By Erez Tadmor, Network Security Evangelist, Tufin The beginning of the year typically offers a time for reflection. To look back and see what was successful – and what might need some additional attention. This process is of extra significance to those in the cybersecurity industry, as it is critical to learn show more ...
from both your successes and mistakes, as they help to inform your priorities and choices. One important (and unfortunate) trend we’ve observed is that a large number of organizations still haven’t mastered security fundamentals – which has led to several missed opportunities for improving their organization’s operations and protections. Improvements that could not only make them more secure but serve as the foundation for additional improvements. Without that foundation in place, the success of future security initiatives may be in question. Communication Breakdown Many organizations still struggle with basic network security tasks, such as protecting against malware and ransomware, securing access to networks and systems, and ensuring data privacy and compliance. But these are just the results of fundamental issues. To get to the reason that issues like these still persist, you need to peel back the onion a layer. Once you do, you’ll find that the root cause can be summed up by a failure of teams to communicate, collaborate, and synchronize. Neglecting to solve these issues ends up creating more complexity. In today’s complex and interconnected business environment, effective communication, collaboration, and synchronization are critical to success. However, many organizations still struggle with siloed teams and lack the tools and processes needed to work effectively together. A lack of collaboration and communication helps to ensure that a siloed situation persists within an organization – and makes it highly likely that a company’s IT teams are unable to ever escape the reactionary approach. Reactive teams only take action when something goes wrong. This approach may even seem to be effective on the surface – but reactive mode never allows an organization to improve or evolve. Every moment is spent responding to an issue, instead of proactively addressing larger company issues that cause the security issues in the first place. Reactive mode can lead to costly and inefficient security practices, such as continually bolting on one security solution to another, without ever stopping to think about what a comprehensive strategy should look like. Teams are unable to holistically prepare for tomorrow because they’re still not able to keep up with what’s happening today. By not synchronizing efforts throughout the entire organization, duplication of effort is common, and it becomes impossible to take any large step forwards toward solving larger security issues. Reliance on Legacy Approaches The reliance of organizations on static, legacy documentation and the manual processes used to manage them is still a huge problem. These processes simply do not scale, and help reactiveness to thrive. The other major issue with static documentation is that in this day and age they are almost immediately out of date. Ten years ago, this process might have worked to some degree – even during a response to an attack or incident – but now it doesn’t in the least. By the time a static document has been created and emailed out, the development team has moved on and already stood up and torn down three new cloud environments. New applications have been developed and launched before the document could be reviewed. Because development is so fast – and shouldn’t be hindered if you want the company to continue to evolve and succeed – legacy approaches must change or be killed. Threat Intelligence and Incident Response Most organizations have improved their incident response procedures in the past few years. There are dedicated teams, dedicated solutions that can assist the process, and a set way of operating during a crisis. That said, the biggest problem today is not the people, processes or training for incident response – but rather one of the fundamental areas – the information needed to understand a situation or a threat, and consequently – properly prioritize it. The failure of organizations to address this fundamental issue has caused inefficiencies to persist. Every enterprise now has dozens of cybersecurity products and protections operating at any one time. Despite this, most are still lacking the ability to quickly acquire the actionable information needed to respond to a security incident in a timely manner. There isn’t a lack of volume, but instead a lack of actionable information. During an incident, teams need to know where needed data is, how to find it, and how to leverage it to make the decisions that need to be made. Any time wasted locating and translating said data into actionable information is time not spent actively responding to an incident, which leads to greater losses and a greater impact. Much like a tailored threat intelligence feed that, for instance, only shares threats to the financial services industry, today’s teams need context with their security alerts and data, so they can make proper sense of all of the information that’s coming into them. What’s relevant and why. While automated solutions can help sift through and highlight specific alerts, what’s necessary to have in place is a fundamental way for the security team to communicate easily with the network operations team, for example. It should be easy to correlate data together from each area, but when there is a siloed approach within an organization it becomes more difficult than one would think to simply communicate in terms that each other will