(ISC)² called for more and continued industry collaboration amongst membership and training bodies linked with cybersecurity skills and professional development.

Doing so will bolster the cross-industry work that has built the new UK Cyber Security Council, as well as further collective efforts to advocate for members and greater industry awareness of cybersecurity trends and threats.

Commissioned by the Department for Digital, Culture, Media and Sport (DCMS), the Council has been created as an independent, self-regulatory body for cybersecurity education and skills.

As an umbrella organisation for the sector, and with industry-wide support, it will serve as a single governing voice for the industry to establish the knowledge, skills and experience required for a range of cybersecurity jobs.

The creation of the Council, by the cross-industry Cyber Security Alliance, will bring cybersecurity in the UK in line with other professions such as law, medicine and engineering.

Today marks the completion of the Alliance’s Council Formation Project. An unprecedented volunteer collaboration involving members and staff from16 Alliance member industry organisations including (ISC)², the Formation Project constructed the Council, which now will begin operations as an independent body.

“The UK Cyber Security Council will help to foster greater skills development and attract more trained professionals to maintain the U.K.’s position as a world-leading cybersecurity skills and innovation centre,” said Clar Rosso, CEO of (ISC)².

“Further, it will support our sector’s collective mission to equip professionals with the skills, knowledge and continuous development needed to keep pace with the evolving needs of the cybersecurity industry and the wider economy.

“As a member of the Cyber Security Alliance, (ISC)² has been heavily involved throughout the project to launch the Council. Together, the Alliance organisations have invested considerable time and resources alongside the funding from DCMS to build the Council, establishing an unprecedented new level of cooperation within our industry.

“Our shared vision and commitment to the creation of the Council, and our ongoing support for it as a Founder Member of the Alliance, has brought our industry together, and it is important we do not squander the opportunity for progress and innovation that cooperation creates.

“It is imperative, not only for the future success of the Council, but for the benefit of all our members and organisations, that the sector continues to work together with the same vigour and enthusiasm to support the Council in the months and years to come,” Rosso added.

The Council was conceived in late 2018 within the UK Government’s Initial National Cyber Security Skills Strategy policy paper, which called for a new, independent body to professionalise the cybersecurity skills sector and support Government efforts to improve the UK’s cybersecurity resilience and skills base.

Once fully operational, the Council will have a cross-industry role as a voice for the profession, influencing policy and providing counsel on behalf of its member organisations.

It will also provide a variety of resources and guidance for individuals, including an extensive tool to map the many career and qualification pathways for professionals within the cybersecurity sector.

from Help Net Security https://ift.tt/31AWzGq

Cybersecurity is undeniably a business-critical function. That’s only been reinforced over the past few months by the SolarWinds and Exchange attacks. Consequently, a recent PWC report found that 55% of enterprise executives plan to increase their cybersecurity budgets in 2021, and 51% plan to add full-time staff dedicated to cybersecurity within the year.

Meeting data privacy regulation compliance

This focus on security, however, isn’t just a reaction to more cyberattacks. It also correlates with the enormous acceleration in digital transformation initiatives over the last year. Some industry experts dubbed it the shift from “cloud speed to COVID speed.” The pandemic forced a new way of working, and this ultimately means a new way of ensuring the security of how we work. It also means that companies store and manage more data in the cloud, which comes with its own regulatory compliance challenges.

Every new process moved to the cloud, automated or made digital, has become a new vulnerability. Security teams need to manage these vulnerabilities to protect the data from a cyber-attack and ensure compliance with the latest data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Privacy Rights Act (CPRA).

Other non-compliance issues will grow over the next year, especially as companies continue to remotely onboard and offboard customers and employees. These new processes will impact how to protect data and comply with the multiple different patchwork privacy regulations from various states and countries. This is why the industry must work towards a uniform data privacy regulation, so organizations have a clear understanding of what it means to be compliant.

As challenging as 2020 was, it provided invaluable lessons that security and identity teams can apply as best practices for enterprises to adhere to regulatory and compliance standards, such as the CPRA and the GDPR. Following are three of those lessons to prioritize.

Lesson 1: Take stock of identities and lock them down

When it comes to data protection, security and compliance, organizations must keep the potential technology risk within acceptable limits, which means mobilizing efforts to identify data lakes and applications where personally identifiable information (PII) and other sensitive information is stored. Organizations should then use digital transformation as the catalyst to lock those applications down with the proper controls to prevent the unauthorized use of data and use analytics to gain visibility into the management-sensitive data.

