Search the Community

What really is cyber security and why doesn't the traditional CIA triad of confidentiality, integrity, and availability work? And what's that got to do with footballs anyway? I've written this simple breakdown of the five key cyber security terms - confidentiality, integrity, availability, authenticity and non-repudiation - with examples of what they mean in practice, and real life incidents illustrating what happens when they go wrong! The post Breaking Down Cybersecurity: The Real Meaning Behind the Jargon appeared first on Security Boulevard. View the full article

 Last week, we hosted Michael Tapia, Chief Technology Director at Clint ISD in Texas, and Kobe Brummet, Cybersecurity Technician at Hawkins School District in Tennessee, for a live webinar. Michael and Kobe volunteered to share with other K-12 tech pros how important cybersecurity and safety monitoring are for Google Workspace, Microsoft 365, and […] The post Cloud Monitor Automation Improves K-12 Cybersecurity Training & Awareness appeared first on ManagedMethods. The post Cloud Monitor Automation Improves K-12 Cybersecurity Training & Awareness appeared first on Security Boulevard. View the full article

What is a cybersecurity vulnerability, how do they happen, and what can organizations do to avoid falling victim? Among the many cybersecurity pitfalls, snares, snags, and hazards, cybersecurity vulnerabilities and the likes of zero-day attacks are perhaps the most insidious. Our lives are unavoidably woven into the fabric of digital networks, and cybersecurity has become... The post Understanding Cybersecurity Vulnerabilities appeared first on TrueFort. The post Understanding Cybersecurity Vulnerabilities appeared first on Security Boulevard. View the full article

Unlock the dynamic interplay between cybersecurity and agility in today’s business landscape. Explore how organizations can fortify their defenses, foster innovation, and thrive amidst uncertainty. In an era defined by rapid technology advances, geopolitical complexities, and economic uncertainties, organizations face a daunting challenge: how to thrive amidst constant disruption and change. As businesses look to […] The post Agile by Design: Cybersecurity at the Heart of Transformation appeared first on Security Boulevard. View the full article

Insight #1 AI is clearly becoming a problem, with headlines capturing incidents such as a deepfake audio impersonating a Chief Information Security Officer (CISO) and explicit deepfake photographs of high-school students being passed around in a Nevada, Iowa High School. We as an industry need to get our hands around all of this before it gets even worse. The post Cybersecurity Insights with Contrast CISO David Lindner | 4/26/24 appeared first on Security Boulevard. View the full article

In addition to supporting research centers, the $12.5 million project focuses on training the next generation of cybersecurity pros to safeguard the nation's critical infrastructure. The post Oak Ridge, McCrary Institute Establish Cybersecurity Center Focused on Electrical Grid appeared first on Security Boulevard. View the full article

In a largely male-dominated field, women face an uphill battle against pay disparity, but the gap narrows as women climb the cybersecurity career ladder. The post Women in Cybersecurity Face Continued Pay Disparities appeared first on Security Boulevard. View the full article

It is perhaps important to set the scene with some interesting and updated statistics to re-orientate ourselves with the current state of cyber-risks facing the world todayView the full article

