors
beIN Sports Cloud Security Cyber Attacks data analysis FFmpeg Hackers Jupyter Notebooks live streaming sports piracy stream ripping Threat actors

Hackers Exploit Jupyter Notebooks for Sports Piracy Through Stream Ripping Tools

 

Malicious hackers are taking advantage of misconfigured JupyterLab and Jupyter Notebooks to facilitate sports piracy through live stream capture tools, according to a report by Aqua Security shared with The Hacker News.

The attack involves hijacking unauthenticated Jupyter Notebooks to gain initial access and execute a series of steps aimed at illegally streaming sports events. This activity was uncovered during an investigation into attacks on Aqua's honeypots.

"First, the attacker updated the server, then downloaded the tool FFmpeg," explained Assaf Morag, director of threat intelligence at Aqua Security. "This action alone is not a strong enough indicator for security tools to flag malicious activity."

Morag noted that the attackers then executed FFmpeg to capture live sports streams, redirecting them to their server. The campaign’s ultimate objective is to download FFmpeg from MediaFire, capture live feeds from Qatari network beIN Sports, and rebroadcast the content illegally via ustream[.]tv. This tactic allows the attackers to misuse compromised Jupyter Notebook servers as intermediaries while profiting from advertising revenues linked to the unauthorized streams.

Although the identity of the hackers remains unclear, one of the IP addresses used (41.200.191[.]23) suggests they may originate from an Arabic-speaking region.

"However, it's crucial to remember that the attackers gained access to a server intended for data analysis, which could have serious consequences for any organization's operations," Morag added.

He warned that the risks extend beyond piracy, potentially leading to denial-of-service attacks, data manipulation, theft, corruption of AI and ML processes, lateral movement within critical systems, and severe financial and reputational harm.
Read more »
PwC
Cloud Security Cyber Security Cyber Security Threats Cyberattacks CyberCrime Cyberhackers CyberThreat Firewalls PwC

Cloud Security Challenges Catch Executives Off Guard

 


It is no secret that cloud computing is efficient and scalable, however, they do come with a price tag. Many top executives are concerned about specific security threats faced by cloud environments, and these are also the ones they are least prepared to deal with, as these are the risk areas that top executives are most concerned about. 

A new report by PwC, released today, indicates that cloud threats are the highest security concern for the majority of business leaders surveyed (42 per cent) said they feel threatened by cloud threats. In response to the PwC survey, a total of 4,020 respondents were surveyed. Of those surveyed, 38 per cent cited hacking and leak operations, 35 per cent named third-party breaches, 33 per cent cited attacks on connected products, and 27 per cent cited ransomware. 

There is an extensive array of policies, technologies, applications, and controls that are part of cloud computing security and are designed to safeguard applications, services, and the underlying cloud infrastructure when using cloud computing.  In the cloud, a system's security is only as strong as its weakest link, which means that to ensure data and applications are protected from all angles, multiple technologies need to work together to offer an effective system of protection.

In such instances, firewalls, identity management, network segmentation, and encryption are all common solutions that are included as part of this process. It is predicted that businesses will face a security issue as a bigger threat in 2024 and that cybercriminals will not operate selectively with their targets. In the absence of any precautionary measures, the following threats are the most likely to cause harm to users' organization, making them the most important threat to avoid or mitigate.

As it might come as a surprise, all of the threats listed in executives' top five most concerning reasons are also among the threats organizations believe are least prepared to address, though not exactly in the order in which they would like them to be addressed. The number of cloud-based attacks is the highest, and people are least prepared for them (42/34 per cent), whereas attacks on connected products are ranked second (31 per cent) in terms of defence preparedness with regards to cloud-based attacks.

It is a little surprising that third-party breaches followed just behind (28 per cent), while executives felt equally unprepared to deal with hacks-and-leak operations, as well as ransomware, which ranked 25 per cent of the time as the least prepared. "Although the cybersecurity landscape continues to evolve, organizations are still grappling with increasing instability and ambiguity when it comes to threats." reads the report, which was released before publication, but was previously available as a preview. 

"The increasing reliance on cloud, artificial intelligence, connected devices, and third parties means that enterprises must be agile and take a comprehensive approach to resilience. To maintain security and continuity of business, organizations need to align their priorities and readiness." There was a surprising finding by PwC in terms of business leaders who have a regulatory or legal requirement to improve security, and they do so in fact. 

Indeed, 96 per cent of organizations reported that regulations prompted them to improve their security, while 78 per cent of those organizations reported that the same regulations prompted them to change how they managed their security. With the advent of new regulations such as the Data Protection Act, the Cyber Resilience Act, and the NIS2 Directive - whose compliance deadline is in a few weeks in the process - organizations will have to meet more obligations when it comes to cybersecurity in addition to existing regulations such as GDPR. 

As a result, organizations that adopt regulations tend to have stronger security frameworks and will be better positioned to deal with emerging threats, according to a new PwC report. Unlike most compliance programs, compliance isn't just about checking boxes, but about building long-term resilience and trust with stakeholders rather than about spending time ticking them off." In addition to the new regulations, these regulations have also led to an increase in cybersecurity investments. In terms of cyber investments, roughly a third (32 per cent) of companies reported a "large" increase in the past 12 months compared to the year before. 

The percentage of people who said investment increased to a "moderate extent" was much greater than the percentage of people who said the investment increased significantly. A report published by the American Institute of CIOs notes that as regulations continue to modify the cybersecurity landscape, executives across the entire C-suite need to be aware of compliance issues and take advantage of regulations as a catalyst for innovation.  

As a result, integrity management teams, risk functions, and executive management teams must coordinate their efforts to advance compliance readiness and drive strategic improvements. As a cloud computing device, cloud computing will maintain its x-factor when it comes to affordability, scalability, and flexibility over the years, no matter what industry the person is in.  

There is no doubt that cloud computing will continue to grow in popularity, but it introduces new obstacles to security in the future.  Several methods are recommended to ensure users' cloud's security, including multi-factor authentication (MFA), end-to-end encryption, strong passwords, application controls, malware prevention, continuous monitoring, and testing. Sprinto is a company that specializes in solving problems like these.

In Sprinto, there is an integrated GRC software that can be used along with any cloud service users already have in place to give them a complete GRC solution. Sprinto is a company that is strong on safety, which is one of the reasons that it believes continuous compliance is closely related to security. The company's multi-cloud security features provide proof that Sprinto holds this belief to be true. 

It is their job to keep an eye on users' technology stacks around the clock to protect them against cyber threats, whether that be if they manage a complex cloud setup or just one cloud environment in the cloud. It is Sprinto's continuous monitoring and automated checks that enable users to manage security risks most efficiently and effectively, thereby always protecting their business data and applications.
Read more »
Misconfiguration
API security cloud compliance Cloud Computing Cloud Migration Cloud Security Cyber Security Cybersecurity data security IAM Misconfiguration

Cloud Security Report Highlights Misconfiguration and IAM as Top Threats

Traditional cloud security issues once associated with service providers are declining in significance, as per the Cloud Security Alliance's 2024 Top Threats report,  However, new challenges persist.


