• August 29, 2024
  • Catagory Blog

Is Your Security Keeping Pace with GenAI?

By : Sanjeev Spolia

GenerativeAI (GenAI) is a threat to your security.

While artificial intelligence (AI) has shown it can bolster your security posture by supporting automation and allowing organizations to be more effective at assessing risk, protecting data and responding to threats, there is the potential for threat actors to harness GenAI models as part of their toolbox to improve their success when attacking you.

The 2024 GenAI Security Readiness Report released by GenAI security firm Lakera has found that as GenAI adoption surges it is also creating a security blind spot for businesses due to the threat of “prompt attacks.” These attack methods specific to GenAI can be easily used to gain unauthorized access, steal sensitive data including customer information, manipulate applications, and take unauthorized actions.

All it takes are a few well-crafted words to lead to unintended actions and data breaches, the Lakera report found, while only 5% of the 1,000 cybersecurity experts surveyed have confidence in the security measures protecting their GenAI applications even though 90% are actively using or exploring GenAI.

Lakera’s CEO said a key lesson from the survey is that businesses that are relying on GenAI to accelerate innovation are unknowingly exposing themselves to new vulnerabilities that traditional security tools and measures don’t address, which has led to a combination of high adoption and low preparedness. They survey found that 34% of responded are concerned with data privacy and security as it relates to Large Language Models (LLMs).

GenAI has ultimately democratized AI for a wide array of users, while also empowering more people to become hackers, the report finds.

The primary challenge of maintaining security in the GenAI era is that these emerging tools are uniquely vulnerable and more complex when compared with traditional software. Developers have had decades to improve the debugging and validation of traditional software code and refine application security.

The immediate concern of GenAI has been not the been security implications of machine learning models until the recent emergence of consumer-facing AI models. Even the modern security tools such as extended detection and response (XDR) still must adapt to keep up with the threats posted by GenAI, and businesses will need to incorporate additional best practices and improve employee awareness to mitigate against security issues raised by GenAI.

Assessment is key as most businesses have little visibility into the use of GenAI within their organization, but they should assume it’s getting adopted, which means prioritizing data security and privacy is more important than ever.

A managed security services provider can help you assess your risk as it relates to GenAI and help you implement the necessary tools that can help you protect your organization against the threats that arise from GenAI adoption as well as the hackers that use it.

  • August 15, 2024
  • Catagory Security

Password Management Is an Essential Security Tool

By : Justin Folkerts

Your employees are overloaded with passwords for different websites and applications at work and at home, and the human element makes password management all the more essential for bolstering your security.

Whether they are weak or stolen outright, passwords are the gateway to your sensitive data and applications, and using a robust password management system can reduce the risk of threat actors gaining access to key systems.

Combined with multifactor authentication (MFA), password management enables you to securely store credentials, and auto-fill passwords across applications and websites while using strong encryption to make sure to limit access to approved users. Employing a Zero Trust approach can also further enhance security as employees only have credentials for information and applications that are necessary for them to do their jobs.

Password management is especially essential for small- and medium-sized businesses (SMBs) who have limited IT resources for security – bolstering password management is an example of where an ounce of prevention is worth a pound of cure in an era where password-related attacks are a growing security threat.

Common threats to passwords today include brute force attacks, where attackers repeatedly try to guess a password through trial and errors; dictionary attacks that guess real words and phrases commonly used for passwords; and keylogger attacks, which use software to record each keystroke to identify a user’s login credentials.

Given the many ways hackers attempt to exploit passwords to gain access to applications and data, there’s a huge onus on users to manage their many passwords. They can’t do it alone, which is why you must implement a robust password management solution to help them create strong, complex passwords that can’t easily fall prey to common techniques employed by threat actors.

  • July 25, 2024
  • Catagory Risk Management

Robust Cybersecurity Needs More Than Tools and Technology

By : Sanjeev Spolia

If money is no object, you can implement as many cybersecurity tools as there are available to secure your organization. But having the latest and greatest security technology doesn’t guarantee your data and applications are safe – you need to manage risk, not rely on cybersecurity tools alone.

