Friday 30 April 2021

Which is more Important: Vulnerability Scans Or Penetration Tests?

Which Is Better? A Vulnerability Scan Or A Penetration Test?
Vulnerability scanning and penetration tests are two very different ways to test your system for any vulnerabilities. Despite this, they are often confused about the same service, which leads to business owners purchasing one service when they are really in need of the other.

In an effort to help these business owners tell the difference between the two services and understand which is best suited to their needs, SecureTeam, a cybersecurity consultancy, has written this guide to explain vulnerability scans vs. penetration testing.

In a brief summary, a vulnerability scan is an automated, high-level test that looks for and reports potential vulnerabilities in your system. A penetration test, on the other hand, is a detailed hands-on examination by a cybersecurity professional that tries to detect and exploit weaknesses in your system. Now, let’s look a little deeper at the two services.

What is a Vulnerability Scan?
Vulnerability scans can also be known as vulnerability assessments and are a scan performed by cybersecurity professionals that assess your systems, networks and computers for any cybersecurity weaknesses or vulnerabilities.

Once they have been set up vulnerability scans are typically automated and are used to give a beginning look at any weaknesses in your system that could be exploited. High-quality vulnerability scans can search for over 50,000 vulnerabilities.

Vulnerability scans can be started manually or can be run on a regularly scheduled basis. In addition, vulnerability scans can take anywhere from a few minutes to several hours.

Vulnerability scans are a passive approach to cybersecurity and only report on any vulnerabilities that are detected. It is then up to the business owner to arrange to take care of those vulnerabilities.

Vulnerability Scan Reporting
After a vulnerability scan is completed a detailed report will be created. Typically, vulnerability scans create an extensive list of vulnerabilities found that your team can perform further research on. Some cybersecurity consultancies will also offer direction on how to resolve any weaknesses you have.

The reporting can sometimes include false positives where the scan identifies a threat that isn’t actually real. Unfortunately, sifting through the report is the only way to differentiate between the real threats and the false positives. Typically, cybersecurity professionals will rank vulnerabilities found by the scan into groups based on the severity of the risk, allowing you to prioritise high-risk weaknesses first.

Benefits of a Vulnerability Scan
Vulnerability scans have a number of benefits that make them a useful tool for businesses.
  • Vulnerability scans are a very affordable cybersecurity solution
  • Quick to complete and provide a complete look at possible vulnerabilities
  • Can be run automatically on a schedule that works for you
Limitations of a Vulnerability Scan
However, vulnerability scans do have some limitations that might make them inappropriate for a businesses’ requirements.
  • They can provide false positives
  • After the scan is complete you must manually check each vulnerability
  • Vulnerability scans don’t tell you if a weakness is exploitable
What is a Penetration Test?
Penetration testing, also known as ethical hacking, is when a cybersecurity professional simulates a hacker attempting to get into your system through a hands-on attempt to exploit any vulnerabilities in your system. Penetration testers will search for vulnerabilities and then attempt to prove that they can be exploited.

Penetration testing makes use of testing methods like buffer overflow, password cracking and SQL injection in an attempt to compromise and extract data from your network in a way that doesn’t damage it.

Penetration tests are an extremely detailed and effective approach to finding any vulnerabilities in your applications and networks. If you really want to find deep issues in your application or network, you need a penetration test. And if you modify your systems and software over time, a regular penetration test is a great way to ensure continued security.

The main aspect that differentiates penetration testing from vulnerability scanning is the live human element. There is no such thing as an automated penetration test. All penetration tests are conducted by very experienced, very technical, cybersecurity professionals.

Penetration Test Reporting
Usually, penetration test reports are much longer compared to vulnerability scans and contain a high-detailed description of the attacks used and testing methodologies. In addition, penetration test reports often include suggestions on how to remedy the vulnerabilities and weaknesses found.

Benefits of a Penetration Test
Penetration tests have a number of benefits that make them the first choice for many businesses.
  • Manual testing by a cybersecurity professional means results are more accurate
  • Retesting after remediation is often included as standard
  • Rules out any false positives
Limitations of a Penetration Test
Despite their thoroughness, penetration tests do have some limitations to be aware of.
  • They can take far longer to complete (ranging from 1 day up to 3 weeks)
  • They are far more expensive than vulnerability scans, which can be an issue for smaller businesses
Which is Better? A Vulnerability Scan Or A Penetration Test?
Vulnerability scans are a quick and easy way to gain insight into your network security with weekly, monthly or quarterly scans. However, penetration tests are far more thorough and deeply examine your network security. On the other hand, penetration tests are far more expensive. But, you are getting a cybersecurity professional to examine every part of your business in the same way a real-world attacker would.

Both tests should be utilised by businesses to protect their networks and ensure security. However, as the more affordable option vulnerability scans is a tool that can easily be automated and used more frequently. While the more expensive penetration tests are very thorough and can be used less frequently.

