Multi-factor authentication (MFA) has become table stakes for both enterprise and consumer security, but it’s not the perfect solution.
MFA adds a layer of security by requiring a user to verify their identify through a second log-in mechanism. A typical example would be using your mobile banking app to confirm your identity when attempting to sign in with your browser, and or a webmail provider like Gmail sending you a code via SMS to your smartphone to verify that it’s you who’s trying to login or make changes to your account.
But adding this extra layer doesn’t make for foolproof security.
MFA can lead to complacency
Because some many business applications and digital services for consumers come with MFA built in, organizations may begin to believer that they don’t need additional security, and it’s easier for users to forget other security best practices.
Not all MFA solutions are created equal, either; some are still vulnerable to social engineering such as phishing attacks. Businesses need to look at MFA as more than a box they tick off to satisfy compliance and cyber insurance obligations and have a clear understanding what MFA can protect and where it can fail.
Common MFA pitfalls
Hackers can get around MFA by exploiting centralization and session cookies. While passkeys can make MFA phishing-resistant, their centralized nature can become a vector for hackers as they are used to synchronize all user devices they log into. Hackers can circumvent this centralization through a vulnerable second factor authenticator and the passkey’s dependence on a platform’s security despite using public key cryptography.
Session cookies that are stored on a user’s device after authentication are also vulnerable because they allow a user to access resources without re-authenticating themselves each time – hackers capture those session cookies to attain access to the user’s account without needing to go through MFA through what is called an adversary-in-the-middle (AiTM) attack.
The problem with MFA is that although it is phish-resistant, it is not phish-proof because due to AiTM attacks and because they rely on other phishable vectors such as SMS codes, a one-time password (OTP) or other secondary authentication methods. Lost devices can compound the problem. The life cycle of authentication opens opportunities for hackers if the second layers of authentication are vulnerable.
Going forward, MFA and passwords need to be bolstered by embracing a Zero Trust approach to security, reducing the opportunities for human error and phishing. Most of all, organizations must remember that MFA isn’t flawless, and it doesn’t negate the need for other security tools and best practices around access management.
- September 26, 2024
- Catagory Security
5 Things SMBs Need to Know About Cyber Insurance
Compared to large enterprises, small- to medium-sized businesses (SMBs) have constraints when it comes to IT security resources, but cyber insurance should be a high priority as SMBs are more likely to face a cyber attack that leads to disruptions and lost revenue.
The consequences of a cyber attack on a small business tend be more severe than for larger organizations, and according to Veeam’s 2023 Data Protection Trends Report, 85% of ransomware attacks targeted small businesses.
Aside from implementing cybersecurity tools, processes and employee training, SMBs must add cyber insurance to protect themselves from the financial and operational impacts of cybercrime – traditional insurance isn’t enough. Cyber insurance will cover some of the costs related to a security incident, including access to experts, as well as provides confidence to all your stakeholders that you’ve taken all the necessary steps to mitigate risk.
No matter your industry, you should have enough cyber insurance coverage in place and keep five things in mind.
Every industry is at risk: All businesses are data driven businesses, which means any type of business can be victim of a cyber attack and needs insurance coverage. Certain industries are more targeted than others, such as healthcare and financial services, but don’t think you’re immune from threats if you’re in a different sector.
Have enough coverage: It’s important to understand how much a cyber attack might cost you so your insurance policy will cover any potential data breach or attack. A study by IBM found that a small business can expect to pay to pay as much as US$3 million in the event of a data breach, but costs could be even higher if you consider any legal fees, mitigation and other IT costs, as well as loss of revenue due to reputation damage that leads to lost customers.
Your other insurance products don’t cover cyber attacks: Standard business liability policy or business owners’ policy is usually not enough to cover all cyber-related liabilities, including ransomware attacks. While standard insurance might cover some breach liabilities and employee-related incidents, you need a separate cyber insurance policy to reduce how much an incident could cost you.
Your customer and partners may require it: Many businesses require the companies that do business with them to have certain types of insurance – including cyber liability insurance.
It protects you against third-party security incidents: Even if you don’t fall prey to an attack directly, you can be affected by third-party breaches in your industry’s supply chain. If you’re a SMB that serves larger ones, you need to have risk mitigation strategies in case a partner, supplier or customer suffers a cybersecurity incident that can ripple across the supply chain and disrupt your business.
Having cyber insurance is a critical element of your overall risk management strategy, and the upfront cost of paying for it will help you to reduce likelihood of unexpected financial outlays related to a data breach.