The key to any data privacy compliance is proper data protection because under these laws, consumers retain the right to deny and revoke the collection of their data. The first step in any plan around compliance is to have a basic understanding of whose data you have, where it is, and who has access to it. This principle is the foundation of identity management and governance.

Lesson 2: Collaborate with other areas of the business to design compliance protocols

Changes to regulatory standards (both new and old) will influence risk and security efforts. Because of this, enterprises must prepare to quickly enact the necessary protocols for seamless and adequate data protection. It all starts with data discovery, which requires significant collaboration between business teams and security to map out the data captured about customers, partners, and employees. The subsequent steps include data classification, understanding how the data is processed and stored.

Overall, a sound governance framework must be put in place to ensure compliance and address organizational risk. These frameworks can only succeed if business and security teams collaborate. Unfortunately, a siloed approach to compliance will ultimately unearth more challenges – not solve them.

Lesson 3: Put identity at the core of security and compliance perimeters

As cloud use normalizes, identity management and governance become an integral part of how firms can manage privileges, access, and ensure data security and privacy. Companies should consider every workload and service in the cloud as an identity because each workload and service has access, roles, or permissions assigned to connect with other services.

Things like virtual machines, databases, containers, mobile phones, and IoT devices are all machine identities that access data on other systems while also storing and processing data that need management. Furthermore, firms should continuously monitor user access to ensure that the controls in place remain effective.

By placing identity at the center of a company’s security perimeter, an organization gains visibility into who has access to sensitive data and whether someone is accessing that data without the right permissions or need (to know) — or being exfiltrated. From there, an organization should integrate data governance protocols to identify various data repositories, adopt a zero-trust model and work towards zero-trust maturity. This process involves a shift in mindset to accept that you must approach all identities with speculation and time limits around access.

Data privacy regulation and zero-trust maturity

In addition to these three significant lessons, organizations must also recognize that zero standing privilege paves the way for zero-trust maturity – meaning that teams must determine access rights on an as-needed basis. This process forces any access to be requested, evaluated, and either accepted or denied – ensuring no identity has default access to PII or other forms of protected data.

In the end, this prevents and protects the enterprise from cyber-attacks that take advantage of standing administrative privilege and helps with regulatory compliance because it ensures that employees and administrators don’t gain excess access to private data.

Despite the growing complexities around patchwork privacy regulations and sensitivity from customers around the protection of their data, organizations need to establish a privacy policy framework, with identity as the foundation. This will ensure that the organization meets the necessary controls and safeguarding protocols needed to maintain compliance and mitigate the risk of private data being accessed by bad actors in a cyberattack.

from Help Net Security https://ift.tt/3ryfwDX

Data-stealing ransomware attacks, information harvesting malware, and supply chain attacks are among the critical threats to organizations, according to F-Secure.

One of the most notable trends highlighted is the evolution of ransomware – attacks that extort organizations by preventing them from accessing their data.

Explosion of ransomware that also steals data

2020 saw an explosion of ransomware that also steals data, giving the attackers more leverage over their victims. If organizations first refuse to pay a ransom to decrypt their data, attackers threaten to leak the stolen information, increasing pressure on victims to pay.

This evolution, referred to as Ransomware 2.0 in the report, was a significant development in 2020. Only one ransomware group was observed using this type of extortion in 2019. By the end of 2020, 15 different ransomware families had adopted this approach. Furthermore, nearly 40% of ransomware families discovered in 2020, as well as several older families, were known to also steal data from victims by the end of last year.

“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” explained Calvin Gan, a Senior Manager with F-Secure’s Tactical Defense Unit.

“Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we’re already seeing with the recent MS Exchange vulnerabilities.”

Significant cybersecurity trends

• Attackers’ use of Excel formulas – a default feature that cannot be blocked – to obfuscate malicious code tripled in the second half of 2020.
• Outlook was the most popular brand spoofed in phishing emails, followed by Facebook and Office365.
• Nearly three-quarters of domains used to host phishing pages were web hosting services.
• Email accounted for over half of all malware infection attempts in 2020, making it the most common method of spreading malware in cyber attacks.
• Malware that automatically collects data and information from victims (infostealers) continues to be a threat; the two most prevalent malware families in the latter half of 2020 were both infostealers (Lokibot and Formbook).
• 61% of vulnerabilities found in corporate networks were disclosed on or before 2016, making them at least 5 years old.

