59% of CTOs still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49%) and phishing (36%), a research from STX Next reveals.

Despite this recognition of risk, the findings suggest that more needs to be done to properly safeguard companies against dangers, with only 26% having a dedicated cybersecurity team in place and only 50% outsourcing cyber responsibilities.

What CTOs around the world think

The research surveyed 500 global CTOs about the biggest challenges facing their organization. Other key findings from the research included:

• Multifactor authentication (MFA) adoption is strong, with 88% of organizations employing it in some way
• However, 47% have not implemented ransomware protection, despite its ever-increasing popularity among cybercriminals
• 58% are not using security information and event management (SIEM), and 41% have not employed privileged access management (PAM)
• Conversely, 92% have implemented disaster recovery (DR) capabilities such as automated backups

Maciej Dziergwa, CEO at STX Next, said: “Our survey shows that, despite the inexorable rise of ransomware in the last couple of years, the biggest security concern in the minds of CTOs remains the potential impact of human error. This is understandable given that in order to be successful, many types of cyberattack rely on someone inadvertently clicking a link or downloading a file.

“Where things really get interesting, however, is when we see what businesses are doing to protect themselves against these threats. Companies that employ their own dedicated cyber team are still in the minority, and while outsourcing is preferred, this isn’t a common policy at the majority of organizations either.

“It’s a similar situation when looking at certain key protective tools that haven’t yet been implemented on a large scale, such as ransomware protection. The established presence of measures such as multi-factor authentication provide some cause for optimism though, so it will be interesting to see if the other security features follow a similar trajectory in the near future.”

The importance of applying disaster recovery

Dziergwa believes that to further shore up security capabilities, businesses should look closely at how disaster recovery processes have been successfully implemented, and aim to replicate these approaches for cyber.

He added: “The strong presence of disaster recovery planning shows that organizations are doing well when it comes to the more all-encompassing, overarching responsibilities that ensure the business is resilient in the face of unexpected disruption. The next step is for leaders to apply this approach to the more granular elements of cybersecurity, including anti-ransomware tools.”

He concluded: “After all, security features are designed in many cases to reduce the potential for human error to cause major cyber incidents. By investing more heavily in these areas, CTOs will have less need to worry about any risky behaviour by their staff in future.”

from Help Net Security https://ift.tt/3I5fj4L

As the holiday shopping season hits full stride, ecommerce retailers across Europe face a new era of malicious attacks spurred by a COVID-inspired transformation in ecommerce and a 350% increase in fraudulent online orders, according to data published by Signifyd.

Retailers can expect a more perilous fraud landscape through the holiday shopping season and beyond. The heightened threat is thanks in part to the growing sophistication and diversification of organized fraud rings.

The golden age of ecommerce fraud

• A 350% increase in fraud pressure by mid-2021.
• A doubling of consumer abuse in the first half of 2021 — including false claims that an online order never arrived or that an order that did arrive was in unsatisfactory condition. Fraudsters and consumers make such claims in order to keep a product while receiving a refund.
• A dramatic increase in fraud rings’ use of bots. Automated fraud attacks increased 146% in 2020.

“Between the acceleration of ecommerce, changes in consumer behavior and the arrival of SCA, few would argue that commerce is not in a state of great transformation,” said Signifyd Managing Director, EMEA Ed Whitehead.

“The State of Fraud report lays out in detail how these changes came about and offers merchants actionable strategies and solutions to keep up in a dynamic industry at an historic time.”

The pandemic ushered in a “golden age of ecommerce fraud” fueled by several factors, the report says. They include:

• The increasing share of retail revenue attributable to ecommerce.
• A dramatic wave of first-time online shoppers.
• The need for fraud rings to move from protected segments of the buying journey to more vulnerable ones.

“Fraud is a moving target,” said Ollie Marshall, managing director of Maplin. “As fraud protection becomes more sophisticated, fraud rings find new vulnerabilities to attack. We shut them down and they move on. I have no doubt they’ll be back.”

Retailers facing historic fraud pressure

European retailers are facing historic fraud pressure at a time when the payments landscape is undergoing upheaval due to the enforcement of PSD2’s Strong Customer Authentication (SCA) requirement. The addition of SCA’s robust two-factor authentication process has been rolled out across much of Europe and will be enforced in the UK beginning in March.

SCA was instituted to protect retailers and consumers from online fraud. The beginning of SCA enforcement across Europe has resulted in an average transaction failure rate of 26% post-SCA enforcement, according to payment services consultancy CMSPI.

The report explores the conversion issue and reviews some of the strategies retailers are embracing to enjoy the benefit of added protection without introducing added friction to their customers’ buying experiences.