understand. It has only gotten worse over time. Silos refer to various disparate technologies, including the ones that operate inside the traditional networks, the native network, Kubernetes, SD-WAN, and more, which are not necessarily interconnected. With different teams in place to manage and control each, there’s now no central repository and everything’s formatted differently, running on different software. The incident response team now has to become experts in all of those different technologies to be able to understand the raw information and what it means to the company as a whole. Information needs to come in from each team, be correlated, and be understood in the context of each other in order to formulate an accurate response. Correcting this fundamental problem of information sharing, collaboration and communication isn’t easy, but can go a long way to positively impacting your organization’s security foundation for years to come! Staffing Shortages Continue One major theme over the course of the year has been the difficulty organizations have had at finding and retaining quality security talent. These staffing problems have continued to plague the industry – and exacerbate the issues around reactive security approaches. When there are fewer security team members than necessary, less is able to be accomplished, and teams are forced into the endless cycle of responding to issues as they arise, in order to keep the organization running. There aren’t enough hours in the day to address larger, systemic organizational security issues proactively. Unfortunately, it does not look like this problem will come to an easy solution any time soon. While last year it was impossible to find and hire talent, the current state of the economy has thrown a wrench into many organization’s plans. Some talent may have become available recently because of cutbacks and downsizing by large organizations, but these same market forces have made it more difficult for companies to now approve new hires. The lack of talent will be a problem IT and security teams will need to deal with for the foreseeable future. Lack of Automation It simply makes sense that when there are open positions within an IT organization – and the team members that are there are forced to remain in reactive mode – that new approaches are needed. One of the most basic is to invest in automating mundane and repetitive tasks. Automation can remove these tasks from the job description, enabling key security and IT resources to be redeployed to more critical company programs. Programs and initiatives that could one day result in a move from a reactive to a proactive approach. In the “race to the cloud” that has been hastened these past couple of years due to the pandemic and the need to have the entire business be cloud-enabled immediately, there have been many missed opportunities to review and automate these types of repeatable processes. Now that there isn’t the urgency behind keeping the organization running in an uncertain era, the time is right to restart the automation process. During times of economic downswings, companies often look internally for ways to improve operations and become more efficient and effective. Many companies are being forced to focus and reduce investment to only those areas of immediate demand. Security automation supports this, while also improving current employees’ work lives (and making open job descriptions more attractive as well). Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
by Gaurav Sahay, Practice Head (Technology & General Corporate), Fox Mandal & Associates The digital age has ushered unprecedented advancements and opportunities, but it has also brought forth a myriad of cybersecurity challenges. In a rapidly changing digital economy, where innovation is the driving force, show more ...
the need for robust cybersecurity regulations is more critical than ever. Companies and individuals alike find themselves grappling with the complexities of staying secure in an environment characterized by constant evolution and emerging cyber threats. Cybersecurity Regulations : Challenges for Companies The digital economy is a battleground for cyber threats that constantly evolve. Companies face the challenge of adapting to cybersecurity regulations that strive to stay ahead of these threats. Regulations need to be flexible enough to address emerging risks while providing a stable framework for organizations to build their defences. Adhering to cybersecurity regulations is not just about avoiding legal consequences; it is also about accountability. Companies must, from a self-regulatory perspective as well, demonstrate a commitment to safeguarding sensitive information by achieving compliance which requires ongoing efforts, from implementing robust security measures to regularly auditing and reporting on their cybersecurity posture. Innovation is at the heart of the digital economy, but companies must find a delicate balance between adapting and adopting new technologies while maintaining security. Cybersecurity regulations mandate innovation without compromising the integrity of security measures, making it a constant challenge for organizations to stay on the cutting edge while remaining compliant. As companies expand globally, they navigate a complex web of cybersecurity regulations that vary across regions. Adapting to these diverse regulatory landscapes requires a deep understanding of local requirements and poses challenges in maintaining a cohesive cybersecurity strategy across borders. Regulations emphasize the importance of incident response plans, adding another layer of complexity. Companies in such instances are essentially required