A managed service provider with expertise in security can help you evaluate your security posture so you can not only protect your sensitive business data and avoid disruption to your business operations, but also increase your insurability.
Phishing attacks are not just a threat to large organizations. Like all cybersecurity threats, it’s just as much as concern for small and medium-sized businesses (SMBs), who can pay a high price if they fall victim.
Phishing is a social engineering tactic – threat actors use deception to trick employees into sharing sensitive information or access credentials to critical systems through emails or messages that look as though they are coming from a reliable source and requesting the user to act.
Because SMBs face resource constraints when it comes to cybersecurity, including training that helps employees spot phishing scams, they are more likely to fall prey to these tactics, and the price tag for the business can be high.
Among the immediate, direct consequences of a successful phishing attack for SMBs are monetary loss, reputation damage, and the recovery costs.
Bad actors use phishing to get users to share sensitive financial information that can lead to unauthorized and fraudulent transactions to steal company funds, which puts the stability of the business of risk – perhaps to the point of being insolvent. In addition to money, a phishing attack can steal valuable intellectual property, which is also a financial loss, and can lead to a loss of competitive advantage.
Depending on the nature of the breach caused by the successful phishing attempt, the business could be subject to legal and regulatory fines.
Phishing attacks are also used to demand ransomware payments by holding business systems or critical data hostage through encryption – payment terms can be high if the business wants to get the data back.
Investigating and mitigating the costs of a phishing-related breach also cost time and money, as do the indirect costs such as disruption to business operations – if you can’t serve your customers, you can’t make money.
Another indirect cost of a phishing attack is higher insurance premiums if it results in a data breach or financial loss because the business is now viewed by their insurer as a higher-risk client.
Depending on the length of the interruption, a disabling phishing attack can harm your reputation and damage your relationship with your customers and even prevent new customers from trusting you with their business. Suppliers and partners may also reconsider whether they can continue to do business with you.
A successful phishing attack can have both immediate and long-term consequences for SMBs. A managed services provider with security expertise can help you make the right upfront cybersecurity investments to prevent phishing from costing you a lot more money as well as your reputation.
GenerativeAI (GenAI) is a threat to your security.
While artificial intelligence (AI) has shown it can bolster your security posture by supporting automation and allowing organizations to be more effective at assessing risk, protecting data and responding to threats, there is the potential for threat actors to harness GenAI models as part of their toolbox to improve their success when attacking you.
The 2024 GenAI Security Readiness Report released by GenAI security firm Lakera has found that as GenAI adoption surges it is also creating a security blind spot for businesses due to the threat of “prompt attacks.” These attack methods specific to GenAI can be easily used to gain unauthorized access, steal sensitive data including customer information, manipulate applications, and take unauthorized actions.
All it takes are a few well-crafted words to lead to unintended actions and data breaches, the Lakera report found, while only 5% of the 1,000 cybersecurity experts surveyed have confidence in the security measures protecting their GenAI applications even though 90% are actively using or exploring GenAI.
Lakera’s CEO said a key lesson from the survey is that businesses that are relying on GenAI to accelerate innovation are unknowingly exposing themselves to new vulnerabilities that traditional security tools and measures don’t address, which has led to a combination of high adoption and low preparedness. They survey found that 34% of responded are concerned with data privacy and security as it relates to Large Language Models (LLMs).
GenAI has ultimately democratized AI for a wide array of users, while also empowering more people to become hackers, the report finds.
The primary challenge of maintaining security in the GenAI era is that these emerging tools are uniquely vulnerable and more complex when compared with traditional software. Developers have had decades to improve the debugging and validation of traditional software code and refine application security.
The immediate concern of GenAI has been not the been security implications of machine learning models until the recent emergence of consumer-facing AI models. Even the modern security tools such as extended detection and response (XDR) still must adapt to keep up with the threats posted by GenAI, and businesses will need to incorporate additional best practices and improve employee awareness to mitigate against security issues raised by GenAI.
Assessment is key as most businesses have little visibility into the use of GenAI within their organization, but they should assume it’s getting adopted, which means prioritizing data security and privacy is more important than ever.
A managed security services provider can help you assess your risk as it relates to GenAI and help you implement the necessary tools that can help you protect your organization against the threats that arise from GenAI adoption as well as the hackers that use it.
- August 15, 2024
- Catagory Security
Password Management Is an Essential Security Tool
Your employees are overloaded with passwords for different websites and applications at work and at home, and the human element makes password management all the more essential for bolstering your security.
Whether they are weak or stolen outright, passwords are the gateway to your sensitive data and applications, and using a robust password management system can reduce the risk of threat actors gaining access to key systems.