“Overall, the solutions which have been put in place have the potential to work well. A key factor for success is that all aspects of the payment ecosystem are ready and that there is effective communication and interoperability amongst the players,” Andrew Cregan, head of finance policy for the British Retail Consortium (BRC), said in the report. “The experience for the customer must be straightforward, but also it must be communicated well beforehand, so that it’s fully understood.”

“In our recent Global Payment and Risk Mitigation Survey, the majority of merchants surveyed reported increases in synthetic and account takeover fraud over the previous year,” John Winstel, global head of fraud product at FIS, said in the report.

“As these and other new fraud trends emerge, the safeguarding of a merchant’s revenue requires smart, dynamic protection against fraud throughout the payment lifecycle.”

from Help Net Security https://ift.tt/3rnGi5E

Action1 released a report based on the feedback from 491 IT professionals worldwide. The study explores how organizations patch and manage their remote and office-based endpoints and provide employees with remote IT support.

The report reveals that even though most organizations plan to keep at least some remote work in 2022, they struggle to secure and support their remote or hybrid workforce.

78% of respondents admitted experiencing delays in patching critical vulnerabilities during the past year, and 62% suffered security incidents involving a known vulnerability that had not been mitigated even though a patch was available. Indeed, most organizations lack robust patch management: 14% manage all patches manually and 59% automate OS patching only.

Remote endpoints patch issues

• Patching takes 2.5 times longer when endpoints are remote.
• The top barrier to effective patch management (cited by 38% of respondents) is the inability to manage updates in one place and prioritize them effectively.
• 77% of organizations experienced security incidents during the past year; the most common causes were malware (41%) and phishing (31%) attacks.
• 35% of organizations are unable to spot unwanted software on their remote endpoints.
• Resolving IT support requests takes twice as long when employees are remote.

“Modern organizations use more applications than ever, and all of them can have vulnerabilities that hackers can exploit,” said Mike Walters, President of Action1. “With vendors issuing updates at a rapid rate, it is essential to automate patching for both OS and third-party software.”

from Help Net Security https://ift.tt/31iQXDS

The cloud continues to expand with new products and services constantly introduced by cloud service providers (CSPs). The Center for Internet Security (CIS) responded with more resources to help secure these capabilities in the cloud. The Beginner’s Guide to Secure Cloud Configurations describes how users can secure public cloud accounts, products, services, and more.

New guidance from the CIS Benchmarks community

CIS called upon its network of volunteers to expand their guidance for the public cloud. This effort resulted in CIS Benchmarks specific to cloud CSP products and services.

CIS honed its resources and did not create a CIS Benchmark for every unique service. Instead, CIS followed the lead of the CSPs, and grouped services by CSP product. Each CSP offers dozens of products, grouping cloud services based on the function they provide.

Three levels of CIS cloud Benchmarks

The guide presents the three CIS Benchmark categories applicable to the cloud:

• CIS Foundations Benchmarks
• Cloud product-level CIS Benchmarks
• Standalone cloud service CIS Benchmarks

Each Benchmark level provides an additional layer of security, starting with the CIS Foundations Benchmarks, and ends with securing virtual machines via CIS Hardened Images.

• CIS Foundations Benchmarks provide an account-level starting point for configuring securely in the public cloud. These resources cover identity and access management, logging and monitoring, networking, etc. Foundational guidance is available for AWS, Azure, Google Cloud Platform, Oracle Cloud, IBM Cloud, and Alibaba Cloud.
• Cloud Product-Level CIS Benchmarks provide CSP product and service configuration guidance and include areas such as compute, databases, storage, and containers. These CIS Benchmarks allow the user to choose the applicable cloud services and configure them according to their environment. The product-level CIS Benchmarks complement the CIS Foundations Benchmarks by providing an additional layer of security built into the cloud services used within the cloud account.
• Standalone Cloud Service CIS Benchmarks are specific to a CSP service that requires more extensive configuration guidance. In these cases, the product-level CIS Benchmark will have a section for the service and will point to the standalone CIS Benchmark for the service.

CIS AWS End User Compute and Kubernetes Benchmarks

The first release of a cloud product-level CIS Benchmark is the CIS AWS End User Compute Services Benchmark. This includes configuration recommendations for Amazon WorkSpaces, Amazon WorkDocs, Amazon AppStream 2.0, and Amazon WorkLink. The user can choose the applicable services and configure them according to what’s running in their environment.

In some cases, the configurations needed for services warrants a CIS Benchmark specific to one cloud service. With this scenario, the product-level CIS Benchmark will include a section for the cloud service, but will point to a separate CIS Benchmark for the service. An example of the standalone cloud service CIS Benchmarks are the CIS Kubernetes Benchmarks.