Misconfigurations, weak identity and access management (IAM), and insecure application programming interfaces (APIs) continue to pose the most significant risks to cloud environments. These issues have held top rankings for several years, indicating their persistent nature and the industry's ongoing focus on addressing them.

Other critical concerns include inadequate cloud security strategies, vulnerabilities in third-party resources and software development, accidental data leaks, and system weaknesses. While threats like denial of service and shared technology vulnerabilities have diminished in impact, the report highlights the growing sophistication of attacks, including the use of artificial intelligence.

The cloud security landscape is also influenced by increasing supply chain risks, evolving regulations, and the rise of ransomware-as-a-service (RaaS). Organizations must adapt their security practices to address these challenges and protect their cloud environments.

The report's findings are based on a comprehensive survey of cybersecurity professionals, emphasizing the importance of these issues within the industry.
 
Key Takeaways:
* Misconfigurations, IAM, and API security remain top cloud security concerns.
* Attacks are becoming more sophisticated, requiring proactive security measures.
* Supply chain risks, regulatory changes, and ransomware pose additional threats.
* Organizations must prioritize cloud security to mitigate financial and reputational risks. 

Read more »
Vulnerabilities and Exploits
artificial intelligence (AI) and machine learning (ML) Cloud Security Cloud technology Data Security Vulnerabilities and Exploits

Cloud Security Challenges Extend Beyond Technology


 

As cloud technologies become integral to business operations, organisations face not only opportunities but also pertaining challenges. The widespread use of cloud services has created a complex environment involving multiple providers and regions, each with its own regulations and standards. This complexity has led to various security issues, including fragmented environments, access control challenges, API vulnerabilities, interoperability issues, and difficult monitoring practices. These challenges can result in gaps in security and inconsistencies in data protection, which have caused numerous IT security incidents over the years.

Case Study: Multi-Cloud and Hybrid Cloud Strategies

In observed situations, transitioning to cloud environments can reveal these vulnerabilities. One such case involved a multinational financial services company that adopted multi-cloud and hybrid cloud strategies. They used a public cloud for advanced risk modelling and a private on-premises cloud for storing sensitive financial data to meet regulatory requirements. However, this approach led to inconsistent security measures due to the differing technologies and security services in use. During an audit, we discovered that sensitive financial data had been exposed because of access control misconfigurations on the public cloud.

Several factors contributed to the breach. The diverse and complex cloud environment allowed extensive access through API calls and other technologies. Additionally, the organisation lacked the specialised skills needed to maintain high-level security across all environments. The breach questioned the integrity of the risk model and posed a severe reputational risk to the company.

To address these challenges, organisations should consider using specific toolsets that provide visibility across diverse cloud deployments. Managed Detection and Response (MDR) solutions, along with a 24x7 Security Operations Centre (SOC), can centralise data from various sources and technologies. This centralization helps improve response times, reduce alert fatigue, and improve the organisation’s visibility and understanding of its environment.

The Importance of Security Culture

Optimising tools and skills is not enough; a proper security culture within the organisation is crucial. Management must prioritise security and risk as key drivers of organisational culture, influencing decisions and processes. Effective governance structures for data, security, compliance, and risk management should be established and integrated into everyday practices. Basic systems like incident response and resilience programs should be well-communicated, and identity and access management practices must be rigorously maintained.

As cloud environments grow more complex with advancements in AI and machine learning, the security challenges will intensify. The dynamic nature of cloud environments, characterised by continuous resource changes, requires advanced security solutions capable of adapting to these shifts. Ensuring consistent security policies across diverse cloud platforms is a humongous challenge that necessitates robust and flexible security strategies.

By addressing these challenges, organisations can improve their security posture, reduce the complexity of technology implementations, and mitigate associated risks. This approach not only enhances security but also supports the achievement of primary business goals, making cloud environments a reliable and secure foundation for business operations.


Read more »
Phishing Attacks
Amazon Cloud Security Cyber Security Google Phishing Attacks

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Beware: Cybercriminals Exploit Cloud Storage for SMS Phishing Attacks

Security researchers discovered several illicit campaigns that use cloud storage systems like Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these attacks, which try to divert customers to malicious websites to steal their information via SMS messages.

Campaign details

The campaigns involve exploiting cloud storage platforms such as Amazon S3, Google Cloud Storage, Backblaze B2, and IBM Cloud Object Storage. Unnamed threat actors are behind these campaigns. Their primary goal is to redirect users to malicious websites using SMS messages.

Attack objectives

Bypassing Network Firewalls: First, they want to ensure that scam text messages reach mobile handsets without being detected by network firewalls. Second, they attempt to persuade end users that the communications or links they receive are legitimate. 

Building Trust: They aim to convince end users that the messages or links they receive are trustworthy. By using cloud storage systems to host static websites with embedded spam URLs, attackers can make their messages appear authentic while avoiding typical security safeguards.

Cloud storage services enable enterprises to store and manage files and host static websites by storing website components in storage buckets. Cybercriminals have used this capacity to inject spam URLs into static websites hosted on these platforms. 

Technique

They send URLs referring to these cloud storage sites by SMS, which frequently avoids firewall limitations due to the apparent authenticity of well-known cloud domains. Users who click on these links are unknowingly sent to dangerous websites.

Execution

For example, attackers utilized the Google Cloud Storage domain "storage.googleapis.com" to generate URLs that lead to spam sites. The static webpage housed in a Google Cloud bucket uses HTML meta-refresh techniques to route readers to fraud sites right away. This strategy enables fraudsters to lead customers to fraudulent websites that frequently replicate real offerings, such as gift card promotions, to obtain personal and financial information.

Enea has also detected similar approaches with other cloud storage platforms like Amazon Web (AWS) and IBM Cloud, in which URLs in SMS messages redirect to static websites hosting spam.

Defense recommendations

To protect against such risks, Enea advised monitoring traffic activity, checking URLs, and being cautious of unexpected communications including links.

Read more »
SharePoint
Cloud Security Cyber Attacks data security Policy Enforcement SharePoint

Sidestepping SharePoint Security: Two New Techniques to Evade Exfiltration Detection

Sidestepping SharePoint Security

Recently, Varonis Threat Labs uncovered two novel techniques that allow threat actors to sidestep SharePoint security controls, evading detection while exfiltrating files.

In this blog, we delve into these techniques and explore their implications for organizations relying on SharePoint for collaboration and document management.

The Techniques

1. Open in App Method

The first technique leverages the “open in app” feature in SharePoint. Here’s how it works:

Objective: Access and download files while leaving minimal traces in the audit log.

