Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label cyber resilience. Show all posts

Creating a Strong Cybersecurity Culture: The Key to Business Resilience

 

In today’s fast-paced digital environment, businesses face an increasing risk of cyber threats. Establishing a strong cybersecurity culture is essential to protecting sensitive information, maintaining operations, and fostering trust with clients. Companies that prioritize cybersecurity awareness empower employees to play an active role in safeguarding data, creating a safer and more resilient business ecosystem. 

A cybersecurity-aware culture is about more than just protecting networks and systems; it’s about ensuring that every employee understands their role in preventing cyberattacks. The responsibility for data security has moved beyond IT departments to involve everyone in the organization. Even with robust technology, a single mistake—such as clicking a phishing link—can lead to severe consequences. Therefore, educating employees about potential threats and how to mitigate them is crucial. 

As technology becomes increasingly integrated into business operations, security measures must evolve to address emerging risks. The importance of cybersecurity awareness cannot be overstated. Just as you wouldn’t leave your home unsecured, companies must ensure their employees recognize the value of safeguarding corporate information. Awareness training helps employees understand that protecting company data also protects their personal digital presence. This dual benefit motivates individuals to remain vigilant, both professionally and personally. Regular cybersecurity training programs, designed to address threats like phishing, malware, and weak passwords, are critical. Studies show that such initiatives significantly reduce the likelihood of successful attacks. 

In addition to training, consistent reminders throughout the year help reinforce cybersecurity principles. Simulated phishing exercises, for instance, teach employees to identify suspicious emails by looking for odd sender addresses, unusual keywords, or errors in grammar. Encouraging the use of strong passwords and organizing workshops to discuss evolving threats also contribute to a secure environment. Organizations that adopt these practices often see measurable improvements in their overall cybersecurity posture. Artificial intelligence (AI) has emerged as a powerful tool for cybersecurity, offering faster and more accurate threat detection. 

However, integrating AI into a security strategy requires careful consideration. AI systems must be managed effectively to avoid introducing new vulnerabilities. Furthermore, while AI excels at monitoring and detection, foundational cybersecurity knowledge among employees remains essential. A well-trained workforce can address risks independently, ensuring that AI complements human efforts rather than replacing them. Beyond internal protections, cybersecurity also plays a vital role in maintaining customer trust. Clients want to know their data is secure, and any breach can severely harm a company’s reputation. 

For example, a recent incident involving CrowdStrike revealed how technical glitches can escalate into major phishing attacks, eroding client confidence. Establishing a clear response strategy and fostering a culture of accountability help organizations manage such crises effectively. 

A robust cybersecurity culture is essential for modern businesses. By equipping employees with the tools and knowledge to identify and respond to threats, organizations not only strengthen their defenses but also enhance trust with customers. This proactive approach is key to navigating today’s complex digital landscape with confidence and resilience.

Cyber Resilience: Preparing for the Inevitable in a New Era of Cybersecurity

 

At the TED Conference in Vancouver this year, the Radical Innovators foundation brought together over 60 of the world’s leading CHROs, CIOs, and founders to discuss how emerging technologies like AI and quantum computing can enhance our lives. Despite the positive focus, the forum also addressed a more concerning topic: how these same technologies could amplify cybersecurity threats. Jeff Simon, CISO of T-Mobile, led a session on the future of security, engaging tech executives on the growing risks. 

The urgency of this discussion was underscored by alarming data from Proofpoint, which showed that 94% of cloud customers faced cyberattacks monthly in 2023, with 62% suffering breaches. This illustrates the increased risk posed by emerging technologies in the wrong hands. The sentiment from attendees was clear: successful cyberattacks are now inevitable, and the traditional focus on preventing breaches is no longer sufficient. Ajay Waghray, CIO of PG&E Corporation, emphasized a shift in mindset, suggesting that organizations must operate under the assumption that their systems are already compromised. 

