Written by Michael Sentonas, CTO at CrowdStrike
The cybersecurity threat to small- and medium-sized businesses (SMBs) continues to grow as cybercriminals recognize both how vulnerable they can be and the potential value of the data they have. It is critical for SMBs to be aware of the threats they’ll face and how to defend against them. SMB breaches don’t often make headlines, which has led many to believe they fly under attackers’ radars.
In reality, they are among the lowest-hanging fruit for threat actors to exploit — and the data shows cybercriminals are taking advantage: 76% of SMBs surveyed in a 2022 study were affected by at least one cyberattack in 2021, an increase from 55% who said the same in 2020. Sixty-three percent of SMBs surveyed in a separate report say they face increasingly advanced cyberthreats, including ransomware and identity-based attacks (2022 CrowdStrike SMB Survey).
These threats arrive in many forms. The 2022 Verizon DBIR found system intrusion, social engineering and privilege misuse represent 98% of breaches affecting small businesses; further, credentials made up 93% of data compromised in SMB attacks. Over time, more organizations fear they’ll be the next target: a CNBC survey of 2,000+ small business owners found 61% of small businesses with 50+ employees are concerned they’ll be hit with a cyberattack within a year.
Cyberattacks can create significant financial pressure on SMBs, which is a huge concern in a tough macroeconomic climate. A recent survey found that 60% of SMB victims closed their doors within 6 months of an attack. While many SMBs are familiar with malware and may have installed what they perceive as “good enough” security such as basic antivirus software to combat these kinds of attacks, the reality is the threat landscape is much more complex and sophisticated than it used to be. Cybercriminals continue to evolve their strategies at a breakneck pace to bypass traditional security tools, making traditional AV systems increasingly less effective in protecting SMBs.
Many adversaries employ human-engineered methods to break into businesses of all sizes. Throughout 2022, there has been an increase in identity-based attacks and the development of sophisticated file-less techniques bypassing traditional multi-factor authentication defences.
Adversaries are going beyond credential theft, instead using techniques like pass-the-cookie, golden SAML and social engineering with MFA fatigue to compromise identities. According to 2022 CrowdStrike threat data, 71% of breaches forgo malware entirely to evade legacy antivirus software searching for known file- and signature-based malware.
The evolution in adversary techniques shows no sign of slowing in 2023, but with limited budgets and staff, it is imperative SMBs make the most of their resources and time to stay toe-to-toe with even the most advanced adversaries.
A good offence is a great defence. SMBs should think beyond threat detection to focus on threat prevention as well. Many SMBs opt for a managed services approach to augment limited time, resources and expertise. In addition, the following best practices can have a tremendous impact on the strength of your defences:
- Educate your employees: Your entire workforce should be aware of the types of security threats and social engineering attacks they face at work, such as phishing, smishing, honey trapping and more.
- Enforce multi-factor authentication (MFA): As identity becomes a critical component to cyberattacks, MFA provides an extra layer of defence so you can be sure it’s an employee and not an attacker, gaining access to systems and resources.
- Perform regular backups of critical data: If a breach hits your small business, you’ll be glad you backed up your data in the cloud. The cloud provides better accessibility and visibility into data backups, along with faster execution that further minimizes downtime. It’s worth noting an attacker may encrypt backups if they gain access to your systems, so it’s critical to create a strong defence.
- Keep up with software patches: Data breaches often start when an attacker exploits an unpatched vulnerability. Keeping software up-to-date ensures this vector is blocked. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has an updated list of known exploited security flaws.
- Lock down your cloud environments: Protect your cloud drives (such as Box or Google Drive) by implementing MFA and adhering to the principle of least privilege, which ensures employees only have access to the resources they need for their jobs.
- Implement and test your threat detection and response: Make time to analyze your environment and user behaviours for malicious or abnormal activities. Stay current on threat actors, tradecraft and indicators of attack. Define, document and test what a successful incident response looks like. Plan for the “when,” not the “if.