Combined with multifactor authentication (MFA), password management enables you to securely store credentials, and auto-fill passwords across applications and websites while using strong encryption to make sure to limit access to approved users. Employing a Zero Trust approach can also further enhance security as employees only have credentials for information and applications that are necessary for them to do their jobs.
Password management is especially essential for small- and medium-sized businesses (SMBs) who have limited IT resources for security – bolstering password management is an example of where an ounce of prevention is worth a pound of cure in an era where password-related attacks are a growing security threat.
Common threats to passwords today include brute force attacks, where attackers repeatedly try to guess a password through trial and errors; dictionary attacks that guess real words and phrases commonly used for passwords; and keylogger attacks, which use software to record each keystroke to identify a user’s login credentials.
Given the many ways hackers attempt to exploit passwords to gain access to applications and data, there’s a huge onus on users to manage their many passwords. They can’t do it alone, which is why you must implement a robust password management solution to help them create strong, complex passwords that can’t easily fall prey to common techniques employed by threat actors.
- July 25, 2024
- Catagory Risk Management
Robust Cybersecurity Needs More Than Tools and Technology
If money is no object, you can implement as many cybersecurity tools as there are available to secure your organization. But having the latest and greatest security technology doesn’t guarantee your data and applications are safe – you need to manage risk, not rely on cybersecurity tools alone.
More tools bring more complexity, which can be challenging to manage. You’ll have the illusion of being secure, but if you can’t make the most of your cybersecurity tools, you can still fall prey to the latest and greatest vulnerabilities and threats, which are constantly evolving. The best cybersecurity tools can still be misconfigured, underused or not even switched on.
Human error and inside threats can thwart even the best security technology, and the complexity that comes with excessive cybersecurity tool deployment can make for a bad user experience that hinders employee productivity or even spurs them to find workarounds that can put your organization at risk.
Overcompensating by spending a lot on cybersecurity tools that aren’t properly configured or fully used are especially risky for small- and medium-sized businesses (SMBs) because it creates the illusion of robust security – if they aren’t fully optimized, applications and data aren’t protected.
Your risk management strategy should inform you cybersecurity tool investments.
Assess Your Risks First
It’s not a matter of if your organization will fall prey to a cybersecurity threat or data breach, it’s a matter of when. By understanding your risk factors, you can select the right tools and deploy them more effectivity without bogging down the organization with unnecessary complexity that does more harm than good.
The key to establishing and maintaining robust security is to adopt an “assess, protect and respond” mindset. Your cybersecurity tools should be chosen based on an assessment of your organization’s risk, understanding what your critical assets are, and identifying vulnerabilities.
Rather than trying to protect everything, you should do a thorough assessment of your critical assets – mission critical applications, sensitive information and intellectual property, and essential data.
Buying an elaborate cybersecurity platform and telling it to protect everything doesn’t guarantee it will protect your most critical assets. Once you identify them, you can assess how they might be threatened, how you can best protect them, and how you can mitigate any cybersecurity incident through a well-thought out response plan.
The reality is most SMBs can’t afford to deploy elaborate cybersecurity solutions, which means they must prioritize protecting their most critical assets from threats and vulnerabilities.
Risk-Based Cybersecurity Is A Continuum
No matter what cybersecurity tools you opt to deploy, managing security risk an ongoing affair – you can’t set and forget your security platform. Protecting your organization must also include ongoing security training for employees, keeping all applications and systems updated and patched, and continuous assessment and monitoring.
Taking a balanced approach also includes planning for the worst – you must have a response plan in place when a disruption occurs. Having great cybersecurity tools can help bolster your security posture, but they won’t safeguard your organization on their own.
By evaluating and managing risk first, you can deploy the right cybersecurity tools that can help you to assess, protect and respond to any threats.
As a small or medium-sized business, you’re competing on a dynamic digital landscape with larger organizations, as well as being prey to the same nefarious threat actors that are looking to breach your security.
Many SMBs don’t think they’re on the radar of bad actors and hackers, which makes them prone to these common security mistakes.
Inadequate identity management and authentication
We all know your password shouldn’t be “password” or “12345678,” but weak passwords continue to put organizations at risk. It’s important to remind employees to create strong and unique passwords, as well as remind them that sharing passwords or writing them down where they can be seen weakens the overall security of the business.
In addition to passwords, two-factor authentication (2FA) adds another level of security that’s essential for protecting systems from threat actors, as they only need to infiltrate one user account to gain a foothold in your network.
