Tag Archive for: cybersecurity

The Dark Side of The Web: Understanding the Dark Web and the Risks It Poses to Organizations

/by

The internet has come a long way since its inception, with an ever-growing number of people relying on it for personal and professional activities. However, with this increased usage comes an increased risk of cybercrime and data theft. And as cybercriminals become more sophisticated, constantly finding new ways to access and exploit sensitive information, organizations must become more vigilant in how they protect their data.

For many organizations, the dark web – a hidden network of websites that are not accessible through standard web browsers – is a growing concern. It is a place where cybercriminals can buy and sell stolen data, hacking tools, and other illegal products and services. This information can be sold to the highest bidder, putting individuals and organizations at risk of financial loss, reputational damage, and identity theft.

In this two-part series, we will take a deeper look at the dark web, the risks it poses and how you can protect your data from getting into the wrong hands.

What is the Dark Web:

The dark web is a part of the internet that is not indexed by traditional search engines and is characterized by its high level of anonymity, allowing users to communicate and transact without leaving a trace. Anonymity on the dark web is often used by cybercriminals for illegal activities such as trading stolen data, buying and selling illegal goods and services, and facilitating various forms of cybercrime, such as hacking and fraud. The high level of anonymity provided by the dark web makes it difficult for law enforcement to trace the origin of criminal activities and identify the individuals behind them.

Accessing the dark web can only be done using specialized tools like The Onion Router (TOR), a free, open-source software and network that was designed to provide users with anonymity and privacy online. TOR networks work by routing internet traffic through a series of servers, or “nodes,” before it reaches its destination. Each node only knows the previous and next node in the chain, making it difficult to trace the source of the traffic. TOR is widely used for a variety of purposes, including accessing the dark web, bypassing censorship and geo-restrictions, and protecting sensitive communications from government surveillance or cyberattacks.

Another important aspect of the dark web is the use of cryptocurrencies, like Bitcoin, as the primary mode of payment. Cryptocurrencies have gained popularity in recent years due to their ability to offer fast, low-cost, and borderless transactions, as well as their use of blockchain technology, which provides a secure and transparent ledger of transactions. However, because cryptocurrencies provide a high level of anonymity and make it difficult for authorities to track transactions, it has become very popular to use by cybercriminals.

Finally, the dark web also uses various other encryption technologies to secure its websites and hide the location of its servers. This includes technologies like SSL/TLS certificates and public-key encryption.

Cybercriminals on the dark web use a combination of tools and technologies to achieve anonymity. For example, they may use the TOR network to route their traffic through multiple servers, making it difficult to trace their location. They also use encryption to secure their communications and protect sensitive information.

In addition, many dark web marketplaces require users to use cryptocurrencies, such as Bitcoin, for transactions. These currencies provide a high level of anonymity and make it difficult for authorities to track financial transactions.

It’s important to note that while the dark web provides a high level of anonymity, it’s not completely secure and can still be monitored by law enforcement agencies. Additionally, many of the activities that take place on the dark web are illegal, so it’s best to avoid visiting it unless you have a legitimate reason to do so.

The Risks Posed by the Dark Web:

The dark web is a haven for cybercriminals, who use it to trade stolen data and carry out malicious activities, such as phishing attacks and ransomware attacks. The anonymity of the dark web makes it a popular platform for these activities, and its encrypted networks provide a high level of security, making it difficult for law enforcement agencies to track and prosecute cybercriminals.

In June 2021, T-Mobile confirmed that it had suffered a data breach that affected the personal information of over 50 million customers. According to reports, the data that was stolen included names, addresses, birthdates, social security numbers, and driver’s license information. Shortly after the breach was disclosed, cybercriminals began advertising the stolen data on underground forums on the dark web, offering it for sale to the highest bidder; over six months later, the data from the T-Mobile breach could still be found online.

This incident is just one of many that highlights the importance of implementing robust cybersecurity measures to prevent data breaches and the need to be prepared for the worst-case scenario. It also demonstrates the devastating consequences that can result when sensitive information is traded on the dark web.

