2022 In Review: An Eventful Cybersecurity Year

Let’s not mince words: 2022 has been a rough and tumble year across the world when it comes to cybersecurity. It kicked off with Russia’s cyber-attacks on the Ukraine and escalated into a full-on kinetic war between the two countries. Many watched in horror as continuous new debacles and emerging threats unfolded throughout the year, Many of us in the cybersecurity profession were called to new challenges, doing battle deep in the trenches to proactively prevent the next big event. Let’s take a look back at the biggest cyberattacks, threats, and data breaches to rock the world in 2022.

A Whole Country Goes Offline

In a stunning example of civic cyberattacks, the rogue cybercrime group, Conti, attacked the core of everyday life in the peaceful and beautiful country of Costa Rica. They demanded millions in ransomware, attacked health systems, and disrupted national businesses, forcing government officials to declare a national emergency. In time, as the attacks continued for months on end, the government declared the incidents acts of war and terrorism. These attacks were too numerous to outline in detail here, but in many cases, operations were forced offline, and the associated business costs were estimated to have cost the country $30 million dollars each day that they continued. After prolonged attacks, the country had to call on help from the United States, Microsoft, and other countries to help deal with the crisis.

These events highlighted the need for cybersecurity to become a national priority and the need for countries to quickly invest in cyber defense and recovery capabilities at the national level.

Healthcare: A Continued Top Target

A year’s worth of breaches and data thefts left a long list of companies trying to recover in the aftermath. We’ll highlight one industry that was particularly hard hit in 2022: healthcare.

Healthcare providers came under heavy attack throughout the year. Criminals have targeted healthcare organizations for a long time due to the variety of valuable data these organizations usually handle and store. The stakes have escalated in recent years, as these hacks can be lucrative multiple ways for cyber criminals. They can extract lucrative ransoms as well as resell the ill-gotten data to commit financial fraud, making personal information a data goldmine for a breacher.

Subsequently, hackers have become dedicated to infiltrating vulnerabilities in a healthcare network’s security. The list of 2022 security incidents involving healthcare was extensive:

· The Baptist Health System of Texas announced a major breach over the summer, informing the public of a significant loss of sensitive patient data.

· Kaiser Permanente, the largest nonprofit health plan provider in the US, endured a breach and loss of information for almost 70,000 patients.

· Later in the year, another incident emerged where the EHR (Electronic Health Records) system was inappropriately accessed by an employee, further highlighting the risk of internal threats.

· Shields Health Care Group of Massachusetts endured a breach that affected as many as two million patients.

These are services that cannot endure a shutdown in the aftermath of a breach and must continue operations. Disaster-level operations kick in under these circumstances, from tertiary networks to data recovery, to paper-based operations, and more, each organization must find a way to operate until the threat can be assessed and purged in the wake of a breach. A renewed focus on disaster recovery was one of the themes we highlighted throughout the year, and this trend will grow in emphasis for 2023.

Google Became A Security Player With Mandiant

The cloud wars. We all know AWS is king in the market, with Microsoft’s Azure just behind it, and Google’s Cloud Platform (GCP) placing somewhere as a distant third behind that. For some time, Azure has held the unique position of being the cloud solution that is a security platform first. AWS and Google couldn’t really say that until the news of the $5.4 Billion acquisition of Mandiant by Google.

This transaction positions the search and advertising giant in a completely different cloud offering posture. With an evolved and integrated security foundation, GCP can compete on more than price and features and is poised to leverage their differentiating machine learning features to clients throughout the industry.

Cyber Insurance Rates Skyrocketed

If there’s one thing we know, the cost of everything seems to be on the way up and that includes insurance premiums. All the talk about cyber threats and breaches have driven up the cost of becoming cyber insured, especially in the wake of ransomware events. A year ago, it looked like this insurance niche was facing insurmountable troubles and needed to reassess the way it operated. Criminals routinely attacked their way through layers of security, probing for weaknesses and information in their adaptive and advanced tactics, causing insurers to severely deplete their cash reserves.

The Cyber Insurance industry has evolved in a positive direction this year as it tightened up underwriting standards that addressed implementing more appropriate controls, system checks, and monitoring capabilities than ever before. Insurers now routinely question whether organizations have implemented a comprehensive security solution, that includes testing and training their employees on phishing and social engineering, recognizing security incidents, password behaviors, endpoint protection, and more.

Cyber Developments with Russia and the Ukraine

Modern warfare often begins with cyber warfare through various channels including the manipulation of information, attacks on infrastructure services, election influence, and reconnaissance. The kinetic conflict in the Ukraine was predicated upon years of digital misinformation and cyberattacks by their Russian adversaries. These attacks escalated into destructive cyberattacks against core service targets and soon thereafter, troops on the ground arrived for a military invasion.

There are two sides to this story however, as Ukrainian forces have worked to fight back, keeping services online and mounting attacks of their own against Russia by using disruptive attacks against their invaders. The whole conflict is playing out on a digital level like a game of cyber chess. The maelstrom has also enticed gold-hearted hacktivists to join in on the action, leveraging massive DDoS attacks, malware attacks, and more against Russian infrastructure.

Catching the Bad Guys

More than ever, we saw efforts to catch and convict cyber criminals increase throughout the year:

· On March 23, a 22-year-old Russian national named Igor Dekhtyarchuk was indicted in a Texas Federal courtroom for his part in operating a cybercriminal marketplace where compromised data was openly sold to thousands of other cybercriminals. He remains at large and still wanted by the FBI.