Effective cybersecurity is vital for businesses, regardless of size. For further advice on vulnerability scans and penetration testing or to arrange a test for your network, contact a cybersecurity consultant.

Author’s Bio:
Dan Baker is a Content Writer who works with SecureTeam, a cybersecurity consultancy practice based in the UK.

Wednesday 28 April 2021

Should Doctors Receive a Cybersecurity Education?

Article by Beau Peters

It is no secret that medical professionals of all levels need to maintain a vast amount of knowledge in their brains at all times. After all, having experience and education is crucial to saving lives and helping patients. But should an understanding of cybersecurity be added to their repertoire? If they want to give the best overall care inside and outside of the clinic, then the answer is yes.

As technology has evolved and we have moved to a more remote work environment, it is essential that cybersecurity becomes part of training for everyone in a medical organization, from human resources to the doctors themselves. By knowing the threats and understanding the solutions, doctors can protect their patients and provide advice to keep them safe even after they leave the office. Below are some of the many reasons why doctors should receive a cybersecurity education.

Following Privacy Guidelines
These days, technology is being used in the medical community more than it ever has before. Currently, medical devices and tools outnumber actual human doctors by 3 to 1. While this is great for providing patients with around-the-clock support, the downside is that hackers have been breaching medical devices and computers in record numbers. That’s not all. Even though these risks exist, recent studies show that 32 percent of medical employees don’t have any cybersecurity training, including many doctors.

While the increased number of threats should be reason enough for cybersecurity training, there are also guidelines in place that require medical establishments to keep customer records safe. In the US, for example, along with the Health Insurance Portability and Accountability Act (HIPAA), there are the HIPAA security and privacy rules, which state that medical establishments must ensure that patient data is left confidential and that a practice must defend against any known security threat. Without educating the doctors, these guidelines cannot be met.

Cybersecurity education should also be taught because failing to protect your customers is not only right, but failure to do so could be disastrous for your practice. Recent numbers show that the average cost of a medical breach is upwards of seven million dollars, which is money spent on data recovery and fixing vulnerabilities. A medical practice that does not have the type of money to recover after a breach may have to close its doors.

Do No Harm
Just about any form of personal patient information can be used maliciously. Social security numbers and credit card information can be used to take out fake loans, which could result in bankruptcy or worse. Even email addresses can be used to send phishing emails and log into personal accounts.

Doctors who understand cybersecurity threats can also help to avoid more immediate threats that could even occur during surgeries. Hackers often use ransomware to infect and gain control of computers or medical apparatus. Once they do, they can lock the device until the hospital pays a hefty ransom to have the machine turned back on. This has occurred in hospitals in the past, and it can be deadly for patients who need immediate care.

Doctors who are educated on cybersecurity can ensure that their practice has the proper prosecutions in place. This includes updated antivirus software and a firewall on all internet systems to block unwanted traffic. Educated doctors will also recognise the importance of backup servers that can hold patient data and other information in the case that the main network is compromised.

Security and Telehealth
The arrival of COVID-19 required many business and medical offices to transition to a remote workforce which meant that many doctors had to adjust and begin treating non-emergency situations with telehealth platforms. The technology has grown exponentially over the last year, and due to its popularity, it is likely not going away anytime soon. However, while it is convenient and helpful, especially for elderly patients and those in rural areas, telehealth is also a target for hackers.

The issue is that the tech is still not completely understood by patients or doctors, and hackers use that vulnerability to find holes that they get through to steal data, listen in on video calls, and expand to other programs to steal even more data. Doctors who are informed on the risks of telehealth can educate the patients with an email before the telehealth session to tell them what to expect and how to protect their connection.

For instance, guidance should include precautions to use when talking to the doctor in a public place. It is in this environment that hackers can set up fake Wi-Fi accounts that look legitimate and are often advertised as free. However, when the patient connects, they are really connecting directly to the hacker. Doctors can advise them to only use telehealth in their home or to ask the owner of the establishment for the correct network.

Patients should also be told about the danger of phishing emails. Hackers can take advantage of those who frequent telehealth and send fake invites that appear to be from their doctor. There is typically a link in the email, and when clicked, the hacker gets access to their system. Doctors who are aware of the threat of phishing emails can advise patients to only open emails from their office, which should be sent through a secure service that requires a password to access.

While many doctors may feel that they don’t have the time to learn about cybersecurity, the fact is that doing so is more important than ever. Digital care is becoming as important as physical health, and a well-informed doctor can provide their patient's all-around care.

