- November 29, 2023
- Catagory Data Protection
There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.
Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.
With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.
Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.
Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.
If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.
AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.
There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.
- November 16, 2023
- Catagory IT automation
IT teams are tasked with monitoring data from so many sources, there’s risk of information overload without security orchestration, automation, and response (SOAR).
A SOAR platform pulls together software designed to bolster organization’s security posture so your IT team can keep on top of all the data coming in from your various IT systems and threat intelligence platforms.
SOAR is a must-have tool in today’s dynamic digital business landscape – it allows IT teams and security analysts to be more efficient and responsive and reduces the need for human intervention.
ABCs of SOAR
A SOAR platform allows your security team members to prioritize their attention by collecting threat information, automating routine responses, and triaging more complex threats that pose a real danger to the organization.
SOAR software has three core capabilities. It manages threats and vulnerabilities, responds to security incidents, and automates security operations. The goal is to collect as much data as possible and automate as much as possible by leveraging machine learning technology.
The “orchestration” in SOAR coordinates all your security and productivity tools so they can communicate – much like a conductor guides an orchestra of many different musicians. The coordination of firewalls and intrusion detection tools and streamlined security processes allows for a centralized response.
That response is automated wherever possible as to reduce the burden on your IT staff. The final response is also automated as much as possible, although SOAR provides the data necessary for people to intervene when necessary.
SOAR follows the rules
A SOAR platform knows what to do because it’s guided by a playbook which outlines your standardized response processes for security incidents – these standards allow you to prioritize your response to any threat and enables efficient collaboration. It is also integrated with your complementary security tools, including Security Information and Event Management (SIEM).
By using a SOAR platform to automate the ingestion of data and incident response as much as possible, your security team can keep pace with the onslaught threats. By leveraging machine learning, SOAR not only automates your security response, but also improves your readiness because it’s learning from historical data over time to anticipate threats before they happen.
How to start with SOAR
You can’t automate security when you don’t have in place it. If you want to fully benefit from the automation provided by a SOAR platform, you need to have the right security tools, process, and playbook already in place.
A managed service provider with a focus on security can help full flesh out your security operations, including development of workflows and a security playbook, so you can effectively implement a SOAR platform and reap the benefits that come with its automation and response capabilities.
- October 26, 2023
- Catagory Data Protection
Artificial intelligence (AI) is a threat to your organization’s data security, but it also a critical tool for defending it.
Just as business intelligence has become embedded in software tools and enables you to ride the ups and downs of your industry, AI is getting embedded in cybersecurity solutions to combat increasingly sophisticated threat actors.
This sophistication combined with evolution of connected organizations, including remote work, means attack surfaces are getting larger. Hybrid environments where people are working from home and office via different networks are appetizing targets for hackers. When there are so many devices operating on your network, there’s bound to be some that go unmanaged, and hence are unsecured.
Generative AI is making phishing scams harder to detect, and most data breaches are already due to employees not recognizing fake emails. Even though AI helps threat actors be more deceptive than ever, it can help to automate security so that you can more quickly respond, mitigate, and recover from a data breach.
Detecting patterns has always been a core capability of security solutions, and AI makes this capability more robust so that it can be more preventative – it will advise you of potential breaches, as well as help you set policy and automate tasks to lessen the burden for your IT staff, including the onboarding of new employees and managing their access. AI can even help you set policy as to how your employees are allowed to use AI, including ChatGPT.
If you’re nervous about AI and how will affect your business, including its data security, there’s good news in that it can be a net positive thanks to the many productivity gains. Already it’s become clear that security analysts can’t keep up with every alert and every security threat, so AI and automation are necessary to handle them at scale.
In the longer term, AI is going to be an essential tool for discerning between legitimate activity and security threats. As generative AI becomes more sophisticated and bad actors exploit it to fool unsuspecting users, AI is also going to be able to detect these attempts and allow for immediate, decisive action to prevent data breaches before they happen.
Organizations will also need to deploy fewer security tools as AI capabilities will be consolidated into interoperable security platforms that will reduce the number of vendors and policies that must be managed.
Even as AI streamlines and fortifies your security, it’s still not going to be your core business. A managed service provider can help you navigate the dynamic changes ahead so you can effectively leverage AI to bolster your data security.