CIS currently offers multiple CIS Benchmarks for Kubernetes:

• Alibaba Cloud Container Service For Kubernetes (ACK)
• Amazon Elastic Kubernetes (EKS)
• Azure Kubernetes Service (AKS)
• Google Kubernetes Service (GKE)
• Kubernetes & Kubernetes V1.20
• Oracle Cloud Infrastructure Kubernetes (OKE)
• Red Hat OpenShift Kubernetes & Red Hat OpenShift Kubernetes v4

Secure configurations with CIS Hardened Images

A virtual image is a snapshot of a virtual machine (VM) that provides the same functionality as a physical computer. Virtual images reside on the cloud and enable users to cost-effectively perform routine computing operations without investing in local hardware and software.

Hardening is a process of limiting potential weaknesses that make systems vulnerable to cyber-attacks. More secure than a standard image, hardened virtual images reduce system vulnerabilities to help protect against malware, insufficient authorization, and remote intrusion.

Securely pre-configured CIS Hardened Images help organizations secure their operating systems in the cloud. CIS Hardened Images meet the requirements of the CIS Benchmarks, and are available on four major cloud computing marketplaces: AWS, Azure, Google Cloud Platform, and Oracle Cloud.

Additional layers of cloud security

CIS works directly with the CSPs to identify the top used cloud products and services on each platform. We then use that information to inform the development plan for future CIS Benchmarks.

All CIS Benchmarks recommendations reference other guidelines and additional resources. With these cloud guides, CIS demonstrates the relationship between the CIS Benchmarks and the CSP documentation. The intention is to inform the user of the guidance available from the CSP for both security and otherwise. This documentation helps the user recognize the responsibility the CSP has, and is assisting with when running the service.

The rapid pace of cloud expansion means that many more products and services are soon to come. CIS is working closely with the CSPs to stay ahead of developments. By doing so, we plan to bring timely and effective guidance at no cost to the global user community.

Download the free e-book

from Help Net Security https://ift.tt/3xznCAQ

Tigera announced the integration of its Calico Cloud with AWS Control Tower, making it easier for AWS users to get additional cluster security, granular workload access controls, live observability, and real-time troubleshooting capabilities for Amazon Elastic Kubernetes Service (EKS) clusters.

Calico Cloud is the first unified, cloud-native security and observability platform to integrate with AWS Control Tower to ensure the security and health of workloads running on EKS.

In addition, Calico Enterprise adds Egress Gateway support for AWS and EKS, enabling DevOps/SREs to authorize communication from specific namespaces in EKS to secure resources outside which can be on-premises or in a data center.

Using AWS Control Tower, all security and network policies set up on an AWS account automatically populate on Calico Cloud, making it possible to get started immediately – no additional set up required.

The integration enables every AWS Marketplace and AWS Control Tower customer to easily activate, deploy and configure Calico Cloud for EKS, taking full advantage of the resources pre-configured by AWS Control Tower as part of the initialization.

Benefits of the Calico Cloud integration with AWS Control Tower include:

• Instant security and observability: AWS accounts and associated clusters are instantly secured and their health can be observed as soon they are launched or enrolled. There is no additional configuration required.
• Faster onboarding: AWS users can use a one-click deployment in the AWS Management Console or AWS CLI to connect the EKS environment to Calico Cloud. Existing accounts in landing zones will already be enrolled and will not require extra work to connect. Linking landing zone accounts with the Calico Cloud account is done automatically.
• Eliminate setup monitoring: Users spend minimal time managing and monitoring their setup for enabling EKS security and observability via Calico Cloud. Integration also scales as the number of landing zones increases.
• Multi-cluster and multi-region controls: A centralized, unified, multi-cluster approach to security and observability can help with faster troubleshooting, adherence to compliance requirements, and uniform policy enforcements across regions, distributions, and dataplanes.
• Scalability and automatic updates: As EKS clusters are enrolled via AWS Control Tower, security and observability is automatically applied with no additional work required.

“The Calico Cloud integration with AWS Control Tower takes the pain out of setting up security and observability for EKS deployments and provides a centralized point of control to secure and monitor the health of cloud-native applications running on multiple AWS accounts across regions,” said Amit Gupta, vice president of business development and product management, Tigera.

With Calico Cloud, users only pay for services consumed, and are either billed monthly or as part of an annual subscription.

from Help Net Security https://ift.tt/3di5wKF

Immuta announced the availability of Immuta software as a service (SaaS) deployment. Immuta SaaS, which recently received its SOC 2 Type 2 Certification, enables data teams to automate data access control while eliminating the need to self-manage and maintain the deployment.

Immuta’s SaaS deployment is a fully managed cloud service designed to improve data security by enabling data teams to register data from one or multiple cloud data platforms and be completely operational within minutes, guaranteeing customers a 99.9% SLA uptime for core functionality.