· In another case, a group of cybercriminals were indicted under a RICO conspiracy in a Miami Federal courtroom for running an elaborate fraud operation involving tax returns, fake business entities, stolen identities, and more to file and collect tax refunds.

· In September, the popular game publisher Rockstar Games was breached and lost some of its non-public data to forums on the internet.

· A 17-year-old British hacker was later arrested and linked to hacks against Microsoft and Uber.

As discussed throughout the year, it’s time to put the pressure on the bad guys. Reducing cybercrime activity demands stiff repercussions for those doing the crime in the first place.

A MEGA Web DDoS attack

The perpetrators remain at large, and it remains to be seen what their ultimate intent was, but Google endured a massive, distributed denial of service (DDoS) attack in June, which some describe as the largest ever reported. The application-level attack exceeded more than one hour in duration and peaked at a reported 46 million requests per second. It also implemented more than 5,000 origin IP addresses across more than 130 countries.

Benjamin Franklin famously claimed that nothing is certain except death and taxes. But the cyber age compels us to add a third unfortunate inevitability to that list: bigger, faster, and evolving cyber threats. And those that don’t evolve their security posture to be as comprehensive as possible may experience financial, commercial, and regulatory ruin.

This article was originally published in Forbes, please follow me on LinkedIn.

Cyber-Terror In The Skies

Before 9/11, airplane hijackings were seen as something out of a Hollywood screenwriter’s imagination. Major movie plots tend to echo the societal themes of the day, in character scenarios and in some cases, technology. There is quite a plethora of cyber-crime themed movies that accurately predicted our future. If we take a moment to stop and notice, nearly everything around us is becoming more digitized than ever – from the navigation and control systems on cars, or the Wi-Fi-enabled temperature sensor in backyard grills. You can’t escape it, so it is little surprise to discover how much technology goes into a modern aircraft. Beyond flight entertainment, Wi-Fi, and LED lights, are intricate sensors, controls, and computing systems that interconnect together to provide the safest, best flights possible. Sadly, in the modern world, the public now lives with a very real awareness about how real the terror of hijacked planes can be. And as time has passed the potential for terror in the skies has taken on a technological twist.

Been Hacking a Long Time

The horrifying possibility of cyber-attacks against commercial flights has haunted the airline industry for a number of years. One of the first incidents to capture public attention was when security researcher Chris Robert was pulled off a domestic flight by the FBI after he claimed that he had briefly seized control of the plane. Another cybersecurity researcher, Ruben Santamarta, claimed that he had hacked hundreds of aircraft while in flight, from the ground at the Black Hat cybersecurity conference in Vegas. The cybersecurity researcher said he had exploited weaknesses in satellite equipment to hack into the planes remotely.

f a plane’s technical systems were compromised by nefarious hackers, we would be dealing with a very dangerous threat. And we have had some very close calls. For example, several years ago a malware infection prevented a Spanair flight from takeoff. In that case, the detection occurred before flight was even possible, but the whole scenario highlights a significant risk and a threat that looms as ever present.

Down To Earth

Protection in the air is one thing, protection from potential malicious passengers-turned-hackers is also noteworthy, but what about the protection to other points of the flight industry’s technology chain? Are mission critical IT systems as vulnerable as satellites and onboard computers have proven to be?

Think about this the way a hacker might look at it. When attacking a fort, nobody tries to go through the guarded front gates. They slip in over an unguarded wall or they show up disguised as the gate maintenance team. In other words, hackers find ways to go around perceived obstacles, and all the expensive fortifications or processes to find a vulnerable point of entry.

For example, bugs and malicious software can find their way in during a simple software update. Updating software is a good practice, but the potential for something dangerous to happen during these very specific times is ever-present. Almost like the vulnerable moments when vigilance is down during the changing of the guard. Conditions like this force us to validate versions, baseline systems, and to be aware of how to identify and isolate threats. They force us to monitor for behavior and metrics of compromise. In that way, the security challenges seen relate closely to enterprise security.

The Real World vs Hollywood

Planes like any other interconnected IT system can be hacked, and chances are they will be hacked at some point. The question at this point is not really if but when. Hopefully we can predict and preempt whatever that sober incident turns out to be using intelligent precautions, process, and technologies. And should this terrifying situation ever come to pass, we would also hope that swift recovery is triggered according to well-laid disaster plans. Even if we are not in the airline industry, we should adopt that same mentality for our own mission critical internal IT systems.

Are we sufficiently monitoring and protecting our mission critical systems from cyberthreats throughout the service lifecycle of our own IT infrastructure? If planes can be hacked, no enterprise IT system is safe. The same questions asked about addressing vulnerabilities and disaster recovery preparation should be directed toward every IT system, in every organization.

It is important to recognize that when it comes to commercial flights, the stakes could not be any higher as human lives are on the line. Thankfully, industry leaders and government task forces are dedicated to devising solutions that tackle cyberthreats against the commercial flight industry in a proactive fashion. Hopefully their awareness and due diligence will ensure this remains a theme for Hollywood thrillers and not a possible opportunity for another devastating terror attack that weaponizes commercial airliners.

This article was originally published in Forbes, please follow me on LinkedIn.