Friday 23 April 2021

The Future of Service Management in the DevOps Era

By Gary Blower, Solutions Architect, Clearvision

Whether you view your organisation as having an agile approach or not, in 2020, companies had no choice but to drastically change their way of working as the world rapidly pivoted to remote working. Organisations that had already embraced agile principles had the advantage of being able to adapt faster to the pandemic and meet the demands of their employees, who were suddenly all working from home. Now, as we start to slowly emerge from multiple lockdowns and restrictions, one interesting side effect of COVID-19 is that it has lowered our collective tolerance for slow, overly bureaucratic processes. We all crave an agile approach, whatever our definition of agile might be.

COVID-19 has Accelerated Digital Transformation
Digital innovation has fundamentally changed how the world operates. COVID-19 demonstrated just how much we rely on technology. And, as modern technology permeates every area of our lives, our expectations around the availability of information and the speed with which we can obtain it are even higher than they were pre-pandemic. Therefore, as lockdowns ease, the world is continuing to change just as rapidly to keep pace with the demands on businesses, who must accelerate out of recession and aggressively compete to remain relevant.

The knock-on impact of this acceleration is that organisations need their IT teams working together as efficiently and effectively as possible. Likewise, their IT service management (ITSM) capabilities must be nimble and efficient to support shifting organisational priorities, capitalise on new opportunities, and satisfy growing end-user demands for immediate and seamless service, wherever users are located.

To meet this increasing demand and requirement for speed, the flow of work between the support, DevOps and operational teams must be unified, and teams need to be empowered to deliver work with agility. IT teams are under huge pressure and are required to become even more adaptable to the challenges they face. This means that practices and workflows need to remain flexible so that teams are better positioned should situations like we just experienced in the past 12 months arise again in the future.

Traditional Service Management Approaches can’t keep pace with Demand
However, even the smallest request for change is not an easy task for some organisations and must be approved by layers of bureaucracy, which can take weeks or sometimes months. Additionally, this increased demand, combined with the ongoing pressure to lower costs, runs counter to traditional approaches to service management that emphasise risk mitigation and control over efficiency and agility—leaving some IT teams hamstrung and unable to play to their full potential. In our ‘always on’, digital world, this will disadvantage those companies unable to respond, with end-users and customers no longer willing to accept long wait times. And why should they? The COVID-19 experience showed that, when we really need to, we can completely change our way of working overnight. Therefore, many customers are now unforgiving of those that cannot accommodate their requirements or promptly meet their expectations.

One way that organisations can accelerate their service management initiatives and introduce more efficient methods to serve ever-growing business demands is by implementing Jira Service Management. This is the only ITSM solution built on the Jira software development platform. This means that users don’t have to seek the Jira application separately, and they benefit from having everything they need in one platform.

DevOps, IT Support, and IT Operations must all Collaborate
This accessibility is important because IT teams using other service management tools often end up integrating their application with Jira for additional functionality, which can be clunky and not as streamlined. The co-existence of Jira Service Management and the Jira software development platform has huge benefits because it means that support and development teams can collaborate on the same platform and fix software issues and incidents faster. Jira Service Management was also designed with both IT and development teams in mind and provides streamlined requests and change management processes. This allows teams to make change requests without complex approvals and link incidents to problems in one click.

With other service management platforms, siloed tools between development and IT operations can result in context switching, lack of visibility, and decelerated work. As a result, integrations between Jira Software and service management tools tend to be weaker and cumbersome to manage. In contrast, tight integrations between Jira Software and Jira Service Management mean seamless and accelerated workflows between development and IT. Teams can link issues across Jira and ingest data from other software development tools, providing IT support and operations teams with richer contextual information to respond rapidly to requests, incidents, and changes.

Jira Service Management also offers customisable templates for ITSM, customer service, and business teams such as HR and finance. Furthermore, an intuitive portal in Jira Service Management makes it effortless for customers to ask for help, while the simple UI makes it easy for teams to use. And, with easily configured automations, IT teams can prioritise and resolve requests quickly.

Service Management Built for the DevOps era
In today’s world of digitised services and support, being able to deliver a rich and collaborative service desk, modern incident management, and change management is critically important. The world is changing fast and, to keep pace, organisations need a service management platform built for the DevOps era. An open, collaborative platform enables teams to scale operations quickly and ensure the organisations’ critical services are always on and operating at high velocity. This will ensure they can respond quickly to business change while delivering great customer and employee service experiences.

Monday 19 April 2021

Flexibility and Security, You Can Have it All!

Every organisation is on a mission to achieve agility; if 2020 taught us anything, it’s the need to be flexible is essential in order to adapt and thrive in new and uncertain environments. The increased adoption of technology in all forms - from increased connectivity to the cloud or collaboration tools for remote working - has greatly enabled organisations to achieve this. Powered by the adoption of software-defined wide-area networking (SD-WAN) technology, organisations have been able to take advantage of this newfound flexibility, ease of management and ability to scale, but many have realised that the compromise to data security is too big a risk.