LLMs such as ChatGPT might just be the next cybersecurity worry, according to the latest findings by researchers. Previously believed to only be able to exploit simpler cybersecurity vulnerabilities, LLMs have shown a surprisingly high proficiency in exploiting complex ones as well. Researchers at the University of Illinois Urbana-Champaign (UIUC) found that GPT-4 demonstrates a scarily high proficiency in exploiting 'one-day’ vulnerabilities in real-world systems. In a dataset of 15 such vulnerabilities, GPT-4 was capable of exploiting an alarming 87% of them. This is a striking contrast to other language models like GPT-3.5, OpenHermes-2.5-Mistral-7B, and Llama-2 Chat (70B), as well as vulnerability scanners like ZAP and Metasploit, all of which recorded a 0% success rate. A serious threat The caveat, however, is that for such high performance, GPT-4 requires the vulnerability description from the CVE database. Without the CVE description, GPT-4's success rate falls drastically to just 7%. Nonetheless, this latest revelation raises alarming questions about the unchecked deployment of such highly capable LLM agents and the threat they pose to unpatched systems. While earlier studies demonstrated their ability to act as software engineers and aid scientific discovery, not much was known about their potential abilities or repercussions in cybersecurity. While LLM agents' capability to autonomously hack 'toy websites' was acknowledged, until now, all research in the field focused on toy problems or 'capture-the-flag' exercises, essentially scenarios removed from real-world deployments. You can read the paper published by the UIUC researchers on Cornell University's pre-print server arXiv. More from TechRadar Pro ChatGPT is finally making your account more secureChatGPT is leaking… againChatGPT plugin flaws could have allowed hackers to take over other accounts View the full article

Insight #1 One of the most significant errors an organization can make is assuming they are not a target. This belief is especially prevalent among small and medium-sized businesses (SMBs), and it represents a dangerous oversight. An estimated 69% of SMBs reported experiencing at least one cyberattack in the last year, according to one report, and the attack frequency is increasing. If you’re not using basic measures like password managers, two-factor authentication (2FA) and cybersecurity training, you’re risking more than you might realize. The post Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24 appeared first on Security Boulevard. View the full article