Protection from the Dark Web:

The dark web poses a significant risk to the security of personal and sensitive information. Cybercriminals can use the anonymity and untraceability of the dark web to sell stolen data, engage in illegal activities, and conduct cyberattacks. These risks are further compounded by the increasing sophistication of cybercriminals and their ability to access and exploit vulnerabilities in security systems.

Businesses and organizations have a responsibility to protect the personal information of their customers and employees. It is essential to take proactive measures to protect this data and minimize the risk of it being exposed on the dark web. Protecting against the risks posed by the dark web requires vigilance, education, and a commitment to implementing best practices for cybersecurity. Click here for part two of our blog series to learn more about protecting yourself from the dark web.

Cyber Insurance in 2023: What Every Organization Should Know

/by

In the last few years, cybercrime has increased considerably, often leading to significant costs, reputational damage, and operational disruptions to the companies affected. And while there is no full-proof way to avoid an attack, many organizations are taking steps to further reduce their risks. On top of this, these organizations often take additional steps to reduce the high costs of dealing with a security breach if one were to occur.

Enter cyber insurance—also known as cybersecurity insurance or cyber liability insurance.

Having cyber insurance coverage has become imperative for many organizations due to the rise of cyber incidents and the growing sophistication of these attacks, paired with the potential financial impacts of a successful breach.

In fact, the global cyber insurance market is projected to grow from $12.83 billion in 2022 to $63.62 billion by 2029. This growth is largely driven by the continued rise in the number of data breaches, as well as a greater awareness of cyber risks.

While there is no question having cyber insurance is smart, organizations are often challenged when sorting through the options. Not only do organizations need to understand exactly what each policy covers, but they also must determine the types of digital assets they need to protect to satisfy the basic insurance requirements and they have to worry about getting approved (or if currently covered, how they can avoid the steep increase in premiums). Let’s take a deeper look:

What Do Cyber Insurance Policies Cover?

While cyber insurance can’t prevent a breach or a security incident from happening, this type of policy helps organizations more successfully weather the storm when a data breach or network security failure takes place. Typically, cyber insurance policies cover the following:

  • Breach costs: Costs associated with responding to a breach, including identifying the breach, alerting affected individuals, credit protection services, and crisis management/public relations costs.
  • Cyber extortion: Response costs and financial payments associated with network-based ransom demands.
  • Cybercrime: Financial losses associated with social engineering and funds transfer fraud.
  • Business Interruption: Lost business income that takes place when a company’s network-dependent revenue is interrupted.
  • Data recovery: Costs required to replace, restore, or repair damaged or destroyed data and software.
  • Privacy protection: Costs to resolve claims with regard to the handling of personally identifiable or confidential corporate information.
  • Digital media: Costs to resolve claims related to online content, such as copyright or trademark infringement, invasion of privacy, and defamation.

While cyber insurance provides fairly comprehensive coverage, it is very important to note that not every cost or claim is covered. The following is typically not covered by most cyber insurance policies:

  • Criminal proceedings: Claims brought in the form of a criminal proceeding, such as a criminal investigation, grand jury proceeding, or criminal action.
  • Funds transfer: Other than transfers associated with cybercrime coverage, most uncovered claims include loss, theft, or transfer of funds, monies, or securities.
  • Infrastructure interruption: Claims stemming from failure or interruption of water, gas, or electric utility providers.
  • Intentional acts: Fraud, dishonesty, criminal conduct, or knowingly wrongful act of the business or its employees.
  • Property damage: Property damage stemming from a data breach or cyberattack, such as hardware that was destroyed during the cyber incident.
  • Intellectual property: Property losses and lost income associated with attacks are commonly excluded from coverage.
  • Costs for proactive preventive measures: Measures to avoid a future attack, such as training employees or developing an incident response plan.

Common Insurance Requirements

Most insurance companies require organizations to have certain safety protocols in place before being accepted for coverage. While these requirements tend to vary by insurance company and by the size of the company being insured, today’s insurance companies they all require organizations to have some basic security controls in place.

The reason for this is quite simple: insurance companies need to know organizations are addressing the highest likelihood of attacks, which in turn reduces the insurance company’s risk. And while most insurance companies currently allow organizations to self-verify these requirements, the industry is moving in the direction of requiring a professional IT service company to confirm that these standards are in place and up to date.

