Connect with us

Expert Speak

Zero Trust, Cloud and Remote Working Drive Digital Resiliency

Published

on

Written by Paul Nicholson, Sr. Director of Product Marketing at A10 Networks

Today’s enterprises have faced many challenges with the pace of change over the last few years because of digital transformation, and the need for that transformation to be resilient and secure. These challenges have been amplified by the disruption of the global pandemic. There have been massive global macro-economic shifts that have fundamentally changed the way companies operate, from the rise of remotely working employees to the adjustments of customer engagement strategies.

Remote work was in full swing before the pandemic and it already had an impact on IT strategy and the shift to cloud, including hybrid cloud. This trend has only accelerated due to the ease of remote deployment and accessibility of software, SaaS, and cloud options. With all these changes, the specter of security breaches is high. This explains the rise and popularity of Zero Trust as a framework for securing networks in these new realities, and as an effective tool to drive cybersecurity initiatives within the entire enterprise.

All this means that in a post-pandemic era, digital resilience is a top priority and cyber threats are only accelerating. As a result, we are witnessing a broad spectrum of concerns as enterprise organizations look to shore up their defenses. Analyzing the events of the last two years, it is an ideal time to explore enterprise perceptions about the future. To gain these insights, we surveyed 2,425 senior application and network professionals from ten regions around the globe. Not surprisingly, we found high levels of concern around all aspects of digital transformation solutions and resilience with a strong focus on business continuity. The top findings we uncovered included:

Private Clouds are the Preferred Enterprise IT Environment
|Even though we witnessed a rapid pivot to cloud in the last couple of years, plenty of on-premises environments remain. Twenty-three percent of respondents have retained an on-premises environment and this is unlikely to change in the future. Private clouds were the preferred environment for 30 percent of respondents, while just under one quarter said their environment was in a public cloud with a similar percentage in SaaS environments.

New Working Patterns and Digitalization Prompt Rethinking the Strategy
Resilience is a board-level discussion as senior leaders look to ensure that the business can cope with any future disruption. Our enterprise respondents said that digital transformation solutions, business continuity (technically and organizationally), and stronger security requirements have all become paramount. This puts tremendous pressure on IT professionals to rethink their architectures and IT strategies to meet the challenge.

Asked to rate their concern about 11 different aspects of business resilience, nine out of 10 respondents expressed some level of concern about every issue. The top concerns were around the challenge of optimizing security tools to ensure competitive advantage, utilizing IT resources in the cloud, and enabling remote access and hybrid working while ensuring that staff feels supported in whatever work style they wish to adopt.

Top Cyber Threat Concerns for Enterprise IT
Without a doubt, the escalating threat landscape is causing a broad array of concerns from respondents. Chief among them is the loss of sensitive assets and data followed by the disruptive impact of downtime or network lockdown. In response, there was an evident shift to a Zero Trust security approach. One-third (30%) of enterprise organizations said that they had already adopted a Zero Trust model.

Looking to the future, we expect the adoption of cybersecurity initiatives to not only remain high but to become higher. This includes a more pervasive adoption of the Zero Trust model within the enterprise as all employees become more aware of the benefits of such a strategy and approach.

It’s clear that there is unlikely to be any relief from the pressures for enterprises and their IT practitioners, whether in infrastructure or security domains. We will be dealing with the impact of these recent pandemic-related changes for years to come, including the continuing integration of newer technologies and evolving standards. Therefore, IT organizations must continue to invest in modern technologies that support ongoing digital transformation initiatives but strike the balance between strong Zero Trust defense and operational agility for their multifaceted digital resiliency needs.

Artificial Intelligence

How AI is Reinventing Cybersecurity for the Automotive Industry

Published

on

Written by Alain Penel, VP of Middle East, CIS & Turkey at Fortinet (more…)

Continue Reading

Cyber Security

Positive Technologies Study Reveals Successful Cyberattacks Nett 5X Profits

Published

on

Positive Technologies has released a study on the dark web market, analysing prices for illegal cybersecurity services and products, as well as the costs incurred by cybercriminals to carry out attacks. The most expensive type of malware is ransomware, with a median cost of $7,500. Zero-day exploits are particularly valuable, often being sold for millions of dollars. However, the net profit from a successful cyberattack can be five times the cost of organizing it.

Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Continue Reading

Expert Speak

What the Bybit Hack Reveals About the Future of Crypto Security

Published

on

Written by Oded Vanunu, Chief Technologist & Head of Product Vulnerability Research at Check Point (more…)

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.