Additionally, in a retrospective look at the notable supply chain attacks from the last 10 years, the report highlights that over half of them targeted either utility or application software and expresses hope that the last year’s SolarWinds hack draws greater attention to the impact these attacks can have.

“In security, we place a lot of emphasis on organizations protecting themselves by having strong security perimeters, detection mechanisms to quickly identify breaches, and response plans and capabilities to contain intrusions.

“However, entities across industries and borders also need to work together to tackle security challenges further up the supply chain. Advanced persistent threat groups are clearly ready and willing to compromise hundreds of organizations through this approach, and we should work together to counter them,” said Gan.

from Help Net Security https://ift.tt/3dkmNSL

Being a veteran cybersecurity incident responder with over 21 years of field experience I know I will always have a job and it will always be interesting. In the evolution of cyber-attacks I’d argue while the fundamentals have stayed the same there have been two major critical changes recently in the past few years among nation-state and criminal attackers that require us to thoroughly understand and respond in a different manner than in the past.

Most of the world and in most industries we’ve reached the tipping point in our digital dependence on our IT infrastructure and it has drawn attackers in

The first change is around the larger scope of attack. In the past you could draw a heat-map around the most technological countries: The US, South Korea, Japan, UK and Germany. Today we’ve reached the tipping point where most countries are now dependent on IT technology to the point that heat-map is hot white over most of the world. Same is true for industries, in the past only certain industries were dependent on It where today most industries are reliant on IT and their digital capabilities like never before.

There is a positive side to this digital dependence. From the first world to the third world, while this pandemic has caused much sorrow and an economic slump – it hasn’t buried us the way it would have if this had occurred even ten years earlier – our ability to effectively work remotely is why. With such a digital dependence it only makes sense that nation-state and criminal hackers would grow and escalate in such an environment.

Digital innovation has given attackers a vicious edge that has expanded their speed, depth and breadth like never before

The second, a far more impactful change is how digital innovation has changed the trend dramatically. For the good guys, digital innovation has become a critical competitive differentiator and it has led to our attack surface to include whether by application, by network, supply-chain or through countless as-a-service offerings a large array of interconnected entities.

Using DevOps models, scripting and automation that allow playbooks to push out and manage entire environments with a single mouse click. It means being able to collaborate with others to build applications faster than ever before. For the bad guys, the attackers are also using this digital innovation to their advantage. They partner up, collaborate and share attacks and intelligence.

Using scripts and automation attackers not only do they establish a beach head, they script into their attacks and account escalations, setting backdoors and wiping their footprints clean. Attacks are further carefully orchestrated and optimized to hit entire industries at one time, dig in deep in the most impactful ways possible.

Turning digital dependence and innovation back on the attackers

If digital dependence means the current trend in attacks affects us all globally, the most powerful takeaway is how we can better defend ourselves in an easier and better fashion by incorporating that digital innovation that we use in other portions of the enterprise within cybersecurity.

For one, there are APT, ransomware and supply-chain expertise that keeps track of nation-state and criminal actors. It’s critical that we leverage their analysis, indicators of compromise, and expertise into our security controls within the SOC. The way we defend ourselves must include techniques that leverage automation and updates that occur in near-real time.

As automation is used to manage whole new IT environments, we need the same capability to be applied to security. Use playbook automation to seek out vulnerabilities, search for new indicators of compromise, and provided automated support during an attack to counter attack more efficiently.

from Help Net Security https://ift.tt/3dniuGw

61% of manufacturers have experienced cybersecurity incidents in their smart factories and are struggling to deploy the technology needed to effectively manage cyber risk, according to a Vanson Bourne survey of 500 IT and OT professionals in the United States, Germany and Japan.

Outages

75% of them suffered system outages as a result, and 43% said outages lasted more than four days.

“Manufacturing organizations around the world are doubling down on digital transformation to drive smart factory improvements. The gap in IT and OT cybersecurity awareness creates the imbalance between people, process and technology, and it gives bad guys a chance to attack.” said Akihiko Omikawa, executive VP of IoT security for Trend Micro.

Smart factory security projects

The results from all three countries showed that technology (78%) was seen as the biggest security challenge, although people (68%) and process (67%) were also cited as top challenges by many respondents. However, fewer than half of the participants said they’re implementing technical measures to improve cybersecurity.