Once you’ve covered the basics, consider intel-driven defence to support detection and response. Understanding threat actors does not need to be complex or time-consuming, as long as the right threat intelligence is available. Attribution enables security teams to understand their true risk posture by defining who could come after them and how and adjust their security strategy based on these facts.
Cybersecurity is a big challenge for SMBs, but it is possible to build a strong security posture and protect your environment from today’s threats — even with limited resources. Rethinking your security strategy and upgrading your defences now can make a tremendous difference in getting through a cyberattack if – or when – disaster strikes.
The Evolution of Cybersecurity in Banking
By Ricardo Ferreira, EMEA Field CISO at Fortinet
Changes in the banking sector associated with new digital initiatives have ushered in unprecedented cybersecurity risks. As highlighted in recent reports, key activities in the financial ecosystem can be disrupted by cyber incidents, so risk management and secure network protocols are paramount. With cybercriminals relentlessly pursuing financial gain, data breaches have become more frequent and sophisticated, underscoring vulnerabilities in the banking sector.
Regulatory approaches, such as EU DORA, G7, and reports from other central banks and regulators, emphasize the critical importance of cyber resilience in the banking sector. These regulations are reactive measures to past threats and proactive strategies designed to anticipate and mitigate future risks. Characterized by continuous digitization, increased third-party dependencies, and geopolitical tensions, the evolving cyber threat landscape demands a robust response from financial institutions.
Central Bank Digital Currencies (CBDCs) add another layer of complexity. As CBDCs gain traction, they present both opportunities for financial inclusion and challenges in terms of cybersecurity. In this competitive landscape, where traditional banks, financial technology disruptors, and digital-native challenger banks strive for market share, delivering a seamless digital experience is crucial. However, institutions must not lose sight of potential vulnerabilities as they race to innovate. Embracing digital technologies is essential, but so is ensuring that these technologies are safeguarded against ever-evolving threats.
As banks and financial services providers continue to grow and innovate, a holistic approach to cybersecurity informed by the latest regulatory insights and threat intelligence will be crucial to ensure sustainable and secure progress.
Cybersecurity in Banking
In the rapidly evolving digital landscape of banking, cybersecurity teams are at the forefront of a complex battle. The financial sector is particularly vulnerable to cyber threats, including significant data breaches. The financial sector is a favourite target for attacks seeking financial gain, trade secrets, or service disruptions that bring publicity to social or political causes. In fact, financial and cybercrimes are now top global policy concerns, according to a new INTERPOL report.
Depending on the severity of the attack and the specific bank in question, a single successful breach can lead to serious damage to the brand. According to the European Union Agency for Cybersecurity (ENISA), more than 10 terabytes of data are stolen monthly, and more than 60% of organizations may have paid ransom demands. Another report states that 2022 was the biggest year ever for crypto hacking.
As digitization becomes an even greater necessity across the banking industry and security risks increase, executive teams need to ensure the resiliency of their business operations, compliance with government and industry regulations, and the effectiveness of their cybersecurity infrastructure to protect the expanding attack surface.
Financial services providers must defend against an onslaught of data breaches, ransomware, malware, phishing, and social engineering attacks growing in sophistication, frequency, and intensity. The challenges of fending off threats increase as the attack surface expands in breadth and complexity. In its 2023 Global Cyber Risk Outlook, Moody’s states that regulators and insurers are taking actions to reduce financial exposure to cyberattacks, and at the same time, demand for cyber insurance will outweigh supply.
To remain competitive and resilient in this environment, financial institutions must continue to innovate and ensure that those innovations are secure. This dual mandate becomes even more challenging given the expanding attack surface, driven by the rise of digital banking, fintech disruptors, and the introduction of CBDCs and the modernization of their core systems. Key cybersecurity imperatives for banking include:
- Visibility. Maintaining comprehensive network visibility is paramount with the proliferation of mobile banking, IoT integrations, and cloud deployments. As the cyber threat landscape becomes more intricate, having clear oversight of all network activities is crucial to prevent data breaches and manage cybersecurity risks.
