Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label survey. Show all posts

AI's Rapid Code Development Outpaces Security Efforts

 


As artificial intelligence (AI) advances, it accelerates code development at a pace that cybersecurity teams struggle to match. A recent survey by Seemplicity, which included 300 US cybersecurity professionals, highlights this growing concern. The survey delves into key topics like vulnerability management, automation, and regulatory compliance, revealing a complex array of challenges and opportunities.

Fragmentation in Security Environments

Organisations now rely on an average of 38 different security product vendors, leading to significant complexity and fragmentation in their security frameworks. This fragmentation is a double-edged sword. While it broadens the arsenal against cyber threats, it also results in an overwhelming amount of noise from security tools. 51% of respondents report being inundated with alerts and notifications, many of which are false positives or non-critical issues. This noise significantly hampers effective vulnerability identification and prioritisation, causing delays in addressing real threats. Consequently, 85% of cybersecurity professionals find managing this noise to be a substantial challenge, with the primary issue being slow risk reduction.

The Rise of Automation in Cybersecurity

In the face of overwhelming security alerts, automation is emerging as a crucial tool for managing cybersecurity vulnerabilities. According to a survey by Seemplicity, 95% of organizations have implemented at least one automated method to manage the deluge of alerts. Automation is primarily used in three key areas:

1. Vulnerability Scanning: 65% of participants have adopted automation to enhance the precision and speed of identifying vulnerabilities, significantly streamlining this process.

2. Vulnerability Prioritization: 53% utilise automation to rank vulnerabilities based on their severity, ensuring that the most critical issues are addressed first.

3. Remediation: 41% of respondents automate the assignment of remediation tasks and the execution of fixes, making these processes more efficient.

Despite these advancements, 44% still rely on manual methods to some extent, highlighting obstacles to complete automation. Nevertheless, 89% of cybersecurity leaders acknowledge that automation has increased efficiency, particularly in accelerating threat response.

AI's Growing Role in Cybersecurity

The survey highlights a robust confidence in AI's ability to transform cybersecurity practices. An impressive 85% of organizations intend to increase their AI spending over the next five years. Survey participants expect AI to greatly enhance early stages of managing vulnerabilities in the following ways:

1. Vulnerability Assessment: It is argued by 38% of the demographic that AI will  boost the precision and effectiveness of spotting vulnerabilities.

2. Vulnerability Prioritisation: 30% view AI as crucial for accurately ranking vulnerabilities based on their severity and urgency.

Additionally, 64% of respondents see AI as a strong asset in combating cyber threats, indicating a high level of optimism about its potential. However, 68% are concerned that incorporating AI into software development will accelerate code production at a pace that outstrips security teams' ability to manage, creating new challenges in vulnerability management.


Views on New SEC Incident Reporting Requirements

The survey also sheds light on perspectives regarding the new SEC incident reporting requirements. Over half of the respondents see these regulations as opportunities to enhance vulnerability management, particularly in improving logging, reporting, and overall security hygiene. Surprisingly, fewer than a quarter of respondents view these requirements as adding bureaucratic burdens.

Trend Towards Continuous Threat Exposure Management (CTEM)

A trend from the survey is the likely adoption of Continuous Threat Exposure Management (CTEM) programs by 90% of respondents. Unlike traditional periodic assessments, CTEM provides continuous monitoring and proactive risk management, helping organizations stay ahead of threats by constantly assessing their IT infrastructure for vulnerabilities.

The Seemplicity survey highlights both the challenges and potential solutions in the evolving field of cybersecurity. As AI accelerates code development, integrating automation and continuous monitoring will be essential to managing the increasing complexity and noise in security environments. Organizations are increasingly recognizing the need for more intelligent and efficient methods to stay ahead of cyber threats, signaling a shift towards more proactive and comprehensive cybersecurity strategies.

Most CEOs Increasingly Prioritise Cybersecurity Over Economic Performance

 

In accordance with a new survey from Palo Alto Networks, an increasing proportion of CEOs are realizing that cyberattacks pose a greater existential danger than economic instability. 

Palo Alto Research discovered, based on a poll of 2,500 CEOs from the United Kingdom, Germany, France, Brazil, and the United Arab Emirates (UAE), that CEOs fear what they don't know, and many don't even believe they are accountable for their organization's cybersecurity posture. 

However, this has not resulted in a loss of confidence, since the majority of respondents say they are well-prepared for a cyberattack situation. According to the report, 51% of CEOs believe that as the dangers of cyberattacks increase, their capacity to keep their companies' endpoints secure keeps them awake at night.

According to the report, 51% of CEOs believe that as the dangers of cyberattacks increase, their capacity to keep their companies' endpoints secure keeps them awake at night. 

However, the vast majority believe they are well-equipped. Almost four in five (78%) are confident in their (full and tested) strategies for threat protection and recovery, and 74% believe their companies can quickly react to evolving threats. Simultaneously, only one-third (36%) would collaborate with an incident response team in the event of an attack, and 34% would pay the ransom in the event of a ransomware attack.

Cybersecurity experts and law enforcement agencies strongly oppose paying the ransom and instead recommend using backup options. Paying the ransom demand does not guarantee that the firm will receive its data back, nor does it guarantee that it will not be attacked (either by the same or a completely other threat actor) as soon as tomorrow. They are merely worsening the problem by sponsoring future ransomware activities. Nonetheless, many businesses do so because it is the quickest way to restore operations.

