DATA SECURITY

Honeywell Cybersecurity Research Reports Significant Increase In USB Threats That Can Cause Costly Business Disruptions

Honeywell | June 22, 2021

According to a report released today by Honeywell (Nasdaq: HON), USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew.

Data from the 2021 Honeywell Industrial USB Threat Report indicates that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in the 2020 report. The research also highlights that 79% of cyber threats originating from USB devices or removable media could lead to a critical business disruption in the operational technology (OT) environment.  At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.

The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.

"USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware," said Eric Knapp, engineering fellow and director of cybersecurity research for Honeywell Connected Enterprise. "Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime."

Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says hackers are loading more advanced malware on plug-in devices to directly harm their intended targets through sophisticated coding that can create backdoors to establish remote access. Hackers with remote access can then command and control the targeted systems.

Spotlight

Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into discussions with business functions and operations exists more than ever. In this IBM® Redpaper™ publication, we explore concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We identify a number of the business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations, showing how they can be translated into frameworks to enable enterprise security.

Spotlight

Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. The need to be able to integrate security into discussions with business functions and operations exists more than ever. In this IBM® Redpaper™ publication, we explore concerns that characterize security requirements of, and threats to, business and information technology (IT) systems. We identify a number of the business drivers that illustrate these concerns, including managing risk and cost, and compliance to business policies and external regulations, showing how they can be translated into frameworks to enable enterprise security.

Related News

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Information Management Leader Archive360 Launches Developer Program to Extend Business Users’ Access to Archived Data with Zero-Trust APIs

Archive360 | August 29, 2022

Archive360™, the archiving and information management leader trusted by enterprises and government agencies worldwide, today announced its Archive360 Extend developer program, giving customers and partners access to the company’s unique APIs (application programming interfaces) so they can leverage the market-leading information governance capabilities of the Archive360 Open Archiving Platform, extending capabilities of customer in-house developed applications as well as third party applications. As the only true Platform-as-a-Service (PaaS) solution provider, Archive360 enables organizations to migrate and onboard massive volumes of data to the cloud, with full control over data security, privacy, access, and compliance. With Archive360 Extend, users can now benefit from one search to directly access, manage and extract relevant data from the Archive360 archive in the comfort and familiarity of their preferred applications, while professionals in the legal, IT and compliance units are assured that all data is being appropriately managed. “Companies offering vital services such as eDiscovery, internal and external audits and core business applications are not in the business of archiving and managing information - that’s our specialty,” said Robert DeSteno, co-founder and CEO of Archive360. “In today’s operating environment, skilled professionals prioritize working from the applications they access daily. Archive360 now makes it possible for these users to access and leverage data in Archive360’s repository from those apps with one search - in most cases, they won’t even know where the data is, only that their access is fully authorized and secure. More than a dozen partners have already joined this program, and over the next few weeks we’ll be announcing key partnerships with specific companies. Archive360 Extend represents a new advance in archiving and information management, and we’re just getting started.” The new program enables a seamless, secure and compliant connection between two complementary forces: the Archive360 information management platform’s ability to onboard, manage and store massive volumes of business data - including files, videos, audio, CRM, ERP, emails/electronic communication, social media and more - and companies specializing in complex disciplines such as eDiscovery and data analytics, serving business users who need immediate, authorized, and secure access to all relevant data resources without having to switch between applications. Archive360 enables participating companies to promote their offerings to a much broader market, including large and heavily regulated enterprises with massive amounts of data that need to be retained and managed securely in compliance with internal and external mandates. One Search User Access Archive360 APIs enable end users, with one search, to quickly, easily, and cost-effectively access, review and act on data from any system across their organization. And while the company leads the market with a unified platform - massive data volumes offering enhanced flexibility for easy and secure access - its APIs also come with major advantages. The collective benefits include: One Search: Greater visibility into any data source connected to the Archive360 archive, and greater control over that data: how it’s processed, stored, protected and managed, with performance tailored to meet specific business needs Scalability: Process and manage petabytes of data, rapidly, cost-effectively and dynamically scale horizontally and vertically to meet any workload Security: True Zero Trust data security with unparalleled PII protection - even system administrators can’t access the data without explicit approval Defensible Compliance: Ensuring data accuracy, compliance and reliability through immutable storage, data localization, and an audit trail to capture the complete chain of custody. Separate micro-APIs run in the right place across on-premises, in-country or overseas cloud infrastructures ensuring compliance with data localization requirements Risk Management: eliminating redundant, obsolete and trivial (ROT) information; replacing legacy systems; and optimizing storage Comprehensive Functionality: There’s one front-end API for ingestion, operations, monitoring, admin, records, discovery, machine learning and analytics, along with micro-APIs Open Framework: The APIs are extensible - for example, Archive360’s archive functionality can be seamlessly embedded into independent software vendors’ applications and customer portals Archive360 APIs are managed with a Zero-Trust framework that encompasses data threat surfaces, lifecycles, governance and more - a critical advantage in today’s operating environment. The company also adheres to an API-first philosophy: The APIs are consistent and reusable across the Archive360 platform and applications or portals accessing the data. Customers and partners can learn more about the Archive360 Extend developer program by speaking with their account representative or registering to become an Archive360 partner. About Archive360 Archive360 is the enterprise information archiving company that businesses and government agencies worldwide trust to securely migrate their digital data to the cloud, and responsibly manage it for today’s regulatory, legal and business intelligence obligations. This is accomplished by applying context around the search, classification, security, retention, disposition and indexing of data including files, videos, and emails—all while allowing organizations to maintain full control over privacy, access, and compliance. Archive360 is a global organization that delivers its solutions both directly and through a worldwide network of partners. Archive360 is a Microsoft Cloud Solution Provider, and the Archive2AzureTM solution is Microsoft Azure Certified.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