to not only prevent security incidents but also be well-prepared to respond effectively when breaches occur. This involves continuous monitoring, regular testing of response plans, and collaboration with regulatory authorities. Adapting to regulations often involves investing in advanced technological solutions. Companies must allocate resources for state-of-the-art threat detection systems, encryption technologies, and other tools that align with regulatory requirements. Balancing the costs of these investments with the benefits they bring in terms of security is a constant challenge. Human factors remain a significant cybersecurity challenge. Regulations highlight the importance of employee education and training, but implementing effective programs requires resources. Building a cybersecurity-aware culture within the organization necessitates ongoing efforts in education and awareness, adding to the overall cost of compliance. Governments, regulatory bodies, and the private sector need to collaborate effectively to address cybersecurity challenges. Information sharing, joint initiatives, and public-private partnerships are essential for developing a comprehensive approach to cybersecurity in the rapidly changing digital landscape. Financial Constraints on Companies Adapting to cybersecurity regulations inevitably comes with financial implications for companies. The financial constraints they face include, Compliance often requires investment in advanced cybersecurity technologies, such as firewalls, encryption tools, and intrusion detection systems. The initial costs, as well as ongoing maintenance expenses, can strain the financial resources of organizations. Keeping software up to date is crucial for compliance, but it involves costs related to software licenses, patch management systems, and potential disruptions to business operations during updates. Robust data protection measures, including encryption and secure storage solutions, require financial investments. Upgrading infrastructure to meet regulatory standards adds to the overall cost of compliance. Employee education and training programs and ensuring a well-informed workforce is a financial commitment for organizations. Developing and maintaining an effective incident response capability involves costs, including hiring specialized personnel, conducting drills, and investing in incident response tools and services. In furtherance to the above, engaging legal experts to interpret and ensure compliance with complex regulations, along with potential fines for non-compliance, have further financial implications for companies. While cybersecurity insurance can mitigate financial risks, the premiums for such coverage can be substantial, especially for organizations in high-risk industries. Regular audits and assessments by third-party cybersecurity experts, a common requirement for compliance that incur additional costs. Individuals’ Perspective Individuals lack a deep understanding of cybersecurity threats, making it challenging to implement effective security measures. Individuals find it difficult to keep up with the complex and evolving regulatory landscape, leading to confusion about their rights and responsibilities. To strike a balance between regulatory compliance and maintaining personal privacy can be challenging for individuals, especially to ascertain raising concerns regarding how regulations impact their private information. Implementation of cybersecurity measures may require investment in tools and services, presenting challenges for individuals facing financial constraints. Individuals with limited technical skills will also struggle to implement and maintain security measures, such as setting up secure Wi-Fi networks. To ensuring compatibility with recommended security measures is a challenge, especially for individuals using older devices or software. The abundance of information on cybersecurity can be overwhelming for an individual that leads to decision paralysis or ineffective security practices. Busy lifestyles to make ends meet, further limits the time individuals can allocate in staying informed about cybersecurity regulations and implementing necessary security measures. Some individuals may struggle with digital literacy, making it challenging to understand and implement cybersecurity measures effectively. Most importantly, individuals often rely on online services and platforms, but they may lack control over the security practices of the platforms they use. For companies and individuals alike, overcoming these challenges requires a proactive and adaptable approach to cybersecurity. This includes continuous education, staying informed about regulatory changes, leveraging technological solutions, and fostering a culture of cybersecurity awareness. Collaboration, both within organizations and between the public and private sectors, is key to addressing the multifaceted challenges posed by the evolving digital landscape. The journey to adapt to cybersecurity regulations in a rapidly changing digital economy is complex, but it is a journey that both companies and individuals must undertake. With a commitment to cybersecurity best practices, a willingness to invest in necessary measures, and a collaborative approach, organizations and individuals can navigate this dynamic landscape and contribute to a more secure digital future. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
The U.S. Justice Department (DoJ) on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan (RAT) called Warzone RAT. The domains – www.warzone[.]ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal data from victims' computers," the DoJ said. Alongside the takedown, the