The First Battlegrounds For Renewed Privacy

Whether you recognize it or not, we all have technically consented to a lot of data collection. This happens through terms agreed to every time we visit a new website, on our phones, software and service agreements, and legal disclosures. The genie is out of the bottle and there’s no going back. Real privacy fled the coop a long time ago. The decline of privacy started with little events that exploited our desire for convenience to where it stands today, practically nonexistent. It happened the first time any of us shared an email with a retailer or joined a digital savings program. Sharing and storing credit cards and bank account information were right there in that mix – convenient because at some point we gained the ability to order and pay instantly but frightening because critical data about us is right there.

Privacy Used to be Simple

Let us roll back to the beginning of “the web.” It started when the first two computers got interconnected and grew from there. The nature of data at this stage was decentralized. If Person A at Computer A wanted to send something to Person B at Computer B, there was a way to do that, and you had to select what you wanted to share. Exchange of data: complete.

Today, the locus of data has completely changed. Every time you make a call, every time you make a purchase, every time you work out, every time you drive to the park, and almost everything you do is sending information somewhere out there where it is collected. Data has become centralized, and it has been collected by megacompanies, social networks, data brokers, and governments. That same collected data has been repeatedly leaked, as we recently saw in the huge data leak of one billion Chinese citizens records that were allegedly stolen from a police database.

A massive inventory of entrusted data is out there, reminiscent of Big Brother, collected by surveillance, information gathering, and Big Data. Centralized app nodes around the world operate under the influence of extremely powerful organizations, collecting, storing, and analyzing the data of billions of people, including you and me. It is a guarantee that if you’re reading this, somebody can find that information.

New Tech Makes It Worse

The idea isn’t to pick on high tech companies that make use of data, but only to point out that final throes of privacy myths have long expired. You can feel it when you bring up a random conversation somewhere by your device, and later have an advertisement come up related to that conversation. You know that privacy as we conceptualize it doesn’t exist when we look at technologies such as:

· Surveillance and security cameras: Whether completely visible or hiding in plain sight, modern cameras and the networks they run on have AI, orchestration capabilities, and face recognition that can track, monitor, and identify individuals. In many metropolitan areas, there is hardly a spot that isn’t covered by some type of camera. China actively uses them for full-on surveillance, as well as for computing the social credit score of individuals.

· Emerging IoT devices: Things like the Apple AirTag are justifiably concerning. These extremely affordable, tiny tracking devices can affix to, or be hidden in many places. As long as there’s someone with an iPhone nearby, the range on AirTags is practically infinite.

· Retailer facial recognition technologies: Targeted marketing works better when the target is as specific as your identity. All of your shopping trends, income, and related data have extreme value when focused on your likeness.

· Stingray cell phone trackers: These have been around for a while in the hands of law enforcement and other government agencies. These devices make it possible to track any person down, regardless of their personal settings and behavior.

Hopefully, you get the idea that there is no shortage of devices and systems out there that are interconnected and are gathering, distributing, and analyzing information about you. You can find these privacy invaders in your smartphone, your automobile, at the store, on the road or street, on your television, and so on.

What We Wanted and What We Got

In many cases, this collection is perfectly fine, as long as the data is protected. Data loss is a major concern that affects us all. Data abuse however is an equally concerning matter. Using data, organizations have the power to manipulate human behavior.

Law enforcement, governments, and corporations have all faced public scrutiny about the balance of personal information that exists under their operations. Consent and awareness are not always given by the individual, and that has many people focused to gain back a semblance of privacy.

We Deserve Better

People have experienced breach fatigue, and they wish to address their personal safety. According to the latest data breach report by IBM and the Ponemon Institute, the cost of a data breach $4.24 million, which includes fines and remediation. The scary fact is just 60% of companies that are hit with a breach survive after six months.

Governments, and companies are responding to this awareness as they have realized they played on the edge for too long. For example, Apple recently introduced tracking permissions pop-up options on their iPhone products. Facebook continues its efforts to protect personal data through tighter user-based control options. Changes in Facebook advertising audience options promise to emphasize privacy concerns. And data protection rules continue to take hold, inspired by and ushered in by the granddaddy European GDPR measures.

Awareness of the data privacy invasion is becoming more real by the day. Entailing costly remediation activities and reputational damage, a data breach isn’t just a concern for cybersecurity officers anymore.

A data breach has become an existential issue for the whole business that concerns CEOs, CFOs, boards, and investors.

This article was originally published in Forbes, please follow me on LinkedIn.

Cyberattacks On U.S. Airport Websites Signal Growing Threat To Critical Infrastructure

The transportation industry appears to be waking up to a renewed specter of threats following a series of distributed denial-of-service (DDoS) attacks that temporarily took down several U.S. airport websites. These sorts of targeted hacks on critical infrastructure often precede necessary and crucial advancements in the application of cybersecurity best practices. While strong security measures have always been an objective, the airline industry now looks to emphasize backup plans, threat exercises, and visibility as a response to the system outages caused by these types of attacks. The October outages for Los Angeles International Airport (LAX), Chicago O’Hare (ORD), and Atlanta Hartsfield-Jackson International appear to be part of ongoing pro-Russian cyberattacks escalation of a recent campaign protesting the U.S. government’s support for Ukraine in its war with Russia. Unfortunately, the general media have minimized the urgency these threats truly pose. There are a lot more on the way.

