Does Malware Have Citizenship?

| January 14, 2019

article image
In talks with information security professionals at security conferences, user group events, and customer sites, Chester Wisniewski frequently fields questions about country-based blocking as a network defense tactic. Though he couldn’t find any published data to confirm his assumptions, “I couldn’t see any meaningful correlation between the countries from which traffic originates and attack patterns,” said Wisniewski, a principal research scientist at Sophos. So, in 2018, leveraging petabytes of malicious samples captured by SophosLabs, he launched his own project to determine if region-blocking was a practical weapon for slashing malware volumes. In his CyberCrime Symposium keynote, he detailed his findings and how attendees could apply the information to better defend their networks. Malicious Matters. For his research, Wisniewski analyzed a month’s worth of malicious data. Beyond segmenting threats by type and location, he wanted to drill-down to identify the countries of traffic origin, autonomous systems (ASs) — blocks of IP addresses controlled by ISPs and other large network operators — and sketchy ISPs.

Spotlight

Verint

Verint® (NASDAQ: VRNT) is a global leader in Actionable Intelligence® solutions. In today’s dynamic world of massive information growth, Actionable Intelligence is a necessity for empowering organizations with crucial insights and enabling decision makers to anticipate, respond, and take action. Today, more than 10,000 organizations in 180 countries, including over 80 percent of the Fortune 100, use Verint solutions to help address three areas of the market: customer engagement optimization, security intelligence, and fraud, risk and compliance. We help our customers capture large amounts of information from numerous data types and sources, use analytics to glean insights from the information, and leverage the resulting intelligence to help optimize customer engagement, enhance security, and mitigate risk.

OTHER ARTICLES
DATA SECURITY

When Humans and Tech Unite Against Cybercrime

Article | November 24, 2021

Since the beginning of COVID-19, the frequency of ransomware attacks has risen 400%. Criminals are taking advantage of the increased vulnerabilities caused by remote work. The more software and networked devices a business has to protect, the greater the chance their security systems will falter. The growth of ransomware as a service has allowed cyber crime to grow beyond a group of talented hackers. “Gangs” provide easy to use malware to criminals in exchange for a 20 or 30% cut of the ransom. With payouts from businesses in the millions and low chances of being brought to justice, cybercrime has grown more lucrative than ever. Just like the coronavirus, ransomware is a global disease. The infection progresses in 3 stages. First, crypto ransomware encrypts files and denies access to users. Then, malicious actors demand ransom payments in exchange for the decryption keys. When a business caves and pays ransom in the third step, they are forced to use anonymous cryptocurrencies such as Bitcoin. Common strains of ransomware include WannaCry, which has affected 125,000 companies in 150 countries, and Ryuk, which was responsible for ? of all ransomware attacks in 2020. Just like businesses were not prepared to handle COVID-19 outbreaks, most are not prepared for a ransomware outbreak at their workplace. The majority of companies have an IT security budget of less than $10,000, nearly 10 times less than what the average cybersecurity engineer makes in a year. This means businesses are either not willing or not able to pay the salary of a human tech expert ro can keep their company safe from ransomware. The problem is especially apparent in small and medium businesses. 6 in 10 of SMBs lack a policy on what to do if they are targeted with a cyber attack, let alone the funds to retain cybersecurity expertise in house. While cybersecurity is a growing field, it is not growing fast enough to keep up with the need for such skills. Can cybersecurity technology close the gap? Not entirely. Human attackers launch more sophisticated attacks every year. Artificial intelligence programs are developed using last year’s attack patterns. Responding to evolving threats requires human expertise. AI solutions are not yet adaptable enough to serve in the long term. Even in current conditions, AI solutions alone are not foolproof. Instead, they are prone to explosions of false positives and excessive alerts that annoy the business employing them. If employees learn to ignore their cybersecurity software, they run the risk of missing a real threat. Even so, the average person received 63.5 notifications every day. There isn’t enough time in a day for them to work through all the alerts on top of their regular jobs. Cybersecurity is supposed to let humans know what to trust. If it fails to do that, then it is not worth the investment. Human experts need to work alongside technology to mount an effective cyber defense. Trained analysts have an advantage when it comes to detecting and responding to ransomware. They have the know-how most humans lack when it comes to weeding out false positives from alerts. Furthermore, they can see the context, relevance, and attack motivations that a software program would be blind to. Adding human cybersecurity experts to the team brings the best of both worlds together. Criminals are bringing their best to the table. If businesses are intent on stopping them, they must make similar investments in their infrastructure. When cybersecurity matters are taken care of, employees can do what they were hired to do. Businesses can function as desired. Everyone benefits from peace of mind.