Traditional cybersecurity is laser-focused on incident detection and response. In other words, it’s built around a Security Operations Centre (SOC). That’s no bad thing in itself. Read between the lines, however, and that assumes we’re waiting on the threats to come to us. With cyber adversaries evolving their tactics through AI, automated ransomware campaigns, and other advanced persistent threats (APTs), adopting advanced, proactive measures has never been more critical. Except that your SOC team is already drowning in vulnerabilities and knee-jerk remediations. How can they even begin to manage this? Today’s ever worsening threat landscape calls for a strategic pivot towards the establishment of a Vulnerability Operations Centre (VOC) to rethink the foundational challenges of vulnerability management and cyber resilience. The Strategic Imperative of the VOC Traditional strategies are necessary but painfully insufficient. As an industry, we’ve predominantly been reactive, focusing on the detection and mitigation of immediate threats. This short-term perspective overlooks the underlying, ongoing challenge posed by a vast backlog of vulnerabilities, many of which have been known but unaddressed for years. Alarmingly, over 76% of vulnerabilities currently exploited by ransomware gangs were discovered more than three years ago. Either SOC teams don’t care – which we know is not true – or they can’t keep up on their own. It’s time to admit that the main problem they face is knowing which handful of threats to focus on amidst the tidal wave. The VOC provides a new approach to this challenge, offering a centralized, automated, and risk-based approach to vulnerability management. Unlike the SOC, whose primary objective is to manage incidents and alerts, the VOC is designed to predict and prevent these incidents from occurring in the first place. It focuses exclusively on the prevention, detection, analysis, prioritization, and remediation of security flaws that affect an organization's unique IT environment. By doing so, VOCs enable organizations to address the far narrower, infinitely more manageable list of vulnerabilities that pose a significant, actual threat to their operations and sensitive data. Linking SOC to VOC: A synergistic approach The synergy between the SOC and VOC is essential to creating a comprehensive security framework that not only responds to threats but proactively works to prevent them. The process of linking SOCs to VOCs begins with CISOs recognizing that patch management is not a standalone task but a core component of the broader security strategy. A dedicated team or unit, ideally under the guidance of the Chief Information Security Officer (CISO) or another appointed security leader, should spearhead the establishment of the VOC. This approach underscores the importance of a clear directive from the highest levels of cybersecurity leadership, ensuring that the VOC is not just an operational unit, but a strategic endeavor aimed at enhancing the organization's overall cyber resilience. Establishing a VOC involves leveraging existing vulnerability assessment tools to create a baseline of the current security posture. This initial step is crucial for understanding the scope and scale of vulnerabilities across the organization's assets. From this baseline, the team can aggregate, deduplicate, and normalize vulnerability data to produce a clear, actionable dataset. Integrating this dataset into the SOC’s security information and event management (SIEM) systems enhances visibility and context for security events, enabling a more nuanced and informed response to potential threats. The transition from technical vulnerability assessment to risk-based prioritization is a pivotal aspect of the VOC’s function. This involves evaluating how each identified vulnerability impacts the business, then prioritising remediation efforts based on this impact. Such a shift allows for a more strategic allocation of resources to focus on vulnerabilities that pose the highest risk to the organization. Automation must play a key role in this process, enabling routine vulnerability scans, alert prioritization, and patch deployment to be conducted with minimal human intervention. This not only streamlines operations but also allows analysts to concentrate on complex tasks that require intricate human judgment and expertise. The Immediate Power of VOC Implementation The VOC empowers cybersecurity teams with a comprehensive and systematic approach to vulnerability management, significantly simplifying the process of handling an exponentially increasing number of CVEs. The immediate benefits include: Centralization of Vulnerability Data: By aggregating and analyzing vulnerability information, the VOC provides a unified view that makes life easier for teams identifying and prioritizing critical vulnerabilities. Automation and Streamlining Processes: The use of automation tools within the VOC framework accelerates the detection, analysis, and remediation processes. This not only reduces the manual workload but also minimizes the likelihood of human error, enhancing the overall efficiency of vulnerability management. Risk-Based Prioritization: Implementing a risk-based approach allows teams to focus their efforts on vulnerabilities that pose the highest risk to the organization, ensuring that resources are allocated effectively and that critical threats are addressed ASAP. Enhanced Collaboration and Communication: The VOC fosters better collaboration across different teams by breaking down silos and ensuring that all relevant stakeholders are informed about the vulnerability management process. This shared understanding improves the organization's ability to respond to vulnerabilities swiftly and effectively. Ownership and Accountability: Centralizing operations for vulnerability management within the VOC framework ensures clear accountability and ownership across teams. This organizational clarity is vital to removing siloes and reducing risk, as it establishes well-defined roles and responsibilities for vulnerability management, ensuring that all team members understand their part in safeguarding systems and networks. That’s a lot to digest but, put simply, it’s time to rethink how we approach vulnerability management. Check the news – or better yet, check in with the rest of your cybersecurity team. A VOC reduces the crushing burden of vulnerability management on SOCs and makes the lives of all security teams that much easier. By centralizing operations, automating routine tasks, and emphasizing risk-based prioritization, the VOC enhances the organization's security posture. Linking your SOC to your future VOC creates a seamless flow of actionable intelligence directly into the threat response mechanism. The endgame? Ensuring that your organization's defense mechanisms are both proactive and responsive for a far more secure and resilient digital environment. We feature the best cloud antivirus. This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro View the full article