The dichotomy is real: ignoring the benefits that SD-WAN technology can bring only leads to dated and costly solutions being used for connectivity; not only impeding the ability to realise the real-world direct cost savings available with SD-WAN but also limiting the scope for building the future-proof agile environment that’s needed as part of any organisation’s ongoing digital transformation. On the other hand, for the public sector and other highly regulated industries in particular, securing data has never been a simple task, but adopting an SD-WAN model has only highlighted that traditional security solutions are no longer enough. These solutions simply do not have the flexibility, performance or interconnectivity that SD-WAN connections require, and because of this, data is increasingly being left unprotected and vulnerable to malicious actors. The numerous data breaches that the industry has seen over the last few years are only proof of this.

Something clearly must change and organisations need to be able to deploy the benefits of SD-WAN with the confidence that the necessary controls are in place to ensure guaranteed levels of protection for high assurance data. As Paul German, CEO, Certes Networks, explains, a software-defined approach to data assurance will enable organisations to remain flexible and reap cost savings whilst ensuring their data is kept private and handled in accordance with compliance needs.

Turning Business Intent into Business Value
Business intent is defined by the key goals that an organisation sets out to meet with its data security strategy in order to achieve business value. For example, this could include being proactive to meet new and existing regulatory compliance requirements; being agile to move to hybrid environments; or being protected to keeping data secure and staying ahead of malicious actors.

Business value will be achieved when the organisation’s data security posture is visible, scalable, observable, and above all, provable. In practice, a provable security strategy is quantifiable, measurable and outcomes-driven, and will turn data security into a strategic investment that mitigates risk and that delivers a quantifiable contribution to the overall value of the business.

Having the intention to make changes and meet business goals, though, is only one part of the process as there are numerous challenges to overcome in order for business intent to turn into business value.

Achieving Business Value within SD-WAN
An example of business intent is an organisation moving toward SD-WAN and adopting Zero Trust as an approach to ensure their data is kept secure, whilst staying flexible. However, the challenge that stops business value from being reached in this example is that the separation of duties cannot be achieved when security protocols are tied into the network infrastructure, which is often the case when organisations have not yet adopted a network-agnostic approach to data security. Business value will be achieved by deploying a secure overlay that’s agnostic to the underlying network infrastructure, giving security teams total control and visibility of the security posture.

Similarly, an organisation might have the aim of being agile and moving to a hybrid or SD-WAN environment, but the challenge of a disaggregated or antiquated network infrastructure will often mean that this intent cannot be turned into value for the business. By decoupling security from the network, the organisation can be safe in the knowledge that the data will be protected wherever it travels. Furthermore, by matching security policies to business intent requirements, organisations won’t be beaten by continuously evolving regulations, solving two challenges and delivering business value with a future-proof approach to data security as a result.

Overcoming these challenges with a provable security strategy that encompasses auditing and analytics and that automates cryptographic key rotation for each classification of business intent, ensures that even if a hacker is able to infiltrate the network, there will be no lateral movement between applications. And, with real-time monitoring of the data assurance posture, CISOs can react and remediate the attack at speed, greatly limiting any damage that could be caused and enabling business value to be achieved.

Making Flexibility and Security Entirely Possible
Ensuring that data remains secure should be front of mind when making any organisational changes, particularly when it comes to the adoption of new technology. There is simply no point in making the company’s processes and operations flexible and agile to suit the new working environment if data is left vulnerable and open to compromise as a result.

But organisations don’t have to choose between flexibility and security - both can easily be achieved with a strategy that not only overcomes the data security challenges presented by an SD-WAN environment, but that also provides value by achieving business intent. A software-defined data assurance strategy successfully delivers ‘data first’ security to ensure that data remains protected and is handled in accordance with compliance needs, whilst providing the ability to react and adapt to both external and internal changes as required.

It’s a win-win, so now is the time for organisations to really consider the viability of an SD-WAN environment where data security is decoupled from the network in order to truly realise the benefits.

Friday 16 April 2021

Adapting Security Awareness to the Post-Pandemic World

It's time for Security Awareness to adapt by thinking Cyber
The transition to working from home, as well as the necessary technological change, has had an effect on businesses all over the world. This has serious consequences for cybersecurity. Current approaches to human user security are antiquated, infrequent, complex or patronising. Yet, in a world where 90% of cyber attacks begin with a human user, technological controls can never guarantee 100% security.

To keep up, security awareness must build new methods. The days of an annual awareness course are long gone. Instead, security awareness is becoming more and more about drip-feeding brief snippets of information to users, with content production periods of hours or days rather than weeks or months. Adjust easily, with minimal effect on workers, to win the battle for recognition while still passing on those benefits.

