Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

The Cyber Security Market Has Failed Medium-Sized Businesses The cyber security market has bifurcated into large, enterprise solutions and niche point solutions. Midmarket companies are stuck in an inhospitable middle, where they don’t have the budget and resources to purchase large enterprise solutions, but also have too much complexity and attack surface for point solutions to be effective in providing security. The high cost of implementing and operating security solutions severely impedes their adoption by midmarket companies. Companies with 1,500 and fewer employees often have limited cyber security budgets and very few dedicated security professionals – if they have any specialists at all. Hundreds of employees and thousands of endpoints create an attack surface that stretches IT teams to their limits. Mid-market companies are therefore forced to make bets on the most probable attack vectors to defend against, leaving the rest of the attack surface exposed. The Pandemic-Driven Shift Toward Remote Work Caught IT Departments Flat Footed Nobody was ready for large-scale remote work in 2020. Teams were not culturally prepared to conduct business online, office software wasn’t designed for remote work as its primary use case, and IT departments had mostly focused on on-site and VPN-style security. The shift to predominantly remote work in 2020 and 2021 disrupted every aspect of business and created huge opportunities for attackers seeking to exploit the relative naivete of the new cloud working environment. In Coro’s recent report analyzing mid-market cyber security, we found that while 50% of medium-sized companies had email malware protection in place in 2021, 88% of them had misconfigured their protection settings. Meanwhile, only 16% of mid-sized companies had email phishing protection in place, and 71% of them had misconfigured settings. Other attack vectors fared similarly or worse. This means many of the technologies deployed by IT teams, and especially the new ones deployed since the beginning of the pandemic to enable remote work, offer little actual protection against emerging classes of cyber threats. Cyber Criminals Are Turning Downstream for Easier Pickings A big score against a large enterprise is exciting for a cyber criminal, but so is the prospect of several smaller, easier scores. We observed this in practice in 2021 as attacks on medium-sized companies increased both in volume and in sophistication. Specifically, we saw that attacks on mid-market companies increased by 150% in the past two years. Moreover, these attacks are not just generic (AKA naive) attacks, but are increasingly tailored attacks for Cyber Defense eMagazine – March 2022 Edition 92 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
the particular victims being targeted by the hackers. Customized attacks against mid-market companies have expanded 4x in 2021. Insider threats, whether accidental or malicious, have also doubled in 2021, showing the greater role employees have played in cyber vulnerabilities during the pandemic. Closing the Mid-Market Cyber Security Gap with Intelligent Automation and AI Mid-market spending on cyber security was up in 2021 as companies began to feel the heat from cyber criminals testing their defenses. But most of the industry’s comprehensive cyber security solutions are aimed at large enterprise customers – and mid-market companies need options beyond stitching together piecemeal point solutions. The three challenges to mid-market cyber security remain: overly expensive and complicated solutions, greatly expanded attack surface driven by remote work, and increased attacks by hackers seeking to exploit the mid-market. To overcome these challenges, companies need affordable solutions that augment existing IT with built-in intelligence and non-disruptive security workflows. This is where automation and AI come in. As I said earlier, 88% of email malware solutions are misconfigured – and that doesn’t even account for cloud malware, Wi-Fi phishing, and a huge range of emerging attack vectors for which most mid-sized companies have no protections in place. Why should such misconfigurations and omissions leave a company exposed to cyber threats, especially when a single breach could paralyze a business or cause enough damage to close its doors forever? Where possible, the responsibility for effective cyber defense needs to be shifted off the shoulders of overstretched IT teams and onto machines. AI must be deployed to enable small teams with limited resources to effectively manage large and complex situations. Small companies must seek solutions that simplify the security experience: comprehensive, all-in-one solutions that are easy to deploy and easy to operate by way of intuitive UX design and AI automation. The truth is, most small and mid-sized companies don’t need dozens of security professionals to manage straightforward and common security tasks. Look for security solutions that instead make use of intelligent automation to reduce the load on IT and security teams. Intelligent automation can automatically block malware threats, prevent accidental or malicious data leakage, lock down rogue accounts, and prevent the majority of incoming attack attempts, all without human intervention. For the small percentage of issues that AI and intelligent automation can’t resolve, a concise and clear notification can be sent to administrators that can be resolved quickly and easily. Even in this rapidly evolving cyber climate, the cost and complexity of security can be managed, and escalating cyber threats can be controlled. Comprehensive cyber security can and should be fully accessible to mid-sized companies. It’s time for mid-market IT leaders reconsider the standard point Cyber Defense eMagazine – March 2022 Edition 93 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
level of concern while working remo
Page 21 and 22:
The Fragility of a GPS Centric Worl
Page 23 and 24:
Formerly known as LOng-RAnge Naviga
Page 25 and 26:
The Role of The CFO In Enterprise C
Page 27 and 28:
Help them mitigate potential risks
Page 29 and 30:
The Safest Ways for Bitcoin Trading
Page 31 and 32:
and clear instructions through a "N
Page 33 and 34:
According to Cybereason’s “Rans
Page 35 and 36:
If you implement these three tips,
Page 37 and 38:
• Nearly half of zero-day malware
Page 39 and 40:
Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43 and 44: Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91: How to Fix Mid-Market Security Usin
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105 and 106: Critically, endpoint security only
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 113 and 114: Cyber Defense eMagazine - March 202
Page 135 and 136: CyberDefense.TV now has 200 hotseat
Page 137 and 138: Books by our Publisher: https://www
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?