Cybersecurity Gaps Magnified as Millions Work Remotely Due to COVID-19

SC Magazine | March 26, 2020

  • As the novel coronavirus escaped the confines of China, organizations learned their tools on hand were not designed or intended to work safely offsite.

  • The new working order has cast a harsh light on the limitations and safeguards of connectivity, required for business to function.

  • Pre-coronavirus, supervisors didn’t have to concern themselves with employee distractions. But now, employ focus is paramount.


Apply pressure to any system – and its weakness become apparent. COVID-19 has exerted the necessary pressure to test cybersecurity postures, exposing gaps – some of them yawning, some more subtle – as entire workforces have been ordered to work from home.


As the novel coronavirus escaped the confines of China earlier this year and it became increasingly clear large numbers of workers would have to hunker down at home, all eyes turned to an obvious potential weak spot – VPNs, which would surely sputter under the stress. But as the virus spread it has exposed additional security problems, ranging from the inability to do forensic tests and general upkeep on systems to granter higher level user privileges to staff to access systems remotely.


Organizations which previously did not have a distributed workforce quickly learned their tools on hand were not designed or intended to work safely offsite, via a VPN or over the internet, said Lisa Davies, head of corporate security at Redox, preventing security and IT teams from conducting even routine, but important, tasks.


Since many of the security controls and tools used by non-distributed companies depend on being on the local network, they cannot do [many] things remotely. These companies have found it more difficult to update, monitor logs etc unless the device is on the local network, so when employees take them home, they are in the dark

- Lisa Davies, Head of Corporate Security, Redox


Company equipment left behind as workers fled has languished unmonitored, their vulnerability magnified as employees, outside the sight lines of security teams, connect their own, unsecure devices to company assets.Organizations must “monitor inactive company devices, as possible indicators a device has an issue, or a remote worker may be tempted to use personal technology,” said Davies. “This goes hand-in-hand with technical controls preventing non-company devices from accessing sensitive information.”


READ MORE: Protecting against cybersecurity threats when working from home.


The new working order has cast a harsh light on the limitations and safeguards of connectivity, required for business to function. Existing protocols simply are not sufficient, said Luke Willadsen, security consultant, cybersecurity services and solutions firm EmberSec.


It appears support for multifactor authentication has been a lot of talk and not quite as much action. Many companies apparently haven’t required it to connect to the network then disable the work computer’s ability to take a screenshot of the window containing the remote/virtual desktop on the host computer, Willadsen said. That needs to change quickly.


“Don’t let any data pass between the machine originating the connection and the remote/virtual desktop,” Willadsen said. Security teams can bridge this gap by disabling “the clipboard and shared drive access between the origination host and the virtual/remote system,” he said, noting “we don’t want a single byte of information to be exchanged between the two hosts (aside from the network connection that facilitates the session).”



That will prevent “the introduction of malware into your network and it prevents employees from exfiltrating confidential or proprietary files,” he said.


Pre-coronavirus, supervisors didn’t have to concern themselves with employee distractions – children running around, barking dogs, fears of a deadly virus’s spread or many other things occurring in a normal household. But now, employ focus is paramount.


Workers be reminded to stay focused and that security policies put in place to protect corporate information are still in place, especially in a world filled with phishing emails designed to prey on those now operating in a busy and confusing world.


They should also build mechanisms to reinforce such policies in the moment they most need to followed – for example within the context of an email asking for financial action or confidential information – so that users can make informed decisions before interacting with suspicious emails.

- Matt Petrosky, Vice President of Customer Experience, GreatHorn


By providing employees with reminders about policies when it matters, companies can significantly reduce risk for their remote workforce.


READ MORE: The coronavirus is already taking effect on cyber security– this is how cisos should prepare.

Spotlight

CRYPTOJACKING. Using someone else's compute and resources to mine cryptocurrencies.. DATA LEAK. The exposure of confidential data through misconfigurations or similar modes. SSH BRUTE FORCE ATTACK. Repeated attempts to guess secure shell username & password combinations in an attempt to gain unauthorized access.


Other News
DATA SECURITY,PLATFORM SECURITY

Resecurity Named as One of America's Fastest-Growing Private Cybersecurity Companies by Inc. Magazine

