How enterprises can stay ahead of risks, threats and potential attacks [Q&A]

by Ian Barker | Apr 19, 2023 | Cybersecurity

Businesses are engaged in a constant cat-and-mouse game with hackers, attackers, and bad actors in order to stay secure.

Dominic Lombardi, VP of security and trust at Kandji believes that in order to stay ahead it’s necessary to master basic IT and security hygiene, update and communicate your risk register, and work steadily toward a zero-trust security model. We spoke to him to discover more.

BN: It’s been said the human element is the next organization versus hacker battleground, why is this and what comes next?

DL: Malicious threat actors always look for the weakest link, the chink in the armor. Last year, we saw more unique attacks focused on bypassing the weakest link within standardized security controls. The weakest link? The human element. Many of these security incidents were related to multi-factor authentication (MFA) spamming, in which MFA requests were repeatedly sent to people until a link was clicked or exploiting a misconfiguration on publicly accessible resources. Meanwhile, cybercriminals have unleashed social engineering attacks aimed to disrupt organizations across different verticals and markets. During these attacks, an individual impersonates a customer and calls the company’s support desk. In the process, the attacker obtains valid account access. The organization’s lack of organizational-level security controls served as the attacker’s entry point, allowing them to gain a foothold in these environments.

In 2023, attackers will get more creative in their pursuits. Many of the security controls we put in place earlier are at risk of being bypassed due to human error. How do we ensure our security controls are fault tolerant? This starts with basic hygiene at a people, process, and procedural level. Work to build a proactive cybersecurity culture in which you document all ongoing processes — basically, all the validation steps that ensure you properly identify and authenticate a person’s identity, information, and account ownership.

BN: Risk register has come up a lot lately as a critical tool to maintaining a secure environment, how should organizations handle this in 2023?

DL: Your organization’s risk register should serve as a ‘what if’ manual that outlines current and potential security risks and how they could impact the organization. Organizations are facing constraints at all levels — budgets, personnel, and time — in 2023. Your risk register must catalog the various risk scenarios that face your business and provide visibility for your leadership teams to make more risk informed treatment plans.

Maturing organizations will double down on best practices, perform threat analysis, and continue to populate their risk register. The more visibility (and fewer cracks) you have, the less probability of unexpected negative outcomes. This involves maintaining a running asset inventory across your organization and mapping this inventory against security controls. Meanwhile, build out project plans to have a continuous rollout to fulfill some of the gaps. Think patch management, standardized configurations across servers, and a rigorous process for building, deploying, and maintaining new software. Remember that basic IT hygiene is 99 percent of the game.

BN: What is next for the CISO role? How important has this role become for enterprises?

DL: When it comes to cybersecurity, executive-level engagement is a must. That means the CISOs must take a seat at the C-level table (if they haven’t already) and stay there. Recently, with the Joseph Sullivan/Uber case, we saw the first criminal conviction of a CISO/CSO for failure to effectively disclose a breach. To prevent miscommunication and promote total transparency, any CISO who does not report directly into the CEO should demand that they do — immediately. To set themselves up for success, they should also ensure that the general counsel at their organization is in their ‘peer set’.

At the C-level table, the CISO can also (continuously) champion the risk register to ensure they receive needed resources to remediate and reduce risk on an ongoing basis. Not to mention executive buy-in for the appropriate resources to resolve high-priority items. Keep in mind that new threats, risks, and updates will always populate your risk register. It is critical to actively work to remediate against this list; this prevents risks from escalating and becoming more complicated.

BN: IT and InfoSec continue to move following their own agendas, can security become more of a ‘team sport’?

DL: Traditionally, IT and InfoSec teams within an organization pursued their own agendas. InfoSec secured the company and its users, while IT enabled people within the organization to work efficiently and effectively. InfoSec and IT teams must work more collaboratively to reduce the gap between identifying and addressing issues.