Not training your employees
Weak passwords tend to be a symptom of poor security hygiene that is a result of poor or non-existent security training as human error is often the cause of many data breaches. Regular employee security training can prevent incidents by making your staff more aware of the dangers of weak passwords, phishing scams and other social engineering that threat actors use to gain access to networks or disable IT infrastructure.
A missing incident response plan
It’s not a matter if a data breach occurs – either due to bad actors or natural disasters – it’s a matter when. You should be ready for the worse with an incident response plan that includes data recovery in case of any disaster. Being ready for the worse will limit financial losses, damages to your reputation, litigation, and downtime. Your incident response plan should be bolstered by a data backup plan so that any mission-critical data is quickly and easily recoverable in case of any disruption.
Not updating security software
Your security software is only as good as its latest update, so you if want to protect yourself from the latest threats, you need to regularly apply patches and updates. This habit must go beyond your security tools – it’s essential that you keep your operating systems and other business applications up to date, as well as hardware firmware, as this closes potential to doors to threat actors by applying bug fixes, closing security holes and improving their overall performance and reliability.
Acting like you’re not a target
Don’t assume bad actors are only attacking big businesses – your data and your infrastructure can be just as valuable. Hackers view SMBs as easy targets because they assume you don’t have adequate cybersecurity, and even if they don’t want your data, they can use you as launch pad to attack other organizations, including your partners, customers and suppliers.
Even as you’re at risk of the same threats as larger organizations, as an SMB you have access to the same tools to protect the organization. If you find yourself making one of the above mistakes, or simply want to bolster your security posture, a managed security services provider can help you understand where you’re at and get you to where you want to be.
Secure access service edge (SASE) has gained traction as networks have become increasingly fluid – the moat and castle approach to securing the organization is no longer feasible in the era of remote work.
SASE combines network connectivity with network security into one platform that can be centrally controlled, usually via the cloud, to improve visibility, bolster policy controls and enhance overall user experience across all applications. Essentially, SASE is a single corporate network that reduces the need for various point solutions.
By converging networking and security-as-a-service functions into a single cloud platform, you can support distribute hybrid and remote workers, who all connect to nearly cloud gateways rather than a central corporate data center. SASE eliminates the need for every user, office, and application to your data center via a private network or secondary network, a model which can no longer support today’s reality of dispersed, remote workers.
With SASE, network controls are moved out of the data center to the cloud edge, with all network and security services using a single control plane. By using identity management and Zero Trust security policies, SASE enables to you to extend network access to all your remote workers, regional offices, applications, and endpoints.
SASE Components
SASE encompasses many security elements you may already be familiar with:
- A next-generation firewall (NGFW), which inspects data at a deep level and provides intrusion prevention, application awareness and control, and threat intelligence.
- A secure web gateway (SWG), which protects data and thwarts cyber threats by filtering out unwanted web traffic content and blocking risky or unauthorized user behavior.
- A Zero Trust Network Access (ZTNA), a model that assumes security threats are present inside and outside a network and ensures that users only access data and applications they need to do their job.
- A cloud access security broker (CASB), which provides security controls and additional visibility for your cloud applications and services.
- A Software-defined WAN (SD-WAN) or WANaaS, which helps scale connectivity and operations across large distances to branch offices and data centers.
SASE Benefits
Because SASE relies heavily on the Zero Trust model, it not only ensures that the right users have access to data and applications through robust verification processes, but it also takes into account other factors such as device status and geographic location, while continually evaluating risk.
SASE also reduces your overall security costs because it combines many point solutions into a single cloud platform, which also reduces the amount of time IT teams spend managing security tools and simplifies integration. Fewer point solutions also lead to increased agility and operational efficiency.
Aside from security, SASE also helps to improve the user experience for remote and hybrid workers by more efficiently routing traffic across the edge network, enabling it to be processed as close to the user as possible.
Organizations of all sizes must accept that there’s no longer a single route into their enterprise network. SASE enables you to combine network connectivity and security into one platform to support your distributed workers while protecting your data.
- June 13, 2024
- Catagory cloud computing
What is a CASB and how to pick the best one
Cloud access security brokers (CASBs) are increasingly important as endpoints flourish and organizations embrace a multi-cloud strategy for business applications and other workloads.
A CASB manages secure access between endpoints and cloud computing environments. The standalone CASB market is growing. Valued at US$11 billion in 2023, Mordor Research expects it to grow at 17% annually to reach US$24.2 billion by 2029 in alignment with the surge in adoption of various cloud-based services, along with growing concerns about data security and privacy. A CASB is also part of a broader security strategy that Gartner has dubbed the Secure Service Edge (SSE), which also integrates SWG and Zero Trust network access (ZTNA).