Execution:

  • Users manually open files in the SharePoint app, triggering an “access event” in the audit log.
  • Alternatively, threat actors can automate this process using a PowerShell script.

Advantages:

  • Rapid exfiltration of multiple files.
  • Hides the actual download event, making it less suspicious.

2. SkyDriveSync User-Agent

The second technique exploits the User-Agent associated with Microsoft SkyDriveSync. Here’s how it operates:

Objective: Download files (or entire sites) while mislabeling events as file syncs instead of downloads.

Execution:

  • Threat actors manipulate the User-Agent header to mimic SkyDriveSync behavior.
  • SharePoint logs these events as file syncs, which are less likely to raise suspicion.

Advantages:

  • Conceals exfiltration activity from audit logs.
  • Bypass detection mechanisms that focus on download events.

Implications and Mitigation

These techniques pose significant challenges for organizations relying on SharePoint for collaboration and data management. Here are some considerations:

1. Audit Log Monitoring: Organizations must enhance their audit log monitoring capabilities to detect anomalies related to access events and file syncs. Regular review of audit logs can help identify suspicious patterns.

2. User Training: Educate users about the risks associated with the “open in app” feature and the importance of adhering to security policies. Limit access to this feature where possible.

3. User-Agent Analysis: Security teams should closely analyze User-Agent headers to differentiate legitimate file syncs from potential exfiltration attempts. Anomalies in User-Agent strings may indicate malicious activity.

4. Behavioral Analytics: Implement behavioral analytics to identify abnormal user behavior. Unusual download patterns or frequent use of the “open in app” feature should trigger alerts.

5. Policy Enforcement: Consider adjusting security policies to account for these techniques. For example, enforce stricter controls on file sync events or limit access to certain SharePoint features.

Reminder for businesses

Security is a continuous journey, and staying informed is the first step toward effective risk mitigation.  By understanding these SharePoint evasion techniques, organizations can better protect their sensitive data and maintain the integrity of their collaboration platforms.

Read more »
SOCI
Australia Cloud Security Cyber Security Medibank Optus Attack SOCI

Australia Takes Stride In Cybersecurity Measures



In the aftermath of several high-profile cyber attacks targeting key entities like Optus and Medibank, Australia is doubling down on its efforts to bolster cybersecurity across the nation. The Australian government has unveiled a comprehensive plan to overhaul cybersecurity laws and regulations, aiming to strengthen the country's resilience against evolving cyber threats.

A recent consultation paper released by government officials outlines a series of proposed reforms designed to position Australia as a global leader in cybersecurity by 2030. These proposals include amendments to existing cybercrime laws and revisions to the Security of Critical Infrastructure (SOCI) Act 2018, with a focus on enhancing threat prevention, information sharing, and cyber incident response capabilities.

The vulnerabilities exposed during the cyberattacks, attributed to basic errors and inadequate cyber hygiene, have highlighted the urgent need for improved cybersecurity practices. As part of the government's strategy, collaboration with the private sector is emphasised to foster a new era of public-private partnership in enhancing Australia's cybersecurity and resilience.

Key reforms proposed in the consultation paper include mandating secure-by-design standards for Internet of Things (IoT) devices, instituting a ransomware reporting requirement, and establishing a national Cyber Incident Review Board. Additionally, revisions to the SOCI Act 2018 aim to provide clearer guidance for critical industries and streamline information-sharing mechanisms to facilitate more effective responses to cyber threats.

Australia's expansive geography presents unique challenges in safeguarding critical infrastructure, particularly in industries such as mining and maritime, which rely on dispersed and remote facilities. The transition to digital technologies has exposed legacy equipment to cyber threats, necessitating measures to mitigate risks effectively.

Addressing the cybersecurity skills gap is also a priority, with the government planning to adopt international standards and provide prescriptive guidance to enforce change through mandates. However, some experts have pointed out the absence of controls around software supply chains as a notable gap in the proposed policy.

Recognising our responsibility in enhancing cybersecurity, both the government and the private sector are making significant investments in information security and risk management. Gartner forecasts a substantial increase in spending on cloud security and other protective measures driven by heightened awareness and regulatory requirements.

With concerted efforts from stakeholders and a commitment to implementing robust cybersecurity measures, Australia aims to strengthen its resilience against cyber threats and secure its digital future.


Read more »
Threat Intelligence
Cloud Security Cyber Crime Fake Accounts Illicit Activity Threat Intelligence

Unveiling Storm-1152: A Top Creator of Fake Microsoft Accounts

 

The Digital Crimes Unit of Microsoft disrupted a major supplier of cybercrime-as-a-service (CaaS) last week, dubbed Storm-1152. The attackers had registered over 750 million fake Microsoft accounts, which they planned to sell online to other cybercriminals, making millions of dollars in the process.

"Storm-1152 runs illicit websites and social media pages, selling fraudulent Microsoft accounts and tools to bypass identity verification software across well-known technology platforms," Amy Hogan-Burney, general manager for Microsoft's DCU, stated . "These services reduce the time and effort needed for criminals to conduct a host of criminal and abusive behaviors online.” 

Cybercriminals can employ fraudulent accounts linked to fictitious profiles as a virtually anonymous starting point for automated illegal operations including ransomware, phishing, spamming, and other fraud and abuse. Furthermore, Storm-1152 is the industry leader in the development of fictitious accounts, offering account services to numerous prominent cyber threat actors. 

Microsoft lists Scattered Spider (also known as Octo Tempest) as one of these cybercriminals. They are the ones responsible for the ransomware attacks on Caesars Entertainment and the MGM Grand this fall). 

Additionally, Hogan-Burney reported that the DCU had located the group's primary ringleaders, Tai Van Nguyen, Linh Van Nguyá»…n (also known as Nguyá»…n Van Linh), and Duong Dinh Tu, all of whom were stationed in Vietnam.

"Our findings show these individuals operated and wrote the code for the illicit websites, published detailed step-by-step instructions on how to use their products via video tutorials, and provided chat services to assist those using their fraudulent services," Burney noted. 

Sophisticated crimeware-as-a-service ring 

Storm-1152's ability to circumvent security measures such as CAPTCHAs and construct millions of Microsoft accounts linked to nonexistent people highlights the group's expertise, according to researchers.

The racket was likely carried out by "leveraging automation, scripts, DevOps practices, and AI to bypass security measures like CAPTCHAs." The CaaS phenomenon is a "complex facet of the cybercrime ecosystem... making advanced cybercrime tools accessible to a wider spectrum of malicious actors," stated Craig Jones, vice president of security operations at Ontinue. 

According to Critical Start's Callie Guenther, senior manager of cyber threat research, "the use of automatic CAPTCHA-solving services indicates a fairly high level of sophistication, allowing the group to bypass one of the primary defences against automated account creation.”