These requirements typically include the following:

  • Centralized security device log collection and threat detection analytics platform (Security Information and Event Management (SIEM) monitoring)
  • Active 24×7 security event monitoring, investigation, and alerting (Security Operations Center or SOC)
  • Active incident response and threat remediation
  • Regular software patching and automatic updates
  • Strong endpoint security, often times an Endpoint Detection & Response (EDR) solution
  • Access control methods to protect critical systems, apps, and data. These include multi-factor authentication, least-privilege access policies, securing system administrator access to key data, and securing third party access to all systems.
  • Use of strong password management policies
  • Backup and disaster recovery methods that employ cloud or off-premises offline storage
  • Financial controls to verify fund transfers and access change control requests
  • Data protection methods for personal or other private information, including encryption and network segmentation
  • Use of network security methods, such as network segmentation and firewalls
  • Adhering to common email security recommendations
  • Employee management policies to control account access
  • A specific security risk manager employed by the organization
  • Employee security training
  • Formal incident response plans
  • Written privacy and data security policies

Selecting a Policy – and Getting Approved

When selecting a cyber insurer, organizations should consider several factors, including the financial stability of the insurer, the type of coverage provided, and the cost. It is also important to keep in mind that some insurance companies provide supplementary services to help protect against and respond to breaches, while others have strong partnerships with cybersecurity vendors to help mitigate a breach.

If you are trying to get approved for cyber insurance, and want to get lower rates, it’s critical you not only have the bare minimum requirements in place, but also take extra precautions to ensure you’re a desirable candidate for cyber insurance. Many organizations are looking for outside security vendors that will not only help them be more secure, but also will ensure they check off the requirements for cyber insurance approval.

Logging and Monitoring of Event Logs

One of the top requirements from cyber insurance providers is log monitoring. Proficio’s Managed Detection and Response (MDR) solution provides you all the benefits of having a SIEM, without the complexity of owning and managing it through our shared SIEM service. For those with a current SIEM, Proficio can help you manage the platform and provide content from our large library of threat detection use cases. Proficio also provides 24×7 Security Operations Center monitoring, alerting and response solutions with either our SIEM and SOAR (Security Orchestration and Automated Response platform) or utilizing your security tools and platforms.

Patch Management/Vulnerability Management

Knowing what systems are most vulnerable enables your team to quickly patch the biggest risks first. With Proficio’s Risk-Based Vulnerability Management (RBVM), you can prioritize patching based on the risk of a vulnerability being exploited and the relative importance of each system. In addition, Proficio offers security device management to help you ensure your security devices are being maintained to vendor-recommended best practices.

Endpoint Detection and Response

Many of today’s biggest data breaches were the result of a cybercriminal getting access to one endpoint, and laterally moving through their networks. Proficio’s Managed Endpoint Detection and Response (EDR) helps you secure their critical devices through device monitoring and management, helping to detect risks in real time.

When it comes to cyber insurance requirements, Proficio can also help with the scenarios such as:

  • You have a new requirement for security log collection, active threat monitoring, and threat response solution
  • You have an MSSP but want a new provider with better threat detection and response capabilities
  • You had a breach and need a provider (new or replacement)
  • You have an internal SOC but are having trouble keeping staff and getting desired outcomes

As we enter into a new year and cybercrime hits record highs, it seems inevitable for every business to be affected in some way. And as a result, preparation is key. There is no question that cyber insurance is a great way to mitigate risk but remember – having insurance does not reduce your risk. However, cyber insurance is a great layer of protection to add to your complete security stack.

To learn more about how Proficio can help you choose the right cyber insurance for your organization, click here.

Cybersecurity Predictions for 2023: Looking Ahead

/by

The last few years have been difficult for all of us and for many, and unfortunately, 2022 did not bring the reprieve we were hoping for. Not only did we experience ongoing supply chain issues and extreme staffing shortages, but we were forced to navigate soaring inflation and economic turmoil, as well as overall political unrest.

Alongside all these problems is the growth of cyberattacks, both on individuals and organizations—and this trend is expected to continue, with increasing frequency and sophistication. And while the pandemic accelerated the digital transformation trend, it has also created new opportunities for cybercriminals to attack.

