By David Richardson, Vice President of Product at Lookout

As IT operations migrated to the cloud, it became easier to support remote and hybrid workers. The problem is that it has also complicated the infrastructure IT and security teams are tasked to protect.

Organizations far and wide have expanded their use of cloud and SaaS apps, especially over the last couple of years, to empower their users to stay productive and collaborate from anywhere. Many, though, have struggled to ensure their security strategies keep pace in this mode of operation, where users, endpoints, apps, and data now largely reside outside of the traditional enterprise perimeter. 

To read this article in full, please click here

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.

The use of third-party services can also come with significant—often unforeseen—risks. Third parties can be a gateway for intrusions, harm a company’s reputation if a service malfunctions, expose it to financial and regulatory issues, and draw the attention of bad actors from around the world. A poorly managed breakup with a vendor can also be perilous, resulting in the loss of access to systems put in place by the third party, loss of custody of data, or loss of data itself.

To read this article in full, please click here

Israel-based startup Oligo Security is exiting stealth mode with the public launch of its namesake software, offering a new wrinkle in library-based application security monitoring, observability, and remediation. Utilizing a technology called extended Berkeley Packet Filter (eBPF), it is able to provide agentless security coverage for open source code.

Given the prevalence of open source code in modern software — Oligo contends that it accounts for something like 80% or 90% — there is a need for software composition analysis solutions that can check the code for potential vulnerabilities. The current generation of solutions, however, is “noisy,” according to Oligo. It tends to produce a lot of false positives, and doesn’t contextualize alerts within a given runtime. The latter tendency is unhelpful for setting remediation priorities.

To read this article in full, please click here

It’s common for operational technology (OT) teams to connect industrial control systems (ICS) to remote control and monitoring centers via wireless and cellular solutions that sometimes come with vendor-run, cloud-based management interfaces. These connectivity solutions, also referred to as industrial wireless IoT devices, increase the attack surface of OT networks and can provide remote attackers with a shortcut into previously segmented network segments that contain critical controllers.

Industrial cybersecurity firm Otorio released a report this week highlighting the attack vectors these devices are susceptible to along with vulnerabilities the company’s researchers found in several such products. “Industrial wireless IoT devices and their cloud-based management platforms are attractive targets to attackers looking for an initial foothold in industrial environments,” the Otorio researchers said in their report. “This is due to the minimal requirements for exploitation and potential impact.”

To read this article in full, please click here

Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness.

“Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber at Hall & Wilcox, which helps companies with cyber incident management among other things.

Cyber preparedness should include a communication plan

Winokur’s advice is to err on the side of transparency, while ensuring accuracy when it comes to responding to a cyber incident. “Cyber is not just an IT risk. It really is an enterprise risk, and a key part of cyber preparedness includes a communication strategy within the organization and with external stakeholders.”

To read this article in full, please click here

Israel’s Technion university on Sunday suffered a ransomware attack, which has forced the university to proactively block all communication networks. A new group calling itself DarkBit has claimed responsibility for the attack.  

“The Technion is under cyberattack. The scope and nature of the attack are under investigation,” Technion, one of Israel’s top universities, wrote in a Tweet.  

Established in 1912, Haifa-based Technion — otherwise known as the Israel Institute of Technology — has become a global pioneer in fields such as biotechnology, stem cell research, space, computer science, nanotechnology, and energy. Four Technion professors have won Nobel Prizes. The university has also contributed for the growth of Israel’s high-tech industry and innovation, including the country’s technical cluster in Silicon Wadi.

To read this article in full, please click here

Threat groups who target operational technology (OT) networks have so far focused their efforts on defeating segmentation layers to reach field controllers such as programmable logic controllers (PLCs) and alter the programs (ladder logic) running on them. However, researchers warn that these controllers should themselves be treated as perimeter devices and flaws in their firmware could enable deep lateral movement through the point-to-point and other non-routable connections they maintain to other low-level devices.

To exemplify such a scenario and highlight the risks, researchers from security firm Forescout used two vulnerabilities they discovered in Schneider Modicon PLCs to move deeper into a simulated OT architecture of a movable bridge and bypass all safety mechanisms to cause physical damage.

To read this article in full, please click here

A core pillar of a mature cyber risk program is the ability to measure, analyze, and report cybersecurity threats and performance. That said, measuring cybersecurity is not easy. On one hand business leaders struggle to understand information risk (because they usually are from a non-cyber background), while on the other, security practitioners get caught up in too much technical detail which ends up confusing, misinforming, or misleading stakeholders.

In an ideal scenario, security practitioners must measure and report cybersecurity in a way that senior executives understand, find useful, satisfy curiosity, and lead to actionable outcomes.

What can be measured in cybersecurity?

To read this article in full, please click here

Data security and management vendor has announced the 7.0 software release of its Cohesity Data Cloud platform. The release provides customers with enhanced cyber resiliency capabilities to help protect and secure data against cyberattacks, the firm stated in its announcement. Expanded features include privileged access hardening, accelerated ransomware recovery for files and objects, and attack surface reduction via AWS GovCloud support, Cohesity added.

Cohesity 7.0 focuses on a “data-centric” approach to cyber resilience

In a press release, Cohesity explained that the 7.0 software release helps businesses take a more data-centric approach to cyber resilience including data immutability, data isolation (or cyber vaulting), and recovery at scale. “Organizations are facing significant challenges with managing and securing their data estate across cloud and on-premises, with ransomware and data theft as their number one concern,” commented Chris Kent, VP product and solutions marketing, Cohesity. “Cohesity Data Cloud 7.0 adds a new layer of protection and recovery to organizations’ most critical data.”

To read this article in full, please click here

Security operations provider Expel has announced the general availability of Expel managed detection and response (MDR) for Kubernetes. The firm said the product enables customers to secure their business across their Kubernetes environment and adopt new technologies at scale without being hindered by security concerns. It has also been designed to align with the MITRE ATT&CK framework to help teams remediate threats and improve resilience, Expel added.

Kubernetes is an open-source orchestration system that relies on containers to automate the deployment, scaling, and management of applications, usually in a cloud environment. Over time, it has become the de facto operating system of the cloud, but can also pose significant security risks and challenges for businesses.

To read this article in full, please click here