Asset visualization (40%) and segmentation (39%) were the least likely of cybersecurity measures to be deployed, hinting that they are the most technically challenging for organizations to execute. Organizations with a high degree of IT-OT collaboration were more likely to implement technical security measures than those with less cohesion.

IT-OT collaboration

There was a particularly big gulf between organizations with high IT-OT collaboration verses those with little to no IT-OT collaboration in the use of firewalls (66% verses 47%), IPS (62% verses 46%) and network segmentation (54% verses 37%).

Standards and guidelines were cited as the top driver for enhanced collaboration in the United States (64%), Germany (58%) and Japan (57%). The National Institute of Standards and Technology’s (NIST) Cyber Security Framework and ISO 27001 (ISMS) were among the most popular guidelines.

The most common organizational change cited by manufacturers in all three countries was appointing a factory CSO.

How to secure smart factories and keep their operations running

• Prevention by reducing intrusion risks at data exchange points like the network and DMZ. These risks could include USB storage devices, laptops brought into a factory by third parties, and IoT gateways.
• Detection by spotting anomalous network behavior like Command & Control (C&C) communication and multiple log-in failures. The earlier the detection, the sooner attacks can be stopped with minimal impact on the organization.
• Persistence is crucial to protect smart factories from any threat that has evaded prevention and detection stages.

from Help Net Security https://ift.tt/3wh7Xp4

Organizations continue to suffer downtime despite IT stacks equipped with all recommended cybersecurity technologies – including continuous data protection, anti-malware with zero-day threat prevention capabilities, automated patch management, vulnerability assessments, and more. In a recent survey, IT professionals reported that increases in training time and data loss associated with remote work and daily IT and business operations are increasing in 2021 compared to 2020.

As the COVID-19 lockdowns were first beginning a year ago, Acronis launched its inaugural Cyber Protection Week to raise awareness of and engagement with the cyber protection approach that helps organizations more reliably overcome modern IT challenges. This year’s event – running from March 29 through April 2 – extends that mission even further with Acronis releasing an in-depth report to mark the occasion.

The 2021 Acronis Cyber Protection Week Global Report collects responses from 4,400 personal IT users and IT professionals from 22 different countries. The aim is to shine a light on the priorities, concerns, and strategy gaps that are guiding their IT protection decisions in the year ahead.

If you’re interested in learning what’s top of mind for IT teams in your area, we’ve captured some of the key takeaways for IT professionals from the newly released report below. Many more are available in the full report.

The cyberthreats keeping IT pros up at night

In this year’s Cyber Protection Week Global Report, concerns over cyberthreats run high across the board for IT professionals. Nearly 80% of the IT professionals surveyed from around the world reported concern over all of the cyberthreats identified in the survey.

That said, there were some threat vectors and categories that loomed especially large. When ranked, the cyberthreats that most concern IT pros today are:

1. Malware
2. Data theft / data breaches
3. Phishing attacks
4. DoS / DDoS attacks
5. IoT attacks
6. Ransomware
7. Insider attacks
8. Cryptojacking

Given that the pandemic saw cyberattacks grow by 400% and that one-third of organizations were attacked on a daily basis in 2020, it makes sense that concern runs high for IT teams. What makes less sense, is the method IT professionals have taken to respond.

Defenses have gotten complicated

79% of IT professionals surveyed reported that they had up to 10 different security and protection tools running simultaneously – from data protection to anti-malware and regular patch management and vulnerability assessments. The remaining 21% had even more than that.

Unfortunately, these complex patchworks of protection solutions make training, maintenance, and management difficult. Ultimately, they create vulnerabilities and gaps in security where unintegrated services from competing vendors intersect. Proof of this is illustrated in the report: in the major challenges facing IT teams; the percentage of organizations that still suffered downtime; and the priorities IT professionals have moving forward through 2021.

Remote work challenges persist, downtime grows

Even though the shift to increased remote work was a year ago, many IT professionals are still working to overcome the challenges that arose during the move. Major challenges identified by IT teams in Acronis’ 2020 Cyber Readiness Report from September 2020 included remote worker enablement, remote environment security, and corporate app and network availability. These remain top challenges despite all of the new resources and services that have been put in place.