Cybersecurity continues to be a major concern for corporate America. In fact, most of today’s security and risk leaders understand that if their organization incurs a successful cyberattack, it will cause momentous disruptions to business. While we continue to battle the ever-changing threat landscape, proper planning, and effective solutions can be developed to reduce the potential risk and damage. The key is to be prepared for the road ahead.

Here are the four cybersecurity predictions we expect to see in the coming year:

Increased Measures for Ransomware

Given the continued rise of ransomware attacks on organizations, we expect to see an increase in the number of countries passing legislation to control payments, fines, and negotiations. This change will encourage organizations to be more proactive in their cybersecurity and ensure they follow proper procedures when an incident occurs.

With or without governments involvement, it will become imperative for companies to employ solutions that help to prevent attacks. For example, in a 2021 White House cybersecurity mandate, multi-factor authentication (MFA) to secure access was named as an important preventative measure. Having an MFA tool is also a requirement of many of today’s cyber insurance policies in an effort to control points of exposure. In general, there will be more steps taken – both at the organizational and government levels – to help ensure we stay ahead of cybercriminals.

Supply Chain Attacks

The number of cyberattacks related to third-party vendors is undoubtedly on the rise. However, only a small percentage of security and risk managers are currently checking external vendors for security exposure.

As this trend continues, organizations will begin to make cybersecurity risk a determining factor in doing business with third parties. This will range from simple oversight of a critical technology vendor to complex due diligence for mergers and acquisitions. In fact, according to research from Gartner, by 2025, 60 percent of companies will use cybersecurity risk as a determining factor when conducting third-party business transactions and engagements.

Vendor Consolidation

Consolidation of security vendors will be another popular trend. Studies show that many CISOs have a high number of tools in their cybersecurity portfolio. Because purchasing a mix of tools from different security vendors can result in complex security operations and increased requirement for security headcount, it is becoming vital to have less vendors and more consolidated solutions. And many single-vendor solutions offer better security effectiveness and efficiency for today’s businesses. As a result, organizations are creating strategies to unify their security toolset to reduce vendor fatigue and simplify their security operations.

Passwordless Authentication in Partnership with a Zero Trust Framework

Going passwordless and developing a Zero Trust framework, requiring rigid authentication to gain access to a system, will continue to grow in popularity in the coming year. In fact, studies show that more than half of the organizations surveyed already have a Zero Trust initiative in place, and more than 95 percent of organizations plan to embrace Zero Trust as a starting point for security in the next 12 to 18 months.

Additionally, passwordless authentication will help make the implementation of Zero Trust more effective in achieving a layered approach to security. By using approach, instead of relying on just a password as a form of verification, organizations will depend on more secure authentication methods, such as biometrics and AI-powered verification. This takes into account numerous factors to grant, verify, or deny access.

Looking Ahead

Our world has changed enormously. Not only have businesses had to adjust to numerous ups and downs related to the pandemic, but they have had to adopt new technologies that support a different type of workforce. As we enter 2023, we must think about our security efforts and how we can continue to be vigilant about protecting our organizations against cybercriminals. We can use lessons learned not only to make cybersecurity predictions for 2023, but also to better help us manage risks and defend against the increasingly complex cyber threat landscape.

No matter what your cybersecurity plans are for the coming years, Proficio’s team of security experts is here to help. Our services help organizations mitigate cybersecurity risks, so you can be confident your networks are protected 24/7. To learn more about how Proficio can help your organization stay safe, contact us.

Three Cybersecurity Strategies for Healthcare Leaders in a Digital-First World

/by

This post was originally published on elastic.co. Blog by Suranjeeta Choudhury, Elastic, and Carl Adasa, Proficio.

From on-demand healthcare services like telehealth to wearable technologies, predictive healthcare to blockchain technologies for electronic health records, 5G for healthcare services to AI and augmented reality for state-of-the-art medical treatments, the healthcare industry is at an inflection point. These digital transformations also bring along elevated cybersecurity risks. Earlier this year, in a comprehensive cybersecurity benchmarking study conducted by ThoughtLab, the healthcare industry was found to be lacking in maturity from a cybersecurity implementation standpoint, to be placed only slightly ahead of the media and entertainment industry and industrial manufacturing.