Major Incidents Come in Chains

Cyber-attacks on airport systems, websites, and the entire transportation ecosystem could be just a taste of something larger than ever thought possible. These most recent attacks appear to be inconvenient disruptions on the surface, but once you understand how the ecosystem of attackers operate, you cannot eliminate the possibility that today’s technology inconvenience is a Phase 1 component of a grander attack.

As a matter of methodology, hackers will test the perimeter of any means. That includes human chain events and every matter of technical circumvention possible. Any weakness that can be detected and exploited to map, obtain data, or distract will be gathered, strategized on, scaled up, and delivered. What compounds the problem is that in the sub-culture of hacking, most hackers will share their findings on the dark web with the hacker community, even if their interests do not fully align.

A Little Bit of Disruption, But a Major Amount of Fail

Halfway through 2021, a small group of hackers launched an attack on the Colonial Pipeline. This pipeline network connects the United States with refined petroleum products and gasoline for delivery throughout most parts of the east coast; when it shut down its main lines (which could be compromised by cyberattacks), nearly half our country’s fuel supply became disrupted. Drivers drained supplies in gas stations across the southeastern United States, airlines had to reroute flights around impacted airports, traders were rocked by unexpected price volatility, and logistics companies tried to desperately locate new sources rapidly enough to prevent things from becoming even worse.

The Colonial Pipeline hack is a sobering reminder that we all live in dangerous times. Attacks against transportation, fuel supply, and major utilities are urgent matters that prescribe awareness, preparation, and a shift toward pre-emptive thinking that begs the question: What’s next?

When the Worst is First

In order to put ourselves into a pre-emptive mindset, we must think of the worst possible scenario first. In the airline industry, air traffic controls are one of the most vulnerable and critical types of systems that could face a crippling attack. From there, the targets could be commercial airplanes themselves. The next 9/11-style hijacking could conceivably be a cyber-takeover of passenger liners.

Over the last several years, security researchers have demonstrated the vulnerabilities of in-flight systems with ethical hackers being able to take over a commercial plane’s engine operations. Several of these reports indicate that a dependence on legacy technologies served as an exploitable weakness, with some ethical hackers even successfully hacking a plane from the ground through various communication systems. As experienced in the Colonial Pipeline incident, a small, seemingly innocuous event can be all that is needed to cripple an entire portion of the country. Considering how catastrophic the aftermath of one of these attacks has proven it can be, a proactive response for preventing a cyber incident should be a top priority.

Readiness and response capabilities are the prerequisites to any critical infrastructure security strategy. All these components are measurable in accordance with the sequencing, severity, and impact of a ‘minor’ attack. In the wake of major incidents, we can trace the chain of events to a finite point of reconnaissance that was ultimately used to conduct the broader attack.

These industries need continued, perpetual modernization. We should never hear about legacy technologies being a technical obstacle to the health and security of systems that drive needed and required services. Flexible, rapidly updatable technology is a must, but by the same token, great care must be put into the integrity of the update process and the validation of critical systems.

A Proactive Future

To ensure the integrity of their business-critical assets and services, organizations need a thorough understanding of the technology that powers them. This includes seeing all sides objectively in an incident as well being able monitor for potential threats and cyberattacks from anywhere at any time.

Responding to the rapidly changing security landscape, organizations must now move from a mature level of cybersecurity towards an advanced and adaptable proactive posture. To do so will require adopting foundational capabilities that focus on risks that matter and incorporating customers into a resilience management that emphasizes next generation processes and technologies. While an advanced security posture is not a small feat due to the massive cyber talent shortages and evolving sophistication of cyberattacks, it is achievable when partnerships are properly leveraged.

This article was originally published in Forbes, please follow me on LinkedIn.

Social Engineering: Low Tech, High Threat

Social media often is a fun diversion and has long served as an outlet for people to share information about themselves. When it comes to security, there are some real dangers with our relaxed posture on social media that we really should be paying attention to. What we and our employees do and share in these arenas can certainly affect the security of our personal and work lives. Organizations need to further orient themselves to the problems of social engineering threats and protect against attacks that can come from this continuously present information channel. They also need to educate employees about the dangers of social engineering emanating from oversharing of information on personal social channels.

Chances are you are keen to the basic sort of social engineering attack. Consider social media as a subset target of social engineering attacks where things like phishing, smishing, and unexpected phone calls are all part of the spectrum of threats. Last year, a data breach at the Ritz in London that evolved into vishing (voice phishing) attacks on high net-worth hotel guests demonstrated how conniving cybercriminals have become in this social engineering scam. Some of these attacks can get very sophisticated and convincing, but it always comes back to manipulation of the human mind. Information is one of the core prized assets of any organization (the same could be said about an individual). Therefore, the goal of these social attacks is to create mental lapses that cause security mistakes and disclose sensitive information by gaining trust and then using that trust to launch another attack. Social engineering attacks alone are not very damaging on their own, but they are always combined with another form of subterfuge to do the dirty work.

Fun and Games Until Somebody Loses

Think about this scenario: it may seem like a fun game to share your birthday or submit answers to a quiz you see in your social media channel, but that is exactly the kind of innocence that social attacks prey upon. Answers collected from a scam like this could open the door to an impersonator on a phone call, password recovery, or give a hacker a leg up on things to use to crack secure passwords. Data is everything.