Read More
ENTERPRISE SECURITY

Staying a Step Ahead of Ransomware

Article | November 16, 2021

Ransomware attacks are becoming more frequent and far more detrimental to business operation, software infrastructures, privacy safety, and information security. In 2020, the frequency of ransomware attacks grew by 7x or more. This upward trajectory is projected to continue with a minimum of 3 out of 4 IT organizations being confronted with at least 1 ransomware attack by 2025. The true cost of ransomware attacks is up to a whopping $20 billion - the total global ransomware damage costs predicted for 2021. Ransomware attacks often halt business operations, costing businesses up to 23x more than the ransom itself. The costliness of ransomware attacks varies slightly by enterprise size. In 2019, small to medium enterprises (SMEs) represented 98% of claims.In 2019 alone, ransomware claims ranged between $2,500 and $10.1M, with an average claim of $424,000. Often disregarded when tallying ransomware attack damages, business interruption loss also takes a hefty financial toll on businesses. That same year, for SMEs, the average cost of businesses due to interruption was $1.2 million per incident, with the highest cost being $6.5 million. The heaviest post-attack costs are data loss, insurance premium increases, and heightened risk of reinfection. 82% of ransomware attack victims report significant data loss, and on average, 61% of ransomware attack victims have lost data to corruption. Insurance premium increases are also financially draining. In the first quarter of 2021, premiums increased 29% in January, 32% in February, and 39% in March. For high-risk organizations, premium increases of up to 50-60% may become the norm. On average, deductibles were raised to $1 million, encouraging more insurance clients to opt for cyber coverage, which has increased from 26% in 2016 to 47% in 2020. Reinfection rates pose financial threats as well. Reinfection occurs 80% of the time with 46% of victims suspecting that it was the same attackers. These damages that ransomware attacks leave behind are worth bracing against. In 2021, the ransomware group Avaddon made headlines after announcing that they were shutting down. Officially, the group had 88 known victims, but decryption keys were released for 2934 victims. While the full extent of Avaddon’s schemes has yet to be uncovered, it has been safely concluded that if all the victims paid the average reported amount, the group made about $1.8 billion. Unfortunately, just 3% of victims reported Avaddon’s attacks. Many organizations still think of ransomware as one-off attacks, like the infamous WannaCry attack in 2016. Today, ransomware is far more complex and many are multifaceted. Ransomware attacks may be deployed along with network penetration (compromising your organization’s network with stolen credentials and/or malware), credential harvesting (collecting login credentials for critical systems, such as Domain Name System (DNS)), attacking backups (data storage can provide a roadmap to what information is most sensitive), and/or double extortion (thread of publicizing data theft after a ransomware attack — often in response to companies saying they won’t pay). With the pandemic’s reorientation toward remote work and learning, cyber businesses and cyber education are backbones of today’s society, which makes securing them crucial. Failing to do so can breed a slew of downstream issues including job losses and business losses among a plethora more. There’s never been a better time to protect your business from ransomware. The best ways to do so are to stay up-to-date, increase employee awareness, back up data, and adopt malware detection. Staying up-to-date involves keeping track of patches and software updates, which are key to protecting yourself against ransomware. Increasing employee awareness entails empowering employees to assess whether an attachment, link, or email is trustworthy. It’s critical to keep data backed up on external devices to aid recovery should there be an attack. Last but not least, adopting malware detection, early detection of suspicious activity, is your first line of defense.