[Download the report: Cybersecurity solutions for a riskier world]

Healthcare companies can take advantage of some proven cybersecurity strategies, accelerating their readiness to operate in a highly digital world.

Continuous monitoring of critical assets

On an average, organizations take 128 days to detect a breach – a timeline that could completely cripple mission critical applications and services in healthcare. To detect a threat in real-time, healthcare companies need the ability to continuously monitor their critical assets, analyze user behavior in their networks, track smart devices, and look for anomalies in events and end-user activity. Choosing the right SIEM solution can be the very first step in addressing vulnerabilities across people, processes, and technologies. Infact, the COO of a German healthcare provider believes that his organization’s investment in the right SIEM was the most effective cybersecurity investment towards detecting and identifying threats at scale and even recommending the right remediation plan.

[Check out the SIEM buyer’s guide to help you pick the right SIEM for your business.]

Outsourcing security operations for enhanced security with optimal spend

Approximately 30% of the world’s data volume is generated by healthcare.  In a post-pandemic world, this trend will only see an uptick with massive data collection efforts to thwart risks of another pandemic. Compound that with the unprecedented shortage of skilled cybersecurity workers , and we can see why many healthcare firms prefer to outsource security operations to managed security service providers (MSSP) and managed detection and response (MDR) firms. MSSPs and MDRs can help healthcare organizations with their cybersecurity needs by bringing in industry best practices, monitoring and responding to cyber threats for healthcare services and assets 24/7, and relieving internal resources for better patient care and healthcare services, while ensuring organizations remain fully compliant to mandates like the Health Insurance Portability and Accountability Act (HIPAA).

[Find out how Proficio helps healthcare organizations meet stringent cybersecurity needs.]

[Learn more about Elastic Security and Compliance.]

Protecting applications and workloads in the cloud

While compliance, operational agility, and better patient care have driven cloud adoption in the healthcare industry, cloud security continues to be a major challenge . Legacy security solutions are not designed to cope with the complexity and ephemeral nature of cloud-based applications.

Cloud adoption is also a journey and as multi clouds and hybrid cloud architectures evolve, healthcare organizations will need security solutions that can protect their workloads, irrespective of where the information resides and how it flows in the data architecture. Having access to security experts and their research work can be of significant advantage to internal IT and security teams in reducing mean time to identify, detect, and respond to threats in the network. Healthcare companies can also seek support from MSSPs and MDRs to configure their systems correctly, avoiding security loopholes and as needed, consult experts for their overall security strategy along their cloud transformation journey.

[Learn more about Elastic Security Labs.]

Towards a better patient experience

In today’s digital first world, cybersecurity is an imperative, especially when it comes to a mission critical service such as healthcare. The healthcare industry needs trusted partners in security to continue delivering the best patient care while keeping their patient data secure. It also needs the right tools, processes, and people to minimize the impact in case of an unfortunate security breach. Find out how Elastic Security and Proficio can bring the best of security solutions and managed security services.

Feature Highlight: Log Search and Visualization

/by

In security, it’s often the little details that matter. Whether it’s considering the business context of your alerts, tracking locations of attempted logins that don’t add up, or finding the needle in the haystack, knowing the details around an event is important to understanding the cause – and preventing it from happening again.

At Proficio, we pride ourselves in being an extension of our clients’ teams. Working in cybersecurity, you know the value of real-time intelligence and alert enrichment, and we want to empower our clients to have this knowledge at their fingertips. Proficio gives our clients direct access to search their logs and events through our Threat Investigator portal as a standard part of our MDR offering.

With direct access to their logs, clients can easily search through their own data to perform internal investigations. They can also use this data for reporting and statistical analysis. This depth of access is critical to many internal IT and security teams, so it has always been a core part of our offering. This is a unique benefit we provide for our clients in order to make their cybersecurity journey as successful as possible.

Today, we’re excited to share we’ve expanded this capability to allow clients to visualize that data directly in our Threat Investigator portal. With our expanded visualization capabilities, a search query can be visualized in a variety of formats with the click of a button.