- October 12, 2023
- Catagory Security
Small and medium-sized businesses rarely have a large C-suite, let alone an exec dedicated to security, but a virtual chief information security office (vCISO) is an affordable way to bolster your ability to deal with cybersecurity threats.
Tapping the expertise of a vCISO can complement your IT team, which is likely a small group of people who wear many different hats. As a part-time consultant with full-time security experience, a vCISO can work with you, usually via your managed service provider (MSP), and has a dedicated focus on improving and managing your cybersecurity.
An MSP with a focus on security will always start their engagement with a security assessment, and that’s where an vCISO can first step into their part-time role. The assessment by your MSP will help it find the right person to manage security in the context of your business, including your existing expertise and skills.
What makes a vCISO an affordable option for smaller, leaner organizations is that you can purchase their time based on your business needs. You may pay them hourly, or for a set number of days a week or month – like cloud services, a vCISO can scale their availability up or down as needed. They can be on-site or virtual, or a mix of both.
No matter how many hours they work, a vCISO always brings with them a great deal of cybersecurity expertise as well as knowledge from across different industries, which they can apply to the realities of your business. You get a fresh set of eyes assessing your security posture through the lens of risk management. A vCISO will spot issues that may have eluded your IT team because they’re busy in the trenches every day.
By engaging a vCISO, you have access to an experienced executive without the high annual salary of a full-time CISO. Working with your MSP to onboard a vCISO also eliminates all the time and expense of finding someone to take the role. Competing for cybersecurity talent is especially challenging today.
Most of all, a vCISO allows you take a long-term, strategic approach to your security so that you’re always re-evaluating your posture, oversee incidence response and disaster recovery planning, and adjust in response to a dynamic threat landscape.
- September 28, 2023
- Catagory online commerce
If your website plays a key role in your business success, then spoofing is an existential threat.
If your website has been spoofed, it means a threat actor has imitated your website or domain name to prey on its audience – your customers – to collect information and even trick them into giving them money that might have gone to you.
Website spoofing is not unlike phishing. Instead of pretending to be a legitimate email from a trusted sender, it pretends to be a legitimate online presence – yours. The key difference is that website spoofing occurs at a much larger scale than phishing, and the impact can be larger by affecting many individuals as well having a significant impact on your business and reputation.
Spoofing doesn’t just mean bad actors have set up a clone of your website; they are also targeting and directing people to it, tricking them into thinking they are engaging with companies and brands they are familiar with and trust. Visitors ultimately miss an important clue that would reveal the deception – the web address. The URL may be close to yours, but visitors have already been lured and don’t give it a second glance to notice the subtle differences to alert them it’s not the real deal.
Like phishing, website spoofing is all about impersonating a business, brand or individual, and it is incumbent upon you to make sure your customers, vendors or partners don’t fall for the deception. For them, the first hint that something might be amiss is an offer that’s too good to be true, such as a massive discount on a product or service. These spectacular – and fake – offers usually have an urgent deadline to incentivize the victim so they act immediately.
You need to be on alert for website spoofing – it’s an excellent example where an ounce of prevention is worth a pound of cure, especially if you’re a small or medium-sized business. Website spoofing doesn’t just affect enterprise organizations.
It does put more onus on the individual visitors, however, but you as a business can help to play a role in educating your customers, partners, and vendors, just as you do internal security training to thwart phishing via email – you can alert them to a spoofing threat through email and social media channels.
The first step is to use a reputable registrar for your domain. If you do not host your business website yourself, be sure to select a provider that can demonstrate they understand the threat of website spoofing and are proactively protecting their customers.
No matter who is responsible for your website hosting, preventing website spoofing requires regularly reviewing your logs for unusual traffic, including suspicious referrers or URL modifiers, as well monitoring your domain and DNS settings. You should also implement a Web Application Firewall (WAF) on your web server in concert with domain-based Message Authentication, Reporting & Conformance (DMARC) for emails.
Your online presence is an extension of your business. Falling victim to website spoofing can cost you money, customers, and your reputation. Protecting yourself should be a key component of any cybersecurity strategy – a managed service provider with robust security expertise can help evaluate if your domain is adequately protected from spoofers and help you implement the necessary protections.
- September 14, 2023
- Catagory Security
If you’re a small or medium-sized business (SMB), you’re a prime target for threat actors who want to poke holes in your cybersecurity.