More tools bring more complexity, which can be challenging to manage. You’ll have the illusion of being secure, but if you can’t make the most of your cybersecurity tools, you can still fall prey to the latest and greatest vulnerabilities and threats, which are constantly evolving. The best cybersecurity tools can still be misconfigured, underused or not even switched on.

Human error and inside threats can thwart even the best security technology, and the complexity that comes with excessive cybersecurity tool deployment can make for a bad user experience that hinders employee productivity or even spurs them to find workarounds that can put your organization at risk.

Overcompensating by spending a lot on cybersecurity tools that aren’t properly configured or fully used are especially risky for small- and medium-sized businesses (SMBs) because it creates the illusion of robust security – if they aren’t fully optimized, applications and data aren’t protected.

Your risk management strategy should inform you cybersecurity tool investments.

Assess Your Risks First

It’s not a matter of if your organization will fall prey to a cybersecurity threat or data breach, it’s a matter of when. By understanding your risk factors, you can select the right tools and deploy them more effectivity without bogging down the organization with unnecessary complexity that does more harm than good.

The key to establishing and maintaining robust security is to adopt an “assess, protect and respond” mindset. Your cybersecurity tools should be chosen based on an assessment of your organization’s risk, understanding what your critical assets are, and identifying vulnerabilities.

Rather than trying to protect everything, you should do a thorough assessment of your critical assets – mission critical applications, sensitive information and intellectual property, and essential data.

Buying an elaborate cybersecurity platform and telling it to protect everything doesn’t guarantee it will protect your most critical assets. Once you identify them, you can assess how they might be threatened, how you can best protect them, and how you can mitigate any cybersecurity incident through a well-thought out response plan.

The reality is most SMBs can’t afford to deploy elaborate cybersecurity solutions, which means they must prioritize protecting their most critical assets from threats and vulnerabilities.

Risk-Based Cybersecurity Is A Continuum

No matter what cybersecurity tools you opt to deploy, managing security risk an ongoing affair – you can’t set and forget your security platform. Protecting your organization must also include ongoing security training for employees, keeping all applications and systems updated and patched, and continuous assessment and monitoring.

Taking a balanced approach also includes planning for the worst – you must have a response plan in place when a disruption occurs. Having great cybersecurity tools can help bolster your security posture, but they won’t safeguard your organization on their own.  

By evaluating and managing risk first, you can deploy the right cybersecurity tools that can help you to assess, protect and respond to any threats.

  • July 11, 2024
  • Catagory Security

Avoid These Top 5 SMB Security Mistakes

By : Sanjeev Spolia

As a small or medium-sized business, you’re competing on a dynamic digital landscape with larger organizations, as well as being prey to the same nefarious threat actors that are looking to breach your security.

Many SMBs don’t think they’re on the radar of bad actors and hackers, which makes them prone to these common security mistakes.

Inadequate identity management and authentication

We all know your password shouldn’t be “password” or “12345678,” but weak passwords continue to put organizations at risk. It’s important to remind employees to create strong and unique passwords, as well as remind them that sharing passwords or writing them down where they can be seen weakens the overall security of the business.

In addition to passwords, two-factor authentication (2FA) adds another level of security that’s essential for protecting systems from threat actors, as they only need to infiltrate one user account to gain a foothold in your network.

Not training your employees

Weak passwords tend to be a symptom of poor security hygiene that is a result of poor or non-existent security training as human error is often the cause of many data breaches. Regular employee security training can prevent incidents by making your staff more aware of the dangers of weak passwords, phishing scams and other social engineering that threat actors use to gain access to networks or disable IT infrastructure.

A missing incident response plan

It’s not a matter if a data breach occurs – either due to bad actors or natural disasters – it’s a matter when. You should be ready for the worse with an incident response plan that includes data recovery in case of any disaster. Being ready for the worse will limit financial losses, damages to your reputation, litigation, and downtime. Your incident response plan should be bolstered by a data backup plan so that any mission-critical data is quickly and easily recoverable in case of any disruption.

Not updating security software

Your security software is only as good as its latest update, so you if want to protect yourself from the latest threats, you need to regularly apply patches and updates. This habit must go beyond your security tools – it’s essential that you keep your operating systems and other business applications up to date, as well as hardware firmware, as this closes potential to doors to threat actors by applying bug fixes, closing security holes and improving their overall performance and reliability.