Worse yet, data loss that leads to downtime is actually on the rise, up 7% over 2020 and 18% over 2019. Half of the IT professionals surveyed for the Cyber Protection Week Global Report admitted suffering downtime in the past year. And considering how disruptive and expensive downtime is for modern organizations, this poses a serious threat to the success of businesses who have assembled a patchwork defense.

IT priorities in 2021

Responding directly to these challenges, IT professionals are prioritizing enhanced data privacy, modernized cybersecurity, and better supported remote work environments in the months ahead. To help achieve those goals, 70% of the IT professionals surveyed are planning to increase their budget compared to last year. This opens opportunities for vendors, particularly those offering integrated solutions that help to reduce complexity and integrate disparate cyber protection capabilities, delivering a more holistic defense for the data, applications, and systems that modern organizations rely on.

To learn more about how IT professionals are developing their cyber protection strategy in 2021, download your copy of Acronis’ 2021 Cyber Protection Week Global Report here.

from Help Net Security https://ift.tt/3dq2WBX

More than 80% of global IT decision-makers have already adopted, or plan to adopt or expand, cloud-based identity and access management (IAM) initiatives over the next two years, a Forrester Consulting study reveals.

The study also found that the industry has significant opportunities to improve the IAM experience for the majority of hybrid cloud adopters.

The study surveyed more than 300 IT executives globally on the state of cloud adoption. Findings show that while cloud adoption overall is increasing, investment and interest in hybrid cloud – using a combination of on-premises, public cloud, and Software as a Service (SaaS) – is particularly high. This suggests that IT leaders are realizing that hybrid cloud is a new reality for organizations and can be the quickest way to optimize their IT without disrupting business-critical applications.

Security pros aware of the blind spots in their cloud and IAM strategies

As ecosystems and cloud adoption expand, security professionals are increasingly aware of siloed data environments and the blind spots in their cloud and IAM strategies.

72% of the respondents have a cloud-based IAM, but nearly 50% of them don’t have key security practices in place. Further, almost all IT professionals at firms with IAM technologies face challenges meeting customer needs in a pure cloud environment. For example:

• 66% of respondents say that process issues, such as flexibility and agility of IAM systems and the ability of those systems to support hybrid cloud worlds, is impeding their adoption.
• 88% of respondents find technology issues, such as limited IAM functionality, lack of product scalability, and the inability to manage identity and access across current applications, is preventing their adoption of IAM in the cloud.
• 48% say that lack of cloud IAM expertise, or lack of support from leadership for cloud-based IAM adoption, is preventing them from making progress.

Hybrid IAM: A modern approach for the hybrid enterprise

Two-thirds of respondents say that process obstacles – such as the flexibility and agility of IAM systems, and the ability of IAM to move between different hybrid cloud worlds – hold them back. Adopting a hybrid IAM approach can bridge the gap.

A hybrid IAM approach enables today’s large enterprise to run, unify, and secure all digital identities in a hybrid IT environment. Additionally, more than 70% of respondents expect to see improved customer, employee, and IT benefits from investments in hybrid IAM.

“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity in helping them deliver simple and secure employee and customer experiences,” said Peter Barker, chief product officer, ForgeRock.

“As the only IAM platform on the market that delivers uniform functionality across cloud, on-premises, and hybrid IT environments, ForgeRock is uniquely positioned to meet the complex needs of global enterprises.”

Accelerated adoption of hybrid IAM brings a competitive advantage

By leveraging a comprehensive hybrid IAM platform, organizations can enable seamless user access across multi-channel applications, whether they are running applications on premises, in the private cloud, or on one or more public clouds.

A hybrid IAM platform also solves the need for multiple point solutions while addressing key focal points for today’s IT decision-maker. As highlighted in the study, infrastructure modernization, cloud strategy, and consolidation topped decision-makers’ lists.

As businesses continue to evolve, organizations with accelerated adoption of hybrid IAM will have an important competitive advantage, enabling enterprises to support existing business-critical applications on premises while also transforming and adopting cloud. Having identity at the center of this transformation ensures the future of access is safe and simple.

“The future isn’t just cloud, it’s hybrid cloud,” said Hamidou Dia, VP, global head of solutions engineering, Google Cloud at Google. “This approach gives companies the ability to reimagine their business and modernize faster, and IAM needs to be at the center to ensure the future is both frictionless and secure.”

from Help Net Security https://ift.tt/2PNuGs4