Tag: risk

Over confidence is putting children at risk online says Kaspersky research

Posted on by Kernel

Research into the online safety of children has found that 65% of young people are unable to identify a phishing attack and cannot tell the difference between a scam and a legitimate email.  Additionally, 48% of children (11-15) who say they are knowledgeable about online security have been a victim of a phishing scam themselves, highlighting a growing concern that Generation Zs over confidence towards online safety is putting them at risk.

Overconfident and oversharing

Although many under-18s believe themselves to be “cyber aware”, Kaspersky research reveals today that over half (59%) still admit to including personal information such as their name and date of birth on social media channels. 57% stated that they would also be prepared to disclose their pet’s names and favourite TV show on online quizzes.

This naivety contrasts with their assumed level of cyber knowledge, with online games and quizzes often used as vehicles for threat actors to gather as much information as possible on individuals.

Education for the Generations

Research also reveals that only 29% of adults are currently helping their children or younger generation to identify phishing scams. In fact, 30% of adults, by their own admission, aren’t knowledgeable at all when it comes to online security, with 17% admitting that they have been or are unsure if they been a victim of phishing scams. This suggests that there needs to be more online education and information for all ages to help every generation stay safe online.

“Knowledge is power. But knowledge alone isn’t enough when it comes to online security,” said David Emm, Principal Security Researcher Global Research and Analysis Team, Kaspersky. “Our findings show that a little bit of knowledge can be a very dangerous thing for children. The over confidence we highlight in the report, is putting them at serious risk from online threats.”

Emm continues, “For this reason, online safety education needs to be broadened from the dangers of content, to also cover the kind of attacks we are exposed to every day online. And cyber security education can’t just be for children, but it also needs to be extended to the older generations. As things stand, we have adults either not talking to children about online security, or if they do, unable to help them, because they don’t understand the threats themselves. Right now, it’s a case of the blind is leading the blind. The situation is untenable, and we urgently need more awareness and more education.”

Kaspersky ‘Overconfident and over exposed: Are Children Safe Online? followed 5,369 children and 5,665 adults across 7 countries in Europe. The research asked respondents about their understanding around online security, whether they knew what a phishing scam was, how much information they share online and who they relied on to help them identify potential threats. To download a copy of the report, please visit:  https://media.kasperskydaily.com/wp-content/uploads/sites/96/2023/02/20161814/Kaspersky-State-of-Children-Online-Report-15-02.pdf

The post Over confidence is putting children at risk online says Kaspersky research appeared first on IT Security Guru.

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Posted on by Kernel

With the proliferation of cyber attacks in all industries, organizations are beginning to grasp the growing significance of cyber risk and how this is an integral part of protecting and maintaining an efficient business. Ransomware is the single biggest cyber threat to global businesses; in fact, during the first half of 2022 alone, there were a total of 236.1 million cases of ransomware, which reflects the immense risk to which companies of all sizes are exposed. Digital transformation is only increasing the risk associated with cyber failures.

Typically, the expectation has been that chief information security officers (CISOs) are solely responsible for protecting the entire asset base and ensuring that all security needs are met. However, chief financial officers (CFOs) are just as vital to managing cyber risk, which is now inherently also business risk.

Given their visibility into every business unit, CFOs are assuming new strategic roles. As such, they are tasked with guiding the growth of their companies along with developing and maintaining the digital transformation and finance function. To do so efficiently and safely, however, they must be aware of where their cyber risk lies and how to manage it.

The distributed workforce and hybrid working model have contributed to the expansion of the threat landscape, and defenders still struggle to keep pace. For leaders to properly secure their businesses and have robust systems in place, they must include financial advisors and CFOs in conversations around ransomware and cybersecurity, or risk not being adequately prepared. This is because cybersecurity now touches all aspects of a business; the responsibility to protect the organization no longer solely lies with the security teams.

Using FAIR™ (Factor Analysis of Information Risk) the international model designed to measure information security and operational risk, information security teams can quantify cyber risk in financial terms. As a result, they can convey risk to business leaders in a way they will understand and that is impactful: in specific dollar amounts. In doing so, CISOs and CFOs can collaborate more effectively as they factor cyber risk into their budgets. They must ask themselves whether they are investing in the most cost-effective ways to reduce risk and better protect the organization as a whole.

How reporting has changed

Financial regulators, too, are beginning to take cybersecurity more seriously, viewing it as more of a strategic priority. In the U.S. particularly, the SEC recently proposed amendments to its original rules around cybersecurity risk management, in which the expectation is for companies to evaluate their existing cyber policies and procedures.