Read More
DATA SECURITY

How to Get Rid of Healthcare Cyber-attacks in 2022

Article | November 12, 2021

The healthcare industry focuses on providing the best service to each patient leveraging the latest technology. Hospitals use the latest technologies to improve patient care and treatment. However, as they constantly commit themselves to the services, they get no time or opportunities to educate themselves about cyber threats. This makes room for healthcare cyber-attacks to happen quickly. In addition, cyber threat actors and criminals are looking to exploit these vulnerabilities. Apart from breach of privacy and financial loss, healthcare cyber-attacks may put lives at risk due to patient data loss. Thus, due to the nature of the functionalities in the sector, cybersecurity in healthcare is at stake, making room for more necessary measures before it gets critical. Healthcare Cyber-attacks By the end of 2020, cyber-attacks in healthcare had increased by 45 percent, which is twice the size occurring in the other sectors. This is due to implementing the latest technologies to overcome the hurdles brought by the pandemic in the healthcare industry. Reasons Why Attackers Target Hospitals There are many reasons why cybercriminals target hospitals. Some of them can be: Selling patient data gets the attackers a lot of money Attackers can quickly enter into medical devices Staff in hospitals are not well educated on cyber threats Vulnerabilities increase as the number of devices used in hospitals are high Most of the hospitals have outdated technologies that increase the vulnerabilities Healthcare Cyberattacks across the U.S. The total number of healthcare breaches in 2019 in the U.S. was 386, and in 2020, it was 599 resulting in an increase of 55.1%. However, breaches due to hacking and IT incidents stood at 67.3%.Healthcare cyber-attacks were the main reason for the theft of the personal information of patients. In 2020 alone, around 26 million patient records reached unauthorized hands. Out of this, 24.1 million incidents were due to healthcare cyber-attacks. Ways to Getting Rid of Healthcare Cyber-attacks in 2022 We have learned how the healthcare sector is more prone to cyber-attacks and why criminals target hospitals more than other sectors. Understanding this, you have to take immediate and necessary actions to mitigate the cyber threats. Outlined are the following actions and measures to reduce healthcare cyber-attacks. Solid Healthcare Cybersecurity Policy In the healthcare sector, all hospitals should have a solid cybersecurity policy. Healthcare data can be compromised anytime and anywhere. A solid healthcare cybersecurity policy with effective measures is worth a ton for healthcare organizations. Moreover, it can easily prevent healthcare cyber-attacks largely. Your healthcare cybersecurity policy can include the measures such as a policy regarding password, two-factor authentication, testing, detection program, third party policy, cybersecurity awareness programs for employees, and much more. Automation and Monitoring Even in small hospitals, there are countless devices and endpoints. This makes it hard for employees to maintain the security level adequately. Thus, professionals suggest automation and monitoring tools with the latest technologies, including IoT, AI, and machine learning. These specialized tools will help the security teams detect the healthcare cybersecurity threat early and mitigate it quickly. Furthermore, potential security breaches can be isolated through this constant monitoring with the help of automation and monitoring tools. "Cyber teams should be in a constant state of monitoring and proactively looking for issues within their network and systems and be quick to respond. System updates and patching are always critical and all cybersecurity programs should include a very detailed and robust security awareness program as nearly all cyberattacks are initially carried out through a single user's action," Dave Summittt, CISO of Moffitt Cancer Center in Tampa, Fla Leverage Industry Best Cybersecurity Practices In recent times, the healthcare industry has felt the blow for data theft and security breaches. This alarming fact points towards the need to strengthen cybersecurity in a healthcare organization. As part of strengthening cybersecurity and reducing healthcare cyber-attacks, the healthcare organization should leverage the industry's best cybersecurity practices. The best cybersecurity practices advised by cyber security professionals are setting up a firewall, backing up data regularly, controlling electronic health information processes, following good computer habits, controlling network access, installing system anti-virus, and having a well-documented bring your device (BYOD). Practicing these aspects will make your organization free from many possible healthcare cyber-attacks. Educate Employees One of the main reasons for the increased number of healthcare cyber-attacks is that the staff is unaware of cyber threats. Therefore, it is high time for hospitals to educate their staff on cyber threats to get themselves away from risks. All the staff must have a basic understanding of proper cybersecurity protocols. Hospitals should conduct phishing awareness training at work and teach their staff how to respond to dubious activities, such as suspicious e-mails, fraud, and phishing attacks. The access to hospital systems must be limited to credentialed staff members, only helping the hospital avoid unnecessary complications and breaches. The staff also should make sure the medical terminals are inactive when not in use. Summing up Cybercriminals find more opportunities to practice their unlawful activities in the healthcare industry than in any other industry. This is because the hospital employees are not aware of the security threats when they do their daily duties. Often, they do not have enough time to look into these masters as they do their best for their patients. New technologies used in the healthcare sector to tackle the pandemic also challenge hospitals to maintain healthcare cybersecurity. The countless number of devices used in the hospitals is another reason for it. However, effective policies with adequate measures and educating the employees regarding the potential breaches will mitigate the breaches and safeguard the hospitals by reducing healthcare cyber-attacks. Frequently Asked Questions Why do cybercriminals target more on the healthcare industry than other industries? One of the main reasons hospitals become the targets of malicious online activities is that the industry has many sensitive data, including patient data. Unfortunately, the healthcare industry usually does not have a solid system to prevent breaches. What are the consequences of a healthcare data breach? Healthcare data breaches affect the lives of patients. They are likely to mistrust the system and may withhold the information. Both financial and medical identity theft can happen in a healthcare data breach. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "Why do cybercriminals target more on the healthcare industry than other industries?", "acceptedAnswer": { "@type": "Answer", "text": "One of the main reasons hospitals become the targets of malicious online activities is that the industry has many sensitive data, including patient data. Unfortunately, the healthcare industry usually does not have a solid system to prevent breaches." } },{ "@type": "Question", "name": "What are the consequences of a healthcare data breach?", "acceptedAnswer": { "@type": "Answer", "text": "Healthcare data breaches affect the lives of patients. They are likely to mistrust the system and may withhold the information. Both financial and medical identity theft can happen in a healthcare data breach." } }] }