Resecurity | August 19, 2022

Resecurity, Inc., a cybersecurity company based in Los Angeles, California, was recently recognized by Inc. magazine's annual Inc. 5000 list, the most prestigious ranking of the nation's fastest-growing private companies. Ranked as one of the fastest-growing private cybersecurity companies, Resecurity was number 2477 on the list for achieving 234 percent of revenue growth in past three years. The list represents a unique look at the most successful companies within the American economy's most dynamic segment—its independent small businesses. Intuit, Zappos, Under Armour, Microsoft, Patagonia, and many other well-known names gained their first national exposure as honorees on the Inc. 5000. Among the 5,000, the average median three-year growth rate soared to 230 percent and total revenue reached $317.2 billion. Together, those companies added more than one million jobs over the past three years. The recognition comes after a record year for the company, including a recent acquisition of Cybit Sec, a vulnerability assessment and penetration testing company, and the launch of their latest product offering, the Digital Identity Protection Platform. Resecurity has fueled its growth with strategic investments into R&D, expanding its international and channel sales presence, and scaling its industry partnerships. "The Inc. 5000 list is home to some of the most innovative companies in the market today. Resecurity is proud to have earned a top spot on this prestigious list. This growth is a testament to cybersecurity's critical role in the future. We're committed to accelerating this growth with strategic partnerships and investments in R&D, allowing us to help more individuals and enterprises combat ever-evolving cyber threats." Gene Yoo, Resecurity CEO Resecurity's SaaS solution combines XDR/endpoint protection, cyber threat intelligence and digital risk management, enabling customers ranging from Fortune 500 corporations to governments to protect their ecosystem. The innovative platform allows administrators to reduce potential blind spots and security gaps by quickly seeing in-depth analysis and specific artifacts obtained through the dark web, botnets activity, network intelligence and high-quality threat intelligence data. "The accomplishment of building one of the fastest-growing companies in the U.S., in light of recent economic roadblocks, cannot be overstated," says Scott Omelianuk, editor-in-chief of Inc. "Inc. is thrilled to honor the companies that have established themselves through innovation, hard work, and rising to the challenges of today." Methodology Companies on the 2022 Inc. 5000 are ranked according to percentage revenue growth from 2018 to 2021. To qualify, companies must have been founded and generating revenue by March 31, 2018. They must be U.S.-based, privately held, for-profit, and independent--not subsidiaries or divisions of other companies--as of December 31, 2021. (Since then, some on the list may have gone public or been acquired.) The minimum revenue required for 2018 is $100,000; the minimum for 2021 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Growth rates used to determine company rankings were calculated to four decimal places. About Resecurity Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named as one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine. An Official Member of Infragard, AFCEA, NDIA, SIA, FS-ISAC, the American Chamber of Commerce in Saudi Arabia (AmChamKSA) and Mexico (AmChamMX).

Read More

DATA SECURITY,NETWORK THREAT DETECTION,PLATFORM SECURITY

Pathlock Expands SAP Capabilities with Acquisition of Grey Monarch

Pathlock | September 27, 2022

Pathlock, the leading provider of application security and controls automation for critical business applications, today announced the acquisition of Grey Monarch, a UK-based specialist SAP Partner dedicated to SAP Process Automation. The acquisition will strengthen Pathlock's vision of providing the industry's most complete 360-degree platform for application security and controls automation for the SAP ecosystem. Since 2008, Grey Monarch has developed expertise in SAP Security, Segregation of Duties, SAP Licence Optimization, SAP Background Processing Automation and Secure Managed File Transfer. With this acquisition, the SAP community will benefit from the very best SAP Process Automation advice, implementation skills, and software and training capabilities, improving levels of security, enhancing their users' experience and streamlining audit, compliance and control procedures. "It's now more imperative than ever for organizations to utilize a holistic view of user access and privileges so they can be managed, monitored and controlled to ensure the maximum protection of data, business processes and intellectual property," said David Lloyd, Director and Co-Founder, Grey Monarch. "Combining Grey Monarch's capabilities with the Pathlock family of expertise, resources and product portfolio will provide our customers, existing and new, with an unsurpassed visibility into their business applications." "We're thrilled to complete the acquisition of Grey Monarch. "We continue to see a strong demand for our globally recognized application security and controls automation solutions, and know that with Grey Monarch's specialization in SAP process automation we can continue to enable our global customers to revolutionize the way they secure their sensitive financial and customer data." Piyush Pandey, CEO of Pathlock In May 2022, Pathlock announced a $200M capital raise sponsored by Vertica Capital Partners alongside a merger with Appsian and Security Weaver and the acquisition of Belgium-based CSI Tools and Germany-based SAST SOLUTIONS. The company has successfully doubled in size in terms of revenue and employees and is now servicing over 1,400 customers across all major industries on a global scale with offices across the United States, Belgium, the UK, Germany, Israel and India. About Pathlock Pathlock is the leader in application security and controls automation. With Pathlock, enterprises can manage all aspects of access governance via a single platform, across applications, including user provisioning, ongoing User Access Reviews, segregation of duties, control testing, and audit preparation. Today, many of the world's most respected, global 2000 companies rely on Pathlock to protect their critical digital assets from financial, operational, regulatory and security threats, ensure corporate compliance and improve performance. Our customers have saved millions in employee productivity, labor costs, audit fees and data loss prevention.