Platforms can take a number of precautions to prevent unwittingly aiding cybercrime, the researchers noted. One such safeguard is the implementation of sophisticated detection algorithms that can recognise and flag suspicious conduct at scale, ideally with the help of AI. 

Furthermore, putting robust multifactor authentication (MFA) in place for the creation of accounts—especially those with elevated privileges—can greatly lower the success rate of creating fake accounts. However, Ontinue's Jones emphasises that more work needs to be done on a number of fronts.
Read more »
Vulnerability management
Cloud Security Exchange Servers Server Vulnerability Vulnerabilities and Exploits Vulnerability management

Thousands of Outdated Microsoft Exchange Servers are Susceptible to Cyber Attacks

 

A large number of Microsoft Exchange email servers in Europe, the United States, and Asia are currently vulnerable to remote code execution flaws due to their public internet exposure. These servers are running out-of-date software that is no longer supported, and as a result, they do not receive any updates or security patches. As a result, they are vulnerable to a variety of security issues, some of which have critical severity ratings. 

Recent internet scans conducted by The ShadowServer Foundation have disclosed that nearly 20,000 Microsoft Exchange servers are presently accessible via the public internet and have reached the end of life stage. These statistics, however, may not be indicative of the whole picture. Yutaka Sejiyama, a Macnica security researcher, carried out additional research and identified over 30,000 Microsoft Exchange servers that have reached end-of-life status. 

Sejiyama's Shodan scans discovered nearly 30,635 unsupported Microsoft Exchange devices on the public web. There were 275 Exchange Server 2007 instances, 4,062 Exchange Server 2010 instances, and a whopping 26,298 Exchange Server 2013 instances. 

One of the main concerns with these old servers is the possibility of remote code execution. Outdated Exchange servers are vulnerable to a number of remote code execution bugs, including the critical ProxyLogon vulnerability (CVE-2021-26855), which can be combined with the less serious CVE-2021-27065 flaw to allow remote code execution.

According to Sejiyama's analysis of the scanned systems' build numbers, approximately 1,800 Exchange servers are still vulnerable to ProxyLogon, ProxyShell, and ProxyToken vulnerabilities. 

While some of these flaws do not have critical severity ratings, Microsoft still considers them "important." Furthermore, with the exception of the ProxyLogon chain, which was previously exploited in attacks, all of these flaws are believed to be "more likely" to be targeted. 

Organisations that continue to use obsolete Exchange servers despite having implemented available mitigations are still susceptible. Microsoft strongly advises prioritising the installation of updates on servers that are exposed to the outside world. The only option for servers that have reached the end of support is to upgrade to a version that continues to get security patches. 

The identification of tens of thousands of vulnerable Microsoft Exchange servers emphasises the critical importance of updating software and applying security patches on a regular basis. Failure to do so exposes businesses to the risk of remote code execution and other security breaches.
Read more »
Zero Trust
5G networks Artificial Intelligence Biometrics Blockchain Cloud Security cutting-edge technologies Cyber Insurance Cyber Security Cybersecurity awareness edge computing quantum cryptography Zero Trust

Top 10 Cutting-Edge Technologies Set to Revolutionize Cybersecurity

 

In the present digital landscape, safeguarding against cyber threats and cybercrimes is a paramount concern due to their increasing sophistication. The advent of new technologies introduces both advantages and disadvantages. 

While these technologies can be harnessed for committing cybercrimes, adept utilization holds the potential to revolutionize cybersecurity. For instance, generative AI, with its ability to learn and generate new content, can be employed to identify anomalies, predict potential risks, and enhance overall security infrastructure. 

The ongoing evolution of technologies will significantly impact cybersecurity strategies as we navigate through the digital realm.

Examining the imminent transformation of cybersecurity, the following ten technologies are poised to play a pivotal role:

1. Quantum Cryptography:
Quantum Cryptography leverages the principles of quantum physics to securely encrypt and transmit data. Quantum key distribution (QKD), a technique ensuring the creation and distribution of interception-resistant keys, forms the foundation of this technology. Quantum cryptography ensures unbreakable security and anonymity for sensitive information and communications.

2. Artificial Intelligence (AI):
AI enables machines and systems to perform tasks requiring human-like intelligence, including learning, reasoning, decision-making, and natural language processing. In cybersecurity, AI automation enhances activities such as threat detection, analysis, response, and prevention. Machine learning capabilities enable AI to identify patterns and anomalies, fortifying cybersecurity against vulnerabilities and hazards.

3. Blockchain:
Blockchain technology creates a decentralized, validated ledger of transactions through a network of nodes. Offering decentralization, immutability, and transparency, blockchain enhances cybersecurity by facilitating digital signatures, smart contracts, identity management, and secure authentication.

4. Biometrics:
Biometrics utilizes physical or behavioral traits for identity verification and system access. By enhancing or replacing traditional authentication methods like passwords, biometrics strengthens cybersecurity and prevents fraud, spoofing, and identity theft.

5. Edge Computing:
Edge computing involves processing data closer to its source or destination, reducing latency, bandwidth, and data transfer costs. This technology enhances cybersecurity by minimizing exposure to external systems, thereby offering increased privacy and data control.

6. Zero Trust:
The zero-trust security concept mandates constant verification and validation of every request and transaction, regardless of the source's location within or outside the network. By limiting lateral movement, unwanted access, and data breaches, zero trust significantly improves cybersecurity.

7. Cloud Security:
Cloud security protects data and applications stored on cloud platforms through tools such as encryption, firewalls, antivirus software, backups, disaster recovery, and identity/access management. Offering scalability, flexibility, and efficiency, cloud security contributes to enhanced cybersecurity.

8. 5G Networks:
5G networks, surpassing 4G in speed, latency, and capacity, improve cybersecurity by enabling more reliable and secure data transfer. Facilitating advancements in blockchain, AI, and IoT, 5G networks play a crucial role in cybersecurity, particularly for vital applications like smart cities, transportation, and healthcare.

9. Cybersecurity Awareness:
Cybersecurity awareness, though not a technology itself, is a critical human component. It involves individuals and organizations defending against cyber threats through security best practices, such as strong passwords, regular software updates, vigilance against phishing emails, and prompt event reporting.

10. Cyber Insurance:
Cyber insurance protects against losses and damages resulting from cyberattacks. Organizations facing financial or reputational setbacks due to incidents like ransomware attacks or data breaches can benefit from cyber insurance, which may also incentivize the adoption of higher security standards and procedures.

Overall, the evolving landscape of cybersecurity is deeply intertwined with technological advancements that both pose challenges and offer solutions. As we embrace the transformative potential of quantum cryptography, artificial intelligence, blockchain, biometrics, edge computing, zero trust, cloud security, 5G networks, cybersecurity awareness, and cyber insurance, it becomes evident that a multi-faceted approach is essential. 