Read More
DATA SECURITY

Effective Cybersecurity Marketing Strategy to Standout from the Crowd

Article | November 9, 2021

Cyber-attacks have become more sophisticated and advanced as the rise in connectivity brought an increase in security gaps. Better connectivity also has led attackers make to create advanced tools making their attacks more sophisticated. This certainly makes businesses invest more in information security to bridge the gaps. However, most businesses and organizations do not realize the need for it. This is due to the absence of threat awareness among the customers. A major challenge that cybersecurity service providers face is around cybersecurity marketing. Another challenge they face is competition. Businesses do not prioritize cybersecurity as an essential aspect, so marketing security solutions become even more challenging. However, the cybersecurity product market has grown over the years, especially during this pandemic period. Although the market is growing, it needs a sound cybersecurity marketing strategy to reach actual prospects. The strategy should also aim to educate the prospects on its need, as many do not realize its necessity today. Let us look into some of the tips for making a sound cybersecurity marketing strategy. Cybersecurity Marketing Strategy Especially during this period of the pandemic, cybersecurity solutions and services are facing much competition. Thus, you should have a properly and professionally designed cybersecurity marketing strategy to stand out from the crowd and reach out to top prospects. As remote workplaces are necessary during this pandemic period, security breaches are also happening like ever before. This has made companies and individuals look for solid cybersecurity solutions and services. However, as the competition is high, your success in reaching out to these companies in time depends upon the unique cybersecurity marketingstrategy you set up. Below are some tips to make your cybersecurity marketing strategy appealing and robust enough to attract more clients. Know your Audience Regarding cybersecurity marketing, understanding your audience is crucial. It is considered the first step towards creating a compelling marketing strategy. Creating marketing personas will make you understand your audience better. Personas give you a picture of your ideal customer, which is fictional. This will also give you practical insights towards which strategy and channels to be used while communicating with them. Even creating a persona of your ideal customer will provide insights about how to communicate with them. You also have to decide whom do you address in a particular company. Based on the roles, CTO, CEO, CISO, risk managers, CFO, you can make different personas. This is because all of these professionals in companies may be facing different challenges in their pace of work. Understanding them thoroughly will surely help you make a compelling cybersecurity marketing strategy. According to Matthew Fisch, a cybersecurity consultant, and SVP sales at Magnetude Consulting, “I’d follow up after in-person interactions with key executives by giving them my GDPR white paper, which they found very useful. Now they know me and trust that I know their pain points on this subject. That makes it a lot easier to let them know what my company does and how our products can help them.” Push them down the Funnel with E-mail Marketing For cybersecurity solution selling, awareness and knowledge are natural obstacles. This can make a potential lead take a good amount of time to make a decision, even demand a demo or meet a sales representative of your company. Therefore, your cybersecurity marketing strategy can make a difference by engaging them with your brand and taking them down to the sales funnel. The best way to do it is through e-mail marketing. Your email message should be personalized. However, the e-mails you send to your prospects should be attractive, informative, and educational. If they do not find your e-mails worthwhile, they may likely delete your emails and block you as they may have a lot of emails in their inbox every day. Therefore, you should be having a creative mind and a good idea of the types of content that can be sent via email to your prospect. Case studies, reports, and e-books are ideal content types that can