The cybersecurity risks that businesses are often most concerned about come from external attacks. But at the same time, threats – both by accident or with malicious intent – by their own employees are overlooked, despite accounting for 58% of cybersecurity breaches in recent years. As a result, a large proportion of businesses may lack any strategy to address insider risks, leaving them vulnerable to financial, operational and reputational harm. Understanding the risk Insider threat has always had the mystique of espionage and spies – but usually it’s nothing of the sort. At one end of the spectrum, you’ve got people who are trying to get access to company data and then accidentally share information, or disgruntled employees. And on the other end, you have nation state actors who could be attempting to access sensitive information from government and corporations or disrupt critical national infrastructure. It’s a delicate issue for businesses to tackle, because anybody could intentionally or unintentionally be an insider threat, and a balance must be found between the security of an organization versus the personal liberty of an individual. The first obstacle to implementing effective cybersecurity strategies is when the risk at hand is not fully understood. How do you determine what kind of protective controls you put into place to stop the potential exfiltration of data or disruption when there are so many different motives and methods? Detection, not surveillance Firstly, a line should be drawn between employee monitoring for possible signs of insider risk and employee surveillance. The latter could have a negative impact on company culture, and ignores the important balance between security and liberty and the legal safeguards that exist. That being said, some form of threat mitigation and detection should still be in place. One useful tool in the armory is web content URL filtering that blocks malicious websites, for example if you click on a phishing email, or accidentally visit a malicious website and inadvertently open your organization to risk. Technology like this typically works hand in hand with Data Leakage Prevention (DLP). DLP uses keywords and analytics to look for data or information that is sensitive, such as credit card numbers or personally identifiable information and blocks that information leaving the organization. Because these types of tools can effectively track browsing habits, they must be tightly controlled and only a small number of people in an organization should have access to that data. Even so, that must go through multiple layers of approval. Business leaders must trust their employees, demonstrate that they do, and only use these tools as safety nets. It’s better to try and detect, protect, and solve the problem. Put effective intervention methods to use Background checks and vetting are important measures for mitigating the possibility of an insider threat from the very outset. But when it comes to managing an existing team, other methods will have to be explored. For systems and services, audit records and the cyber equivalent of double entry book-keeping should be considered, for instance. Organizations that are more mature may use honeypots or canary tokens to decoy information on their system that looks sensitive but is fake; if anybody accesses this system or releases information, it can be tracked very easily and, if disturbed, is a good indicator of an insider threat. Adopting a deterrence strategy is also useful, such as information classification. Systems with a large amount of sensitive information stored in them, data that could be sold or retained to use against someone, are going to be clear targets for insiders. A protective marking on it, such as “confidential”, could either entice or deter these individuals, as it makes clear that certain information is important, tracked and handled cautiously. This allows organizations to ring fence and apply controls to the specific information that is sensitive to them. Responding to an insider incident Incident response to insider threats is very similar to other types of data breaches, but with one significant caveat. As an employee they are by default a trusted individual. Therefore, they are potentially able to do significantly more damage than an external threat actor as they know the internal workings of the company and their way around potentially complex systems. Revoking complete access for any employee, for instance, should be a matter of priority when trying to mitigate the impact of any insider threat when suspected of carrying out a malicious breach. Reporting the incident is ultimately the same type of process, but the way organizations initially approach the individual will differ from third-party actors. It’s especially important, in these circumstances, to have irrefutable evidence, as accusing somebody who is innocent could also cause significant damage to a business and the individual. Insider threats too often sit in the blind spot of businesses. But by focusing on external threats exclusively - perhaps in favour of avoiding tension or perceptions of mistrust in the workplace - organisations and their employees are left vulnerable to the genuine threat insiders pose, often greater than the threat posed by third-party actors. It is a crucial element of any robust cyber strategy, and not to be overlooked. We've listed the best identity management software. This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro View the full article

In the world of cybersecurity, few environments present as many challenges as oil platforms and other offshore infrastructure assets. These installations, often situated in harsh and isolated marine environments, are critical to global energy production. However, their remote locations, combined with the increasing interconnectedness brought about by digitalization, expose them to a myriad of cybersecurity threats. In this blog post, we dive into the distinct challenges associated with installing and managing cybersecurity technology on offshore infrastructure, and how Mission Secure overcomes these challenges to help our customers protect their critical offshore assets. The post Rough Seas: Overcoming the Challenges of Cybersecurity for Offshore Infrastructure appeared first on Security Boulevard. View the full article

Simbian TrustedLLM promises to automate complex cybersecurity tasks by continuously learning about IT environments. The post Simbian Unveils Generative AI Platform to Automate Cybersecurity Tasks appeared first on Security Boulevard. View the full article