Read More

PLATFORM SECURITY

Searchlight Security Elevates Dark Web Intelligence to Board Level with New Automated Reporting

Searchlight Security | August 02, 2022

Searchlight Security, the dark web intelligence company, has introduced new automated reporting functionality into its DarkIQ dark web monitoring solution to help security analysts and MSSPs to quickly and easily communicate external threats to executives. DarkIQ is a powerful dark web monitoring solution that utilizes the most comprehensive dark web dataset on the market, and the only one that includes dark web traffic to and from the organization’s network. It takes the attributes that are most important to a business - including employee credentials, software, devices, IP addresses, network components, and company datasets - and alerts organizations to their presence in deep and dark web marketplaces, forums, and conversations, which could indicate an imminent attack. This threat intelligence is specific to the organization, removing “alert fatigue” and allowing security teams to prioritize the most urgent threats to the business. DarkIQ’s new automated reporting function builds on its existing capabilities by helping analysts to more easily communicate the dark web intelligence they discover - improving response times to possible attacks and educating the wider business on dark web threats. “Our mission is to make dark web intelligence as relevant and actionable for businesses as possible and our new reporting function is a huge part of that. Threat intelligence is only powerful if it can be understood and acted on - otherwise it is just noise. Communication is everything.” Eric Milam, EVP product at Searchlight Security DarkIQ Reporting gives enterprise security teams and MSSPs the ability to: Generate slick reports with one click - with threat intelligence data automatically pulled, inputted, and presented from the DarkIQ platform. Select the right level of detail for the audience - with an “Executive” report option for a high level summary or “Detailed” report for security personnel, which includes recommended remediative actions that should be taken based on the threat data. Add and remove reporting fields - to further customize the report to suit the audience by adding, moving, or removing components, as well as the ability for security teams to add their own analysis, context and observations. Customize design - with the ability to brand reports and change the font and color scheme, a particularly important feature for MSSPs reselling DarkIQ to their customers. Resource more effectively - with less time spent on reporting so they can spend more time protecting the business. Demonstrate Return on Investment - with the ability to show imminent threats that have been identified and prevented through dark web intelligence. Milam concluded: “In threat intelligence, the job isn’t done until the report is filed. This is a burden on security teams that we wanted to - and have been able to - alleviate, because every minute less they spend reporting is a minute more they can spend stopping the bad guys. At the same time, they have a better solution to deliver pre-attack intelligence with more clarity so the business can be more proactive in stopping imminent threats.” About Searchlight Security Searchlight Security provides organizations with relevant and actionable dark web threat intelligence, to help them identify and prevent criminal activity. Founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. Today we help government and law enforcement, enterprises, and managed security services providers around the world to illuminate deep and dark web threats and prevent attacks.

Read More

SOFTWARE SECURITY

GuidePoint Security Achieves AWS Security Competency Status

GuidePoint Security | July 27, 2022

GuidePoint Security, a cybersecurity solutions leader enabling organizations to make smarter decisions and minimize risk, announced today that it has achieved the Compliance and Privacy distinction in the Amazon Web Services (AWS) Security Competency. This designation recognizes that GuidePoint Security has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of consulting services expertise in Compliance and Privacy to help them achieve their cloud security goals. Achieving the Compliance and Privacy distinction in the AWS Security Competency differentiates GuidePoint Security as an AWS Partner that provides specialized consulting services designed to help companies from startups and mid-sized businesses to the largest global enterprises to adopt, develop, and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS. “GuidePoint Security was an original AWS Security Competency launch partner and we are proud to be launch partner yet again for the updated AWS Security Competency program having achieved the Compliance and Privacy distinction,” said Anil Badruddin, Practice Director – AWS Cloud Security, GuidePoint Security. “Our team is dedicated to helping organizations achieve their security goals by combining our in-depth knowledge of technical solutions along with our deep expertise of the powerful security tools AWS provides.” AWS is enabling scalable, flexible, and cost-effective solutions from startups to global enterprises. To support the seamless integration and deployment of these solutions, AWS established the AWS Competency Program to help customers identify AWS Partners with deep industry experience and expertise. GuidePoint Security’s distinction for Compliance and Privacy is based on the following attributes: Specialized consulting service offerings including: cloud security assessments, cloud governance, solution design and implementation, and security automation The ability to develop enterprise-wide security playbooks to help organizations mature their cybersecurity programs Deep technical expertise for a wide range of third-party security solution providers and AWS native services to help customers identify, implement, and manage the right solutions for their environment and business Expertise in helping customers ensure Payment Card Industry Data Security Standard (PCI DSS) compliance on AWS (GuidePoint Security is certified as a PCI QSA) About GuidePoint Security GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make better decisions that minimize risk. Our experts act as your trusted advisor to understand your business and challenges, helping you through an evaluation of your cybersecurity posture and ecosystem to expose risks, optimize resources and implement best-fit solutions. GuidePoint’s unmatched expertise has enabled a third of Fortune 500 companies and more than half of the U.S. government cabinet-level agencies to improve their security posture and reduce risk.

Read More

Spotlight

CRYPTOJACKING. Using someone else's compute and resources to mine cryptocurrencies.. DATA LEAK. The exposure of confidential data through misconfigurations or similar modes. SSH BRUTE FORCE ATTACK. Repeated attempts to guess secure shell username & password combinations in an attempt to gain unauthorized access.

Resources