educate people about present cybersecurity issues and its need today. Apart from these content forms, you can also focus on sending videos, which would educate them about the importance of cybersecurity. Whatever content yousend to your prospects as part of your cybersecurity marketing strategy, do not forget to link to your blog posts about recent attacks and the latest updates in the industry. You can also include attractive offers in your e-mail, such as free trials that quickly make the prospect sign up. Urge them to Make it a Priority As mentioned in the introduction, most customers do not find or are not aware of the urgency of cybersecurity. Thus, as a cybersecurity product and service provider, you should make the effort of creating a sense of emergency among your prospects as part of your cybersecurity marketing strategy. Furthermore, you should take it as a challenge to convince them to take it as a priority in this modern technology-driven world. There can be many reasons why they do not prioritize cybersecurity in their business process. First, it may be because they are giving importance to their core work. In addition, it can be due to complacency, or maybe they are not aware of the threat. Finally, the expense can be another reason that they do not prioritize cybersecurity. However, you have to focus on making your messaging right to them. Instead of scaring them with threatening messages, focus on educating them with ample examples from real life. Summing up The biggest challenge to cybersecurity marketing is that most prospects are not aware of the necessity of cybersecurity. This is because they are ignorant of the threat businesses are facing. Thus, the first step is to educate them about the urgency of it. Therefore, your cybersecurity marketing strategy should start with this first step. Apart from this, personalized messages to the decision-makers will help you go forward with your strategy. Sending messages to them continuously will educate them about its need and can push them down the sales funnel successfully. Frequently Asked Questions What is the prominent challenge cybersecurity marketers face today? There are a lot of challenges cybersecurity marketers face today. One of the main challenges is that most clients are not aware of the threat they will face in their business process online. Thus, educating them with the need and urgency of it is a significant challenge for marketers. What are some of the tactics cybersecurity marketers use? Cybersecurity marketers need an effective cybersecurity marketing strategy. Email marketing, webinars, content marketing, and paid campaigns can be included as effective tactics in the strategy. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "What is the prominent challenge cybersecurity marketers face today?", "acceptedAnswer": { "@type": "Answer", "text": "There are a lot of challenges cybersecurity marketers face today. One of the main challenges is that most clients are not aware of the threat they will face in their business process online. Thus, educating them with the need and urgency of it is a significant challenge for marketers." } },{ "@type": "Question", "name": "What are some of the tactics cybersecurity marketers use?", "acceptedAnswer": { "@type": "Answer", "text": "Cybersecurity marketers need an effective cybersecurity marketing strategy. Email marketing, webinars, content marketing, and paid campaigns can be included as effective tactics in the strategy." } }] }

Read More

Spotlight

Verint

Verint® (NASDAQ: VRNT) is a global leader in Actionable Intelligence® solutions. In today’s dynamic world of massive information growth, Actionable Intelligence is a necessity for empowering organizations with crucial insights and enabling decision makers to anticipate, respond, and take action. Today, more than 10,000 organizations in 180 countries, including over 80 percent of the Fortune 100, use Verint solutions to help address three areas of the market: customer engagement optimization, security intelligence, and fraud, risk and compliance. We help our customers capture large amounts of information from numerous data types and sources, use analytics to glean insights from the information, and leverage the resulting intelligence to help optimize customer engagement, enhance security, and mitigate risk.

Events