In many organizations, IT admins are joining the security team, as today’s global, decentralized workplace has broadened IT’s responsibilities within the enterprise. IT admins have become a key part of the security organization, with 34 percent of Fortune 500 companies rolling the IT department into the CISO’s purview in 2021. This percentage was close to 80 percent in startups and emerging technology companies. As more enterprise companies follow the lead of modern SaaS and technology organizations, the next task will be creating (and using) the best tooling to bridge the gap between these two core competencies. How do you adjust for the overlap and enable bidirectional communication and collaboration?

BN: Zero trust seems to be a priority, especially as it pertains to the hybrid office, how should security organizations employ zero trust methods in the coming year?

DL: Security teams have been talking about the zero-trust cybersecurity approach for a few years. It used to be ‘trust but verify’. The new zero trust — in a workplace filled with multiple teams, multiple devices, and multiple locations — is ‘check, check again, then trust in order to verify’. Basically, organizations must validate every single device, every single transaction, every single time — always.

Only six percent of enterprise organizations have fully implemented zero trust, according to a 2022 Forrester Research study. The complex and disparate workplace environments that are so common now make it difficult to adopt zero trust — at least all at once. This does not mean organizations are not slowly rolling out zero trust across their environments and assets.

It would be easy when a company only has a limited number of environments. However, if you are using AWS, Azure, and GCP with an on-premises instance along with a private cloud where you are running virtualization through VMware — that will take some time to uniformly roll everything out. Yes, companies are working towards zero trust, but it will take a bit longer than people like. As we all continue to embark on the zero-trust journey, we will see new solutions for complex problems companies are experiencing on premise and in public and private clouds.

Photo Credit: Olivier Le Moal / Shutterstock

The contradictory fall in ransomware in 2022

by snoopy | Apr 18, 2023 | Cybersecurity

That special ransomware moment – felt by fewer and fewer companies in 2022?

In Part 1 of this article, we spoke to Mike McLellan, Director of Intelligence at the Secureworks Counter Threat Unit about a seeming rise in reports of business email compromise being used against business in 2022 – as revealed by the Unit’s annual report on the cyber-threat landscape. In Part 2, we took a look at the rising tide of attacks based on multifactor authentication fatigue. But the leading – not to mention the best known and probably best understood – cyberthreat remains ransomware. While we had Mike in the chair, it seemed almost indecent not to ask him about it.

Especially as figures in the report showed ransomware down by a staggering 57% in 2022. Our first question, then, was probably inevitable.

THQ:

What gives with the plummeting number of ransomware attacks in 2022?

MMcL:

Ransomware grabs a lot of attention, because you have attacks like the Royal Mail, the US Marshals Service, just to name a couple from the last few months. They are very high-profile organizations that are impacted by this with, with a clear impact on people.

Typically, the general public only care about these things when they actually have some impact on their lives, and some of these ransomware attacks do, because they hit critical infrastructure or critical services.

The Ukraine factor.

So yes, it’s interesting that we’ve seen a reduction in the number of incidents this year. And I don’t think we’re alone in seeing that – it’s not a blip in our data. Some other vendors have reported similar trends, though whether it continues to be a trend throughout 2023 remains to be seen…

THQ:

You’re about to tell us something mind-blowing with a tinge of horror, aren’t you?

MMcL:

What makes you say that?

THQ:

We’ve interviewed you before. We know that pause.

MMcL:

Well… it’s possible the war in Ukraine had a significant cooling effect on ransomware last year. We saw a two- or three-month period where there was a huge disruption to the ecosystem, because you had groups who had operators in Ukraine, or they had split political loyalties, and that impacted on the volunteer activity.

So whether we will see that decline continue, I’m not sure. I think we will start to see it pick up again, because I think it remains a very lucrative form of revenue for cybercriminals.

But, you know, reasons why we could see a reduction would include organizations getting better at defending against it, which we always like to say is a thing.

Law enforcement disruption getting better, having more impact on the groups is a thing. Groups deciding it’s not economical because of the price of cryptocurrency or the challenges of conducting attacks. That’s a potential thing, too.

Finally, and possibly the most likely explanation, is that we’re just seeing an underreporting of it to the likes of ourselves, to law enforcement, and to other places. One theory that we’ve got is that following Colonial Pipeline and some of those very big attacks, the more sophisticated ransomware gangs decided that actually, if they could keep their heads under the radar a bit more and conduct more attacks against smaller organizations, they could still generate enough money, but without bringing the headlines, and so without bringing the law enforcement interest.