He proposed a new approach centered around “cyber resilience,” which goes beyond stopping breaches to maintaining business continuity and strengthening organizational resilience during and after attacks. The concept of cyber resilience aligns with lessons learned during the pandemic, where resilience was about not just recovery, but coming back stronger. Bipul Sinha, CEO of Rubrik, a leading cyber resilience firm, believes organizations must know where sensitive data resides and evolve security policies to stay ahead of future threats. He argues that preparedness, including preemptive planning and strategic evolution after an attack, is crucial for continued business operations. 

Venture capital firms like Lightspeed Venture Partners are also recognizing this shift towards cyber resilience. Co-founder Ravi Mhatre highlights the firm’s investments in companies like Rubrik, Wiz, and Arctic Wolf, which focus on advanced threat mitigation and containment. Mhatre believes that cybersecurity now requires a more dynamic approach, moving beyond the idea of a strong perimeter to embrace evolutionary thinking. Waghray identifies four core elements of a cyber resilience strategy: planning, practice, proactive detection, and partnerships. 

These components serve as essential starting points for companies looking to adopt a cyber resilience posture, ensuring they are prepared to adapt, respond, and recover from the inevitable cyber threats of the future.

Enterprise Resilience in the Face of Cyber Risk

 


There are now more than $10 trillion in annual cybercrime costs in the world, which speaks volumes about how quickly data breaches, ransomware attacks, and malicious disruption of business and government operations are growing in scale and scope. Cyber attacks are growing in number, quantity, and quality, and there is no doubt that these three factors are driving the rise in cyber attacks; this assertion is made by Ram Elboim, CEO of Sygnia, an organization that provides cyber readiness and response services to enterprises around the globe. 

The author of this article reports that "geopolitics has a much greater influence on cybersecurity today than it did five years ago." Accordingly, enterprises are now experiencing attacks from what appears to be a totally new corner in terms of the cyber landscape, namely national-state threat actors. As part of their cyber armies, the members of these cyber armies have been particularly successful in attacking new targets, including organizations that support critical infrastructures like power plants, water supply systems, and hospitals, and that deliver vital services like health care. 

As a result, enterprise resilience entails a company's ability to engage with strategic, financial, operational, and information (cyber) risks in a manner that gives the company a competitive advantage, is profitable, and enables the company to make effective use of technology. As a result of cyber resilience, an organization can detect, respond to and quickly recover from a wide range of cyber threats, including internal risks and external attacks such as data breaches and ransomware, which can cause meaningful business disruptions. 

By going beyond just cybersecurity, it ensures business continuity during and after an incident to prevent attacks and ensure business continuity. It is important to constantly strengthen the defences against evolving threats to cyberspace to maintain cyber resilience. In the industry of cybersecurity, the hard reality is that IT leaders must constantly fight off a perpetually relentless, ever-evolving threat from malicious actors while protecting a growing array of attack surfaces that are ever-changing due to the ongoing evolution of technologies. 

Based on these numbers, it becomes clear that traditional security methods and tools are not enough to ensure the safety of businesses. Based on the EY 2023 Global Cybersecurity Leadership Insights Study, up to 44 significant cyber incidents occur every year on average for organizations, and the cost of ransomware is expected to reach $265 billion by the year 2031.

Only one in five chief information security officers (CISOs) believe their approaches to modern threats are effective, according to a survey conducted by Forrester, based on a sample of CISOs who are already aware that what their organizations are doing is inadequate. It becomes increasingly difficult for even the most seasoned cybersecurity specialists to keep up with the ever-changing threat landscape, which presents new and unexpected challenges. 

Organizations should continually upgrade their security practices as well as move beyond reactive strategies such as applying new technologies and putting disaster recovery at the core of their strategy, instead of concentrating on reactive measures such as technology adoption and disaster recovery. The concept of cyber resilience extends far beyond the idea of preparing for and reacting to threats and attacks; it is a comprehensive approach that incorporates several aspects relevant to protecting an organization from cyber attacks, including business continuity, the security of information systems, and organizational resilience in general. 