While enterprises are valuable targets due to the wealth of data they transmit and store, today’s digital landscape means size doesn’t matter – every business is storing information that is worth stealing. However, SMBs face greater resource constraints, not only in terms of cybersecurity, but IT in general, even though they still handle plenty of sensitive customer data, including financial and health information, as well as valuable intellectual property.
If you’re an SMB, you probably work with bigger companies, which means you’re part of a supply chain. And while you think you’re too small to matter, you can be a vector for bad actors to attack your business partners.
Today’s cybersecurity landscape means SMBs must be aware of the common threats to their business, as well as understand how to contribute to a more secure supply chain.
What SMBs are up against
Viruses and malware remain the most common threats to your cybersecurity. Keep in mind it’s not only external threats that SMBs must be mindful of – your employees can help to open the door to threats through human error by opening a suspicious email, clicking on an attachment, or not taking more care to select unique, strong passwords.
Insiders may even intentionally compromise your cybersecurity by using their credentials to access data they shouldn’t. Even an honest mistake by an employee can open the door to sensitive information, leading to a breach or even a ransomware attack that cripples your operations and damages your reputation. Social engineering in the form of phishing attacks trick employees into divulging information or allowing unauthorized access to applications and systems.
The most common approach threat actors use to disrupt business and cause SMBs downtime are Distributed Denial of Service (DDoS) attacks, which flood your web servers with fake requests as to render them useless to everyone, including your employees and your customers.
As new technology emerges, the cybercriminals find new opportunities. As SMBs move the cloud, so do threat actors by “cloud jacking” – they target vulnerabilities in the cloud infrastructure. Hackers are also using the latest technologies to launch their attacks, such as networks of botnets to distribute spam and steal data. Advances in artificial intelligence and deepfake technology make it even easier for SMBs to be tricked by fake content that might cause an employee to share privileged information or their access credentials.
No matter the technique, a data breach can lead to a disruption of your business or downtime – both of which always lead to lost revenue.
It’s easy for SMBs to get overwhelmed by today’s cybersecurity requirements, but you can better protect your business from the many threats lurking in the digital landscape.
- Assess: You need to know where your vulnerabilities are, especially when it comes to remote work, which should be enabled by a Virtual Private Network (VPN).
- Educate: Your employees play a key role in securing your organizations through awareness training and good security hygiene, including the use of strong passwords, multi-factor authentication (MFA), and access management technologies.
- Update and patch: Make sure you are using anti-virus software and keeping it updated, as well as applying any patches to applications and systems.
- Secure your networks: Aside from VPNs, be sure deploy robust firewall security along and intrusion detection systems, and regular network monitoring.
- Back up critical data: It’s not a question of if a disruption will occur, but when. Being able to restore data allows you to recover from an attack quickly and avoid downtime.
The most important thing to remember is that your cybersecurity posture is never assured – you must continue to run regular audits, as well as update incident response and disaster recovery plans.
Given the resource constraints commonly faced by SMBs, consider turning to a managed service provider with cybersecurity expertise. They can help you conduct an assessment and maintain a state of ongoing readiness that allows you to handle the whatever threat comes your way.
- August 31, 2023
- Catagory remote work
With remote work here to stay, robust access management is a lynchpin for your security.
And while employee education around security hygiene is more important than ever, training is not enough when it comes to safeguarding the organization against threats that are even more pronounced with remote work. No matter where your employees are working, access management is critical for minimizing and mitigating security threats, especially those caused by people, either due to human error or malicious intent.
More attack surfaces increase chance of unauthorized access
With the rise of cloud computing and the proliferation of endpoints, including smartphones and laptops, the attack surface of every organization has widened significantly and it’s up to your IT team to protect it – that means tracking and protecting every device that connects to your corporate network and accesses sensitive business information.
But even with all the security tools in the world and policies to govern remote work, threat actors continue to exploit human perfection to gain access to systems – you must secure people just as much as you secure your IT infrastructure.
Access management is an essential tool for warding against common techniques for gaining unlawful entry into IT systems like phishing and other social engineering tactics that exploit the people using software and various devices for workplace productivity. No matter how well trained, people are the weakest link, in part because they are unable to keep up with the pace of technology.
If you are to account for the human factor, you need robust access management, especially as passwords have proliferated. It’s hard for people to keep up with the sheer number of passwords they must remember to accomplish their tasks at work, so they take shortcuts. They use the same passwords for multiple platforms, and they keep them overly simple so they’re easier to remember. Employees may even install their own password managers without understanding the best practices necessary for using them effectively and securely.