Acting like you’re not a target

Don’t assume bad actors are only attacking big businesses – your data and your infrastructure can be just as valuable. Hackers view SMBs as easy targets because they assume you don’t have adequate cybersecurity, and even if they don’t want your data, they can use you as launch pad to attack other organizations, including your partners, customers and suppliers.

Even as you’re at risk of the same threats as larger organizations, as an SMB you have access to the same tools to protect the organization. If you find yourself making one of the above mistakes, or simply want to bolster your security posture, a managed security services provider can help you understand where you’re at and get you to where you want to be.

  • June 27, 2024
  • Catagory edge computing

Secure the Edge with SASE

By : Justin Folkerts

Secure access service edge (SASE) has gained traction as networks have become increasingly fluid – the moat and castle approach to securing the organization is no longer feasible in the era of remote work.

SASE combines network connectivity with network security into one platform that can be centrally controlled, usually via the cloud, to improve visibility, bolster policy controls and enhance overall user experience across all applications. Essentially, SASE is a single corporate network that reduces the need for various point solutions.

By converging networking and security-as-a-service functions into a single cloud platform, you can support distribute hybrid and remote workers, who all connect to nearly cloud gateways rather than a central corporate data center. SASE eliminates the need for every user, office, and application to your data center via a private network or secondary network, a model which can no longer support today’s reality of dispersed, remote workers.

With SASE, network controls are moved out of the data center to the cloud edge, with all network and security services using a single control plane. By using identity management and Zero Trust security policies, SASE enables to you to extend network access to all your remote workers, regional offices, applications, and endpoints.

SASE Components

SASE encompasses many security elements you may already be familiar with:

  • A next-generation firewall (NGFW), which inspects data at a deep level and provides intrusion prevention, application awareness and control, and threat intelligence.
  • A secure web gateway (SWG), which protects data and thwarts cyber threats by filtering out unwanted web traffic content and blocking risky or unauthorized user behavior.
  • A Zero Trust Network Access (ZTNA), a model that assumes security threats are present inside and outside a network and ensures that users only access data and applications they need to do their job.
  • A cloud access security broker (CASB), which provides security controls and additional visibility for your cloud applications and services.
  • A Software-defined WAN (SD-WAN) or WANaaS, which helps scale connectivity and operations across large distances to branch offices and data centers.

SASE Benefits

Because SASE relies heavily on the Zero Trust model, it not only ensures that the right users have access to data and applications through robust verification processes, but it also takes into account other factors such as device status and geographic location, while continually evaluating risk.

SASE also reduces your overall security costs because it combines many point solutions into a single cloud platform, which also reduces the amount of time IT teams spend managing security tools and simplifies integration. Fewer point solutions also lead to increased agility and operational efficiency.

Aside from security, SASE also helps to improve the user experience for remote and hybrid workers by more efficiently routing traffic across the edge network, enabling it to be processed as close to the user as possible.

Organizations of all sizes must accept that there’s no longer a single route into their enterprise network. SASE enables you to combine network connectivity and security into one platform to support your distributed workers while protecting your data.

  • June 13, 2024
  • Catagory cloud computing

What is a CASB and how to pick the best one

By : Justin Folkerts

Cloud access security brokers (CASBs) are increasingly important as endpoints flourish and organizations embrace a multi-cloud strategy for business applications and other workloads.

A CASB manages secure access between endpoints and cloud computing environments. The standalone CASB market is growing. Valued at US$11 billion in 2023, Mordor Research expects it to grow at 17% annually to reach US$24.2 billion by 2029 in alignment with the surge in adoption of various cloud-based services, along with growing concerns about data security and privacy. A CASB is also part of a broader security strategy that Gartner has dubbed the Secure Service Edge (SSE), which also integrates SWG and Zero Trust network access (ZTNA).

Like many security tools, a CASB can be deployed on-premises or in the cloud in as a hardware appliance, software-only, as a proxy, reverse proxy, or through specific APIs. CASBs can manage access for a broad range of endpoints, including corporate-owned devices or those managed outside the organization by third parties and employees, whether they on are on-premises or remote, including internet of things (IoT) devices.