Developing cyber resilience comes down to integrating security into every aspect of an organization's operations from the ground up and constantly improving its cybersecurity posture over time. While achieving real cyber resilience is a challenging task, innovators are paving the road to make it possible on the way to making it a reality. As a result of the advanced cybercriminals of today, two important components of today's business operations are making a substantial contribution to the substantial expansion in the scale and scope of cyber threats that are emerging. 

The first type of threat is legacy IT infrastructure that has not been upgraded to protect it from the new types of threats that are emerging. A machine that controls an assembly line, says Elboim, is a good example of this technology. There is a reluctance on the part of the factory management to provide the company with new cybersecurity tools because that would entail shutting down the factory for several days, which would be very costly. 

Another factor that is contributing to the increase in the number of cyber attacks is the fact that many organizations are beginning to use the cloud infrastructure and the global network of the internet in an attempt to leverage the relatively new IT infrastructure created by cloud computing. Traditionally, hospitals, like most institutions of health, have been quite insulated and isolated from society. 

The U.S. Department of Health and Human Services reported 387 data breaches of 500 or more records in the first half of 2018, reflecting an increase of 8.4% over the same period in 2023, and a 9.3% increase over the same period in 2022. Joining the new, global IT infrastructure also means that one must keep up with its ever-changing transformations and upgrade with the latest technologies, applications, and services that are constantly being developed in the area. 

According to a report published earlier this year by McKinsey & Company, AI is the new thing today and it has taken enterprise adoption by 72% in terms of adoption by companies worldwide. It was found that corporate filings for the second quarter of 2024, as summarized by GlobalData, discussed the need for companies to adopt tools and processes to reduce the risk of cyberattacks during the quarter. A growing number of firms have discovered that integrating AI into existing infrastructure and operations has adverse consequences for their security, resulting in a growing attack surface that needs to be carefully scrutinized by security professionals. 

Elboim of the University of Maryland says that AI has a lot of potential in terms of improving cybersecurity tools in the future. The rise of AI could also lead to a potential increase in cyber risk since many organizations do not yet have clear governance rules around AI, so they are unsure of how to use AI effectively, and they lack an accurate indication of how employees are using it. This threatens organizations in a new way, he says, as a brand new threat landscape has opened up. 

Recently, Sygnia and NVIDIA announced their collaboration to develop a hardware and software solution which would secure industrial and critical infrastructure by combining the power of artificial intelligence with side-by-side security. As of today, Sygnia employs about 250 people across eight offices in Tel Aviv, New York, Singapore, London, Mexico City, and Sydney, providing services all over the world. 

During their consulting and assistance, they help enterprises prevent and defend against cyber-attacks, respond to, remediate, and recover from cyber-attacks, and monitor and detect cyber threats to prevent and defend against cyber-attacks. Sygnia, a startup started by veterans of Israel's elite intelligence group Unit 8200 and launched by Team8, which is another startup foundry that was started by alumni of the 8200, was founded in 2015 by former members of Unit 8200. Sygnia began in 2015 as a startup financed by Microsoft, Intel, Cisco, Qualcomm, AT&T, Nokia, Temasek, and Innovation Endeavors. 

In 2018, Sygnia has become a Temasek International company. There is a concept known as business continuity, which allows a company to continue to perform its core business functions even when there is a disaster, attack, or another type of intervention. A disaster recovery plan is often developed by businesses to recover from natural disasters in case they happen in the future. 

An effective disaster recovery plan will include a strategy to remain cyber resilient during such events, as well as anything else that may result in the loss of critical systems in the event of a disaster. Identifying crisis shock absorbers to sustain business operations, customer outreach, and non-stop business transformation throughout times of crisis is the key to driving enterprise resilience, and these shock absorbers are the key to driving enterprise resiliency. 

Digital transformation has emerged as a vital strategy for enhancing enterprise resiliency, especially in the face of unprecedented challenges. Organizations that embraced digital technologies demonstrated a significant ability to adapt during crises such as the COVID-19 pandemic. These digitally enabled enterprises were able to respond swiftly to disruptions, managing issues within their supply chains, addressing interruptions in customer demand, and delivering innovative products and services to maintain business continuity. 