According to those guidelines, businesses would have four days to report material cyber incidents, must provide more in-depth company reports, and regularly file cyber risk reports. As the CFO is responsible for disclosures of material interest, it is vital they are aware of all regulatory standards with which they must comply, as well as the risk to which they have been exposed. Cybersecurity standards and reporting requirements vary from country to country, and, in the U.S., from state to state as they continue to evolve.

Part of the new regulations also call for organizations to outline how cybersecurity is part of their business strategy and financial plan, and what role their boards play in securing the company against cyber threats. CFOs, CISOs, security teams and C-suite executives will need to actively work together to not only adhere to the new rules but ensure their business is protected from significant threats such as ransomware and other data breaches.

The importance of the CFO

The CFO is vital to determining whether certain cybersecurity incidents will become material and affect the business more seriously. They must also report on financial analysis for cyber incidents to those responsible for review and remediation, such as IT teams and the board and C-suite executives. More importantly, CFOs play a vital role in disclosing any concerning risk management policies and any oversight of cybersecurity risk that is not accounted for in original budgets.

The CFO’s expertise and input are crucial in ensuring that the organization’s cybersecurity capabilities align with the overall business strategy. This is only truly possible if a business is quantifying its cyber risk by following a risk quantification model such as the FAIR standard. By placing a monetary value on the risk to which an organization is exposed, the CFO can support C-suite executives and business leaders in making vital decisions to help secure the business.

The CFO’s insight is critical across many areas of cybersecurity including:

  1. Ransomware: The CFO is responsible for approving funding and advising the company on significant issues such as whether cybercriminals should receive their desired ransom. They play a pivotal role in ensuring the organization is fully prepared for all potential outcomes.
  2. Cyber insurance: Considering the trend that premiums are increasing while insurance coverage is decreasing, the CFO’s input on cost and value are critical. They are in the best position to understand where the risks lie and the potential financial losses that could be incurred.
  3. Regulatory compliance: Regulatory compliance is key to not incurring unnecessary and costly fines. Using a quantified value, CFOs can translate cyber risk into a universally understood concept and determine thresholds for when specific incidents can be considered material threats. In working together, information security teams and CFOs can determine the most cost-efficient plan to reach their compliance goals.
  4. Managing budgets: Collaboration with the CFO can help CISOs produce efficient spending benchmarks and evaluate how current investments are being used. Consequently, they can better allocate budgets where the risk is higher, depending on the dollar value previously calculated.

Cyber risk isn’t going to disappear soon. Ransomware is on the rise, as are other cyber threats, and cyber criminals are continuously developing new tactics, which creates more risk. It is vital that organizations adequately prepare themselves by taking all necessary measures to secure their company from any kind of breach, including the involvement of the CFO in vital conversations and decision-making processes.

To sufficiently prepare for ransomware and other large-scale cyber attacks, C-suite executives must consider budgets not only for compliance, but also for their risk appetite. In this way, they will be able to better protect themselves, while maximizing efficiency of budget spend. They must actively collaborate with information security teams as well as chief financial officers to be prepared for today’s cyber risk landscape.

By Dave Sutor, CFO at RiskLens

The post Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk appeared first on IT Security Guru.

KnowBe4 Integrates With CrowdStrike Aiming to Reduce Human Risk in Organisations

Posted on by Kernel

Two cybersecurity powerhouses, KnowBe4 and Crowdstrike, have come together to provide enhanced security for enterprises around the world.

KnowBe4’s SecurityCoach product is now integrated with the CrowdStrike Falcon platform, with the collaboration designed to help reduce high risk behavior by leveraging CrowdStrike’s security telemetry to discover security incidents, which trigger real-time security training from KnowBe4.

SecurityCoach helps IT and security professionals develop a strong security culture by enabling real-time security coaching of their users in response to high risk security behavior. Leveraging an organization’s existing security stack, IT and security professionals can configure real-time coaching campaigns to immediately deliver a SecurityTip to their users when a security event is detected.

“Our ecosystem of technology partners is growing rapidly, to enrich the support we provide to our customers and to fortify their organization’s human firewall,” said Stu Sjouwerman, CEO, KnowBe4. “KnowBe4 is proud to partner with CrowdStrike by seamlessly integrating our new SecurityCoach product with security telemetry delivered from the CrowdStrike Falcon platform. Our integration aims to deliver real-time security coaching and advice based on when security incidents occur to help end users enhance their cybersecurity knowledge and strengthen their role in contributing to a strong security culture.”

