Adversaries were able to encrypt data in 76% of the ransomware attacks that were conducted against surveyed organizations, according to Sophos.
The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organizations that used backups to get data back). Moreover, paying the ransom usually meant longer recovery times, with 45% of those organizations that used backups recovering within a week, compared to 39% of those that paid the ransom.
The rapidly evolving cyber threat landscape demands constant vigilance from organizations seeking to protect their digital assets.
Open source threat intelligence tools and feeds have emerged as invaluable resources in this endeavor, offering insights into current trends, vulnerabilities, and threat actors. In this article, we will provide a comprehensive list of open source threat intelligence tools and feeds for 2023, equipping cybersecurity professionals and organizations with the information they need to stay one step ahead of potential cyber attacks and safeguard their systems and networks effectively.
Hypervisor security is the process of ensuring the hypervisor -- software that enables virtualization -- is secure throughout its lifecycle. Common security practices for hypervisors include limiting users in a local system, reducing attack surfaces and keeping systems updated.
A hypervisor is software that enables a single host device to run multiple virtual machines (VMs). Examples of hypervisors include Microsoft Hyper-V Manager and VMware vSphere. The hypervisor emulates hardware such as the central processing unit, memory and RAM.
Hypervisor security is important because, if attackers gain control of the hypervisor, they can access every VM under that hypervisor and all data stored in each VM. Additional points of vulnerability include shared hardware caches, the network and access to the physical server...
A decade ago, most companies realized that being hit with a data breach was inevitable-the well-known 'when, not if' statement drove that idea home.
The time has come to make a similar realization about ransomware. Tenacious cybercrime rings and the easy availability of ransomware toolkits, as well as the financial rewards, are why ransomware attacks are increasing.
But even if an organization anticipates a ransomware attack is likely, they may not understand how vital it is to have a plan already in place, with a very detailed outline of what all parties should be doing.
When an attack happens, the immediate reaction is how to get the data back. At that point, the CISO may be getting advice from leadership, legal and others in the company on how to best approach the ransomware response.
The need to protect sensitive information from unauthorized access and theft has never been greater, and cybersecurity and IAM technologies are evolving to meet this challenge while providing users with more convenience.
There are three key trends to watch in cybersecurity and IAM:
Organizations will prioritize identity-centric zero trust security
Zero trust is a security model that assumes that all users, devices and applications are potentially compromised and should not be trusted by default. Instead, zero trust requires that all access to resources is verified and authorized on a per-user and per-device basis. Simply put, zero trust means taking an 'assume you've been breached' approach, which means that you should never trust and always verify...
Organizations can use these SBOM tools to help secure their software supply chain by understanding the components of their deployed software and applications.
Securing the software supply chain has become increasingly important over the last few years in response to numerous high-profile attacks targeting it, such as Sunburst, Log4j and Heartbleed.
One method growing in popularity is to use a software bill of materials (SBOM). Like a manufacturing-based bill of materials, an SBOM lists all the software components used to create a specific application.
Today's attackers have become increasingly elusive by generally just using stolen credentials or looking for misconfigured systems. With the evolving nature of the cyber landscape, they are taking advantage of the current geopolitical climate to exploit new areas of business operations.
Plus, as organizations are facing uncertain macroeconomic times, security risks are becoming even more challenging to detect, escalate, and manage with additional scrutiny on budgets.
Using our combined military, SOC, and internal experience, we have compiled our top five insights on how organizations can keep an eye on the most prevalent threats- and build out more robust security architectures to defend against them.
Container vulnerability scanning is a critical part of container security. It involves inspecting container images and their components to identify potential security issues, weaknesses or vulnerabilities.
Containers are lightweight, portable units used to package, distribute and deploy applications. They run on container engines like Docker and are managed by container orchestrators like Kubernetes.
The goal of container vulnerability scanning is to minimize the risk of deploying applications with known vulnerabilities or security flaws. This process is critical in maintaining a secure environment and ensuring the overall safety of the application infrastructure.
Enterprise companies are increasing spending on software-as-a-service (SaaS) tools to enhance employee productivity and drive digital transformation projects.
In doing so, IT teams are facing new challenges to ensure the right level of access to the right people at the right time. This results in headaches for CIOs and CISOs who want to ensure organizations have the appropriate security posture while balancing other priorities. In fact, this permission sprawl for employees and extended workforce members across cloud and on-premises systems significantly increases the risk of security breaches.
According to Verizon's Data Breach Report, 82% of breaches involved a human factor such as the use of stolen credentials, phishing and misuse, among other errors. Modern identity governance solutions can ensure only the right users have the right level of access to the right systems, all to deliver better security outcomes and ensure companies pass required compliance audits.
In this ConversingLabs Cafe interview, Josh Corman, founder of I Am The Cavalry, talks about what's behind industry skepticism around software bills of materials.
If there's a poster child for the increased focus and attention on the security of software supply chains, it is the SBOM, or software bill of materials. SBOMs are a critical component for operationalizing software supply chain security. Practically, SBOMs act like a list of ingredients for the software that makes up applications: calling out otherwise invisible dependencies on proprietary, open source and licensed, commercial libraries.
Keeping up with cybersecurity news is a challenge. From newly discovered vulnerabilities to new attack methodologies, you live a life of 'need to know' when ability to find is difficult. As a security professional, knowing is more than half the battle.
To stay within your budget, you need the open source threat intelligence resources that provide you with the right information at the right time.
What is open source threat intelligence?
The term open source applies to any publicly available information that you can get without having to pay money for a proprietary technology or process. Open source threat intelligence is publicly available, free context into and information about:
See all Archived IT News - Security articles
See all articles from this issue