The pandemic underscored the importance of agility in business operations. Those companies that had already undergone or were in the digital transformation process were better equipped to pivot, making necessary adjustments to their operations. This adaptability allowed them to survive and thrive in an unpredictable environment, ensuring that they could meet the evolving needs of their customers and stakeholders. 

However, digital transformation must go beyond operational improvements and encompass a robust cybersecurity framework to achieve true resilience. A comprehensive digital transformation strategy aimed at building enterprise resiliency must integrate cybersecurity measures at every stage of the enterprise lifecycle. This holistic approach involves not only protecting critical business assets but also continuously monitoring and detecting changes in the threat landscape. 

By embedding cybersecurity within the organization's core processes, businesses can proactively manage their risk exposure. As cyber threats continue to evolve, so too must the organization's capabilities to address new vulnerabilities. This evolution requires regular updates to security protocols, investments in cutting-edge technologies, and a commitment to ongoing employee training to ensure readiness in the face of emerging cyber risks. 

Ultimately, enterprise resilience in the digital age hinges on the ability to safeguard both physical and digital assets. A well-executed digital transformation strategy, combined with a proactive cybersecurity posture, will enable organizations to remain agile, secure, and competitive in a rapidly changing global marketplace. 

Cyble Research Reveals Near-Daily Surge in Supply Chain Attacks

 

The prevalence of software supply chain attacks is on the rise, posing significant threats due to the extensive impact and severity of such incidents, according to threat intelligence researchers at Cyble.

Within a six-month span from February to mid-August, Cyble identified 90 claims of supply chain breaches made by cybercriminals on the dark web. This averages nearly one breach every other day. Supply chain attacks are notably more costly and damaging than other types of cyber breaches, making even a small number of these attacks particularly detrimental.

Cyble’s blog highlights that while infiltrations of an IT supplier’s codebase—similar to the SolarWinds incident in 2020 and Kaseya in 2021—are relatively uncommon, the software supply chain’s various components, including code, dependencies, and applications, remain a continuous source of vulnerabilities. These persistent risks leave all organizations exposed to potential cyberattacks.

Even when supply chain breaches do not compromise codebases, they can still result in the exposure of sensitive data, which attackers can exploit to breach other environments through methods such as phishing, spoofing, and credential theft. The interconnected nature of the physical and digital supply chain means that any manufacturer or supplier involved in downstream distribution could be considered a potential cyber risk, according to the researchers.

In their 2024 analysis, Cyble researchers examined the frequency and characteristics of supply chain attacks and explored defenses that can mitigate these risks.

Increasing Frequency of Supply Chain Attacks

Cyble’s dark web monitoring revealed 90 instances of cybercriminals claiming successful supply chain breaches between February and mid-August 2024.

IT service providers were the primary targets, accounting for one-third of these breaches. Technology product companies were also significantly impacted, experiencing 14 breaches. The aerospace and defense, manufacturing, and healthcare sectors followed, each reporting between eight and nine breaches.

Despite the concentration of attacks in certain industries, Cyble’s data shows that 22 out of 25 sectors tracked have experienced supply chain attacks in 2024. The U.S. led in the number of breaches claimed on the dark web, with 31 incidents, followed by the UK with 10, and Germany and Australia with five each. Japan and India each reported four breaches.

Significant Supply Chain Attacks in 2024

Cyble’s blog detailed eight notable attacks, ranging from codebase hijacks affecting over 100,000 sites to disruptions of essential services. Examples include:

  • jQuery Attack: In July, a supply chain attack targeted the JavaScript npm package manager, using trojanized versions of jQuery to exfiltrate sensitive form data from websites. This attack impacted multiple platforms and highlighted the urgent need for developers and website owners to verify package authenticity and monitor code for suspicious modifications.
  • Polyfill Attack: In late June, a fake domain impersonated the Polyfill.js library, injecting malware into over 100,000 websites. This malware redirected users to unauthorized sites, underscoring the security risks associated with external code libraries and the importance of vigilant website security.
  • Programming Language Breach: The threat actor IntelBroker claimed unauthorized access to a node package manager (npm) and GitHub account related to an undisclosed programming language, including private repositories with privileges to push and clone commits.
  • CDK Global Inc. Attack: On June 19, a ransomware attack targeted CDK Global Inc., a provider of software to automotive dealerships, disrupting sales and inventory operations for weeks across North American auto dealers, including major networks like Group1 Automotive Inc. and AutoNation Inc.
  • Access to 400+ Companies: IntelBroker also claimed in June to have access to over 400 companies through a compromised third-party contractor, with data access to platforms like Jira, GitHub, and AWS, potentially affecting large organizations such as Lockheed Martin and Samsung.
Mitigating Supply Chain Risks through Zero Trust and Resilience

To counter supply chain attacks, Cyble researchers recommend adopting zero trust principles, enhancing cyber resilience, and improving code security. Key defenses include:

  1. Network microsegmentation
  2. Strong access controls
  3. Robust user and device identity authentication
  4. Encrypting data both at rest and in transit
  5. Ransomware-resistant backups that are “immutable, air-gapped, and isolated”
  6. Honeypots for early detection of breaches
  7. Secure configuration of API and cloud service connections
  8. Monitoring for unusual activity using tools like SIEM and DLP
  9. Regular audits, vulnerability scanning, and penetration testing are also essential for maintaining these controls.

Enhancing Secure Development and Third-Party Risk Management

Cyble also emphasizes best practices for code security, including developer audits and partner assessments. The use of threat intelligence services like Cyble’s can further aid in evaluating partner and vendor risks.

Cyble’s third-party risk intelligence module assesses partner security across various areas, such as cyber hygiene, dark web exposure, and network vulnerabilities, providing specific recommendations for improvement. Their AI-powered vulnerability scanning also helps organizations identify and prioritize their own web-facing vulnerabilities.

As security becomes a more critical factor in purchasing decisions, vendors will likely need to improve their security controls and documentation to meet these demands, the report concludes.

Federal Watchdog Calls on EPA to Formulate Comprehensive Cybersecurity Plan for Water Systems


The U.S. Government Accountability Office (GAO) has called on the Environmental Protection Agency (EPA) to urgently formulate a strategy to combat the increasing risk of cyber attacks targeting the country's drinking and wastewater systems. This recommendation was outlined in a report released last week. 

Recently, the water utility sector has faced a surge in threats from both state-linked and criminal hackers. These malicious actors are employing custom malware, ransomware, and other tools to disable, sabotage, or steal data from vulnerable water utilities.

The GAO emphasized the need for a comprehensive sector-wide risk assessment, noting that the water utility sector lacks adequate protection against these threats without additional government support.

The Biden administration has made securing the drinking and wastewater treatment industries a priority, especially after several high-profile hacking incidents have raised concerns about the sector's cybersecurity. 

In March, the White House and EPA urged state officials to report on the preparedness of water utilities to combat increasing cyber threats. Despite this, EPA officials remain concerned that the information provided is not being consolidated into a comprehensive national strategy.

Alfredo Gomez, director of natural resources and the environment at GAO, highlighted via email that a state-by-state information collection would not address national-level risks. He stressed the importance of integrating risk information into a thorough risk assessment.

National Cyber Director Harry Coker Jr. discussed measures to support the water industry during a speech in Washington, D.C., in May. He outlined plans for the EPA to enhance technical assistance for public water systems and for the Department of Agriculture to invest in rural water utility programs.

In response to the GAO report, EPA officials announced they are developing plans to bolster federal assistance to the water industry. Although the EPA had initiated plans in 2023 to enhance cyber resilience through audits, these were rescinded following a state legal challenge.

The EPA reiterated its commitment to providing cybersecurity technical assistance to the water sector and collaborating with federal partners to minimize risks to the nation’s drinking water and wastewater systems.