Belfast based cybersecurity company SaltDNA, a LORCA 3 Cohort Graduate, recently attended LORCA Live’s online event, a global ecosystem together to explore the role cybersecurity can play as an enabler for the emerging technologies set to define our world. During the event, there was a wide range of workshops, panel discussions and live broadcasts, tailored to today's cyber landscape.

According to a panel on LORCA Live ‘Understanding the changing risk landscape for business', the panellists highlighted the importance of security awareness finding new ways to be part of the context. Security awareness must find new ways to incorporate itself into the environment. Since physical cues are no longer present, we must build virtual cues to promote safe behaviour by integrating security into people's daily computing activities. These initiatives should be quick, attractive, social, and timely for optimal impact. They should preferably be delivered at the point of risk, going well beyond merely reminding people of their professional responsibilities. We can shift the context to drive secure behaviours by offering the right feedback at the right time.

Remote working is here to stay - why it's even more important to secure your organisation
2020 moving into 2021, there has been a substantial change toward working from home. Businesses, for the most part, seem to have dealt with the logistical and health and safety implications of the transition, people seem to have adapted to remote working arrangements and processes fairly well.

Undoubtedly, there's more to it than that from a security standpoint. It's not enough that the dangers have shifted. More importantly, the environment in which most work is performed has changed. Given that all behaviour is influenced by its environment, approaches to ensuring your business and employees safety must evolve.

Data enforcement, data hacks, and malware attacks are all issues that CISOs and CIOs must deal with. As more people work from home, their jobs are becoming more difficult. Cyber-security threats and breaches are a concern that any company has to face. They can be highly disruptive, resulting in major, long-term financial and reputational harm.

When workers operate remotely, such an assault can be much more difficult to manage, so make sure you have a safe setup in place to reduce the risk as much as possible. The importance of providing frequent security training for employees, as one of the most serious threats to your security is human error. Responding to a phishing email, downloading malicious material, or clicking on a dangerous connection is all too convenient. Furthermore, since the security threat environment is constantly changing, workers are often unaware of the risk that their activities can pose. As a business owner, you must ensure that the workers undergo daily training and updates to ensure that they have as much information as possible.

Organisations need to build trust to succeed in a post-pandemic world
Forward-thinking business executives who took steps before 2020 were more likely to survive the past year's turmoil and place their businesses to succeed in the future. They created organisations with forward-thinking strategies, which offered a strong commitment to their stakeholders, and effective use of technology to gain a competitive advantage. Improving organisational resilience to plan for potential disruptions starts with an honest assessment of the organisation's readiness, adaptability, collaboration, trustworthiness, and responsibility.

The pandemic has hastened the adoption of technology, and many companies have had to change their digital operations in order to remain operational and expand. Users must have confidence in how their data will be used, stored, and secured in order to participate in the digital economy. This poses a number of issues for companies.

The ‘Building trust to succeed in the post-pandemic world’ workshop held by DELL technologies shared a number of strategic actions businesses can take to build resilience. The first option was to conduct crisis scenarios on a regular basis with key decision-makers from different roles and departments. Scenario preparation assists leaders in preparing for change and predicting what businesses will need in the future to not only succeed but also prosper.

Secondly, to encourage employees to learn new cyber skills, develop training or rotational programs. This could improve an organisation's ability to redeploy employees based on business requirements and employee preferences. Finally, invest in a secure communications platform that promotes collaboration and private communications within your organisation. The collaboration will improve resilience by helping organisations communicate more effectively and promote trust among employees.

Although the future remains unclear, it would be unrealistic to expect that coronavirus vaccines would usher in a full return to pre-pandemic conditions. Now is the time to accept and plan for a more permanent remote-work environment. Firms can do this by integrating secure technology that encourages secure digital communications among employees and teams, making their businesses more appealing to customers while also promoting broader strategic growth objectives.

A constructive approach is more likely to be safe and resilient, as well as to survive in the data-driven digital economy. Change and disruption will be the norm in the future, so leaders who put the building blocks of resilience in place now will be in the best position to succeed.

About SaltDNA
SaltDNA provides enterprise managed encrypted communications between mobile devices, safeguarding the confidentiality of voice, message and conference call communications, and file transfers. To sign up for a free trial of SaltDNA or to talk speak with the SaltDNA team, contact them at

Thursday 15 April 2021

Important Strategies for Aligning Security With Business Objectives

What is the objective of implementing cybersecurity in a business? The answer might vary depending on whether you ask a security professional or a business executive.

However, in any cybersecurity implementation, it’s very important to stay focused on the big picture: cybersecurity is there to secure the business and its assets, so the business can concentrate on achieving its business objectives.

For example, if we are a coffee shop, then cybersecurity should be implemented to help the restaurant sell more coffee, and cybersecurity by itself is not an end goal.

To do so, security professionals and executives must align cybersecurity with business objectives, which can be quite challenging in certain cases.