Social engineering attacks are a component of practically every modern cyberattack today. Most recently, Samsung, Microsoft, Nvidia, The Ritz, and Morgan Stanley joined a long list of major profile companies that have been breached by means of social engineering. Billions have been lost through countless combinations of:

· Credential stealing

· Purchasing and exchanging cookies and credentials in public forums

· Targeting privileged employees including support, executive, and technical staff

· Privilege escalation

· Phishing in emails, links, and pages

· Impersonation

· Fake messages and pop-ups

Social as a Gateway

Social engineering attacks are constructed on facets of human behavior and response. The most successful attacks count on near scientific understanding of what happens when fear is used as a tool, or a false urgency is introduced – these are moments where rash decisions are made. We are all human and we are all therefore, targets.The organization must decide what protections it can leverage to detect and minimize harm to sensitive data.

The most recent social engineering tactics have moved beyond conventional tactics. To look at one example, in the recent Lapsus$ incidents the breach was extremely non-technical – in some cases insiders were contacted and convinced to simply turn over privileged credentials for small sums of money. Whether it was just for kicks, financial exchange, or some false sense of anti-corporate justice, the undermining of protections and privilege is more than what many companies can handle. While this group appears to be facing a dismantling at the moment, a bigger issue is whether the success of these campaigns will inspire other groups to continue using similar tactics.

The Prevention Key is Multi-Layered

If preventing social engineering attacks sounds dire, especially knowing the human element will always be the most fallible component and that most attacks are commonly spearheaded with social, that position is difficult to deny. These threats however are only part of the cybersecurity and information security spectrum and by combining technical controls and monitoring with continuous security awareness, these threats can be effectively mitigated. By building a multi-layer protection system around sensitive information and privileged accounts, the most common attacks can be prevented. Employee training is critical, and it should not occur just once a year. It should be a continuous program of not only security education, but also ethical phishing tests to understand the soft spots in your organization.

In addition to a solid base of updated security practices, organizations are looking to address potential oversights. For example, in Zero Trust, details matter, and you trust no one. You validate everything and everyone, everywhere. Encrypt everything, everywhere. That is one strong approach. You can further use security software and appliances that have anti-phishing, sandbox, and additional prevention capabilities. Many organizations have started to pay attention to data access design in everything from SharePoint to messaging systems. This can help prevent information leakage.

Alert, Alert, Protect

The specter of social engineering threats is extensive and difficult to protect against. Attackers can come from anywhere, in combinations of traditional mail, email, links, phone calls, SMS messages, social media pages, and more. This is one of the reasons why the benefits of a comprehensive security strategy are so critical. With robust monitoring and alerting in place, anomalous behavior, privilege escalation, unknown sources, and sign-in discrepancies are the sort of triggers that can alert the organization and stop a chain of events that often begins with simple social engineering. The practice of comprehensive security also ensures that an organization can efficiently (and safely) return to normal in the event of a major security incident.

This article was originally published in Forbes, please follow me on LinkedIn.

Always-On Security In A Bot-Infested World

Ntirety CEO Emil Sayegh explains why bot attacks have a direct impact on lost revenues and increased operational costs.

Bots, fake accounts, automated networks – there are many names, but they have one commonality: they’re all a plague upon the web, upon the enterprise, and upon the community. The on-again, off-again Twitter / Elon Musk deal is just the latest high-profile story that has put the topic back into the spotlight. It is a growing problem and to put it mildly, and it doesn’t look like there is any near-term resolution. There are industries that are more plagued by it than others, but this is only a matter of time.

The Plague of the Bot

For several years, bot traffic from malicious bots has notched double digit increases. By various measures, nefarious bot traffic is about a quarter of all internet traffic. Think about all that infrastructure, all that engineering, all of that quality control wasted on garbage or dangerous traffic. Another 15% of total traffic is “good bot” traffic, which is just the programmatic collection of information that someone out there is hoping will give them a marketing or insight edge. The worst threat however is from the malicious bots (AKA “Bad Bots”) that have the capabilities of creating havoc through:

· Credit Card Fraud

· Denial of Service attacks (DDoS)

· Steal Credentials

· Fake Account Creation

· Service Flooding

· Content Scraping

· Inventory Squatting (through abandoned shopping carts)

· Price Influencing

The Price of Bots

In short, bots are awful as Mr. Musk and Twitter execs can attest. In addition to accounting for the garbage traffic, massive efforts must take place to protect an organization from the damage that bots can do. Not only do efforts equal expense, but bot attacks also have a direct impact on lost revenues and increased operational costs.

Bots are universal, yet some industries feel this pain more than others. This is due to the type of data and the content that each subject business is in. Follow the money and you will find the most targeted industries. They include the following:

· Financial

· Gambling

· Travel

· Healthcare

· Ecommerce

Specific industries that are struggling with this impact at this moment include:

Fintech/Stocks – Fintech faces all of the troubles that financial industries face, attractive to criminals due to the accelerated access they provide to customers combined with financial motives. Bots try to manipulate stocks or digital currencies on a daily basis, hyping news on social media, executing targeted trades, etc.

Martech – Marketing technology faces similar challenges, with bots creating artificial conditions, clogging inventory, falsifying reviews, exploiting the landscape of ecommerce, and mostly creating fake clicks to fleece advertisers.

Public Opinion – Where fake and automated accounts help create false sentiment in a form of meddling where areas of products, politics, and opinion posts about any number of subject targets. We saw that in the accusation of both parties accusing the other of election interference through the use of bots.