Amid political headwinds and economic uncertainty, we find ourselves in a challenging time for business. The economy is being impacted by the combination of ongoing high inflation and limited GDP growth. Meanwhile, supply chains are being disrupted by international conflicts (e.g., Ukraine, Gaza and the Houthi insurgency) and the ongoing impact of Brexit. And so, businesses are being pulled in multiple directions due to economic pressures and uncertainty – the two things they hate most. Due to these challenges, it’s safe to say we are living through a ‘cost of doing business’ crisis. This crisis has seen cybersecurity teams suffer pushback from decision-makers about new investments. With instability resulting in spending decisions being delayed, they are faced with ‘in-real-terms’ or even actual budget cuts for the first time. This is forcing them to be as agile as possible to continue responding to the evolving security landscape because the classic market drivers – the evolving threat landscape, increasing digital transformation, mounting regulatory reform and the ongoing skills shortage – mean that security teams are being asked to deliver more with less. Thus, the knee-jerk response of ‘salami-slicing’ costs, let alone not acting at all, is simply not an option. To maintain an appropriate level of security, finding a way to continue protecting their company will therefore be an uphill battle. Security leaders must find new ways to demonstrate the value of the investment decisions they seek. Security as an enterprise risk management topic Any organization failing to protect its sensitive digital assets from today's increasingly sophisticated cyber threats stands to pay a high price. According to our recent Security Navigator report, there was a global surge of 46% in cyberattack victims in 2023. A significant contributor to this is the tendency of businesses to view security merely as a checkbox on their compliance list rather than addressing it as part of a broader (and consistent) enterprise risk management strategy. This implies a lack of communication, with the C-suite not fully understanding the way that security delivers value across their organization. However, cyber resilience should start in the boardroom, with organizations aligning cybersecurity closely with their business objectives. Achieving this requires enhanced collaboration between CISOs, security and the wider leadership team to foster a deeper understanding of internal security needs and how they can support business goals by defending their most important assets and maintaining ‘business as usual’ in the face of attacks. Executive meetings should therefore regularly address security as an enterprise risk management topic, emphasizing the significance of partnerships and collaboration between the board and security teams. They can do this by making sure that they understand the risk management strategy of their business leaders, working to quantify the security risk that they face and presenting security decisions in terms that help the board to map this security risk posture against their risk appetite. This will allow security experts to advise on how budgets could be allocated most strategically and facilitate open discussions about the inherent risk versus cost challenges posed by potential cyber incidents. Always relate to the business strategy Our research also found that the past year saw large enterprises account for 40% of security incidents. With more stakeholders, these organizations often suffer by trying to take multiple perspectives onboard, which can make business and security alignment more challenging. Security leaders must focus their activity and investments towards the most critical risks that are most contextually relevant. Otherwise, they risk ‘boiling the ocean’ – diminishing the impact of their spending power by diluting focus. A lack of business focus on the security strategy can lead to organizations missing out on the adoption of new tools and technologies that could provide a competitive advantage. For example, at our annual Summit in November, an informal discussion between partners and customers found that only around a quarter of security leaders in attendance had ChatGPT enabled for staff, with the remaining citing it was blocked for security reasons. However, businesses that can find a way for security teams to enable such technologies safely will reap the rewards and put themselves ahead of their competitors. To overcome this issue, security teams must learn how to ‘do business with the business.’ This means understanding what the wider business is struggling with and, crucially, being able to explain how they can support it. To achieve this, it is critical to make new tools ‘secure by design,’ as solutions that both enhance security while preserving usability can help to hone a competitive edge. However, this hinges on security teams being involved in new projects from the start so they can demonstrate their value for business initiatives. Unfortunately, this stands in contrast to the traditional situation whereby security is brought in at the end and/or as an afterthought, perceived by the rest of the business as a ‘blocker’ that slows down or dilutes the value of such projects. By helping business leaders think creatively about how finance, security and business strategies align, security teams can help drive the business agenda. Automation to the rescue However, this level of collaboration with the broader business can be time-intensive for security teams, who are also trying to maintain appropriate defenses and respond to threats. One way of tackling this is by optimizing security operations and using automation so they can spend time on more meaningful tasks, without taking their foot off the gas. Whilst every procedure holds importance, security teams need to reassess how they prioritize their time and how mundane, everyday tasks can be dealt with to free up – or ‘create’ – capacity. If this is done right they can improve security metrics, minimize incident response times and therefore reduce exposure to risk, while at the same time creating more time to work closer with business leaders to drive home the importance of their role. Ultimately, security should be part of the answer not part of the problem when it comes to overcoming the ‘cost of doing business.’ By freeing up resources with the help of automation, security teams can build a more strategic role in the boardroom, and forge closer ties with business leaders to proactively address vulnerabilities and unlock a competitive advantage. We've listed the best Zero Trust Network Access solutions. This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro View the full article