Below, we’ll share important strategies that can help cybersecurity teams move business and cybersecurity alignment in the right direction, starting with the first one.

Know the business objectives inside out
One of the key challenges in aligning security with business objectives is that information security/data security executives (i.e. CISO/Chief Information Security Officer) are often too concerned about security and not the overall business objectives.

Each top stakeholder in the company might have different business and security concerns. For example, the marketing manager might be more worried about the success of the upcoming marketing campaign, while the CFO might be more worried about the cost of security infrastructure and potential losses due to security concerns.

With that being said, explore the following areas to consider how security should align with business objectives:
  • Compliance with local regulations and policies
  • Data assurance, security, and integrity
  • Market trust and brand reputation
  • Availability and performance
  • Culture, policy, and governance
  • Cost efficiency in implementing security controls
Maintaining two-way discussions with management and employees is very important so the security team can prioritize which areas they should focus on to help achieve organizational business objectives.

Upgrade connectivity to improve cybersecurity and productivity
With remote working becoming the norm nowadays, especially due to the COVID-19 restrictions, more employees are now actively accessing cloud resources from home. Even in a traditional office setting, regularly accessing cloud resources in various forms is now also a common practice.

To prevent potential issues, organizations must ensure a more reliable connectivity solution that is also more secure, and SD-WAN (Software Defined-Wide Area Network) can be a viable solution in the following ways:
  • Better security: SD-WAN allows businesses to integrate security directly into the connection, for example by integrating VPNs, encryption, IPS, sandboxing, and firewalls.
  • Reliability: SD-WAN can prioritize critical applications to ensure more reliable connectivity for all employees.
  • Centralized management: security teams can easily integrate essential security functions into a single location, allowing better efficiency.
The implementations of SD-WAN as well as other types of security-focused connectivity solutions, can help businesses in aligning security with business objectives by ensuring fast, reliable, but secure network at all times.

Implement cybersecurity automation to free up time and resources for pursuing organizational objectives
Implementing automation in executing cybersecurity practices has two core benefits:

First, is that while human resources are and should be an organization’s most important security asset, human errors are also often an organization’s biggest security vulnerability. In fact, more than 95% of successful cybersecurity breaches are caused by human errors. Automating the execution of your cybersecurity can help reduce or even eliminate these human errors.

Second, is that automating cybersecurity practices can free up your employees’ valuable time so they don’t deviate from their core competencies, allowing these employees to contribute more in pursuing organizational objectives.

For example, investing in automated bot detection and management solutions like DataDome can help implement advanced, AI-powered bot mitigation. DataDome will stop bot attacks on autopilot and in real-time.

Establish a security-focused company culture
Again, human resources are an organization’s most important security assets and also the most vulnerable security vulnerabilities.

It’s very important to ensure regular training so employees and management can better spot various forms of cybersecurity attacks especially phishing and social engineering attacks.

Creating a security-focused company culture start by building awareness and knowledge of end-users by ensuring:
  • All employees must understand the symptoms of key attack vectors with the highest potential of affecting the organization, so they can recognize these threats in real-world situations
  • Communication is key. Management and employees should maintain clear, two-way communication about security and keep them updated.
  • Monitor and evaluate progress regularly, including updating the employees with new training modules when required
Creating an organization-wide security culture requires commitment both from management and from employees, and improving awareness can be the most important asset an organization should invest in to ensure alignment of security with business objectives.

Recognizing that cybersecurity is a prerequisite, not the end goal
A very common mistake performed by organizations, especially security executives and officers, is treating cybersecurity as the end goal, while in truth cybersecurity is only a means to an end. We need cybersecurity to achieve the end goal and not the other way around.

This is why every cybersecurity initiative should consider the related business objective it’s pursuing, and the cybersecurity team should provide an assessment to explore different options and possible outcomes rather than forcing the idea of security for the sake of security.

We wouldn’t want security teams and executives to get caught up in being like an overprotective parent, hindering the business’s performance by treating security as the end goal.

Thus, cybersecurity should help the business’s goals, and not the ultimate objective by itself.

With various cyber-attacks are continuously growing, both in terms of scale and quality of attack, the negative impacts of these attacks on any business are increasingly becoming more threatening.

This is why aligning cybersecurity to business objectives is now a necessity, ensuring the organization is becoming more capable of mitigating security risks that can hinder the organization’s success while ensuring positive ROI in security investments.

Friday 9 April 2021

Building a Security Conscious Workforce

Article by Daniel Warelow, Product Manager at Giacom and Charles Preston, CEO & Founder of usecure

Employees are a vital part of the security strategy

Security Awareness Training the foundation of a Cyberculture
Life and work as we know it is changing as a result of the COVID-19 crisis, and cybercriminals are using this to their advantage. A new report has found that more than one in four UK cyber-attacks have been related to the pandemic, and as attackers continue to come up with sophisticated and dangerous methods to attack businesses and individuals, cyber security measures must be prioritised. 