- Automation and operational efficiency. The era of siloed security solutions is fading. Modern cybersecurity demands integrated solutions that can automate tasks, reducing the need for manual configurations and constant monitoring. Implementing “policy as code” can further streamline this process, ensuring that security policies are consistently and automatically enforced across a secure network.
- Flexibility. The diverse IT architectures, spanning multi-cloud and on-premises deployments, necessitate agile security controls and policies. As financial institutions navigate the complexities of digital transformation, their security solutions, including policy as code practices, must be adaptable, ensuring that security policies align seamlessly with infrastructure changes.
- Compliance reporting. Regulatory compliance is not just a checkbox exercise. With central banks and other supervising authorities emphasizing cyber-resilience regulations, security teams must strike a balance between adhering to these regulations and proactively defending against cyber threats. Utilizing policy as code can also aid in ensuring compliance by codifying and automating policy checks.
Lastly, the human element cannot be overlooked. Beyond state-of-the-art technology, financial institutions need skilled professionals who can harness the potential of new platforms and systems. The limited availability of specialists in niche areas and a potential knowledge gap in understanding intricate products, processes, and systems pose additional challenges.
As the banking sector continues its digital journey, a holistic, informed, and agile approach to cybersecurity, adopting and succeeding at digital initiatives to converge network and security, reskilling the workforce, and driving automation will be the linchpins of success. Ensuring a secure network and effective risk management in the face of potential data breaches and evolving threats is paramount.
Cybersecurity Regulatory Impacts
Although the banking sector is a beacon of financial stability, it is increasingly grappling with dual challenges: ensuring robust cybersecurity and adhering to evolving regulations. As financial institutions strive to meet customer demands and counteract cybersecurity risks, they are simultaneously navigating a labyrinth of stringent data privacy and security regulations. These regulatory measures, coupled with the expanding digital landscape, have inevitably escalated operating costs, particularly in the realms of compliance for both retail and corporate banks.
The imperative for heightened security and compliance in banking is underscored by the need to protect sensitive personal data, maintain transactional integrity, and safeguard the health of national and global economies. Yet, a recent International Monetary Fund (IMF) survey paints a concerning picture of the regulatory landscape. Covering 51 countries, the survey revealed:
- 56% of central banks or supervisory authorities lack a dedicated national cyber strategy for the financial sector.
- 42% lack specific cybersecurity or technology risk-management regulation, and a staggering 68% do not have a specialized risk unit within their supervisory department.
- 64% have not mandated testing or provided guidance on cybersecurity measures.
- 54% do not possess a dedicated regime for reporting cyber incidents.
- 48% are without specific regulations addressing cybercrime.
While these statistics might paint a bleak picture, it’s essential to view regulatory and security requirements not as hindrances but as catalysts for innovation and risk management. For example, McKinsey highlights the potential of data analytics in banking, suggesting that it can lead to risk-reduction savings valued at up to $1 billion annually for some large banks. These savings encompass reduced fines, enhanced compliance reporting accuracy, improved management of sensitive data, and the mitigation of various other risks.
As the banking sector continues its digital evolution, striking a balance between innovation, cybersecurity risks, and regulatory compliance will be pivotal. Embracing this triad can unlock unprecedented opportunities, ensuring a secure, compliant, and forward-looking financial landscape.
Cybersecurity Risk Management for Banks
Cyber-risk management in today’s banking landscape extends beyond technical measures to encompass a holistic, organization-wide approach. However, many institutions grapple with limited tools to gauge cybersecurity risks, especially when integrating new digital partners and technologies.
Recent regulations emphasize operational resilience, advocating for a globally aligned risk management framework. This international convergence seeks to standardize practices, reducing fragmentation. A notable aspect of these regulations is the scrutiny of third-party providers, given their growing significance in the financial ecosystem.
