Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

#1: Firmware level attacks will increase The much-cited Security Signals Report published by Microsoft in March 2021 noted that at least 80 percent of enterprises in major economies had suffered at least one attempted firmware attack in the previous two years. Firmware attacks are daunting precisely because firmware sits ‘below’ the operating system, where the most common and familiar tools for detecting and quarantining malware cannot see them. But until now, firmware threats have not been treated seriously enough by enterprise security teams. As the Security Signals Report tells us, only 29 percent of security budgets were allocated to protect firmware. That has to change. There are many ways that firmware attacks can be launched against network devices and cause untold amounts of damage. Equally, there are plenty of basic housekeeping and security steps that can eliminate a number of potential vulnerabilities. AI-enabled security at the firmware level for example, allows real-time data protection against all sorts of software-based malware, ransomware, and viruses without human intervention. #2: More firms will be subject to an inside job The measures security professionals take to narrow the attack surface are based on the simple idea that the threat is ‘out there.’ But this focus on preventing and detecting external attacks can create a significant blind spot: the threat from inside. Whether from malicious intent or clumsy accident, trusted employees and partners can cause more damage than ever before. New ways of working and greater digital engagement change the nature of the company network and its assets. According to Ponemon Institute’s 2022 Cost of Insider Threats: Global Report the incident rate is up by 44 percent in the past two years, with costs per incident now at $15.38 million. There is little sign that this is slowing down. In this environment, the zero-trust model – which leaves no room for protocol, courtesy or respect for seniority – treats every insider with suspicion. That means proper, multi-factor authentication for every access to every system or service, plus monitoring, logging and effective pattern detection to detect any anomalous insider behavior. It may be an uncomfortable idea for many, but it is a necessary one. Cyber Defense eMagazine – March 2022 Edition 96 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
#3: Supply chains will be the big ransomware target In July 2021, a medical management services provider in New York experienced a ransomware attack that affected more than 1.2 million individuals – one of the largest breaches of health data reported to the federal regulators in 2021. We are all familiar with the threat of ransomware. What is changing is the number of cyberattacks – like this one – that target trusted third-party vendors who offer services or software that are vital to the supply chain, but which attack agents regard as softer targets. IT decision-makers believe that these kinds of supply chain attacks are to become one of the biggest threats to their organizations in the coming year. But most have not vetted either their current or prospective suppliers in the past 12 months. To stay ahead of it, now is the time for organisations to put a response strategy into place. Until they do, this will remain an attractive target. #4: Increased risk for SMBs The world has changed but the age-old mantra still applies: attack agents will always go for the easiest target. That is what is driving the growth in supply chain attacks – and is also behind the increasing frequency of attacks on SMBs. In its 2020 Internet Crime Report, the FBI recorded 791,790 complaints of suspected internet crime among small businesses (300,000 more than in 2019), and total losses of more than $4.2 billion. SMBs may not have the resources or expertise to protect themselves adequately, but they still have valuable information residing within their systems. That’s why they are subject to growing numbers of targeted and complex attacks. In addition, the recent mass shift toward remote and hybrid working practices has seen people’s private and professional lives becoming intertwined, often resulting in a less than diligent approach to cybersecurity. With that, SMBs have experienced a jump in cyberattacks as a result of human error. In fact, human error is responsible for a staggering 95 percent of data breaches, an issue that has only been heightened by the effects of the pandemic. As such, it has become clear that just like everyone else, SMBs need robust cybersecurity that includes all layers, from software to the physical and everything in between. Enter, AI-infused cybersecurity solutions. AI has the power to reduce human intervention, allowing data to be secured without the need for extensive knowledge or training. Cyber Defense eMagazine – March 2022 Edition 97 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s March 2022 Issue
Page 9 and 10:
Cyber Defense eMagazine - March 202
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
level of concern while working remo
Page 21 and 22:
The Fragility of a GPS Centric Worl
Page 23 and 24:
Formerly known as LOng-RAnge Naviga
Page 25 and 26:
The Role of The CFO In Enterprise C
Page 27 and 28:
Help them mitigate potential risks
Page 29 and 30:
The Safest Ways for Bitcoin Trading
Page 31 and 32:
and clear instructions through a "N
Page 33 and 34:
According to Cybereason’s “Rans
Page 35 and 36:
If you implement these three tips,
Page 37 and 38:
• Nearly half of zero-day malware
Page 39 and 40:
Don’t Become a Horrible Headline:
Page 41 and 42:
pandemic era. By empowering profess
Page 43 and 44:
Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57 and 58: A very small set of next-gen SIEM s
Page 59 and 60: • What are my options for data la
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95: 5 Ways Cybersecurity Will Change In
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105 and 106: Critically, endpoint security only
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110: Redefining Resilience in The New Wo
Page 111 and 112: About the Author Andrew Lawton is C
Page 113 and 114: Cyber Defense eMagazine - March 202
Page 135 and 136: CyberDefense.TV now has 200 hotseat
Page 137 and 138: Books by our Publisher: https://www
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?