Like many security tools, a CASB can be deployed on-premises or in the cloud in as a hardware appliance, software-only, as a proxy, reverse proxy, or through specific APIs. CASBs can manage access for a broad range of endpoints, including corporate-owned devices or those managed outside the organization by third parties and employees, whether they on are on-premises or remote, including internet of things (IoT) devices.
These various endpoints connect to multiple cloud resources, including common productivity suites such as Microsoft 365 and customer relationship management (CRM) tools delivered in a Software-as-a-Service (SaaS) model, such as Salesforce. Common collaboration tools such as Zoom and Slack also connect via many endpoints that could be managed by a CASB, which monitors everything that goes in or out. A CASB gives you visibility into what users are doing in the cloud, enforces your access control policies, and watches for security threats.
The original purpose of a CASB was to uncover shadow IT – unauthorized applications and cloud storage services deployed by employees that put corporate data at risk. CASBs are now a critical tool for security teams to uncover and monitor unauthorized or unmanaged cloud services as well as protect data as it is moved across hybrid / multi-cloud environments and remote work environments. CASBs also play an important role in complying with data privacy regulations and enforcing data privacy policies.
Any CASB you deploy should be able to give you comprehensive visibility into cloud usage, user activities, and data flows, while also allowing you to granularly control data access and user permissions as part of your overall data protection strategy to safeguard mission critical information across multiple clouds and endpoints.
A CASB not only touches all your endpoints, but must also integrate with your existing security tools, including identity management and single sign-on (SSO) tools, web application gateways firewalls, and endpoint protection.
Given that purchasing and integrating a CASB can be a complex endeavor, considering engaging with a managed security services provider who can help you audit your organization so that you select a CASB that addresses all your pain points and can scale with your business over time.
- May 14, 2024
- Catagory IT management
Human Factors Threaten SMB Cybersecurity Efforts
Small and medium-sized businesses may be spending more on cybersecurity, but human factors still pose a significant threat.
A recent survey by password manager provider LastPass found that although SMBs have become proactive with security investments, a survey of more than 600 business and IT security leaders from companies with fewer than 3,000 employees found that human factors continue to make them vulnerable to attacks by cybercriminals.
The LastPass survey found there was a gap between how SMB leaders were tackling cybersecurity and employee behaviours.
The good news is that SMB executives have increased their attention and investment when it comes to cybersecurity. The LastPass survey found that 90% of IT leaders and 80% of non-IT leaders reported an increased focus on cybersecurity measures over the past year, with 82% of businesses boosting their cybersecurity budgets.
The bad news is there’s a disconnect between executives and their employees. Most executives and IT leaders said they feel confident about their cybersecurity measures, with only 30% of leaders believing their company faces a high risk of cybersecurity threats.
However, among the rank and file, only 78% of non-IT leaders believe employees understand the security expectations of their jobs, the survey found. More troublesome is that 1 out of 5 non-IT leaders admits to circumventing security policies, while 1 in 10 IT security leaders admits to circumventing security policies.
The LastPass survey suggests that despite increased investment in cybersecurity, their efforts are being undone by employee behavior. To get the most from their security budget, SMBs need to be mindful of the human factors that make the organization more vulnerable to an attack and subsequent data breach.
Small steps go a long way, and LastPass makes five key recommendations to encourage employee behavior that mitigates human factors that might put the organization at increased risk:
Ramp up cybersecurity education: SMBs should develop clear communication strategies and regular training sessions for all employees so they understand their role in maintaining robust cybersecurity, and every part of the organization must understand and commit to security policies.
Create incentives: SMBs should have stronger incentives for security compliance, balanced by stricter consequences for violations as well as policies for when it’s acceptable to bypass security measures to get work done. A culture of for reporting violations must also be fostered.
Embrace threat intelligence: SMB leaders must be able to identify and protect valuable and critical business information and know where the threats are coming from by investing in a threat intelligence-led security program.
Mandate password managers: Password management requires critical attention, according to the survey, so password managers combined with continuous education on password security are essential.
Brace for AI threats: Phishing attacks, cloud vulnerabilities, and the potential for business data loss due to ransomware attacks or malware are getting help from AI, so it’s important to fight fire with fire and adopt AI-driven security tools that provide advanced threat detection and response capabilities.
Cybersecurity is a continuum, and SMBs can’t be complacent even with increased investment. Human factors must be continually addressed through education, policy, and technology adoption.
Latest Blogs
FAQ