The entire list covers every possible industry. With so many targets and the payoffs in clear sight, these bot threats are surging. Making matters worse, the composition of bot networks as well as the attacks they deliver are becoming increasingly sophisticated. Businesses are racing to keep up with the impacts.

Stay Vigilant

The best advice is to ensure the systems you control have are hermitically sealed through the use of multifactor authentication (MFA). Further, it is critical continue to be as proactive as possible in order to minimize the impact of these bot attacks, maintain customer experiences, and assure that profitability impact is minimized. Monitoring is a key component of these defenses, and you should investigate both spikes in traffic as well as their sources. Monitor and automate oversight over failed login attempts – a hallmark of a bot-based account attack are strategically originated, off-timed sign-in attempts. Overall, keep watch over the entire environment, inside and out because with enough visibility, you can mitigate events before they affect anything significantly. As Elon Musk did with Twitter, it is also critical to go back to the organization that is permissive of bots and hold them accountable. Bots are here to stay, so keeping them at bay is critical, ever a competitive mission for any organization.

This article was originally published in Forbes, please follow me on LinkedIn.


Meet The Cybersecurity Zeros: Heroes And Villains

Ntirety CEO Emil Sayegh addresses the rising threat of zero-day threats and makes the case that implementing Zero Trust is a game changer for creating a modern security philosophy that is prepared to take on the evolving threats surrounding us all in the present cybersecurity landscape.

The war between Russia and Ukraine has spurred a tidal wave of cyberattacks and disinformation. Cyberattacks have become a more prevalent threat than ever, and the trend will only continue. At the moment, the most common forms of cyber-warfare include known threats and zero-day attacks such as ransomware, distributed denial of service (DDoS) attacks, espionage, and malware.

You might have heard the term zero-day attack, but you might not have an actual idea of how serious this threat is, or how to respond to a threat you don’t know about. For the first time in history, zero + zero can net out to be a “positive.” Before we all collectively gasp at this violation of thousand years of mathematical history, let’s explore how it’s possible when it comes to cybersecurity.

Inside the Zero

A zero-day attack is a cybersecurity event that is leveraged by an outsider with bad intent. These attacks find and exploit digital cracks in the security bubble — things such as malware, software flaws, security flaws, and overall vulnerabilities. Zero-day refers to flaws that are discovered first by attackers, before the vulnerable party can issue a fix. With that upper hand, an attacker has the choice of attacking immediately, launching additional attacks, monitoring additional information, or waiting for an opportune time to strike (when it might hurt the target the most).

Until developers and operators find a way to address the flaw with updates and patches, zero-day vulnerabilities are a threat from day zero to the day the vulnerability is discovered. All you have to do is look at the recent Microsoft Exchange Server HAFNIUM exploit that affected thousands of systems for evidence of the impact.

Zero-day vulnerabilities pop up in a variety of ways that include:

● Attack chain tactics that leverage malicious sites and false advertisements

● Exploits that are delivered by spear-fishing tactics

● Infecting websites that company users are known to visit

● A compromised system, server, or network software

Making matters worse, successful zero-day attacks maximize the amount of time between that first attack to first discovery, broadening the potential for damage.

Zero Plus Zero Equals Positive

There is a palpable sense of inevitability and a notion that there is little that can be done to prevent zero-day attacks. These attacks can be prevented and leading the way is one of the best security principles in practice today—Zero Trust.

Under the old models, compute elements were trusted because they originated within the four walls of the data center. The cloud, remote work, and rapid growth changed the playing field and the requirements for security. Zero Trust follows three basic principles:

  1. Assume breach – Every transaction is treated as though it is from an unknown source. You authenticate and encrypt everything. Every read, every app, every account, every device gets full verification.
  2. Least privileged access – Access to critical systems and data allows just the minimum required, bound by time and risk-adaptive rulesets.
  3. Verify explicitly – All data points come into the authentication play, from login location to time of day to analytical profile info.

With the mantra to never trust and always verify, access in Zero Trust can only be granted once each request is encrypted, authenticated, and authorized. Impact and lateral movement within a network are constrained by limiting access to just the job that is needed and micro-segmentation, down to the bits wherever they may exist. Finally, analytic capabilities and security intelligence stand watch, ready to uncover issues and anomalies.

Refocusing Security

Adding Zero Trust to your security program is a philosophy shift. In response to zero-day threats, organizations must pick up:

● Refactor Code to Be Secure By Design using SecDevOps, and Zero Trust principles

● Install comprehensive proactive security defense systems as well as multi-layered security Keep software and systems up to date with patches

● Teaching better security behavior to your employees and software developers

● Refresh your disaster recovery strategy

● Rehearse scenarios

The best part about Zero Trust is that you don’t have to tear out any security or infrastructure that you already have. These principles can be adopted through robust, flexible technologies and through partnerships for continuous monitoring, and proactive always-on mitigation. The rising threat of zero-day threats, combined with the mission to implement Zero Trust, is a catalyst for a modern security philosophy well matched to the imminent threats surrounding us.

This article was originally published in Forbes, please follow me on LinkedIn.

Cybersecurity Megatrends: Signal, Noise, And Existential Threats

Ntirety CEO Emil Sayegh gives insights into the trends, myths and threats of the cybersecurity landscape.