According to Barracuda Networks, 66,000 incidents needed to be escalated to security operations in 2023, and 15,000 required an immediate response. The post Barracuda Report Provides Insight into Cybersecurity Threat Severity Levels appeared first on Security Boulevard. View the full article

APIs (Application Programming Interfaces) have proliferated widely, which increases their susceptibility to various vulnerabilities. In the realm of web applications, prime examples that stand out are SOAP (Simple Object Access Protocol) and Representational State Transfer (REST) APIs. Due to their inherent complexity and the dynamic nature of software ecosystems, common vulnerabilities include inadequate authentication mechanisms [...] The post Top 3 API Leaks Identified by Cybersecurity & InfoSec Experts appeared first on Wallarm. The post Top 3 API Leaks Identified by Cybersecurity & InfoSec Experts appeared first on Security Boulevard. View the full article

Join Ekran System at the RSA Conference, one of the world’s leading cybersecurity events. It’s where top professionals share their expertise to equip cybersecurity teams with the tools, intelligence, and connections needed to protect their organizations against evolving threats. The conference will take place at the Moscone Center, San Francisco, from May 6 to 9, […] The post Meet Ekran System at the Leading Cybersecurity Event of 2024 appeared first on Security Boulevard. View the full article

The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Click Armor. The post Small business cyber security guide: What you should prioritize & where you should spend your budget appeared first on Security Boulevard. View the full article

The Cybersecurity and Infrastructure Security Agency (CISA) issued a Notice of Proposed Rulemaking (NPRM) for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022. Under this rule, covered entities must report significant cyber incidents within 72 hours of discovery, along with ransom payments within 24 hours. CISA Director Jen Easterly emphasized the importance.. The post CISA Unveils Critical Infrastructure Reporting Rule appeared first on Security Boulevard. View the full article

Exploring five easy-to-overlook themes from 13 years of cybersecurity industry data and research. The post Themes From (And Beyond) Altitude Cyber’s 2023 Cybersecurity Year In Review appeared first on Security Boulevard. View the full article

With increasing digitization, cybersecurity becomes paramount. Conducting a risk assessment and implementing strategies are key to reducing exposure. The post What is cybersecurity risk & how to assess appeared first on Security Boulevard. View the full article

In the dynamic realm of cybersecurity, the MITRE ATT&CK framework has become a pivotal tool for organizations striving to fortify their defenses against the myriad of cyber threats that loom in the digital age. The webinar, “The MITRE Touch: Practical Strategies for Mapping Device Logs to MITRE ATT&CK,” hosted by Nuspire, shed light on the practical applications of this framework ... Read More The post Mastering MITRE: Enhancing Cybersecurity with Device Log Mapping appeared first on Nuspire. The post Mastering MITRE: Enhancing Cybersecurity with Device Log Mapping appeared first on Security Boulevard. View the full article

My perspective on how GitGuardian approaches the cybersecurity market with a focus on the long game. The post Taking the Long View: GitGuardian’s Approach to Market Relevance in Cyber appeared first on Security Boulevard. View the full article

Predicting the future of cybersecurity is an impossible task, but getting some expert advice doesn’t... The post Webinar Recap: Cybersecurity Trends to Watch in 2024 appeared first on Security Boulevard. View the full article