These various endpoints connect to multiple cloud resources, including common productivity suites such as Microsoft 365 and customer relationship management (CRM) tools delivered in a Software-as-a-Service (SaaS) model, such as Salesforce. Common collaboration tools such as Zoom and Slack also connect via many endpoints that could be managed by a CASB, which monitors everything that goes in or out. A CASB gives you visibility into what users are doing in the cloud, enforces your access control policies, and watches for security threats.

The original purpose of a CASB was to uncover shadow IT – unauthorized applications and cloud storage services deployed by employees that put corporate data at risk. CASBs are now a critical tool for security teams to uncover and monitor unauthorized or unmanaged cloud services as well as protect data as it is moved across hybrid / multi-cloud environments and remote work environments. CASBs also play an important role in complying with data privacy regulations and enforcing data privacy policies.

Any CASB you deploy should be able to give you comprehensive visibility into cloud usage, user activities, and data flows, while also allowing you to granularly control data access and user permissions as part of your overall data protection strategy to safeguard mission critical information across multiple clouds and endpoints.

A CASB not only touches all your endpoints, but must also integrate with your existing security tools, including identity management and single sign-on (SSO) tools, web application gateways firewalls, and endpoint protection.

Given that purchasing and integrating a CASB can be a complex endeavor, considering engaging with a managed security services provider who can help you audit your organization so that you select a CASB that addresses all your pain points and can scale with your business over time.

  • May 14, 2024
  • Catagory IT management

Human Factors Threaten SMB Cybersecurity Efforts

By : Sanjeev Spolia

Small and medium-sized businesses may be spending more on cybersecurity, but human factors still pose a significant threat.

A recent survey by password manager provider LastPass found that although SMBs have become proactive with security investments, a survey of more than 600 business and IT security leaders from companies with fewer than 3,000 employees found that human factors continue to make them vulnerable to attacks by cybercriminals.

The LastPass survey found there was a gap between how SMB leaders were tackling cybersecurity and employee behaviours.

The good news is that SMB executives have increased their attention and investment when it comes to cybersecurity. The LastPass survey found that 90% of IT leaders and 80% of non-IT leaders reported an increased focus on cybersecurity measures over the past year, with 82% of businesses boosting their cybersecurity budgets.

The bad news is there’s a disconnect between executives and their employees. Most executives and IT leaders said they feel confident about their cybersecurity measures, with only 30% of leaders believing their company faces a high risk of cybersecurity threats.

However, among the rank and file, only 78% of non-IT leaders believe employees understand the security expectations of their jobs, the survey found. More troublesome is that 1 out of 5 non-IT leaders admits to circumventing security policies, while 1 in 10 IT security leaders admits to circumventing security policies.

The LastPass survey suggests that despite increased investment in cybersecurity, their efforts are being undone by employee behavior. To get the most from their security budget, SMBs need to be mindful of the human factors that make the organization more vulnerable to an attack and subsequent data breach.

Small steps go a long way, and LastPass makes five key recommendations to encourage employee behavior that mitigates human factors that might put the organization at increased risk:

Ramp up cybersecurity education: SMBs should develop clear communication strategies and regular training sessions for all employees so they understand their role in maintaining robust cybersecurity, and every part of the organization must understand and commit to security policies.

Create incentives: SMBs should have stronger incentives for security compliance, balanced by stricter consequences for violations as well as policies for when it’s acceptable to bypass security measures to get work done. A culture of for reporting violations must also be fostered.

Embrace threat intelligence: SMB leaders must be able to identify and protect valuable and critical business information and know where the threats are coming from by investing in a threat intelligence-led security program.

Mandate password managers: Password management requires critical attention, according to the survey, so password managers combined with continuous education on password security are essential.

Brace for AI threats: Phishing attacks, cloud vulnerabilities, and the potential for business data loss due to ransomware attacks or malware are getting help from AI, so it’s important to fight fire with fire and adopt AI-driven security tools that provide advanced threat detection and response capabilities.

Cybersecurity is a continuum, and SMBs can’t be complacent even with increased investment. Human factors must be continually addressed through education, policy, and technology adoption.