Immuta’s SaaS deployment is available in North America and EMEA for Snowflake, Databricks, Starburst, Azure Synapse, Amazon Redshift, and coming soon for Google BigQuery and Trino. It includes Immuta’s full suite of capabilities, including:

• Universal data cloud compatibility
• Scalable, attribute-based access controls
• Dynamic policy enforcement and auditing
• Data masking, anonymization, and advanced privacy-enhancing technologies (PETs)

“We’re seeing huge demand from global customers who are migrating data analytics to the cloud and looking for a fully hosted data access control platform that enables them to establish controls for sensitive data to meet their regulatory and internal security requirements,” said Matt Carroll, CEO, Immuta. “Immuta’s SaaS deployment offers customers the opportunity to experience the power of fine-grained data access control and unlock the full potential of their data safely and securely with zero maintenance or infrastructure costs.”

One of Immuta’s early SaaS customers is PumpJack Dataworks, which enables customers such as the NBA’s Dallas Mavericks and MLS’s Inter Miami CF to manage their fan data.

“Our Customer Data Platform is tuned specifically for the sports industry to help teams, leagues, and federations unify and manage all of their fan data across their entire ecosystem. Our customers demand strict requirements across governance, user access controls, anonymization, and audit capabilities, ensuring that a layer of trust and protection is extended across their global fan communities,” said Tom Tercek, co-founder and chief strategy officer, Pumpjack Dataworks. “In this dynamic privacy environment, Immuta’s SaaS deployment enables us to provide the highest standards of protection for fan data.”

Billie, a fast-growing fintech organization based in Berlin that is reinventing how small-and-medium-sized businesses (SMBs) handle invoices, adopted Immuta’s SaaS deployment to rapidly automate data access control and data protection. According to Igor Chtivelband, Billie’s co-founder and VP of data and CRM, “If we didn’t have Immuta, then Billie’s expansion as a business wouldn’t be possible. I’m not sure how we could do it without Immuta.”

With Immuta’s SaaS deployment, users can start experiencing the power of dynamic, fine-grained access control faster than ever. A recent GigaOm report found that Immuta’s attribute-based access controls require 75x fewer policy changes and offer significant cost savings compared to competitive solutions. Immuta was also the first data access control solution to be included on Snowflake Partner Connect.

Customers can get started using a free trial to easily convert to a production deployment while making it easier to support complex use cases like and enjoy maintenance-free deployment. For those unable to leverage Immuta SaaS, Immuta’s fully containerized self-managed deployment option enables customers to control their own cloud environment.

from Help Net Security https://ift.tt/3lnbcr7

Immersive Labs announces it is working with the British Army to enhance the human cyber capabilities of military personnel. More than 100 000 people-strong, the Army is initially using Immersive Labs to provide a continuous cycle of human cyber capability development for Staff Officers, digital deliverers and technical specialists.

The platform is available to everyone in the Army – Regular, Reserve, and civilian – and uses online Lab environments and content experiences to continually improve cyber knowledge, skills, and judgement. By design, this development is structured to progress at each person’s pace, ability, and particular learning needs.

The program starts with the fundamentals of cybersecurity and progresses to more advanced abilities, such as web application security and incident response, to correspond with an individual’s unique learning pathway.

By mapping a real-time view of the abilities of personnel against industry frameworks such as MITRE ATT&CK, the British Army can identify where capabilities are required and inject targeted skills improvement. With a remit to ensure the Army remains protected in an ever-changing hybrid battlespace, this continuous development will also prevent skills decay over time, provide a greater coverage of the threat landscape and identify hidden talent to progress rapidly to expert roles.

Kristina Evans, Head of Cyber and Security at the Army, said: “This is an exciting opportunity for the British Army to raise the level of our people’s cyber skills across the board. Not only does it allow those with a grounding in technical capabilities to improve, but it also allows us to uncover a whole new class of cyber talent.”

“The threats we face change day by day and can come from any vector, for this reason, cyber security should not just be limited to backroom technical teams. The modern operating environment, at home and overseas, requires strength in depth, with people across the Army providing a defensive cyber capability, which the work with Immersive Labs fully supports.”

Being delivered through a browser, Army personnel can develop skills at their own pace and explore areas of cyber security that interest them most. Users simply login and progress through consecutive learning environments.

James Hadley, CEO of Immersive Labs said: “With the nature of modern warfare changing on a daily basis, the British Army needs to improve the cyber abilities of their personnel, with pace and scale. By joining forces with the British Army, our platform is playing a vital role in helping achieve this, pinpointing areas for improvement and enhancing the nation’s cyber defence capabilities as a whole.”

from Help Net Security https://ift.tt/3D83maN