Businesses can no longer rely on technology alone to mitigate the risks that come from cyber threats, especially while many workforces work remotely through the pandemic. Instead, they need to encourage their employees to work mindfully and responsibly on the frontlines of cyber defence. Daniel Warelow, Product Manager at Giacom and Charles Preston, CEO & Founder of usecure,  highlight the importance of implementing continuous security awareness training in order for employees to be more security conscious as part of their overall IT security strategy and protection.

Human Error
Employees are a vital part of any business’s security strategy – they are the soldiers on the front line in the battle against hackers. However, if they are not educated or trained in what to look out for when it comes to security, the human can also become the open gateway for cyber attacks to take place, playing upon user vulnerabilities. 

This is the case, especially when working from home. Users have additional pressure to work harder and faster, which is when more mistakes can happen. It has been found that 95%of cyber security breaches are due to human error, demonstrating how dangerous humans being the weakest link can be. These internal business risks, such as sending an email to the wrong person or with an incorrect attachment can be detrimental to a business – not only in terms of financial repercussions, but also its reputation. 

This is when cyber security training and tools that educate the user have never been more important, as employees need to be trained to be vigilant, cautious and suspicious.

Security Awareness Training
The cyber threat continues to evolve too as hackers and their methods become more and more innovative. However, businesses cannot expect their employees to stay ahead of growing threats without having the education and training in place in response to the changing and modern landscape. Elements such as security awareness training and simulated phishing resources can help mitigate end-user cyber risk and drive secure user behaviour.

These programs are designed to help users understand the role they play in helping to combat security breaches. Additionally, using phishing simulations, as part of the wider security strategy will help to provide realistic situations that often occur, particularly via email, that employees must be aware of. Further, training allows businesses to assess the nature of the workforce regarding its security awareness posture, and provide employees with the information to understand the dangers of social engineering attacks and how to take appropriate actions to protect themselves and the organisation. 

However, security awareness training should not be a one size fits all approach. Instead, training should be continuous and tailored to each user's unique vulnerabilities, creating an optimised and effective cyber strategy. By highlighting any cyber weaknesses in the workforce, these can be targeted through educational resources to ensure that the human is aware of and knows how to detect such risks, and more importantly, how to reduce the likelihood of an attack. Regular training, in addition to complementary security tools, can provide a layered defence for organisations to reduce the threats that any business faces. 

The Role of the Channel
The channel plays a key role in the fight against cyber crime too. Organisations cannot be expected to stay one step ahead of cyber criminals and adapt to new threats on their own, but by relying on the help of their MSP, businesses can feel confident that they have the right education and tools in place to combat the risk of cyber attacks. 

There remains a large cyber skills gap across many businesses, and with the immediate move to remote work over the last 12 or so months, being away from the help of on-site IT teams, organisations are more vulnerable than ever. Finding the right vendor and solutions to tackle these evolving threats is crucial, and end user organisations need to work effectively with Managed Service Providers (MSPs) to stay ahead of the attackers. This enables MSPs to become trusted IT security advisors for the businesses they support, helping them to create a secure business and custom-fit security approach.

In addition to this, to meet growing cyber security threats to organisations, channel partners can increase their value to their customers by ensuring they have the right security solutions and training programmes in place across their existing portfolio. MSPs must take a proactive role in understanding the current state of a customer’s ability to protect against, prevent, detect and respond to modern cyber threats when recommending the best approaches to being cyber resilient. 

By addressing pain points and providing assurance around the security of their working environments, partners can build and strengthen the relationship with their customers, while recognising the opportunity surrounding the related additional revenue streams. 

Thursday 1 April 2021

Cyber Security Roundup for April 2021


A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021.

How not to disclosure a Hack
UK fashion retailer FatFace angered customers in its handling of a customer data theft hack.  The clothes retailer revealed a data theft which included its customer's full names, home addresses, email addresses, and partial debit\credit card details. The payment card details included the last four digits and the card's security verification code, the latter code is never permitted to be stored after a payment card authorisation under Payment Card Industry Data Security Standard requirements, so it would appear the business was not PCI DSS compliant at the time of their hack, which strongly suggests the business may not doing enough of the expected IT security good practices to prevent being hacked in the first place, a poor IT defence posture which appears to have even been corroborated by their hackers.

FatFace CEO Liz Evans released a statement which said “On 17th January 2021 FatFace identified some suspicious activity within its IT systems. We immediately launched an investigation with the assistance of experienced security professionals who, following a thorough investigation, determined that an unauthorized third party had gained access to certain systems operated by us during a limited period of time earlier the same month. FatFace quickly contained the incident and started the process of reviewing and categorising the data potentially involved in the incident.”