While banks are traditionally cautious in IT vendor selection, the rise of innovative startups offers a number of promising solutions. Yet, this openness must be balanced with due diligence, especially when third-party relationships can introduce cybersecurity vulnerabilities. As banks evolve digitally, a harmonized approach to risk management that considers global regulations and third-party integrations is essential for a secure and progressive banking sector.
Banking Cybersecurity Challenges
Historically, banks have operated as siloed entities. Distinct departments, each with unique objectives, often rely on separate systems. This fragmented approach has inhibited growth, restricted scalability, and diminished customer satisfaction. Traditional banks, particularly, have garnered a reputation for cumbersome processes, especially when customers seek new services or support.
Implementing a unified platform that centralizes data and bridges the gap among various systems can effectively counteract the challenges posed by these silos. However, information silos also amplify cybersecurity risks, data breaches, and compliance concerns beyond operational inefficiencies, which are all pressing issues in today’s banking landscape.
The integrity of the IT infrastructure and the vast amount of data it houses remain a paramount concern in banks’ digital transformation journey. Addressing technical debt is crucial. This debt is often a byproduct of historical underspending and the juxtaposition of modern technologies atop outdated infrastructure. To navigate these challenges, banks should establish dedicated units or expert teams focused on innovating and ensuring that their offerings remain competitive. Assigning clear responsibilities for these innovation projects is pivotal.
Gone are the days when IT security in banking was a linear affair. Today’s banking ecosystem comprises tens or even hundreds of thousands of interconnected devices ranging from computers to Internet-of-Things (IoT) integrations. And when the proliferation of social, cloud, and mobile channels is factored in, the potential attack surface for data breaches and cybersecurity risks magnifies exponentially. The pressing question remains. How can banks ensure a secure network amid such vast complexity?
Although the need for financial organizations to embark on digital initiatives is essential, it accentuates the need for scalable security and compliance solutions. As banks evolve, the scalability offered by Software-as-a-Service (SaaS) solutions becomes indispensable, especially in the retail banking sector. Organizations must ensure that risk management remains agile and responsive to the ever-expanding digital landscape.
Secure Networking Solutions for Financial Organizations
Whether an organization has cutting-edge or legacy technology, infrastructure vulnerabilities can become prime targets for cybercriminals. As these adversaries relentlessly exploit weaknesses, financial institutions face the potential for significant financial losses, operational downtime, brand damage, and regulatory fines. Financial leaders must prioritize the resilience and overall health of their institutions.
Financial institutions should consider converging networking and security into a single secure networking solution to address these challenges. They can apply consistent threat intelligence and security services by consolidating disparate point products into an integrated cybersecurity platform.
Key features of an ideal security solution include:
- Visibility: Comprehensive oversight across the entire digital attack surface
- Advanced protection: Defense mechanisms against threats that are growing in volume and sophistication
- Intelligent integration: Seamless integration within a smart IT architecture
- Automation: Leveraging technology to address the shortage of skilled human talent
- Simplified compliance: Streamlined processes to ensure adherence to data privacy regulations
How to Enjoy Threads and Keep High Levels of Privacy and Security
Recently Threads released a new Web version allowing users to finally search for content and use other features from any of their desktop devices. For those who still use Threads, Kaspersky experts have compiled a list of tips on how to do it securely, protect personal data, and avoid scammers.
Kaspersky experts have previously discovered phishing pages imitating the web version of the social network and collecting users’ logins and passwords, as well as offers of a so-called “Threads Coin” promising to “connect users to the Metaverse,” which was fake and sold for cryptocurrency on the Web. It is important for users to always be on alert when exploring new social media platforms.
- What is important to know regarding security settings in Threads:
- Threads offers a Security Checkup. This feature shows key security-related data about Threads, Instagram or Facebook accounts. It reflects currently connected email addresses, mobile phone numbers, the last time the password was changed and whether two-factor authentication (2FA) is on or not.