 

Figure 1: Multiple types of visualizations are available on demand

 

Figure 2: An example of a bar chart in creation, highlighting suggestions, axis customization, and breakdown capabilities

 

Figure 3: A truncated list of potential available fields and the data preview accompanying each field

Proficio is dedicated to enabling our clients to be as successful as possible. Giving clients the power to access, search, and visualize their own logs and data is a fundamental service in that mission. If you’re interested in getting a demo, or learning more about our MDR services, contact us.

If you’re a current Proficio client and want to learn more about your visualization capabilities, please reach out to your Client Success Manager.

Protecting Your Identity – A CEOs Perspective

/by

Rarely a day goes by without cybersecurity in the news. Whether it’s another ransomware attack, data breach, or leaked information on the dark web, the cyberthreat landscape is ever-changing – and it’s an ongoing battle to stay ahead. As a global Managed Detection and Response (MDR) provider, we see trillions of security events come through every day. While many of these incidents have little risk, throughout the years, we have seen several notable security attacks.

One of the biggest surprises we have observed this year is an 275% increase in identity attacks. We have also seen a nearly 50% increase in hands-on intrusion hacking post unauthorized authenticated access. In years past, attackers focused primarily on big organizations or specific industries, but today, they target a broader range of companies including different verticals, small and mid-size organizations, local governments, and education providers. Gartner has highlighted the threat to identity systems (calling it “the new perimeter”), and in their “Top Trends in Cybersecurity” report, listing Identity Threat Detection and Response as a top priority objective for companies to focus on.

So, what can you do?

We have all heard about the need for long and complex passwords to reduce risk; however, experience shows that often times, these are so difficult to remember that users have the same password for multiple applications, both corporate and personal. It is commonplace for people to utilize their company email address as a username for social media sites or common commercial applications, like a golf scheduling website, while using the same password from company applications. The risk becomes apparent when one of these commercial sites gets hacked (and we know how frequently they do), and now their user data – and access to your networks – gets compromised too. As a CEO, this risk is often on my mind, and no amount of cybersecurity training (which is a critical requirement in any organization) will alleviate it. At Proficio, we continuously monitor the dark web and too often discover our corporate clients compromised email passwords available on the dark web. This is a helpful step to protecting user identities, but it is no longer enough.

When it first was launched, Multi-Factor Authentication (MFA) was going to be the answer to solving identity compromise. However, as great as a solution as it is, it still seems a lot of organizations aren’t taking advantage of it. Of all the enterprises we speak to, we see that many are not using MFA, or at least not using it for all access. And we’ve all seen the recent high-profile compromises of MFA systems. Attackers will always find a way to compromise new security controls given enough time, resources, and focus.

Having great protections in place is a great start, but it’s time for organizations to add another layer of protection. Threat detection and response for identity attacks has proven to be exponentially more critical to protecting enterprises and preventing business disruption. More importantly, quick actions need to be taken. But many companies struggle to respond to compromises fast enough, if they have to create tickets and wait for multiple teams to suspend accounts or isolate endpoints, leaving time for attackers to do lateral propagation, steal data, or disrupt business. Response automation and orchestration is essential to protecting organizations in a cybersecurity environment where speed wins in the battle between attacker and defender.

That’s why we introduced our Identity Threat Detection and Response (ITDR) solution, a first in the MDR industry. Proficio’s solution aims to solve this problem. Our ITDR service detects attacks or compromises to your identity for any application that is managed by your Identity and Access Management (IAM) platform and enables automatic or orchestrated response actions like suspending the compromised user account. We continuously add new identity threat detection use case rules and machine learning models, detecting attacks on O365/M365, VPN, Domain Controller, SaaS, IAM and more. Our Active Defense service can also orchestrate your Endpoint Detection and Response (EDR) platform to isolate an endpoint or communicate to your firewall to block an IP address.

To learn more about how Proficio can help your organization stay better protected, contact us.

Companies ramp up recruiting veterans as cybersecurity urgency grows

/by

Managed security services provider Proficio, Inc., plans to grow its cybersecurity team from about 100 employees today to more than 450 people by the end of 2018.  It may seem like a daunting task for most companies given the shortage of workers with cybersecurity skills, but Proficio executives believe they have tapped into a goldmine of potential cybersecurity talent – the veterans coming out of San Diego’s military bases near the company’s headquarters…

Read More