  • April 30, 2024
  • Catagory Data Protection

How XDR Extends Your Security Capabilities

By : Justin Folkerts

Endpoint detection and response (EDR) has evolved: extended detection and response (XDR) takes a more holistic, streamlined approach to threat detection and response.

XDR combines data ingestion, analysis, and prevention and remediation processes across your entire security stack, providing your IT teams with the necessary visibility to detect threats as well as automate workflows.

Eliminate Security Siloes

XDR pulls data from endpoints, cloud workloads, networks and email and then correlates and analyzes it using advanced automation and artificial intelligence (AI), which allows it to prioritize data and deliver insight through a single pane of glass.

Not only does XDR consolidate data from disparate sources, but it also coordinates siloed security tools so that your IT team doesn’t have to spread their attention across different consoles to conduct their security analysis, investigation and remediation.

XDR can help you reduce vendor sprawl while integrating the tools you do have to gain better visibility into your environment, whether it’s a private cloud or hybrid environment, including your public cloud instances. By coupling this integration with automation, XDR helps you respond faster to security incidents and effectively mitigate them to reduce the impact of any attack.

Like many security platforms, XDR can be purchased as a managed service, which opens access to expertise in threat hunting, intelligence, and analytics via a managed services provider.

Combine XDR with SIEM and SOAR

XDR doesn’t replace Security Information and Event Management (SIEM) or security orchestration, automation, and response (SOAR).

SIEM gives you a single, streamlined view of your data along with your operational capabilities and security at activities to you can better detect, investigate, and mitigate threats by ingesting as much data as possible. It gives you the ability to analyze data from network applications and hardware, and cloud and software-as-a-service (SaaS) solutions.

SOAR software manages threats and vulnerabilities, responds to security incidents, and automates security operations. The aim of SOAR is to collect as much data as possible and automate as much as possible by leveraging machine learning technology.

SIEM is primarily a log collection tool intended to support compliance, data storage and analysis –security analytics capabilities tend to be bolted on. SOAR incorporates orchestration, automation, and response capabilities to the SIEM and enables disparate security tools to coordinate with one another, but it doesn’t solve the big data analytics challenge, and it can’t protect data or systems on its own.

XDR fills the gap left by SIEM and SOAR by taking a different approach that’s based on endpoint data and optimization and applying advanced analysis capabilities that allow you to focus on high priority events and respond rapidly.

SIEM and SOAR are complementary and can’t be fully replaced by XDR. SIEM has other uses outside of threat detection, including compliance, log management and non-threat related data analysis and management. XDR can’t replace SOAR’s orchestration capabilities.

Assess, Protect and Respond

Adopting an XDR platform in combination with SIEM and SORA provides better threat visibility, optimizes and automates security operations, and enables your busy IT teams to focus strategic objectives rather than being bogged down by manual security tasks. A managed services provider can help you implement XDR along with SIEM and SOAR so you’re in a better position to assess and protect your data and respond quickly and effectively to cybersecurity threats.

  • March 14, 2024
  • Catagory Data Protection

Protect Your Backups from Ransomware Infections

By : Justin Folkerts

Your backups are not immune to ransomware – infected data can be replicated, so it’s important to configure your data protection so that mission critical information isn’t corrupted and clean copies can be easily restored.

Ransomware is sneaky, and it’s cross-platform. It can sit in in your backups – whether it’s an email, PDF, or Zip file, among many others – waiting to go off. And ransomware attacks don’t discriminate, either. Small and medium-sized organizations are just as viable a target for threat actors as large enterprises.

Ransomware starts with one computer, encrypting some or all its valuable data, but it can easily spread across the network, making all users susceptible and all systems potentially unusable. If ransomware corrupts a critical database, it can cripple your organization, which is why you must protect all your backups.

Preventing dangerous duplicates

If your backups are infected by ransomware, they are no more useful than your primary data – your restoration will just ignite a reinfection.

Protecting your backups from ransomware always starts by preventing users from downloading dangerous files that are riddle with malware, viruses, and ransomware. If a nefarious file does get through due to clever phishing and human error, you must make sure infections can’t be transmitted across your network through file sharing and syncing.