Customers were said to be angered that it took FatFace over two months to notify them of the breach, under the UK Data Protection Act (GDPR), UK businesses are required by law to notify data subjects (customers) within 72 hours of learning their personal data had been compromised.  Customers were said to be even further incensed that emails sent to them by FatFace were titled "Strictly private and confidential", which they considered implied they should help FatFace cover up the breach, and there was no apology by the FatFace CEO to boot.

Computer Weekly said it had learnt that FatFace paid a £1.5m ($2 million US dollar) ransom to the Conti Ransomware gang, disclosing the gang gained access to FatFace network and their IT systems via a phishing email on 10th January 2021. The ransomware attack was said to be executed on 17th January 2021 and over 200Gb of data was exfiltrated.  As part of ransomware negotiation, the original ransom ask for $8m worth of Bitcoin, was said to have included the Conti gang providing the following cybersecurity advice to FatFace:
  • IT teams to implement email filtering
  • conduct employee phishing tests
  • conduct penetration testing
  • review Active Directory password policy
  • invest in better endpoint detection and response (EDR) technology, apparently recommending Cylance or VMware Carbon Black
  • better protect the internal network and isolate critical systems
  • implement offline storage and tape-based backup
All very sound advice.

More and More Ransomware Attacks
The Harris Federation, which runs 50 primary and secondary schools, and Birmingham College probably wished they had followed the alleged Conti gang's anti-ransomware security advice after they were taken out by ransomware attacks. 

The ransomware epidemic dominated the 2021 Palo Alto Networks Unit 42 Report, echoing the constant stream of IT media headlines, namely that ransomware gangs continue to evolve their tactics and operations, and are making more and more serious money.  We are within a golden age of ransomware crime, and there are no signs of a rest bite. PA Unit 42 found that the average ransom paid by organisations nearly tripled over the past year, from $115,123 in 2019 to $312,493. High-end ransoms have gone up significantly too. Between 2015 and 2019, the largest-known individual ransom demand was $15 million. In 2020 groups were demanding as much as $30 million to unlock a victim’s files and systems.

A Russian man in the US pleaded guilty to plotting to extort money from the electric car company Tesla, after he was accused of offering an employee £721k ($1m) to place ransomware on Tesla's network. He was quoted as saying that he and his co-conspirators would steal the data and if Tesla refused to pay the ransom the company's secrets would be placed on the internet.

Microsoft Exchange Zero-Day, Exploitations Led by Hafnium

Further information about the Exchange Server zero-day vulnerability exploitations came to light throughout March, as summarised below. 
UK Gov to Ramp up Cyber Offenses and Defences
Prime Minister Boris Johnson announced he was creating a "cyber corridor" in the North of England, to bolster Britain's cyber warfare capabilities against hostile countries and terrorist groups.  A new UK National Cyber Force (NCF) will lay out "a new cyber strategy to create a cyber ecosystem."

The NCF review will "set out the importance of cyber technology" to the UK's way of life "whether it’s defeating our enemies on the battlefield, making the internet a safer place or developing cutting-edge tech to improve people’s lives.“ Basing this task force in the North of England is intended to generate economic growth in the digital and defence industries while drawing in the private sector and academia to work with the government on projects.

Britain's biggest banks, including Barclays, HSBC, and NatWest, and insurance companies, including Aviva and Direct Line, will face new tougher testing of their cyber defences by the Bank of England's Financial Policy Committee (FPC). Industry sources said the FPC will test their ability to withstand a coordinated global series of cyberattacks to form the centrepiece of the Bank of England's stress scenario reporting.

However, one recently introduced UK cybersecurity law, which was meant to boost the resilience of the UK's energy sector by obliging gas and electricity firms to report to hacks, doesn't appear to be very effectively adopted. Network & Information Systems (NIS) Regulations 2018 were introduced into UK law three years ago and has parallels with the DPA\GDPR law which was introduced at the same time. Like the GDPR, NIS requires the UK critical national infrastructure firms (i.e. ISPs, utilities) and energy sector firms (i.e. gas and electricity firms) to quickly report any hacks to their regulating authority, Ofgem. According to Sky News, only one company has ever tried to file a report informing the regulator that it had been hacked, but they were dismissed as the incident did not meet the threshold for being reported.

Recently, the British government confirmed Russian state-sponsored hackers have successfully penetrated the computer networks of the UK's energy grids, without disrupting them, and former defence secretary Gavin Williamson warned that "thousands and thousands and thousands" of people could be killed if an attempt at disruption was made.  Responding to Sky News about NIS compliance, a UK government spokesperson said: "The UK's critical infrastructure is extremely well protected and over the past five years we have invested £1.9bn in the National Cyber Security Strategy to ensure our systems remain secure and reliable." UK Gov then added that a formal review of the impact of NIS will take place within the next 12 months.

Stay safe and secure.