- Users should not forget to set up 2FA. Threads is connected to the Instagram profile and uses the same logging details, so users should remember: one password gives access to two accounts! It’s always more secure to use 2FA as a security layer that protects accounts from unauthorized access. Modern reliable password managers can also generate and store unique one-time passwords for 2FA, that’s why one doesn’t need to install and use a separate solution for authentication.
- It’s impossible to delete the Threads account alone – the connected Instagram profile will be deleted as well, which means that all data will be concealed from other users of the social network.
- To do this, users need to go to Settings -> Account -> Deactivate profile and press Deactivate Threads profile.
- As for privacy, a user can limit who can contact them by muting, restricting or blocking someone. In all these cases, none of the contacts will be notified of these actions.
- If you don’t want to see someone’s post, you can mute the user. In case you don’t want to receive notifications of someone’s actions such as likes, replies, and so on, you can restrict the user. If you block a user, they won’t be able to find your profile or account – the list of blocked users is shared between Threads and Instagram.
- To mute, restrict or block someone, go to their profile, click on the three dots in the upper right corner and select the action.
- To strengthen the privacy level in your Threads account, the following tips can be useful:
- You can monitor and set up, who can mention you in posts with ‘@’ symbol.
- Threads is trying to fight against offensive language, so users can filter offensive language in responses to their posts. The platform offers several tools, like automatic filtering with built-in lists or manually adding specific phrases and words.
Achieving a Successful Continuous Threat Exposure Management Program
Written by Lydia Zhang, the President and Co-founder of Ridge Security
If your organization is concerned about increasing and expanding cyber threats, you are not alone. While many enterprises recognize the need to create a multi-layered security posture, this article explores the importance of Continuous Threat Exposure Management (CTEM) and how it can help proactively manage risks and bolster defences against growing cyber threats.
CTEM is a cybersecurity program that goes beyond simply responding to threats. It leverages proactive attack testing and simulation to identify and mitigate vulnerabilities before real attackers exploit them. Organizations can prioritize and allocate resources more effectively by continuously monitoring and evaluating security risks. This systematic approach allows for a more robust defence in the face of a rapidly expanding attack surface.
Primary Benefits of Implementing a CTEM Program
Let’s take a closer look at some of the key advantages of implementing CTEM. By continuously scanning and monitoring your digital infrastructure, you can proactively stay one step ahead of cyber threats. CTEM prioritizes threats based on their potential impact and likelihood of occurrence. This way, resources can be efficiently allocated to tackle the most significant risks first. By following an iterative approach, CTEM allows you to learn from each assessment and adapt defences accordingly. You can implement effective remediation measures and continuously improve your security posture by generating actionable insights from real-time threat data.
This data-driven approach ensures decisions are made based on the latest threat intelligence. This empowers security teams to make more targeted and effective remediation efforts by leveraging real-time data. To maximize the effectiveness of a CTEM program it must be aligned with the organization’s business objectives. This also helps achieve adaptability and continuous protection against the ever-evolving threat landscape. By incorporating your strategic business goals into the CTEM program, you can ensure that it works hand-in-hand with your overall cybersecurity strategy.
The Lifecycle Process of an Effective CTEM Program
A successful CTEM program follows a comprehensive lifecycle process. Let’s break it down into key steps. In the initial phase, the security team identifies and analyzes the infrastructure assets to be included in the program. This analysis encompasses both internal and external attack surfaces, including on-premises and multi-cloud infrastructures.
Each asset’s risk profile is evaluated, covering explicit vulnerabilities and weaknesses like misconfigurations. Understanding the potential impact of vulnerabilities on business operations is essential. Gaps in the security infrastructure are identified, such as logging and detection gaps, and missing, fragmented, meaningless detection rules.