Most of all, you must prevent ransomware from accessing your backups at all costs. Although it’s impossible to fully protect your backups from threats, including ransomware, applying the right rules and leveraging smart software can minimize the likelihood of your backups getting infected.

Follow tried-and-true backup rules

The well-established 3-2-1 rule for backups continues be a good strategy for preventing ransomware infection of replicated files – you should have your original copy of a file, a duplicate that is stored on-site on a different medium, and a copy that is stored off-site. It is recommended that your on-site copy be stored on removeable media, such as tape.

Each of your backups requires a different approach – if you use tape, you should do a full backup rather than a differential or incremental backup. Your onsite tapes should be stored in a secure, fireproof location.

Using versioning for your backups can also prevent ransomware from infected all copies of your data – it saves a new version of the file as backup rather than wiping out the previous backup so you can return to an uninfected iteration, allowing you to easily roll back to a clean copy.

Roll backs are where software tools can help prevent your backups from being infected with ransomware as they can help manage versioning. However, your strategy is just as important as the tools. If you do a complete backup to on-site tape daily outside of office hours, you can back up the most current version. Even if ransomware hits the next day when users are likely to trigger it, you only lose that day.

Once the full backup is restored, you can review the offsite incremental backups done throughout the day to restore specific files with the latest and greatest versions.  

Another strategy is to distribute your backups – by having separate backup systems for different types of data you can reduce the likelihood of ransomware spreading between them.

User endpoints are ransomware’s first target

No matter your backup strategy, protecting your endpoints is always your first line of defence when combatting ransomware. Endpoint data protection combined with employee cybersecurity awareness and training will contain ransomware within the first infected machine, reducing the likelihood of it infecting your backups.

  • February 29, 2024
  • Catagory hardware

Old Routers, Email Impersonators Raise Security Stakes for SMBs

By : Justin Folkerts

The security stakes for SMBs are high enough already as smaller organizations must grapple with the same threat as large enterprises, including ransomware and malware that’s been augmented by artificial intelligence (AI).

These innovative threats can distract from the reality that other mundane vectors remain a serious threat to SMB security.

It may be working fine, but it’s not secure

On the hardware front, SMBs need to be wary of threat actors targeting old routers. Earlier this month, CRN reported that nation-state hackers from China were linked to an attack that compromised hundreds of small business and home routers. Just because you’re a small business, doesn’t mean you won’t be eyed by international hackers.

One of the reasons SMBs are considered worthwhile targets are because they’re often part of a broader supply chain connected to critical infrastructure. Compromised routers can be used together to form a botnet – such a malware-infected device can become a launchpad to attack other organizations.

What all these routers tend to have in common is that they are end-of-life (EOL) products – they may still be working fine but are no longer being supported by the vendor with firmware and security updates. Since it costs money to replace aging hardware, companies often continue to use old, unsupported routers which not only lack needed updates, but weren’t designed with the smarts to combat the latest security threats.

The CRN article notes that bad actors view SMBs as nothing more than an IP address, so as a supplier organization providing others that provide critical infrastructure, smaller firms can be high priority target.

Check your email carefully

Email has long been an attack surface for businesses of all sizes, but SMBs should be aware of hackers hijacking mailing lists of other business, including those of their email service provider.

A recent example reported by TechRadar involves provider SendGrid, which was exploited by attackers to access client mailing lists to send tailored, authentic looking emails asking recipients to activate multi-factor authentication (MFA) via a link in the email. Unsuspecting users who clicked on the link were sent to fake login landing page that harvested their credentials.

Making sure you use a reliable, reputable email service provider isn’t enough to protect your business communications infrastructure from bad actors, who are getting smarter all the time and better at mimicking real organizations.

What you can do

SMBs need to take equipment upgrades seriously – just because a router still works, doesn’t mean it is secure, so have a process in place to regularly review endpoints to verify they are still supported by vendors with updates.

As long as there’s email, there’s going to be email phishing scams, so it’s important to maintain cybersecurity training so that employees can spot phishing attempts, no matter how sophisticated.

If you’re an SMB that is struggling to keep on top of all the cybersecurity threats in a dynamic digital landscape, consider turning to a managed services provide who can help evaluate your hardware and support cybersecurity training for your team.