Combating “password fatigue” means you need a smart approach that allows streamlined access for employees without compromising security.
Access management must be streamlined for everyone
Access management isn’t a new concept – single sign-on (SSO) is a common approach to enable employees to quickly access applications, data, and resources to get their work done. But these solutions must scale up as attack surfaces widen and catch up to the reality of the hybrid workplace.
It must also be simple and straightforward to use, otherwise employees will find workarounds and your organization will be back to square one.
If you want to reduce the burden on your IT team, you need a comprehensive access management solution that will be easy for them to manage. Any platform you adopt should provide you with centralized management of access and passwords that’s simple for you IT people to manage while also being intuitive for end users – if it’s easy for them, they won’t find ways around it, and better security habits will be the result.
An effective access management platform accounts for human behaviour while also keeping pace with the modern hybrid workplace.
- August 17, 2023
- Catagory Identity Management
As attack surfaces flourish and put identities and endpoints under increasing threat, there are several key cybersecurity technologies you can’t do without.
The good news is that even though managing security can seem overwhelming in today’s dynamic digital landscape, many of these cybersecurity technologies are being integrated and consolidated to improve management and overall visibility.
Manage and protect your endpoints
With the maturation of the internet of things (IoT) and a hybrid workforce, you must make protecting endpoints a priority. Endpoint detection and response (EDR) enables you to detect and respond to advanced threats by using behavioral analysis to detect attacks in real time. It allowes security analysts to proactively detect and respond to ransomware and other attacks that signature-based antivirus applications tend to miss.
Endpoint protection platforms (EPPs), meanwhile, enable you to integrate your technology stacks so that you can scale and cover your ever-growing number of endpoints, as well as handle newer types of threats, including the latest malware. EEPs are leveraging artificial intelligence and machine learning to anticipate threats before they can gain a foothold within your network.
Unified endpoint security (UES) pulls together various endpoint security tools into a single platform so you can better protect all your endpoints, including servers, PCs, and mobile devices. The unification provided by UES improves overall visibility.
One of the most common endpoints today are mobile devices, which be protected with mobile threat defense (MTD) to thwart real-time zero-day threats, phishing, and other attack techniques that look to steal identities and gain privileged access.
Secure the edge
Because most organizations have seen a proliferation of endpoints, they are likely grappling with the ramifications of edge computing, including the cybersecurity challenges it raises. Coupled with the increase in cloud computing, it’s important to implement a secure access service edge (SASE) framework, which combines software-defined wide area networking (SD-WAN) and Zero Trust security solutions into a unified cloud-based platform.
SASE securely connects users by giving them access based on their identity and devices, securing them no matter where they work. SASE is cloud-native, delivering both infrastructure and security solutions via the cloud, protecting all edges whether it is physical, digital, and logical.
A secure service edge (SSE) protects Software-as-a-Service (SaaS), web, and private applications by integrating a secure web gateway (SWG), cloud access security broker (CASB) and zero-trust network access (ZTNA) into a single cloud platform. SSE is another example of platform that unifies different tools to simplify management, as well as better support remote users.
Authorized user access must be robust, which is why micro-segmentation is a critical cybersecurity practice. It limits lateral movement during a breach by segmenting workloads by identity, so that even if a threat actor obtains access through compromised credentials, there’s only so many places they can go, thereby mitigating the impact of the attack.
Because critical identity systems are increasingly vulnerable, it’s also critical to implement identity threat detection and response (ITDR) to safeguard your identity infrastructure from sophisticated attacks.
The cybersecurity stack is getting more complex and must scale with the rest of your IT infrastructure and cloud deployments. A managed service provider with a focus on security can help evaluate your immediately requirements for bolstering your cybersecurity as well as implement a long-term strategy that aligns with your business goals.
- July 26, 2023
- Catagory Security
The cost of a data breach is going up.
That’s according to IBM’s annual survey that found the average breach cost of 553 organizations studied over the course of 12 months ending March 30, 2023, tallied US$4.45 million – a 2.3 per cent increase compared to a year earlier. It’s also a whopping 15.3 per cent since IBM’s 2020 report. (Research for the study was conducted by the Ponemon Institute.)