BlueVoyant Research Reveals Defending Digital Supply Chains Remains a Business Challenge

BlueVoyant | November 14, 2022

BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised. "The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk." Other key survey findings include: 40% of respondents rely on the third-party vendor or supplier to ensure adequate security. In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time. Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months. The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security. "While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget." The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore. The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore. Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk: While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment. The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%. In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program. About BlueVoyant BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.

Read More

DATA SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Malwarebytes Launches Managed Detection and Response Solution to Reinforce Security Operations of Resource-Limited Organizations

Malwarebytes | October 13, 2022

Malwarebytes™, a global leader in real-time cyber protection, today launched Malwarebytes Managed Detection and Response (MDR), which combines EDR technology and human-delivered security expertise to provide 24/7 threat hunting, monitoring, and response. Amid a shortage of skilled cybersecurity professionals, many organizations lack the time and expertise to monitor and validate security alerts around-the-clock. Teams also struggle to fully utilize the forensics and threat hunting tools provided by EDR platforms and can miss identifying hidden threats before they become infections. Without the time for thorough incident investigations of the scope and root cause of an event, organizations are left with ineffective remediation plans and risk repeating the incident cycle. By providing world-class security analysts, third-party intelligence, and threat analysis tools, Malwarebytes MDR can extend the capabilities of existing teams or completely fill the need of organizations lacking dedicated security staff. The Malwarebytes MDR analysts are constantly monitoring and triaging alerts, hunting for hidden threats, and either directly remediating or providing customized guidance to organizations. For any SMB or MSP with more alerts than they can handle, Malwarebytes MDR enables organizations to prioritize critical alerts, detect advanced malware attacks, analyse past indicators-of-compromise, and bolster ongoing resiliency. "There simply aren't enough hours in the day for most organizations to adequately address a barrage of alerts. But they don't have to do it alone. "We've recruited an incredible team of dedicated experts across the globe and empowered them with our award-winning tools and AI-based threat modeling to be a powerful force-multiplier for SMBs and MSPs. This is just the beginning as we continue to accelerate product innovation and deliver new services to secure chronically underserved SMBs and empower MSPs to be their heroes." Bob Shaker, Vice President of Managed Services at Malwarebytes Specifically, Malwarebytes MDR will: Supplement security expertise: Augments security staff with an instant team of experts to correlate threat data, enrich alerts and respond to threats 24/7. Expedite threat response: Bolsters cyber resilience with effective protection and flexible remediation options to detect and respond to attacks as they occur. Reduce security costs: Quick time-to-value and improved efficiency for security operations with technology-supported, expert services that significantly reduce security costs. Advance security posture: Built upon Malwarebytes' industry-tested and proven Malwarebytes EDR which applies advanced data analytics and near real-time threat intelligence to detect zero-day and other hidden threats. Provide rapid time-to-value: Automated onboarding that gets SMBs and MSPs from purchase to service operation fast and easy. Assist in meeting compliance requirements: Prevents threats to security, availability, integrity, and privacy of customer data in support of compliance with the broad range of regulatory requirements. About Malwarebytes Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, that mission has expanded to provide cyber protection for everyone. Malwarebytes provides consumers and organizations with device protection, privacy, and prevention through effective, intuitive, and inclusive solutions in the home, on-the-go, at work, or on campus. A world-class team of threat researchers and security experts enable Malwarebytes to protect millions of customers and combat existing and never-before-seen threats using artificial intelligence and machine learning to catch new threats rapidly. These capabilities have been lauded by independent third parties including, among others, MITRE Engenuity, MRG Effitas, AV-TEST (consumer and business), G2 Crowd and CNET. With threat hunters and innovators across the world, the company is headquartered in California with offices in Europe and Asia.

Read More