Over the years, leaders, pundits, and analysts have all predicted that healthcare, financial, educational institutions, and even governments will face a sustained challenge from cyber-threats. According to a recent Gartner’s Emerging Risks Monitor Report, the threat of “new ransomware models” was the top concern facing executives. That is the new reality of the world we live in today – threats, schemes, identity stealing, ransomware, and more. Over the years, IT leaders have sporadically strived to overcome and mitigate these threats – some with a range of timid successes and some dismal public failures. Unfortunately for all, the threats are about to get much worse.

Unfolding Series of Cyber Events

A marked surge in cybercrime occurred about two years ago at the onset of the pandemic. Opportunists seized on the shift of office work to remote environments. From human exploitation to technical mischief, an emerging surge of attacks followed during the extremely challenging times of the COVID-19 pandemic. That surge has not let up since.

Further, when the Russia-Ukraine conflict emerged on the world scene, the open fact was that cyber warfare would immediately accompany the kinetic war efforts. Global economic sanctions started to roll in and reports from the cybersecurity sphere showed that both sides engaged in heightened cyberwarfare activities. In the buildup to the conflict, we witnessed an 800% increase in cyber activity driven by the Russia-Ukraine conflict. Both targeted and global, the sources of these activities have been traced back to sources organized by respective governments and third-party groups.

Now, global economic challenges are all around us, threatening to get worse, creating a broad impact on our economies, and us individually. One of the elements that does not get enough headlines is the secret world of cybercriminal activity. For many, the motivation for cybercrime follows logic – there are undeniable economic incentives. However, what they may not realize is that there is a clear existential motivator that drives everyday, seemingly normal people, to resort to cybercrime when faced with economic challenges.

Industry Response

A further sign of a bleak future, organizations continue to struggle to fill vacant cybersecurity roles – a pattern that has been in place for several years. Finding, training, and retaining needed talent has been a massive mission in the face of the “Great Resignation” of 2021. Companies have responded as best they can, but the dire hiring circumstances continue. To mute the underlying shortage, one of the silver linings has been the introduction of more automated tools into the respective security stacks that leverage artificial intelligence (AI) and machine learning (ML).

To understand the dangers further, we must also consider the alarming element of cloud adoption and growth that invariably comes before the availability of proper security, privacy, and compliance controls. Despite best efforts and under the pressures of escalating cyber threats, this misstep happens throughout the industry. It is under these circumstances that organizations find themselves with blind spots in their applications and infrastructure, with more questions than answers when it comes to overall security posture.

Others have turned to cyber insurance to cure their woes. This is understandable and, in many ways, necessary in the face of significant threats such as ransomware, phishing, and financially impacting cyber events. However, the cyber insurance industry has also rapidly changed for a variety of reasons. A recent trend of massive ransom reimbursements along with a clear and rising threat index has forced insurers to implement much-increased premiums, as well as higher requirements of security measures to their clients as a pre-requisite of insurability.

It is not unheard of for cybersecurity claims to take months to settle and even then, only after extended legal interventions have taken place. In other words, reliance on cyber insurance in place of true cybersecurity measures is a recipe for disaster. With a focus on compliance, claims, and overall premiums, cyber insurance policies are getting canceled in droves, and premiums are getting hiked (just like everything else).

Today, risky strategies and responses abound because of the complexity of modern cybersecurity, an over-reliance on cyber insurance, and other more human factors such as staffing, analyst burnout, attrition, and insider threats.

Existential Threats

The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack. Think about all of this. It shouldn’t be a surprise and perhaps it needs the light of inevitable truth. Some companies are going to die – due to cyber threats. For some, the threats are too great, the risks are beyond what they can reasonably assume, and compounded with financial pressures from a receding economy, some companies like Code Spaces, Telefonica, FlexiSpy, Medstar Health, and Lincoln College will face their final breaking point and shut down. With more freelance cybercrime ahead, the signal, and the noise are trending toward new chaos.

The fortunate few will have maintained integrity thanks to sound security partner strategies, supported by technologies that deliver the sort of cybersecurity posture that is required in the business environment. Most organizations cannot build the type of dedicated, around-the-clock security operations that can manage and ensure all the tenets of a cybersecurity program. Fiscal challenges, time-to-market, and the cybersecurity talent gap are significant obstacles to doing so.

By mitigating risks and building a stronger posture, the role of the cybersecurity and compliance partner is essential to business health. With a litany of emerging threat conditions and rapid evolution of threat technologies at the gates, comprehensive security offers the path through this upcoming wave of challenges, detecting threats, orchestrating response, and assuring that operations above all else are maintained.

This article was originally published in Forbes, please follow me on LinkedIn.  


Cybersecurity Month: What You Should Do All Year Long

With cooler weather ushering in the start of another fall season, it is also time to usher in another Cybersecurity Awareness Month. And just in time for this annual focus on cybersecurity we’ve seen two major security breaches in just the last two weeks: Uber and Take-Two Interactive. Since 2004, the president of the United States and Congress have declared October to be Cybersecurity Awareness Month. During that month, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaboration between government and industry to raise cybersecurity awareness domestically and globally.