The synergy of these technologies, coupled with a heightened human awareness of cybersecurity best practices, holds the key to fortifying our defenses in the face of increasingly sophisticated cyber threats. As we march forward into the digital future, a proactive integration of these technologies and a commitment to cybersecurity awareness will be paramount in securing our digital domains.
Read more »
User Privacy
Cloud Computing Cloud Security Cyber Security Sensitive data User Privacy

Escalating Global Threats Targeting Cloud Infrastructure

 

Cloud computing's quick uptake has fundamentally changed how businesses manage and keep their data. However, as cloud environments become more and more popular, an alarming increase in cyber threats targeting them has also occurred. The sophistication of attacks on clouds is rising globally, according to recent studies and industry publications, illuminating the changing character of cyber threats.

According to a comprehensive global study on cybersecurity, the sophistication of attacks on clouds has witnessed a notable surge. The report emphasizes the need for enhanced security measures to counter these evolving threats. One of the key findings reveals that India, a major player in the IT industry, has experienced a significant increase in cloud-related cyber incidents. This highlights the urgency for organizations to prioritize their cloud security strategies to safeguard sensitive data.

Thales Data Threat Report's analysis highlights the threat's escalating severity. The biggest reasons of cloud data breaches on a worldwide scale, according to the research, are an increase in ransomware assaults and human mistakes. Organizations must deploy strong security measures to safeguard their cloud assets since fraudsters are using more sophisticated approaches. Ensuring the security, integrity, and availability of data is crucial as cloud-based services increasingly permeate company operations.

Experts caution that a proactive and multi-layered strategy for cybersecurity is necessary in light of these growing risks in cloud platforms. Traditional security measures alone are no longer sufficient. To effectively manage threats, organizations must use cutting-edge technologies and create a thorough security strategy. The importance of data security and encryption techniques, which are essential for securing cloud-stored data, is also emphasized in the paper.

The necessity for stronger security measures is also stressed by a research report on the worldwide cybersecurity business. In order to counter the increasingly complex nature of cyber threats, the research emphasizes the rising demand for cybersecurity solutions and services. It shows that businesses in a range of industries are putting more money into cutting-edge security tools to safeguard their cloud infrastructure and fend off complex threats.

Industry experts stress the value of keeping up with the most recent security trends and implementing preventative security measures in light of these findings. To inform employees of the possible hazards involved with cloud-based operations, organizations must emphasize security awareness training. Strong access controls, frequent vulnerability scans, and the use of threat intelligence tools are essential elements in enhancing cloud security.

Organizations must continue to be cautious and aggressive in their cybersecurity efforts as cloud threats' sophistication continues to rise internationally. Protecting cloud environments against developing cyber threats requires putting in place a thorough security strategy, utilizing cutting-edge technology, and promoting a culture of security awareness.



Read more »
Data Safety
3-2-1 Backup Policy Backup Strategy Cloud Copy Cloud Security Cyber Security Data Safety

How is 3-2-1 Backup Policy now Out-dated?


With the growing trend of ransomware attacks, it has become important for individuals and organizations to adopt efficient backup policies and procedures.

According to reports, in year 2022 alone, around 236.1 million ransomware attacks have been detected globally. Cyber criminals have evolved into using innovative tactics malware, cryptography and network infiltration to prevent companies from accessing their data. As a result of these emerging ransomware attacks, companies are required to strengthen their security and data backup procedures which compel companies to financial constrains in exchange for the release of their systems and backups.

Current Status of Backups

Systems compromised with ransomware can be swiftly restored with the right backups and disaster recovery techniques, thwarting the attackers. However, Hackers now know how to lock and encrypt production files while simultaneously deleting or destroying backups. Obviously, their targets would not have to pay the ransom if they can restore their computers from backups.

Conventional The 3-2-1 Backup Policy

The 3-2-1 backup policy has been in place for many years and is considered the "gold standard" for guaranteeing the security of backups. Three data copies must be produced utilizing two different types of storage media, with at least one backup occurring offsite. The backup should ideally also be immutable, which means that it cannot be deleted, altered, or encrypted within the time period specified.

The "two diverse media" has typically indicated one copy on traditional hard drives and the other copy on tape for the past 20 years or so. The most popular methods for achieving immutability involved physically storing the tape in a cardboard box or destroying the plastic tab on the tape cartridge, which rendered the tape unwritable. While most often done by replicating the backup files between two company data centers to create the offsite copy.

Growing Popularity of Cloud Security

The cloud has grown in popularity as a place to store backups in recent years. Since its launch, the majority of businesses have reconsidered the conventional 3-2-1 policy. The majority of firms are using a mixed strategy. Backups are first sent to a local storage appliance because the cloud has a limited amount of bandwidth, which is typically faster than backing up directly to the cloud. In the same way, restoring from backups works. Always, restoring from a local copy will be quicker. However, what if the local backup was deleted by the hackers? in that case, one may have to turn to the copy stored in the cloud.

Today, the majority of cloud storage providers offer "immutable" storage, which is secured and cannot be changed or deleted. You actually need this immutability to prevent hackers from eliminating your backups. Additionally, since the cloud is always "off-site," it satisfies one of the key demands of the 3-2-1 backup scheme. one may still have the cloud backup even if there is a fire, flood, or other event that damages the local backup. People no longer see a need for two different types of media, especially the third copy. 

Replicating the cloud copy to a second cloud site, preferably one that is at least 500 kilometers away, is the practice used most frequently nowadays. The two cloud copies ought to be immutable.

In comparison to on-premises storage systems, cloud storage providers typically offer substantially higher levels of data durability. Amazon, Google, Microsoft, and Wasabi have all chosen the gold standard of 11 nines of durability. If you do the arithmetic, 11 nines of durability indicates that you will statistically lose one object every 659,000 years if a user offers you one million objects to store. Because of this, you never hear about cloud storage providers losing client information. 

The likelihood of losing data due to equipment failure is nearly zero if there are two copies spread across two distinct cloud data centers. The previous requirement of "two different media" is no longer necessary at this level of durability.

Moreover, alongside the added durability, the second cloud copy considerably improves backup data availability. Although the storage system may have an 11-nine durability rating, communications issues occasionally cause entire data centers to fall offline. A data center's availability is typically closer to 4 nines. If one cloud data center goes offline, one can still access their backups at the second cloud data center since they consist of two independent cloud copies. 

One may anticipate that the local copy will be lost during the course of a ransomware attack, thus they would be depending on cloud restoration. A company may as well shut down until the backups are accessed if the cloud goes offline for any reason. This thus makes two having two cloud copies a good investment.  