The quiet life.

THQ:

Cybercriminals opting for a quiet life?

MMcL:

It’s possible, yes. There are plenty in the criminal organizations who are absolutely only in it for the money. If you can make a good living without bringing the FBI or Interpol down on your own head, why not do that?

So it’s very hard for us to say, because we only work with organizations who pay us to come and do incident response for them. But there is potentially a much larger number of very small organizations who aren’t mature enough, don’t have those relationships to report these things, don’t know how to report it to law enforcement, and we’re just not seeing it. So I think our data on this tells potentially only part of the story.

There are reasons why that might be, but it’ll be interesting to see over the next 12 months whether insurance firms and other organizations report similar trends or not based on their data and their view of that threat.

I do think we’ll see the numbers start to creep back up, sadly. But we definitely saw a reduction last year driven probably by the war in Ukraine, and by some of the heat that came from some of the very high-profile attacks, forcing a rethink of the operation.

A busy year?

THQ:

This is inevitably going to sound crass, but is it possible that, with the illegal Russian invasion of Ukraine, lots of cybercriminals had… more pressing things to focus on?

MMcL:

I think they undoubtedly will have, yes. Ukrainian police arrest people for their involvement in ransomware gangs, and while those may not be the core operators, (the really sophisticated criminals probably live in places where they’re never going to be arrested), it will have an impact on your operation if there’s suddenly a war which encompasses places where you or some of your colleagues live.

So yeah, undoubtedly, that caused a significant distraction, and possibly some kind of physical disruption if people had to relocate.

Obviously, we hope that situation improves over the next 12 months. But it certainly looks like most of the criminal gangs that were disrupted have managed to reconfigure themselves to carry on as they were before. So we will be keeping a very close eye on that, just seeing if the fall in ransomware numbers becomes a long term trend, or if it was just a bit of a blip last year.

An offer they can’t refuse.

THQ:

As we understand it, some of the pro-Russian groups have died out or been agglomerated into the bigger groups too, right?

MMcL:

Yes, some of the big ransomware-as-a-service schemes have. There’s been a sort of stratification of the landscape where you’ve got two or three ransomware schemes, which are now very large, with lots of affiliates, lots of people kind of participating in them.

I think that’s making it harder for other schemes to establish themselves and break into that market, you’ve got a bit of a monopoly going on there with a very small number of schemes now running lots of affiliates, potentially.

And again, when we see some of the high-profile attacks, the likes of the US Marshal Service, it’s possible that was some affiliate who just hasn’t really appreciated the potential impact of that attack on the scheme.

We think the criminals who have been doing this for a long time have come to the realization that you don’t really want to try and take down the Irish Health Service, or the Royal Mail or whatever, because the potential blowback on you from law enforcement could be significant, could cost you a lot in terms of having to adapt and retool and all that sort of thing.

So we’re seeing a small number of schemes with lots of affiliates. And I’d be interested to see if we see some kind of unintended behaviour from some of those affiliates who are less easy to control, maybe because they’re less experienced.

THQ:

Apologies if this is cliché, but it sounds like there’s a mafia-style structure developing in those schemes. The cyber-mafia?

MMcL:

It’s interesting, because if you go back 15-20 years, some of the people in charge now are the same people who started out back then. And it’s always important to know that there are people behind these attacks. The central people have probably been around for a long time, but you end up with a much broader pyramid of other people who get involved.

Potentially, the people who’ve been in the business for less time are just making a sort of salary rather than generating the big payouts, but they are nevertheless getting paid well to do the job they’re doing. So you do have this kind of organizational structure.

And if you look at something like the constant leaks from last year which exposed some of this, it’s fascinating to see them talking about things like HR disputes, and salaries and all that kind of thing, and having to deal with the kind of things that most managers have to deal with in legitimate organizations.

THQ:

It’s curious to think that some of the players responsible for the bigger, flashier, more headline-grabbing ransomware attacks may actually be the people with less experience, who have yet to buy into the quiet life philosophy of advanced cybercrime. You can’t help wondering if that might be a useful thing for companies to consider in their future negotiations with these players.