Cybersecurity Awareness Month serves as a needed reminder for many that highlights the continued risks and significance of cybersecurity in general. The recent 800% rise in cyber-threats points to the fact that awareness needs to be year-round. That is why we call attention to these five useful and proven tips for your organization:

#1: Improve on Identity and Authentication

Identity and Authentication are generally regarded as gateways to a major data compromise, and there are a handful of best practices that serve as the front-line for protecting sensitive data:

  • Passwords
  • Multi-Factor
  • Zero Trust

It all starts with strong passwords and password policies. Enforce these wherever you can and from the perspective of personal behavior, don’t reuse passwords on multiple sites. Hopefully, passwords are not the only thing standing between your accounts and the critical or personal information they contain. Additionally, multi-factor authentication (MFA) is an absolute must-have in the wild world we live in. Although MFA alone is not fool proof, it is a critical step in ensuring the proper gatekeepers are in place for a comprehensive security posture.

That leads us to Zero Trust, which is a principle that organizations should be driving toward at full speed. Zero Trust treats every system and every use with the utmost of caution, using encryption, biometrics, MFA, and every means necessary to validate everything, everywhere, at any time. Both the Uber and Take-Two Interactive breaches this September are driving renewed focus on this important security approach.

#2: Embrace End-to-end Encryption

Not so long ago, data protection meant something that was fortified with a strong perimeter to defend it. As we have moved to a nimbler, cloud-based and distributed foundation and workforce for all we do, locked away data can no longer guarantee security as it flows from endpoints, through networks, to mega data systems.

The only way to make security possible is with full encryption and it is a principle you should implement everywhere for data in transit and at rest. Most cloud systems have this figured out, but when you secure your endpoints, your mobile phones, your applications, your email, and enforce those aspects of security throughout the data lifecycle, your security risks will see significant reductions.

#3: Update Software and Systems

Take a moment to look at your software updates and device patching regimen. This basic exercise assures that you are implementing the best possible versions of the firmware and software you use every day. It also pays to take an inventory of the software you don’t regularly use and that may be adding risk to the background. The same applies to devices such as firewalls, routers, and networks, as vendors work to address discovered vulnerabilities through patches and platform updates designed to improve security. Many of the technical exploits that are reported can be traced to system vulnerabilities that were discovered through scanning by malicious third parties.

Severe vulnerabilities typically drive rapid updates, so at times there may be a balance between managing security updates against the requirements of stability. However, in most cases, things like automatic and routine updates can only serve to improve your overall security.

#4: Educate on Cybersecurity

Many threats are levied against the front line, from social engineering to technical means, and these threats are often the first domino to fall in a sequence of events. One of the most common tactics is the use of phishing, which has been around for decades but continues to evolve. Not so long ago fake emails were easily spotted because of bad spelling and grammar but that is no longer the case. Criminals spoof trustworthy institutions and brands with similarly named domains, pirated logos, and entire pages that look like the real thing.

To blunt these deceptive tactics, cybersecurity training is one of the best investments an organization can make to bolster a culture of cyber-awareness. When users know what to look for and become familiar with the tactics that bad actors use to gain access to sensitive accounts and information, they can report suspicious activity such as phishing emails to IT.

#5: Revisit Your Breach Readiness Plan

Few people think about it – it is uncomfortable notion in its very nature, but you must be ready for the unthinkable and prepare your planned response in the case of a cyber-event. And this must be done in regular intervals. Hopefully, a breach is something you rarely if ever encounter, but when you have an updated readiness plan in place, it makes all the difference in the world when the need arises.

A breach readiness plan ensures that everyone understands their roles and responsibilities in not only preventing, but responding to an incident, no matter how minor or severe it might appear to be.

Let’s Keep it Going

If we all commit to revisiting these tips throughout the year on a weekly, monthly, or maybe even bi-monthly basis we promote a culture of cybersecurity awareness within. We need to each assess where our respective organization is in terms of cybersecurity maturity, and move it forward with these principles in mind. Maintaining a proactive and not a reactive approach to cybersecurity is the end goal of awareness, and your security baseline will thank you for it.

This article was originally published in Forbes, please follow me on LinkedIn.  

A Message from CEO Emil Sayegh on Ntirety’s Top 20 MSSP Global Ranking

Congratulations to the Ntirety team, our partners, and our customers for helping Ntirety place as a Top 20 global MSSP!

Today, Ntirety put out a press release to announce our placement as 20th in the top 250 MSSPs globally: linked here. This award is based on a broad industry survey, and rewards Nitrety for our business growth, ecosystem partnerships, quality of services and superior talent.

2022 has been a year of record growth and innovation for Ntirety.
Our public accomplishments, accolades, and milestones include:

  • Key customer wins with 100% increase in MSSP clients annually.
  • Broadening of Ntirety’s channel program, by adding every major TSB, and hundreds of more sub-agents.
  • The launch of Ntirety’s unique CaaS service, offering both a consulting strategy and implementation of a continuous compliance process on behalf of customers.
  • The launch of Ntirety’s vCISO Service, which removes the guesswork from security, implementing best practices, creating a prioritized roadmap, and developing and executing a comprehensive security program.
  • Winning three global InfoSec awards in the following categories: Next Gen Cloud Security; Editor’s Choice Cybersecurity Service Provider of the Year; and Editor’s Choice Cybersecurity Services.

I could not be prouder of this team. Our top 20 global ranking is a testament to all the hard work, and to our unique approach to comprehensive cybersecurity, setting us apart from point product security providers. It is also a testament to our company growth, industry/thought leadership, and customer focus.

There has never been a better time to be a part of this amazing Ntirety mission, in securing the world against the bad guys!

This post by Ntirety CEO Emil Sayegh originally appeared on LinkedIn.