Read more »
Security
Cloud Security Cyber Security Data Data Safety Entertainment Industry Media Industry Safety Security

The Media & Entertainment Industries' Major Public Cloud Security Issues

 

As reported by Wasabi, media and entertainment (M&E) organizations are swiftly resorting to cloud storage to improve their security procedures. While M&E organizations are still fairly new to cloud storage (69% had been using cloud storage for three years or less), public cloud storage use is on the rise, with 89% of respondents looking to increase (74%) or maintain (15%) their cloud services.
On average, M&E respondents reported they spend 13.9% of their IT spending on public cloud storage services. Overdrawn budgets due to hidden fees, as well as cybersecurity and data loss worries, continue to be issued for M&E organizations.

“The media and entertainment industry is a key vertical for cloud storage services, driven by the need for accessibility to large media files among multiple organizations and geographically distributed teams,” said Andrew Smith, senior manager of strategy and market intelligence at Wasabi Technologies, and a former IDC analyst.

“While complex fee structures and cybersecurity concerns remain obstacles for many M&E organizations, planned increases in cloud storage budgeting over the next year, combined with a very high prevalence of storage migration from on-premises to cloud; clearly shows the M&E industry is embracing and growing their cloud storage use year on year,” concluded Smith.

In the previous year, more than half of M&E organizations spent more than their planned amount on cloud storage services. The fees accounted for 49% of M&E firms' public cloud storage expense, with the other half going to actual storage capacity utilized. Understanding the charges and fees connected with cloud usage has been identified as the most difficult cloud migration barrier for M&E organizations.

Since M&E organizations rely substantially on data access, egress, and ingress, M&E respondents reported the highest occurrence of API call fees when compared to the global average. The respondents reported a very high incidence of cloud data migration, with 95% reporting that they migrated storage from on-premises to the public cloud in the previous year.

M&E respondents who plan to expand their public cloud storage budgets in the next 12 months identified new data protection, backup, and recovery requirements as the primary driver, compared to the global average, which rated third. More than one public cloud provider is used by 45% of M&E organizations. One of the major reasons M&E organizations chose a multi-cloud strategy was data security concerns, which came in second (44%) behind different buying centers within the organization making their own purchase decisions (47%).

The following are the top three security concerns that M&E organizations have with a public cloud:
  • Lack of native security services (42%)
  • Lack of native backup, disaster and data protection tools and services (39%)
  • Lack of experience with cloud platform or adequate security training (38%)
“Organizations in the media and entertainment industry are flocking to cloud storage as their digital assets need to be stored securely, cost-effectively and accessed quickly,” said Whit Jackson, VP of Media and Entertainment at Wasabi.

Read more »
Safety
Apps Attack Vectors Cloud Security Cyber Security Data Research Safety

Three Commonly Neglected Attack Vectors in Cloud Security

 

As per a 2022 Thales Cloud Security research, 88% of companies keep a considerable amount (at least 21% of sensitive data) in the cloud. That comes as no surprise. According to the same survey, 45% of organisations have had a data breach or failed an audit involving cloud-based data and apps. This is less surprising and positive news. 

The majority of cloud computing security issues are caused by humans. They make easily avoidable blunders that cost businesses millions of dollars in lost revenue and negative PR. Most don't obtain the training they need to recognise and deal with constantly evolving threats, attack vectors, and attack methods. Enterprises cannot avoid this instruction while maintaining control over their cloud security.

Attacks from the side channels

Side-channel attacks in cloud computing can collect sensitive data from virtual machines that share the same physical server as other VMs and activities. A side-channel attack infers sensitive information about a system by using information gathered from the physical surroundings, such as power usage, electromagnetic radiation, or sound. An attacker, for example, could use statistics on power consumption to deduce the cryptographic keys used to encrypt data in a neighbouring virtual machine.  

Side-channel attacks can be difficult to mitigate because they frequently necessitate careful attention to physical security and may involve complex trade-offs between performance, security, and usability. Masking is a common defence strategy that adds noise to the system, making it more difficult for attackers to infer important information.

In addition, hardware-based countermeasures (shields or filters) limit the amount of data that can leak through side channels.

Your cloud provider will be responsible for these safeguards. Even if you know where their data centre is, you can't just go in and start implementing defences to side-channel assaults. Inquire with your cloud provider about how they manage these issues. If they don't have a good answer, switch providers.

Container breakouts

Container breakout attacks occur when an attacker gains access to the underlying host operating system from within a container. This can happen if a person has misconfigured the container or if the attacker is able to exploit one of the many vulnerabilities in the container runtime. After gaining access to the host operating system, an attacker may be able to access data from other containers or undermine the security of the entire cloud infrastructure.

Securing the host system, maintaining container isolation, using least-privilege principles, and monitoring container activities are all part of defending against container breakout threats. These safeguards must be implemented wherever the container runs, whether on public clouds or on more traditional systems and devices. These are only a few of the developing best practices; they are inexpensive and simple to apply for container developers and security experts.

Cloud service provider vulnerabilities

Similarly to a side-channel attack, cloud service providers can be exposed, which can have serious ramifications for their clients. An attacker could gain access to customer data or launch a denial-of-service attack by exploiting a cloud provider's infrastructure weakness. Furthermore, nation-state actors can attack cloud providers in order to gain access to sensitive data or destroy essential infrastructure, which is the most serious concern right now.

Again, faith in your cloud provider is required. Physical audits of their infrastructure are rarely an option and would almost certainly be ineffective. You require a cloud provider who can swiftly and simply respond to inquiries about how they address vulnerabilities:

Read more »
Vulnerability management
Application Security Cloud Security Data Safety Vulnerabilities and Exploits Vulnerability management

Unpatched ICS Flaws in Critical Infrastructure: CISA Issues Alert

 

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) released recommendations for a total of 49 vulnerabilities in eight industrial control systems (ICS) utilised by businesses in various critical infrastructure sectors. Several of these vulnerabilities are still unpatched. 

Organizations in the critical infrastructure sectors must increasingly take cybersecurity into account. Environments for ICS and operational technology (OT) are becoming more and more accessible via the Internet and are no longer air-gapped or compartmentalised as they once were. As a result, both ICS and OT networks have grown in popularity as targets for both nation-state players and threat actors driven by financial gain.

That's bad because many of the flaws in the CISA advisory can be remotely exploited, only require a simple assault to succeed, and provide attackers access to target systems so they may manipulate settings, elevate privileges, get around security measures, steal data, and crash systems. Products from Siemens, Rockwell Automation, Hitachi, Delta Electronics, Keysight, and VISAM all have high-severity vulnerabilities. 

The CISA recommendation was released at the same time as a study from the European Union on threats to the transportation industry, which included a similar warning about the possibility of ransomware attacks on OT systems used by organisations that handle air, sea, rail, and land transportation. Organizations in the transportation industry are also affected by at least some of the susceptible systems listed in CISA's alert. 

Critical vulnerabilities

Siemens' RUGGEDCOM APE1808 technology contains seven of the 49 vulnerabilities listed in CISA's alert and is not currently patched. The flaws give an attacker the ability to crash or increase the level of privileges on a compromised system. The device is presently used by businesses in several critical infrastructure sectors all around the world to host commercial applications. 