“By partnering with KnowBe4, we’re providing bite-sized, personalized security awareness lessons based on enriched insights derived from the CrowdStrike Falcon platform,” Geoff Swaine, VP of Global Programs, Store and Tech Alliances at CrowdStrike. “By seamlessly integrating CrowdStrike’s robust security data with KnowBe4’s large library of curated coaching modules, we’re empowering customers to minimize human risk, improve their security posture and stop breaches.”

KnowBe4 will provide step-by-step instructions and recommendations to help IT and security professionals achieve quick and pain-free integration and data syncing during the implementation process.

The post KnowBe4 Integrates With CrowdStrike Aiming to Reduce Human Risk in Organisations appeared first on IT Security Guru.

Zurich and Barrier Networks partner to Offer Enterprise Cyber Risk Assessments

Posted on by Kernel

Barrier Networks, a Cybersecurity Managed Service Provider, has announced it has entered into a new partnership with Zurich Resilience Solutions, part of Zurich UK, to help businesses improve their cyber resilience.

Zurich Resilience Solutions (ZRS) provides underwriting assurance to underwriters to help them better understand cyber risk and exposures of client environments, as well as cyber risk and resilience advisory services to clients to improve cyber resilience. Barrier compliments ZRS internal cyber risk advisory services, offering technical expertise and services including penetration testing, managed cybersecurity services, assessment and consulting.

The partnership will not only focus on enterprise security, but it will also cater to organisations running Operational Technology in critical industrial environments. These organisations have come under increased threat from cybercrime recently, and Barrier Networks and Zurich will help meet these needs by helping them reduce the risk of data breaches that could be caused by unidentified cybersecurity issues.

“We are delighted to be working with such an established cyber insurance player as Zurich. Cybersecurity is an enormous task for most businesses and very few have the resources to manage it alone. Our partnership will help organisations overcome this challenge as we help them improve their security and tackle key issues to meet critical cyber insurance requirements. No organisation can gamble with their cyber defences today, and through our partnership we will be arming more businesses with the skills and expertise they need to stay secure,” said Ian McGowan, Managing Director of Barrier Networks.

Arunava Banerjee, Cyber Risk Consulting Lead, Zurich Resilience Solutions, said: “This partnership will further strengthen the suite of cyber risk advisory services we offer to customers.  Cyber risk is a critical threat facing companies of all sizes. By strengthening their cyber defences, we can help businesses to both reduce their exposure to attacks and better navigate the present hard market for insurance cover.”

The post Zurich and Barrier Networks partner to Offer Enterprise Cyber Risk Assessments appeared first on IT Security Guru.

CybSafe launches SebDB 2.0 Behavioural Risk Platform

Posted on by Kernel

Behavioural risk platform, CybSafe has announced the launch of SebDB 2.0, the database developed by CybSafe’s in-house science and research team that gives security professionals the scientific understanding often missing when tackling human risk.

While organisations often attempt to improve security awareness, it is scarce for the effect of such efforts to be measured meaningfully. SebDB 2.0 allows organisations to target specific behaviours lacking within an organisation, implement plans to address them, and measure the effectiveness of those interventions.

SebDB is the result of collaboration between academics, government, and industry experts. It maps over 70 specific security behaviours linked to security risks. This helps security professionals prioritise the targeting of specific security behaviours to reduce risk.

It enables organisations to take a vital next step in protecting their organisation that many miss. While many organisations train their people with Cybersecurity Awareness and Training, it is often not measured in any meaningful way. The links between security behaviours and risks are not always clear. It’s hard to know which interventions to apply. It’s harder still to explain how interventions reduce risk.

Dr. Jason Nurse, CybSafe’s Director of Science and Research said: “Most security professionals set broad goals like “reduce account compromise”. But they don’t identify the security behaviours linked to the risks. If you aren’t identifying individual security behaviours, it is extremely difficult to measurably reduce human risk in your organisation. This is not a straightforward activity. That’s what SebDB aims to support.”

SebDB is built by the community for the community. It is a research effort and a practical tool that helps security professionals with the complexity and risk they face now and into the future. It helps organisations change behaviour linked to security risks.

Oz Alashe, CEO of CybSafe said: “Cyber security challenges need to be solved collectively. This is the goal of SebDB. Run by the community, it helps identify links between security behaviours and risks that are not always clear. Knowing how behaviours affect risk changes things significantly, for the better, allowing decisions and interventions to be made on evidence, not guesswork.”

The post CybSafe launches SebDB 2.0 Behavioural Risk Platform appeared first on IT Security Guru.

Fighting Cyber Attackers Earlier to Reduce Risk

Posted on by Kernel

We face an exciting evolution in the cybersecurity sector. 