Although Canadian companies are faring better than last year with the cost of data breaches at the 28 organizations included in the study dropping a bit from C$7 million to $6.9 million, Canada was the geography with the third highest breach costs behind the U.S., which was first, and a grouping of Middle East countries, which placed second.
It’s important to note these costs don’t include any ransomware or extortion payments organizations may have made, or the cost to recover from an incident.
As reported by IT World Canada, Canada’s breaches were more expensive – double that of Australia, for example. In the article, a partner in IBM Canada’s security consulting and delivery practice speculated that many of the Canadian organizations included the study were regulated industries, where recovery costs are higher, while noting the overall trend is heading in the wrong direction.
A notable data point in the IBM study is that two thirds of breaches were report by an outsourced / third party rather than their own security team discovering the breach. This indicates many Canadian organizations don’t have the right level of monitoring and insights to provide the network visibility necessary to prevent and mitigate breaches.
Another interesting stat was that organizations with high DevSecOps adoption had less costlier data breaches. Aside from getting your application development teams to “shift left” with DevSecOps, the best strategies for lowering the average cost a data breach according to the IBM study were employee awareness training, a regularly tested incident response plan, and leveraging artificial intelligence or machine learning insights.
IBM recommends following the “basics” as they are most effective tools for preventing data breaches – user threat intelligence, robust identity and access management, employee awareness training and setting up a zero-trust IT architecture, as well as leveraging AI and automation to reduce the burden on security teams. These should be complemented by a strong incident response plan, so the organization is ready to mitigate and recover quickly in the event of a breach.
Given the dynamic landscape security teams must navigate, as well as the pressure to retain talent, organizations should consider looking to a managed service provider – they can help to evaluate your current security posture and provide ongoing staff and resources to complement your IT staff.
- June 29, 2023
- Catagory cloud backup
If you don’t feel you’ve put enough effort in cloud security, you’re not alone.
A recent survey released by Telus found that Canadian organizations only set aside 34 per cent of their cybersecurity budgets for cloud security, while nearly all admit that if they had to do it all again, they would have spent more time security when they began their migration to the cloud, especially on threat and risk.
Respondents would have also spent more time on monitoring and detection, as well as threat prevention controls.
All this regret around cloud security may explain why the 511 cybersecurity professionals surveyed by Telus are planning to increase spending by 22 per cent in 2023. Conducted with IDC Canada, the survey spans a wide range of Canadian industries and organizations, with more than half identifying as very knowledgeable about cybersecurity, with the remainder identifying as knowledgeable.
While security knowledge ranks well among respondents, only 37 per cent of the organizations surveyed report having dedicated cloud security professionals, while nearly as many – 33 per cent – are finding that staffing for cloud security skillsets is the most difficult of all cloud specialties to find.
Not many – 14 per cent – are storing their most valuable data in the cloud, which aligns with the confidence in cloud security, as 57 per cent of organizations believe their cloud environments are very or completely secure, but only 38 per cent of respondents said their organizations uses multi-factor authentication (MFA) to secure their cloud environment.
Approximately one third of respondents cited a lack of tools to monitor, detect, and respond to cyber threats was a major gap in their cloud environments, while a whopping 89 per cent said their organization had experienced a cloud security incident. (An incident is defined as an event with the potential to compromise confidentiality, availability, and/or integrity of computer networks, systems, or data.)
On average, the Telus survey found that organizations had experienced four to five cloud security incidents a year, with nearly half of the most damaging incidents spreading to on-premises environments. These incidents could be attributed to misconfigurations, human error, and known vulnerabilities.
Not surprisingly, respondents are using more than one cloud service provider – the average was up to 8.5, with infrastructure-as-a-service providers such as Amazon AWS, Google Cloud Platform and Microsoft Azure being the most used.
The Telus report makes several recommendations for those responsible for security in their organization. Chief among them is to not underestimate the value of frameworks like NIST, ISO/IEC 27001 or others. Others include:
- Provide IT / security staff with comprehensive cloud security awareness training
- Enable and configure any included security controls offered by your cloud service provider
- Conduct regular security audits and assessments
- Deploy MFA
Given all the cloud providers organizations use as well as the challenges in finding security specialists, you might consider seeking out a managed service provider who can help you bolster your cloud security, improve your overall posture and help you adhere to the Telus survey recommendations.