The Scalance W-700 devices from Siemens have seventeen more defects in various third-party parts. The product is used by businesses in the chemical, energy, food, agricultural, and manufacturing sectors as well as other critical infrastructure sectors. In order to protect network access to the devices, Siemens has urged organisations using the product to update their software to version 2.0 or later. 

InfraSuite Device Master, a solution used by businesses in the energy sector to keep tabs on the health of crucial systems, is impacted by thirteen of the recently discovered vulnerabilities. Attackers can utilise the flaws to start a denial-of-service attack or to obtain private information that could be used in another attack. 

Other vendors in the CISA advisory that have several defects in their products include Visam, whose Vbase Automation technology had seven flaws, and Rockwell Automaton, whose ThinManager product was employed in the crucial manufacturing industry and had three flaws. For communications and government businesses, Keysight had one vulnerability in its Keysight N6845A Geolocation Server, while Hitachi updated details on a previously known vulnerability in its Energy GMS600, PWC600, and Relion products. 

For the second time in recent weeks, CISA has issued a warning to firms in the critical infrastructure sectors regarding severe flaws in the systems such organisations employ in their operational and industrial technology settings. Similar warnings on flaws in equipment from 12 ICS suppliers, including Siemens, Hitachi, Johnson Controls, Panasonic, and Sewio, were released by the FCC in January. 

Many of the defects in the previous warning, like the current collection of flaws, allowed threat actors to compromise systems, increase their privileges, and wreak other havoc in ICS and OT contexts. 

OT systems under attack

A report this week on cyberthreats to the transportation industry from the European Union Agency for Cybersecurity (ENISA) issued a warning about potential ransomware attacks against OT systems. The report's analysis of 98 publicly reported incidents in the EU transportation sector between January 2021 and October 2022 was the basis for the report. 

According to the data, 47% of the attacks were carried out by cybercriminals who were motivated by money. The majority of these attacks (38%) involved ransomware. Operational disruptions, spying, and ideological assaults by hacktivist groups were a few more frequent reasons. 

Even while these attacks occasionally caused collateral damage to OT systems, ENISA's experts did not discover any proof of targeted attacks on them in the 98 events it examined. 

"The only cases where OT systems and networks were affected were either when entire networks were affected or when safety-critical IT systems were unavailable," the ENISA report stated. However, the agency expects that to change. "Ransomware groups will likely target and disrupt OT operations in the foreseeable future."

The research from the European cybersecurity agency cited an earlier ENISA investigation that warned of ransomware attackers and other new threat groups tracked as Kostovite, Petrovite, and Erythrite that target ICS and OT systems and networks. The report also emphasised the ongoing development of malware designed specifically for industrial control systems, such as Industroyer, BlackEnergy, CrashOverride, and InController, as indicators of increasing attacker interest in ICS environments. 

"In general, adversaries are willing to dedicate time and resources in compromising their targets to harvest information on the OT networks for future purposes," the ENISA report further reads. "Currently, most adversaries in this space prioritize pre-positioning and information gathering over disruption as strategic objectives."
Read more »
Verizon
Cloud Security Cyber Security data security Security Breach Security Observability SIEM Verizon

Security Observability: How it Transforms Cloud Security


Security Observability 

Security Observability is an ability to gain recognition into an organization’s security posture, including its capacity to recognize and address security risks and flaws. It entails gathering, analyzing, and visualizing security data in order to spot potential risks and take preventative action to lessen them. 

The process involves data collection from varied security tools and systems, like network logs, endpoint security solutions, and security information and event management (SIEM) platforms, further utilizing the data to observe potential threats. In other words, unlike more conventional security operations tools, it informs you of what is expected to occur rather than just what has actually occurred. Security observability is likely the most significant advancement in cloud security technology that has occurred in recent years because of this major distinction. 

Though, a majority of users are still unaware of security observability, which is something that raises concerns. According to a 2021 Verizon Data Breach Investigations Report, cloud assets were included in 24% of all breaches analyzed, up from 19% in 2020. 

It is obvious that many people working in cloud security are responding slowly to new risks, and a select few need to act more quickly. This is likely to get worse as multi-cloud apps that leverage federated architectures gain popularity and cloud deployments become more varied and sophisticated. The number of attack surfaces will keep growing, and attackers' ingenuity is starting to take off. 

Organizations can embrace cloud security observability to get a more complete understanding of their cloud security position, allowing them to: 

  • Detect and Respond to Threats More Quickly: Cloud security allows firms to recognize and respond to threats fasters, in a much proactive manner, all by collecting data from numerous security tools and systems. 
  • Identity Vulnerabilities and Secure Gaps: With a better knowledge about the potential threats, organizations can take upbeat measures to address the issues before the bad actors could manage to exploit them. 
  • Improve Incident Response: Cloud security observability can help organizations improve their incident response skills and lessen the effect of attacks by giving a more thorough view of security occurrences. 
  • Ensure Compliance: Cloud security observability further aids organizations in analyzing and monitoring their cloud security deployment/posture to maintain compliance with industry rules and regulations, also supporting audits and other legal accounting.  

Read more »
Technology
Business Security Cloud Security Cloud Services data security Malicious Hackers Technology

Future of the Cloud is Plagued by Security Issues

 

Several corporate procedures require the use of cloud services. Businesses may use cloud computing to cut expenses, speed up deployments, develop at scale, share information effortlessly, and collaborate effectively all without the need for a centralised site. 

But, malicious hackers are using these same services more and more inappropriately, and this trend is most likely to continue in the near future. Cloud services are a wonderful environment for eCrime since threat actors are now well aware of how important they are. The primary conclusions from CrowdStrike's research for 2022 are as follows. 

The public cloud lacks specified perimeters, in contrast to conventional on-premises architecture. The absence of distinct boundaries presents a number of cybersecurity concerns and challenges, particularly for more conventional approaches. These lines will continue to blur as more companies seek for mixed work cultures. 

Cloud vulnerability and security risks

Opportunistically exploiting known remote code execution (RCE) vulnerabilities in server software is one of the main infiltration methods adversaries have been deploying. Without focusing on specific industries or geographical areas, this involves searching for weak servers. Threat actors use a range of tactics after gaining initial access to obtain sensitive data. 

One of the more common exploitation vectors employed by eCrime and targeted intrusion adversaries is credential-based assaults against cloud infrastructures. Criminals frequently host phoney authentication pages to collect real authentication credentials for cloud services or online webmail accounts.

These credentials are then used by actors to try and access accounts. As an illustration, the Russian cyberspy organisation Fancy Bear recently switched from using malware to using more credential-harvesting techniques. Analysts have discovered that they have been employing both extensive scanning methods and even victim-specific phishing websites that deceive users into believing a website is real. 