In the final part of this article, having dipped into the conflict in Ukraine, Mike turns his attention to other national-level state actors that have been especially busy delivering cyberattacks in 2022. Will the leading threat surprise you at all…?

Coley Burke Joins HYCU® as Chief Revenue Officer

by Korea Bizwire | Apr 18, 2023 | Cybersecurity

(image: KobizMedia/ Korea Bizwire)

Boston, Massachusetts, April 18 (Korea Bizwire) – HYCU, Inc., the world’s fastest-growing multi-cloud data protection as a service company, today announced that Coley Burke joined to lead the global sales organization and drive go-to-market programs to accommodate scale and growth for continued worldwide expansion. Burke joins HYCU on the heels of the recent introduction of R-Cloud, the world’s first developer-led data protection platform to address the underserved needs of SaaS application users for enterprise-class data protection, and after the company closed 2022 with more than 3,600 customers and a Series B funding round that brings the total raised to date to $140M. Burke will report to HYCU Founder and CEO Simon Taylor.

“The ongoing fight against ransomware and the ever-increasing need for data protection regardless of platform or application in use, has never been greater,” said Coley Burke. “HYCU is at a pivotal moment in time, solving the challenges that legacy backup solutions cannot address while changing the game for companies and partners that need cloud-native, cost-effective and efficient SaaS backup where few solutions exist today. I am excited to join HYCU to drive and lead sales through the company’s next phase of hypergrowth.”

As Chief Revenue Officer, Burke will be responsible for driving HYCU’s global go-to-market strategy and accelerating growth and scale to accommodate customer and partner interest. Burke brings more than 30 year’s experience as a results-driven executive to lead sales and business development efforts. Prior to HYCU, Burke was CRO at Semperis where he increased demand for identity driven cyber resilience to offset the growing rise of cybersecurity risks to enterprises globally. Before Semperis, Burke was CRO at Zerto, successfully leading go-to-market for the global IT resilience company prior to the acquisition by HPE. Burke has held sales and go-to-market positions at EMC, Kashya, IBM, Quantum, and Arrow Electronics and has extensive background in software, data protection, infrastructure, storage, and BCDR products and solutions. Throughout his career, Burke has led successful market strategy and revenue growth for many of the industry’s leading product portfolios.

“We are thrilled that Coley is joining HYCU and excited that he will be instrumental in driving HYCU’s go-to-market and sales efforts around the world to handle the growing interest in our multi-cloud and SaaS data protection solutions,” said Simon Taylor, Founder and CEO, HYCU Inc. “Coley is an impressive sales leader with deep roots in data protection, and a power of positivity wherever he has worked. His outlook and attitude is infectious and our growing customer base and teams will enjoy every minute he has to spend with them. Welcome Coley, I am looking forward to working together with you, and the rest of the executive team to share why HYCU is quickly becoming the data protection provider of choice, regardless of data location and platform in use.”

To learn more about HYCU’s multi-cloud and SaaS backup and recovery as a service solutions, visit tryhycu.com.

###

About HYCU
HYCU is the fastest-growing leader in the multi-cloud and SaaS data protection as a service industry. By bringing true SaaS-based data backup and recovery to on-premises, cloud-native, and SaaS environments, the company provides unparalleled data protection, migration, disaster recovery, and ransomware protection to thousands of companies worldwide. As an award-winning and recognized visionary in the industry, HYCU solutions eliminate complexity, risk, and the high cost of legacy-based solutions, providing data protection simplicity to make the world safer. With an industry-leading NPS score of 91, customers experience frictionless, cost-effective data protection, anywhere, everywhere. HYCU has raised $140M in VC funding to date and is based in Boston, Mass. Learn more at www.hycu.com.

Attachment

• Coley Burke Joins HYCU as First CRO

Don Jennings
HYCU, Inc.
617-791-1710
[email protected]

Katie Helander
The Bulleit Group
[email protected]

Source: HYCU, Inc. via GLOBE NEWSWIRE