Cybersecurity capabilities, such as automated pen-testing, controlled attack simulation, and adversary emulation, are carried out within DevOps and production environments. These activities verify cybersecurity weak points and assess the effectiveness of your remediation efforts. Automation plays a crucial role in the CTEM process. It enables organizations to continuously identify, prioritize, validate, and address vulnerabilities and threats. By leveraging automation, you can stay ahead of the evolving threat landscape and constantly improve your security posture.
How to Tell If Your CTEM Program Is Working
Once you have a CTEM program, how do you know if it’s making a difference? There are some key indicators that can help measure the success of your CTEM program.
The first and most obvious sign of a successful CTEM program is decreased security risks. You want to see fewer vulnerabilities popping up, and when they do, you want faster resolutions. You also want to see a drop in successful attacks or breaches. In this cyber game of cat and mouse — your CTEM program should be the cat!
An effective CTEM program will see an improvement in your ability to detect bad actors trying to disrupt systems. It’s not just about quantity; you also want to see the increased complexity of threats detected. After all, cybercriminals are constantly evolving, so your CTEM program needs to keep up!
Time is of the essence when it comes to cybersecurity. A successful CTEM program should help you reduce the time between discovering and fixing a threat. The quicker you respond, the less damage, so keep an eye on how fast you’re remedying those vulnerabilities.
Automated pen-testing, workflow segmentation and Breach and Attack Simulation are ways of measuring how well your security controls are performing. You want to see those controls becoming more effective over time. It’s training your defences to be stronger and smarter.
Compliance is essential if you’re in an industry with regulatory requirements. A successful CTEM program should help you meet and maintain those compliance standards. So, pay attention to any decrease in compliance violations or issues. It’s a good sign that your program is on the right track.
Now that you know how to assess the success of your CTEM program, keep an eye on these indicators, and remember, it’s all about reducing risks, improving threat detection, responding faster, enhancing security controls, staying compliant, and protecting what matters most to your business.
Cybersecurity Collaboration Holds Immense Significance in Today’s Threat Landscape
Sophos to Focus on Cybersecurity as a Service (CSaaS) at GITEX 2023
42 Abu Dhabi Hosts Coding Hackathon in Collaboration with Al Hathboor Bikal.ai
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
The Average Time to Investigate a Cybersecurity Incident is Around 26.1 Days, says Binalyze
Check Point Software Announces the Launch of the Check Point Infinity Portal in the UAE
CyberKnight Signs up as Official Distribution Partner for MENA ISC 2023
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
Ongoing Large-Scale Effort to Illegally Obtain Zimbra Email User Credentials Detected
IDC Predicts ICT Expenditure in Saudi Arabia to Exceed $34.5 Billion This Year
Video: Edgio Says Automation Will Bridge the Talent Gap in the Security Industry at GISEC 2023
Video: Tenable Throws the Spotlight on its Exposure Management Platform at GISEC 2023
Video: SANS Institute Focuses on Cyber Security Training to Bridge the Skills Gap at GISEC 2023
Video: Nozomi Networks Focusses on OT and IoT Security, and Network Visibility at GISEC 2023
Video: Inogates and Harfanglab Focus on EDR Solutions at GISEC 2023
Cyber Security5 days ago
Chinese Malware Appears in Earnest Across Cybercrime Threat Landscape
Channel Talk7 days ago
CyberKnight Partners with NightDragon to Bring New Cybersecurity Innovations to the META Region
Artificial Intelligence5 days ago
The 43rd Edition of GITEX GLOBAL to Take Place From 16th to 20th October 2023
Artificial Intelligence1 week ago
F5 to Show Off Multi-Cloud Networking and AI Solutions at GITEX 2023
Channel Talk1 week ago
CrowdStrike Intros Accelerate Partner Program
News1 week ago
Check Point Software Completes Acquisition of Perimeter 81
Cyber Security7 days ago
Cybercriminals Used Malware in 7 Out of 10 Attacks on Individuals in the Middle East
Cyber Security5 days ago
The Average Time to Investigate a Cybersecurity Incident is Around 26.1 Days, says Binalyze