However, some adversaries are still using these services for command and control despite the decreased use of malware as an infiltration tactic. They accomplish this by distributing malware using trusted cloud services.

This strategy is useful because it enables attackers to avoid detection by signature-based methods. This is due to the fact that many network scanning services frequently trust cloud hosting service top-level domains. By blending into regular network traffic, enemies may be able to get around security restrictions by using legitimate cloud services (like chat).

Cloud services are being used against organisations by hackers

Using a cloud service provider to take advantage of provider trust connections and access other targets through lateral movement is another strategy employed by bad actors. The objective is to raise privileges to global administrator levels in order to take control of support accounts and modify client networks, opening up several options for vertical spread to numerous additional networks. 

Attacks on containers like Docker are levelled at a lower level. Criminals have discovered ways to take advantage of Docker containers that aren't set up properly. These images can then be used as the parent to another application or on their own to interact directly with a tool or service. 

This hierarchical model means that if malicious tooling is added to an image, every container generated from it will also be compromised. Once they have access, hostile actors can take advantage of these elevated privileges to perform lateral movement and eventually spread throughout the network. 

Prolonged detection and reaction

Extended detection and reaction is another fundamental and essential component of effective cloud security (XDR). A technology called XDR may gather security data from endpoints, cloud workloads, network email, and many other sources. With all of this threat data at their disposal, security teams can quickly and effectively identify and get rid of security threats across many domains thanks to XDR. 

Granular visibility is offered by XDR platforms across all networks and endpoints. Analysts and threat hunters can concentrate on high-priority threats because they also provide detections and investigations. This is due to XDR's ability to remove from the alert stream abnormalities that have been deemed to be unimportant. Last but not least, XDR systems should include thorough cross-domain threat data as well as information on everything from afflicted hosts and underlying causes to indicators and dates. The entire investigation and treatment procedure is guided by this data.

While threat vectors continue to change every day, security breaches in the cloud are getting more and more frequent. In order to safeguard workloads hosted in the cloud and to continuously advance the maturity of security processes, it is crucial for businesses to understand current cloud risks and use the appropriate technologies and best practises.
Read more »
security threat
AI AI Trends Cloud Security Cyber Security Data Safety security threat

2023: The Year of AI? A Closer Look at AI Trends

 

Threats to cyberspace are constantly changing. As a result, businesses rely on cutting-edge tools to respond to risks and, even better, prevent them from happening in the first place. The top five cybersecurity trends from last year were previously listed by Gartner. The need for artificial intelligence and machine learning tools to help people remain ahead of the curve is becoming more and more obvious with each passing development.

Even more compelling for this year are these estimates for 2022. To manage cloud environments, remote labour, and ongoing disruptions, businesses will require a versatile, adaptable toolkit powered by AI and ML. 

Trend 1: Increased attack surface 

Companies are at a turning point as a result of the increase in permanent remote job opportunities. Remote employment has been beneficial for employees and a relief for businesses who weren't sure if their operations would continue after the shift. The drawback is that because these employees need access to company resources wherever they are, businesses have had to move to the cloud, which has exposed more attack surfaces. 

Businesses, in Gartner's opinion, ought to think outside the box. And some businesses have without a doubt. By launching sophisticated algorithms that are completely observable, AI can provide continuous monitoring across all settings, managing even the temporary resources of the cloud. In order to give real-time insight into security-related data, for instance, Security Information and Event Management (SIEM) gathers and analyses log data from numerous sources, including network devices, servers, and apps.

Trend 2: Identity System Defense 

Similar to trend 1, trend 2 sees the misuse of credentials as one of the most typical ways threat actors access sensitive networks. Companies are putting in place what Gartner refers to as "identity threat detection and response" solutions, and AI and machine learning will enable some of the more potent ones. 

For instance, AI-based phishing solutions analyse email content, sender reputation, and email header data to detect and thwart phishing attempts. Businesses can also use anomaly detection. These AI-based detection solutions can employ machine learning algorithms to identify anomalies in network traffic, such as unusual patterns of login attempts or unusual traffic patterns. 

When threat actors attempt credential stuffing or use a huge volume of stolen credential information for a brute-force attack, AI can also warn admins. And while it may surprise humans to find how predictable we are, AI can also examine common behaviour patterns to spot unusual conduct, such as login attempts from a different location, which aids in the quicker detection of potential invasions. 

Trend 3: Risk in the Digital Supply Chain 

By 2025, 45% of firms globally are expected to have been the target of a supply chain assault, according to Gartner. Although supply chains have always been intricate networks, the advent of big data and swift changes in consumer behaviour have pushed margins to precarious levels. 

To avoid disruptions, reduce risk, and make speedy adjustments when something does happen, businesses are utilising AI in a variety of ways. With the help of digital twin techniques, hypothetical scenarios may be successfully tested on precise digital supply chain replicas to identify the optimum solutions in almost any situation. It can also do sophisticated fraud detection or use deep learning algorithms to examine network data and find unwanted activity like malware and DDoS attacks. AI-based response systems can also react swiftly to perceived threats to stop an attack from spreading.

Trend 4: Consolidation of suppliers 

According to Gartner, manufacturers will keep combining their security services and products into packages on a single platform. While this might highlight some difficulties—introducing a single point of failure, for instance—Gartner thinks it will simplify the cybersecurity sector. 

Organizations are becoming more and more interested in collaboration security. Businesses are aware that the digital landscape is no longer confined to a small, on-premises area protected by conventional security technologies. Companies may be able to lessen some of the vulnerabilities present in a complex digital infrastructure by establishing a culture of security throughout the organisation and collaborating with services providing the aforementioned security packages. 

Fifth Trend: Cybersecurity mesh 

By 2024, firms that implement a cybersecurity mesh should see a significant decrease in the cost of individual security incidents, according to Gartner. There is an obvious benefit that businesses that deploy AI-based security products may experience because these systems can: 

  • Automate tedious, time-consuming operations, such as incident triage, investigation, and response, to boost the cybersecurity mesh's efficacy and efficiency. 
  • Utilise machine learning algorithms to analyse data from numerous sources, including network traffic, logs, and threat intelligence feeds, to spot potential security issues in real time and take immediate action. 
  • Use information from multiple sources, including financial transactions, social media, and news articles, to discover and evaluate any potential threats to the cybersecurity mesh and modify the security measures as necessary. 
  • Employ machine learning algorithms to find patterns in network traffic that are odd, such as strange login patterns or strange traffic patterns, which can assist in identifying and addressing potential security issues. 

Gartner's predictions came true in 2022, but in 2023, we're just beginning to witness dynamic AI answers. Businesses are aware that disruptions and cloud migrations mean that security operations from before 2020 cannot be resumed. Instead, AI will be a critical cybersecurity element that supports each trend and encourages businesses to adopt a completely new cybersecurity strategy.
Read more »
Subscribe to: Posts (Atom)