Attackers are becoming both more efficient and intelligent at evaluating their targets and successfully carrying out their intended campaigns. Often money is at the forefront of their minds but, as we have seen recently, drivers may also be geo-political or activist views. Whatever their motivations, financial or otherwise, their methods continue to be both immoral and, in most jurisdictions, illegal. Understanding and tackling these threats becomes ever harder for organisations.

 

Enter reconnaissance. The first stage described in dedicated frameworks such as MITRE ATT&CK or Lockheed Martin Kill Chain  is that of reconnaissance. The period when an attacker will be gathering valuable data in order to enable them to understand where they might best focus their activities to create maximum value for their aims. Reconnaissance can take many forms such as searching social media to understand more of the psychology of the situation, the main players, what they like and dislike, their movements and interactions so that a social engineering approach can be created. Understanding what external exposure there might be for computer systems also potentially shows areas of misconfiguration or technical vulnerability that could enable a successful attack. Understanding the latest vulnerabilities across the wider infrastructure such as networked printers, uninterruptible power supplies, VPN servers or back-end business critical application servers can give an attacker a valuable insight into where to devote their time. Searching the dark web for potentially previously exfiltrated lists of users and passwords might be another area of focus for an attacker as they piece together the various sets of data that enable them to form an attack plan.

The availability and evolution of such attacks alongside the ever-increasing speeds of internet connectivity all serve to make understanding the reconnaissance phase even more critical for the defenders. Their aim is to lower their time to detect (TTD) and time to remediate (TTR). We often see data exfiltration prior to the deployment of ransomware along with backups being deleted and data encrypted so identifying these critical metrics should be front and centre of all organisations’ planning and prioritisation.

 

To combat the attacks and ensure attackers are discovered in minutes rather than days or months organisations have a multitude of toolsets and components open to them. A key part of the challenge is picking solutions that enable the teams to understand the risks and reduce aspects such as alert fatigue so that the resulting solutions are more sustainable, auditable and beneficial. Encouraging efficiencies and better collaboration amongst often disparate teams can also be a potential positive side effect of solving these challenges.

Of the variety of toolsets available two aligned to the reconnaissance phase are deception and digital risk protection services. We will delve into these to illustrate the potential benefits organisations could derive from them.

Firstly, deception can add huge value and provide invaluable telemetry. This can enable your organisation to react quickly whilst also learning about the attacker’s tactics, techniques and procedures. This allows teams to gain the knowledge to adjust defences in line with the changing attack vectors in use at that time. Deception can also be used where critical workloads are being moved into the public cloud and project teams want an early warning system in place to account for the potential of misconfiguration of the associated security controls within the cloud provider as is often seen. A multitude of decoys is possible to enable a full spectrum replica to be created. Decoys such as printers, uninterruptible power supplies, ESXi servers network shares and custom decoys are all possible.  Deploying fake but highly convincing decoys around the network can enable risk-averse automation (where an attacker is quarantined as soon as they so much as even ping a decoy) through to more risk-accepting ones (where SOC teams can watch what an attacker does in intimate detail for an extended period to understand motivations and behavior). For example, an attacker might put a dropper file into a decoy thinking they can use a zero-day exploit in a critical business system to achieve their objectives. The reality would be that the deception platform would talk to the sandbox to have the zero-day exploit forensically analyzed and immediately the new security intelligence would be distributed around the broader infrastructure to protect the network, users, and data from this new risk.. Deception is now a key shield for organisations seeking to expand their capabilities and defeat their attackers much earlier in the cycle. 

Secondly, Digital Risk Protection Services are a way to expand the visibility of organisations beyond their electronic boundaries and get a more global vision of what attackers can see. Being able to understand the external attack surface can help remediate problems before they escalate. Examples include: helping protect brand reputation linked with, for example, typo domain squatting, website copies, rogue app monitoring, dark web information sales and social media posts. Having this level of visibility can replicate the attacker’s viewpoint and enable organisations to close holes, increase the difficulty and lower the risk. 

 

Ref Fortinet Security Fabric

 

Increased visibility and better intelligence are, of course, less valuable if there is no easy way to distribute that critical knowledge across the overall infrastructure. As Gartner recently stated, a Cybersecurity Mesh Architecture (CSMA) is crucial to enabling organisations to better equip themselves with a sustainable cybersecurity capability. If you’d like to learn more about this, you can visit Fortinet at International Cyber Expo on stand G50. The event will be hosted at London Olympia on the 27th and 28th of September 2022. Do not miss their Product Innovation session on FortiDeceptor on 27th September at 13:45-14:05 as well!

 

The post Fighting Cyber Attackers Earlier to Reduce Risk appeared first on IT Security Guru.