Survey: 89% Firms Experienced One or More Successful Email Breach

 

During the past 12 months, 89 percent of firms had one or more successful email intrusions, resulting in significant expenses. 

The vast majority of security teams believe that their email protection measures are useless against the most significant inbound threats, such as ransomware. This is according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research. The survey examined issues with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and readiness to cope with attacks and incidents. 

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report.

Less than half of those surveyed felt their companies can prevent email threats from being delivered. Whereas, less than half of firms consider their current email security solutions to be efficient. Techniques to detect and stop mass-mailed phishing emails are seen as the least effective, followed by safeguards against impersonation attacks. 

As a result, it's perhaps unsurprising that nearly every company polled has experienced one or more sorts of email breaches. Overall, successful ransomware attacks have climbed by 71% in the last three years, Microsoft 365 credential compromise has increased by 49%, and successful phishing assaults have increased by 44%, according to the report. 

Email Defences 

When the firms looked into where email defence falls short, they discovered that, surprisingly, the use of email client plug-ins for users to flag questionable communications is on the upswing. According to a 2019 survey, half of the firms now employ an automatic email client plug-in for users to flag questionable email messages for review by skilled security personnel, up from 37% in 2019. The most common recipients of these reports are security operations centre analysts, email administrators, and an email security vendor or service provider, however, 78 percent of firms alert two or more groups. 

In addition, most firms now provide user training on email dangers, according to the survey: More than 99% of companies provide training at least once a year, and one out of every seven companies provides email security training monthly or more regularly. 

“Training more frequently reduces a range of threat markers Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing, BEC or ransomware threat is less than organizations only training once or twice a year,” as per the report.

Furthermore, the survey discovered that more regular training leads to a higher number of suspicious messages being reported, as well as a higher percentage of these messages being reported as such. The survey also revealed that firms are utilising at least one additional security product to supplement Microsoft 365's basic email protections. However, the survey discovered that their implementation efficacy differs. 

The report explained, “Additive tools include Microsoft 365 Defender, security awareness training technology, a third-party secure email gateway or a third-party specialized anti-phishing add-on. There is a wide range of deployment patterns with the use of these tools.”

The firms came to the conclusion that these kinds of flaws, as well as weak defences in general, result in significant expenses for businesses.

“Costs include post-incident remediation, manual removal of malicious messages from inboxes, and time wasted on triaging messages reported as suspicious that prove to be benign. Organizations face a range of other costs too, including alert fatigue, cybersecurity analyst turnover, and regulatory fines” the report further read.

An Advisory Issued by Carnegie Mellon University Warns Against the Vulnerability in Checkbox Survey

 

In the wild, CERT Coordination Center (CERT/CC) in Carnegie Mellon University alerts about a Checkbox Survey vulnerability that might enable a remote attacker to unleash arbitrary code without actual identification. 

A checkbox is a GUI widget that allows the user to choose between one of the two mutually exclusive alternatives. The Checkbox Survey allows organizations generate professional surveys with quick access from any desktop or mobile device, as a customizable online surveillance tool designed in ASP.NET. For example, a basic yes/no inquiry may ask the user to answer in 'yes' or 'no.' Checkboxes will be displayed with the required choices. 

This vulnerability in the Checkbox Survey, which was identified as CVE-2021-27852, is linked to the insecure deserialization of view state data, a technique applied by the ASP.NET web page framework. 

Microsoft stated that “When the HTML markup for the page is rendered, the current state of the page and values that must be retained during postback are serialized into base64-encoded strings. This information is then put into the view state hidden field or fields.”

By using a _VSTATE arguments, before version 7.0 – the Checkbox survey engaged its View State functionality that is deserialized using Los Formatter. 

“Checkbox Survey before version 7.0 insecurely deserializes ASP.NET View State data, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable server, “ read the advisory.

The Checkbox Survey Code organizes the data but overlooks the server configuration of the ASP.NET View State Message Authentication Code (MAC), which an attacker can effectively use to generate a piece of unexpected information that could lead to the execution of the code in the deserialized version. 

The advisory further states that “Checkbox Survey is an ASP.NET application that can add survey functionality to a website. Before version 7.0, Checkbox Survey implements its View State functionality by accepting a _VSTATE argument, which it then deserializes using Los Formatter. Because this data is manually handled by the Checkbox Survey code, the ASP.NET View State Message Authentication Code (MAC) setting on the server is ignored. Without MAC, an attacker can create arbitrary data that will be deserialized, resulting in arbitrary code execution.” 

As an impact of the flaw, a remote, unauthenticated attacker can perform arbitrary Code with the capabilities of a web server by creating a specific request to a server using the Checkbox Survey 6.x. 

View State Data is not being used from Checkbox Survey 7.0. This vulnerability is therefore not included in Checkbox Survey Versions 7.0 or later. One must remove the Checkbox Survey of versions older than 7. 

Also, Checkbox said that they no longer develop Checkbox Survey 6 version, hence it is not at all safe to use this version. If one cannot update to an unimpaired Checkbox Survey version, then at least this software must be deleted from every machine it is installed in.